diff options
| author | wiz <wiz@pkgsrc.org> | 2021-10-14 07:08:58 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2021-10-14 07:08:58 +0000 |
| commit | 32a2878e97189e807daee0bafc5353e4713ed8f3 (patch) | |
| tree | f3a0aed9bc2e086640702c8bfe8a0a8c88245068 | |
| parent | f8154e1ceb5a924f39066f9a9600998392a5c8d2 (diff) | |
| download | pkgsrc-32a2878e97189e807daee0bafc5353e4713ed8f3.tar.gz | |
p5-DBI: fix CVE-2014-10402
Bump PKGREVISION
| -rw-r--r-- | databases/p5-DBI/Makefile | 4 | ||||
| -rw-r--r-- | databases/p5-DBI/distinfo | 3 | ||||
| -rw-r--r-- | databases/p5-DBI/patches/patch-lib_DBD_File.pm | 28 |
3 files changed, 32 insertions, 3 deletions
diff --git a/databases/p5-DBI/Makefile b/databases/p5-DBI/Makefile index 9cd93deec26..4d4ae55f5cf 100644 --- a/databases/p5-DBI/Makefile +++ b/databases/p5-DBI/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.86 2021/05/24 19:49:34 wiz Exp $ +# $NetBSD: Makefile,v 1.87 2021/10/14 07:08:58 wiz Exp $ DISTNAME= DBI-1.643 PKGNAME= p5-${DISTNAME} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= databases perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=DBI/} diff --git a/databases/p5-DBI/distinfo b/databases/p5-DBI/distinfo index 4566757cee3..d78da2bce92 100644 --- a/databases/p5-DBI/distinfo +++ b/databases/p5-DBI/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.53 2021/10/07 13:35:21 nia Exp $ +$NetBSD: distinfo,v 1.54 2021/10/14 07:08:58 wiz Exp $ RMD160 (DBI-1.643.tar.gz) = c944a9568c4aa0c8f5e936bba47d9ee55d16b6cb SHA512 (DBI-1.643.tar.gz) = 03812f3eb1e43c8290dadb8cb14bbced9ec6e237228ea2a2ba91f22e52143906a91a7e82945dab30b1d1b9fc925073721111adafd9a09fac070808ab88f908b8 Size (DBI-1.643.tar.gz) = 612372 bytes +SHA1 (patch-lib_DBD_File.pm) = e268b5f59b4474b8c2f5d72891c31f5d0f53c0c0 diff --git a/databases/p5-DBI/patches/patch-lib_DBD_File.pm b/databases/p5-DBI/patches/patch-lib_DBD_File.pm new file mode 100644 index 00000000000..f83a1d2f47c --- /dev/null +++ b/databases/p5-DBI/patches/patch-lib_DBD_File.pm @@ -0,0 +1,28 @@ +$NetBSD: patch-lib_DBD_File.pm,v 1.1 2021/10/14 07:08:58 wiz Exp $ + +Fix CVE-2014-10402 +https://github.com/perl5-dbi/dbi/pull/93/commits/19d0fb169eed475e1c053e99036b8668625cfa94 + +--- lib/DBD/File.pm.orig 2016-11-09 10:11:37.000000000 +0000 ++++ lib/DBD/File.pm +@@ -109,7 +109,11 @@ sub connect + # We do not (yet) care about conflicting attributes here + # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" }); + # will test here that both test and text should exist +- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) { ++ # ++ # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter. ++ if ($dbname) { ++ my @attrs = split /;/ => $dbname; ++ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs }; + if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) { + my $msg = "No such directory '$attr_hash->{f_dir}"; + $drh->set_err (2, $msg); +@@ -120,7 +124,6 @@ sub connect + if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) { + my $msg = "No such directory '$attr->{f_dir}"; + $drh->set_err (2, $msg); +- $attr->{RaiseError} and croak $msg; + return; + } + |