diff options
| author | tron <tron> | 2008-12-08 13:34:46 +0000 |
|---|---|---|
| committer | tron <tron> | 2008-12-08 13:34:46 +0000 |
| commit | e42fed018245cc6df1f852e5e40b293df6037426 (patch) | |
| tree | b8db107cc5e89f781e470390b66db940b5b2ebb5 | |
| parent | 20dc053e8374369ae7038eac656082d4ca84cc2f (diff) | |
| download | pkgsrc-e42fed018245cc6df1f852e5e40b293df6037426.tar.gz | |
Add fixes for CVE-2008-2827 and CVE-2008-5302 from CPAN respectively
Debian. While there also fix two check interpreter warnings.
| -rw-r--r-- | lang/perl5/Makefile | 6 | ||||
| -rw-r--r-- | lang/perl5/distinfo | 3 | ||||
| -rw-r--r-- | lang/perl5/patches/patch-da | 44 |
3 files changed, 50 insertions, 3 deletions
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile index da692f6c654..48f2526e03c 100644 --- a/lang/perl5/Makefile +++ b/lang/perl5/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.143 2008/11/14 18:27:00 joerg Exp $ +# $NetBSD: Makefile,v 1.144 2008/12/08 13:34:46 tron Exp $ DISTNAME= perl-5.10.0 CATEGORIES= lang devel perl5 -PKGREVISION= 2 +PKGREVISION= 3 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,} DISTFILES+= ${DISTNAME}${EXTRACT_SUFX} @@ -270,6 +270,8 @@ SUBST_SED.rm= -e "s!^rm_try='/.*/\.tools/bin/rm -f!rm_try='/bin/rm -f!" REPLACE_PERL+= lib/Class/ISA.pm REPLACE_PERL+= lib/File/DosGlob.pm REPLACE_PERL+= lib/version.pm +REPLACE_PERL+= lib/Math/BigFloat/Trace.pm +REPLACE_PERL+= lib/Math/BigInt/Trace.pm # And replace a perl interpreter during the pre-install stage # I think this may be a bootstrap script, so can't use REPLACE_PERL diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo index 105b6dfb537..5ecf953b11d 100644 --- a/lang/perl5/distinfo +++ b/lang/perl5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.53 2008/12/08 12:46:13 schwarz Exp $ +$NetBSD: distinfo,v 1.54 2008/12/08 13:34:47 tron Exp $ SHA1 (perl-5.10.0.tar.gz) = adf73606dd5248af7ccdd735bcaa0e628ea75b3c RMD160 (perl-5.10.0.tar.gz) = c6614fc99a162790a703f91085b24a60af903ba2 @@ -15,6 +15,7 @@ SHA1 (patch-ci) = 70531d44b6e2cb7a7ab9fb20ffe91d97e5c03e3a SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097 SHA1 (patch-cn) = 7ca2b1ff19f8371637a34ec26779b37d74c74cca SHA1 (patch-co) = 811e5c391f9f9f72a3f52e6d590b0b4f1e851325 +SHA1 (patch-da) = 13f576db014ec90df319670703482c7276a1f543 SHA1 (patch-ri) = fc838ec10cf601a580aa1f58eb93c3198a13ff71 SHA1 (patch-ta) = 60d9ef72db56b9f149f3995b3f526fc32a352bd7 SHA1 (patch-zc) = a23002397ffaebb243f7683c95c8fb227af90f49 diff --git a/lang/perl5/patches/patch-da b/lang/perl5/patches/patch-da new file mode 100644 index 00000000000..7354069d3f4 --- /dev/null +++ b/lang/perl5/patches/patch-da @@ -0,0 +1,44 @@ +$NetBSD + +Fixes for CVE-2008-2827 and CVE-2008-5302, taken from: + +http://rt.cpan.org/Public/Bug/Display.html?id=36982 +http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=85;filename=sid_fix_file_path;att=2;bug=286905 + +--- lib/File/Path.pm.orig 2007-12-18 10:47:07.000000000 +0000 ++++ lib/File/Path.pm 2008-12-08 12:54:44.000000000 +0000 +@@ -316,10 +316,8 @@ + print "skipped $root\n" if $arg->{verbose}; + next ROOT_DIR; + } +- if (!chmod $perm | 0700, $root) { +- if ($Force_Writeable) { +- _error($arg, "cannot make directory writeable", $canon); +- } ++ if ($Force_Writeable && !chmod $perm | 0700, $root) { ++ _error($arg, "cannot make directory writeable", $canon); + } + print "rmdir $root\n" if $arg->{verbose}; + if (rmdir $root) { +@@ -328,7 +326,7 @@ + } + else { + _error($arg, "cannot remove directory", $canon); +- if (!chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) ++ if ($Force_Writeable && !chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) + ) { + _error($arg, sprintf("cannot restore permissions to 0%o",$perm), $canon); + } +@@ -350,9 +348,9 @@ + next ROOT_DIR; + } + +- my $nperm = $perm & 07777 | 0600; +- if ($nperm != $perm and not chmod $nperm, $root) { +- if ($Force_Writeable) { ++ if ($Force_Writeable) { ++ my $nperm = $perm & 07777 | 0600; ++ if ($nperm != $perm and not chmod $nperm, $root) { + _error($arg, "cannot make file writeable", $canon); + } + } |