[CVS] OpenPKG: openpkg-src/perl perl.patch perl.spec openpkg-web news....

Mon, 16 Dec 2002 03:26:12 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web, openpkg-src         Date:   16-Dec-2002 12:25:40
  Branch: HEAD                             Handle: 2002121611253801

  Added files:
    openpkg-src/perl        perl.patch
  Modified files:
    openpkg-src/perl        perl.spec
    openpkg-web             news.txt

  Log:
    include security bugfix for Safe.pm

  Summary:
    Revision    Changes     Path
    1.6         +26 -0      openpkg-src/perl/perl.patch
    1.65        +3  -1      openpkg-src/perl/perl.spec
    1.2287      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  Index: openpkg-src/perl/perl.patch
  ============================================================
  $ cvs update -p -r1.6 perl.patch
  "A security hole has been discovered in Safe.pm. When a Safe compartment
  has already been used, there's no guarantee that it's safe any longer,
  because there's a way for code executed within the Safe compartment to
  alter its operation mask. (Thus, programs that use a Safe compartment
  only once aren't affected by this bug.)"
  
  --- ext/Opcode/Safe.pm.orig
  +++ ext/Opcode/Safe.pm
  @@ -213,7 +213,7 @@
       # Create anon sub ref in root of compartment.
       # Uses a closure (on $expr) to pass in the code to be executed.
       # (eval on one line to keep line numbers as expected by caller)
  -     my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
  +     my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
       my $evalsub;
   
        if ($strict) { use strict; $evalsub = eval $evalcode; }
  @@ -227,7 +227,7 @@
       my $root = $obj->{Root};
   
       my $evalsub = eval
  -         sprintf('package %s; sub { do $file }', $root);
  +         sprintf('package %s; sub { @_ = (); do $file }', $root);
       return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
   }
   
  Index: openpkg-src/perl/perl.spec
  ============================================================
  $ cvs diff -u -r1.64 -r1.65 perl.spec
  --- openpkg-src/perl/perl.spec        29 Nov 2002 13:46:11 -0000      1.64
  +++ openpkg-src/perl/perl.spec        16 Dec 2002 11:25:39 -0000      1.65
  @@ -33,11 +33,12 @@
   Group:        Language
   License:      GPL/Artistic
   Version:      5.8.0
  -Release:      20021129
  +Release:      20021216
   
   #   list of sources
   Source0:      ftp://ftp.cpan.org/pub/CPAN/src/%{name}-%{version}.tar.gz
   Source1:      perl-openpkg.sh
  +Patch0:       perl.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -55,6 +56,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
       chmod -R u+w .
   
   %build
  Index: openpkg-web/news.txt
  ============================================================
  $ cvs diff -u -r1.2286 -r1.2287 news.txt
  --- openpkg-web/news.txt      15 Dec 2002 18:42:44 -0000      1.2286
  +++ openpkg-web/news.txt      16 Dec 2002 11:25:38 -0000      1.2287
  @@ -1,3 +1,4 @@
  +16-Dec-2002: Upgraded package: P<perl-5.8.0-20021216>
   15-Dec-2002: Upgraded package: P<perl-xml-20021215-20021215>
   15-Dec-2002: Upgraded package: P<mozilla-1.2.1-20021215>
   15-Dec-2002: Upgraded package: P<mysql-3.23.54a-20021215>
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to