OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web openpkg$ Date: 26-Sep-2003 09:34:19
Branch: HEAD Handle: 2003092608341702
Modified files:
openpkg-re/vcheck vc.perl
openpkg-src/perl perl.patch perl.spec
openpkg-web news.txt
Log:
upgrading package: perl 5.8.0 -> 5.8.1
Summary:
Revision Changes Path
1.19 +1 -1 openpkg-re/vcheck/vc.perl
1.9 +45 -103 openpkg-src/perl/perl.patch
1.81 +2 -2 openpkg-src/perl/perl.spec
1.6743 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-re/vcheck/vc.perl
============================================================================
$ cvs diff -u -r1.18 -r1.19 vc.perl
--- openpkg-re/vcheck/vc.perl 16 Nov 2002 10:18:12 -0000 1.18
+++ openpkg-re/vcheck/vc.perl 26 Sep 2003 07:34:17 -0000 1.19
@@ -2,7 +2,7 @@
}
prog perl = {
- version = 5.8.0
+ version = 5.8.1
url = ftp://ftp.cpan.org/pub/CPAN/src/
regex = perl-(5\.8\.\d+)\.tar\.gz
}
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.patch
============================================================================
$ cvs diff -u -r1.8 -r1.9 perl.patch
--- openpkg-src/perl/perl.patch 15 Sep 2003 13:28:52 -0000 1.8
+++ openpkg-src/perl/perl.patch 26 Sep 2003 07:34:19 -0000 1.9
@@ -1,29 +1,30 @@
-"A security hole has been discovered in Safe.pm. When a Safe compartment
-has already been used, there's no guarantee that it's safe any longer,
-because there's a way for code executed within the Safe compartment to
-alter its operation mask. (Thus, programs that use a Safe compartment
-only once aren't affected by this bug.)"
+By default, the "vendor" area is not used, so Perl's installation
+procedure forgot to create its top-level paths, too. In OpenPKG we use
+the "vendor" area, so make sure it is created the same way the "site"
+area is.
---- ext/Opcode/Safe.pm.orig
-+++ ext/Opcode/Safe.pm
-@@ -213,7 +213,7 @@
- # Create anon sub ref in root of compartment.
- # Uses a closure (on $expr) to pass in the code to be executed.
- # (eval on one line to keep line numbers as expected by caller)
-- my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
-+ my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
- my $evalsub;
-
- if ($strict) { use strict; $evalsub = eval $evalcode; }
-@@ -227,7 +227,7 @@
- my $root = $obj->{Root};
-
- my $evalsub = eval
-- sprintf('package %s; sub { do $file }', $root);
-+ sprintf('package %s; sub { @_ = (); do $file }', $root);
- return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
- }
+Index: installperl
+--- installperl.orig 2003-09-02 15:40:21.000000000 +0200
++++ installperl 2003-09-26 09:23:15.000000000 +0200
+@@ -188,6 +188,8 @@
+ my $installarchlib = "$destdir$Config{installarchlib}";
+ my $installsitelib = "$destdir$Config{installsitelib}";
+ my $installsitearch = "$destdir$Config{installsitearch}";
++my $installvendorlib = "$destdir$Config{installvendorlib}";
++my $installvendorarch = "$destdir$Config{installvendorarch}";
+ my $installman1dir = "$destdir$Config{installman1dir}";
+ my $man1ext = $Config{man1ext};
+ my $libperl = $Config{libperl};
+@@ -378,6 +380,8 @@
+ mkpath($installarchlib, $verbose, 0777);
+ mkpath($installsitelib, $verbose, 0777) if ($installsitelib);
+ mkpath($installsitearch, $verbose, 0777) if ($installsitearch);
++mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib);
++mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch);
+ if (chdir "lib") {
+ $do_installarchlib = ! samepath($installarchlib, '.');
+
-----------------------------------------------------------------------------
By default, the Perl module search order is "use lib, -I, PERL[5]LIB,
@@ -34,14 +35,15 @@
the search order to a more reasonable one for OpenPKG: "use lib, -I,
PERL[5]LIB, site, vendor, perl, other".
