OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src openpkg-web openpkg$ Date:   26-Sep-2003 09:34:19
  Branch: HEAD                             Handle: 2003092608341702

  Modified files:
    openpkg-re/vcheck       vc.perl
    openpkg-src/perl        perl.patch perl.spec
    openpkg-web             news.txt

  Log:
    upgrading package: perl 5.8.0 -> 5.8.1

  Summary:
    Revision    Changes     Path
    1.19        +1  -1      openpkg-re/vcheck/vc.perl
    1.9         +45 -103    openpkg-src/perl/perl.patch
    1.81        +2  -2      openpkg-src/perl/perl.spec
    1.6743      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-re/vcheck/vc.perl
  ============================================================================
  $ cvs diff -u -r1.18 -r1.19 vc.perl
  --- openpkg-re/vcheck/vc.perl 16 Nov 2002 10:18:12 -0000      1.18
  +++ openpkg-re/vcheck/vc.perl 26 Sep 2003 07:34:17 -0000      1.19
  @@ -2,7 +2,7 @@
   }
   
   prog perl = {
  -  version   = 5.8.0
  +  version   = 5.8.1
     url       = ftp://ftp.cpan.org/pub/CPAN/src/
     regex     = perl-(5\.8\.\d+)\.tar\.gz
   }
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/perl/perl.patch
  ============================================================================
  $ cvs diff -u -r1.8 -r1.9 perl.patch
  --- openpkg-src/perl/perl.patch       15 Sep 2003 13:28:52 -0000      1.8
  +++ openpkg-src/perl/perl.patch       26 Sep 2003 07:34:19 -0000      1.9
  @@ -1,29 +1,30 @@
  -"A security hole has been discovered in Safe.pm. When a Safe compartment
  -has already been used, there's no guarantee that it's safe any longer,
  -because there's a way for code executed within the Safe compartment to
  -alter its operation mask. (Thus, programs that use a Safe compartment
  -only once aren't affected by this bug.)"
  +By default, the "vendor" area is not used, so Perl's installation
  +procedure forgot to create its top-level paths, too. In OpenPKG we use
  +the "vendor" area, so make sure it is created the same way the "site"
  +area is.
   
  ---- ext/Opcode/Safe.pm.orig
  -+++ ext/Opcode/Safe.pm
  -@@ -213,7 +213,7 @@
  -     # Create anon sub ref in root of compartment.
  -     # Uses a closure (on $expr) to pass in the code to be executed.
  -     # (eval on one line to keep line numbers as expected by caller)
  --    my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
  -+    my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
  -     my $evalsub;
  - 
  -     if ($strict) { use strict; $evalsub = eval $evalcode; }
  -@@ -227,7 +227,7 @@
  -     my $root = $obj->{Root};
  - 
  -     my $evalsub = eval
  --        sprintf('package %s; sub { do $file }', $root);
  -+        sprintf('package %s; sub { @_ = (); do $file }', $root);
  -     return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
  - }
  +Index: installperl
  +--- installperl.orig 2003-09-02 15:40:21.000000000 +0200
  ++++ installperl      2003-09-26 09:23:15.000000000 +0200
  +@@ -188,6 +188,8 @@
  + my $installarchlib = "$destdir$Config{installarchlib}";
  + my $installsitelib = "$destdir$Config{installsitelib}";
  + my $installsitearch = "$destdir$Config{installsitearch}";
  ++my $installvendorlib = "$destdir$Config{installvendorlib}";
  ++my $installvendorarch = "$destdir$Config{installvendorarch}";
  + my $installman1dir = "$destdir$Config{installman1dir}";
  + my $man1ext = $Config{man1ext};
  + my $libperl = $Config{libperl};
  +@@ -378,6 +380,8 @@
  + mkpath($installarchlib, $verbose, 0777);
  + mkpath($installsitelib, $verbose, 0777) if ($installsitelib);
  + mkpath($installsitearch, $verbose, 0777) if ($installsitearch);
  ++mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib);
  ++mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch);
    
  + if (chdir "lib") {
  +     $do_installarchlib = ! samepath($installarchlib, '.');
  +
   -----------------------------------------------------------------------------
   
   By default, the Perl module search order is "use lib, -I, PERL[5]LIB,
  @@ -34,14 +35,15 @@
   the search order to a more reasonable one for OpenPKG: "use lib, -I,
   PERL[5]LIB, site, vendor, perl, other".
   
  ---- perl.c.orig      2002-07-09 21:41:43.000000000 +0200
  -+++ perl.c   2003-09-03 14:08:25.000000000 +0200
  -@@ -3679,39 +3679,6 @@
  -     incpush(APPLLIB_EXP, TRUE, TRUE);
  +Index: perl.c
  +--- perl.c.orig      2003-09-11 23:42:33.000000000 +0200
  ++++ perl.c   2003-09-26 09:25:11.000000000 +0200
  +@@ -3949,39 +3949,6 @@
  +     incpush(APPLLIB_EXP, TRUE, TRUE, TRUE);
    #endif
    
   -#ifdef ARCHLIB_EXP
  --    incpush(ARCHLIB_EXP, FALSE, FALSE);
  +-    incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE);
   -#endif
   -#ifdef MACOS_TRADITIONAL
   -    {
  @@ -54,34 +56,34 @@
   -    
   -    Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl);
   -    if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && 
S_ISDIR(tmpstatbuf.st_mode))
  --        incpush(SvPVX(privdir), TRUE, FALSE);
  +-        incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
   -    Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl);
   -    if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && 
S_ISDIR(tmpstatbuf.st_mode))
  --        incpush(SvPVX(privdir), TRUE, FALSE);
  +-        incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
   -    
   -    SvREFCNT_dec(privdir);
   -    }
   -    if (!PL_tainting)
  --    incpush(":", FALSE, FALSE);
  +-    incpush(":", FALSE, FALSE, TRUE);
   -#else
   -#ifndef PRIVLIB_EXP
   -#  define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl"
   -#endif
   -#if defined(WIN32)
  --    incpush(PRIVLIB_EXP, TRUE, FALSE);
  +-    incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE);
   -#else
  --    incpush(PRIVLIB_EXP, FALSE, FALSE);
  +-    incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE);
   -#endif
   -
    #ifdef SITEARCH_EXP
        /* sitearch is always relative to sitelib on Windows for
         * DLL-based path intuition to work correctly */
  -@@ -3752,6 +3719,39 @@
  -     incpush(PERL_VENDORLIB_STEM, FALSE, TRUE);
  +@@ -4023,6 +3990,39 @@
  +     incpush(PERL_VENDORLIB_STEM, FALSE, TRUE, TRUE);
    #endif
    
   +#ifdef ARCHLIB_EXP
  -+    incpush(ARCHLIB_EXP, FALSE, FALSE);
  ++    incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE);
   +#endif
   +#ifdef MACOS_TRADITIONAL
   +    {
  @@ -94,85 +96,25 @@
   +    
   +    Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl);
   +    if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && 
S_ISDIR(tmpstatbuf.st_mode))
  -+        incpush(SvPVX(privdir), TRUE, FALSE);
  ++        incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
   +    Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl);
   +    if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && 
S_ISDIR(tmpstatbuf.st_mode))
  -+        incpush(SvPVX(privdir), TRUE, FALSE);
  ++        incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
   +    
   +    SvREFCNT_dec(privdir);
   +    }
   +    if (!PL_tainting)
  -+    incpush(":", FALSE, FALSE);
  ++    incpush(":", FALSE, FALSE, TRUE);
   +#else
   +#ifndef PRIVLIB_EXP
   +#  define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl"
   +#endif
   +#if defined(WIN32)
  -+    incpush(PRIVLIB_EXP, TRUE, FALSE);
  ++    incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE);
   +#else
  -+    incpush(PRIVLIB_EXP, FALSE, FALSE);
  ++    incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE);
   +#endif
   +
    #ifdef PERL_OTHERLIBDIRS
  -     incpush(PERL_OTHERLIBDIRS, TRUE, TRUE);
  +     incpush(PERL_OTHERLIBDIRS, TRUE, TRUE, TRUE);
    #endif
  -
  ------------------------------------------------------------------------------
  -
  -By default, the "vendor" area is not used, so Perl's installation
  -procedure forgot to create its top-level paths, too. In OpenPKG we use
  -the "vendor" area, so make sure it is created the same way the "site"
  -area is.
  -
  ---- installperl.orig 2002-07-16 20:57:32.000000000 +0200
  -+++ installperl      2003-09-03 14:27:11.000000000 +0200
  -@@ -174,6 +174,8 @@
  - my $installarchlib = $Config{installarchlib};
  - my $installsitelib = $Config{installsitelib};
  - my $installsitearch = $Config{installsitearch};
  -+my $installvendorlib = $Config{installvendorlib};
  -+my $installvendorarch = $Config{installvendorarch};
  - my $installman1dir = $Config{installman1dir};
  - my $man1ext = $Config{man1ext};
  - my $libperl = $Config{libperl};
  -@@ -336,6 +338,8 @@
  - mkpath($installarchlib, $verbose, 0777);
  - mkpath($installsitelib, $verbose, 0777) if ($installsitelib);
  - mkpath($installsitearch, $verbose, 0777) if ($installsitearch);
  -+mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib);
  -+mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch);
  - 
  - if (chdir "lib") {
  -     $do_installarchlib = ! samepath($installarchlib, '.');
  - 
  ------------------------------------------------------------------------------
  -
  -http://stein.cshl.org/WWW/software/CGI/
  -    under "Revision History" find "Fixed cross-site scripting bug
  -    reported by obscure" note attached to Version 2.94. A quick fix was
  -    introduced in 2.94. It was replaced by a more careful patch in 2.99.
  -
  -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615
  -    Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm
  -    allows remote attackers to insert web script via a URL that is fed
  -    into the form's action parameter
  -
  -This is a backport of the 2.99 patch for 2.81 which is the version
  -embedded with perl 5.8.0
  -
  ---- lib/CGI.pm.orig  2003-09-15 14:09:34.000000000 +0200
  -+++ lib/CGI.pm       2003-09-15 14:16:26.000000000 +0200
  -@@ -1533,8 +1533,11 @@
  -     $enctype = $enctype || &URL_ENCODED;
  -     unless (defined $action) {
  -        $action = $self->url(-absolute=>1,-path=>1);
  --       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
  -+       if (length($ENV{QUERY_STRING})>0) {
  -+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
  -+       }
  -     }
  -+    $action = escape($action);
  -     $action = qq(action="$action");
  -     my($other) = @other ? " @other" : '';
  -     $self->{'.parametersToAdd'}={};
  -
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/perl/perl.spec
  ============================================================================
  $ cvs diff -u -r1.80 -r1.81 perl.spec
  --- openpkg-src/perl/perl.spec        15 Sep 2003 13:28:52 -0000      1.80
  +++ openpkg-src/perl/perl.spec        26 Sep 2003 07:34:19 -0000      1.81
  @@ -32,8 +32,8 @@
   Distribution: OpenPKG [CORE]
   Group:        Language
   License:      GPL/Artistic
  -Version:      5.8.0
  -Release:      20030915
  +Version:      5.8.1
  +Release:      20030926
   
   #   list of sources
   Source0:      ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.6742 -r1.6743 news.txt
  --- openpkg-web/news.txt      26 Sep 2003 07:32:31 -0000      1.6742
  +++ openpkg-web/news.txt      26 Sep 2003 07:34:17 -0000      1.6743
  @@ -1,3 +1,4 @@
  +26-Sep-2003: Upgraded package: P<perl-5.8.1-20030926>
   26-Sep-2003: Upgraded package: P<iozone-3.201-20030926>
   26-Sep-2003: Upgraded package: P<mplayer-1.0pre1-20030926>
   26-Sep-2003: Upgraded package: P<l2-0.9.4-20030926>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to