---- perl.c.orig 2002-07-09 21:41:43.000000000 +0200
-+++ perl.c 2003-09-03 14:08:25.000000000 +0200
-@@ -3679,39 +3679,6 @@
- incpush(APPLLIB_EXP, TRUE, TRUE);
+Index: perl.c
+--- perl.c.orig 2003-09-11 23:42:33.000000000 +0200
++++ perl.c 2003-09-26 09:25:11.000000000 +0200
+@@ -3949,39 +3949,6 @@
+ incpush(APPLLIB_EXP, TRUE, TRUE, TRUE);
#endif
-#ifdef ARCHLIB_EXP
-- incpush(ARCHLIB_EXP, FALSE, FALSE);
+- incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE);
-#endif
-#ifdef MACOS_TRADITIONAL
- {
@@ -54,34 +56,34 @@
-
- Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl);
- if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 &&
S_ISDIR(tmpstatbuf.st_mode))
-- incpush(SvPVX(privdir), TRUE, FALSE);
+- incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
- Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl);
- if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 &&
S_ISDIR(tmpstatbuf.st_mode))
-- incpush(SvPVX(privdir), TRUE, FALSE);
+- incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
-
- SvREFCNT_dec(privdir);
- }
- if (!PL_tainting)
-- incpush(":", FALSE, FALSE);
+- incpush(":", FALSE, FALSE, TRUE);
-#else
-#ifndef PRIVLIB_EXP
-# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl"
-#endif
-#if defined(WIN32)
-- incpush(PRIVLIB_EXP, TRUE, FALSE);
+- incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE);
-#else
-- incpush(PRIVLIB_EXP, FALSE, FALSE);
+- incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE);
-#endif
-
#ifdef SITEARCH_EXP
/* sitearch is always relative to sitelib on Windows for
* DLL-based path intuition to work correctly */
-@@ -3752,6 +3719,39 @@
- incpush(PERL_VENDORLIB_STEM, FALSE, TRUE);
+@@ -4023,6 +3990,39 @@
+ incpush(PERL_VENDORLIB_STEM, FALSE, TRUE, TRUE);
#endif
+#ifdef ARCHLIB_EXP
-+ incpush(ARCHLIB_EXP, FALSE, FALSE);
++ incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE);
+#endif
+#ifdef MACOS_TRADITIONAL
+ {
@@ -94,85 +96,25 @@
+
+ Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl);
+ if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 &&
S_ISDIR(tmpstatbuf.st_mode))
-+ incpush(SvPVX(privdir), TRUE, FALSE);
++ incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
+ Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl);
+ if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 &&
S_ISDIR(tmpstatbuf.st_mode))
-+ incpush(SvPVX(privdir), TRUE, FALSE);
++ incpush(SvPVX(privdir), TRUE, FALSE, TRUE);
+
+ SvREFCNT_dec(privdir);
+ }
+ if (!PL_tainting)
-+ incpush(":", FALSE, FALSE);
++ incpush(":", FALSE, FALSE, TRUE);
+#else
+#ifndef PRIVLIB_EXP
+# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl"
+#endif
+#if defined(WIN32)
-+ incpush(PRIVLIB_EXP, TRUE, FALSE);
++ incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE);
+#else
-+ incpush(PRIVLIB_EXP, FALSE, FALSE);
++ incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE);
+#endif
+
#ifdef PERL_OTHERLIBDIRS
- incpush(PERL_OTHERLIBDIRS, TRUE, TRUE);
+ incpush(PERL_OTHERLIBDIRS, TRUE, TRUE, TRUE);
#endif
-
------------------------------------------------------------------------------
-
-By default, the "vendor" area is not used, so Perl's installation
-procedure forgot to create its top-level paths, too. In OpenPKG we use
-the "vendor" area, so make sure it is created the same way the "site"
-area is.
-
---- installperl.orig 2002-07-16 20:57:32.000000000 +0200
-+++ installperl 2003-09-03 14:27:11.000000000 +0200
-@@ -174,6 +174,8 @@
- my $installarchlib = $Config{installarchlib};
- my $installsitelib = $Config{installsitelib};
- my $installsitearch = $Config{installsitearch};
-+my $installvendorlib = $Config{installvendorlib};
-+my $installvendorarch = $Config{installvendorarch};
- my $installman1dir = $Config{installman1dir};
- my $man1ext = $Config{man1ext};
- my $libperl = $Config{libperl};
-@@ -336,6 +338,8 @@
- mkpath($installarchlib, $verbose, 0777);
- mkpath($installsitelib, $verbose, 0777) if ($installsitelib);
- mkpath($installsitearch, $verbose, 0777) if ($installsitearch);
-+mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib);
-+mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch);
-
- if (chdir "lib") {
- $do_installarchlib = ! samepath($installarchlib, '.');
-
------------------------------------------------------------------------------
-
-http://stein.cshl.org/WWW/software/CGI/
- under "Revision History" find "Fixed cross-site scripting bug
- reported by obscure" note attached to Version 2.94. A quick fix was
- introduced in 2.94. It was replaced by a more careful patch in 2.99.
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615
- Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm
- allows remote attackers to insert web script via a URL that is fed
- into the form's action parameter
-
-This is a backport of the 2.99 patch for 2.81 which is the version
-embedded with perl 5.8.0
-
---- lib/CGI.pm.orig 2003-09-15 14:09:34.000000000 +0200
-+++ lib/CGI.pm 2003-09-15 14:16:26.000000000 +0200
-@@ -1533,8 +1533,11 @@
- $enctype = $enctype || &URL_ENCODED;
- unless (defined $action) {
- $action = $self->url(-absolute=>1,-path=>1);
-- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
-+ if (length($ENV{QUERY_STRING})>0) {
-+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
-+ }
- }
-+ $action = escape($action);
- $action = qq(action="$action");
- my($other) = @other ? " @other" : '';
- $self->{'.parametersToAdd'}={};
-
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.spec
============================================================================
$ cvs diff -u -r1.80 -r1.81 perl.spec
--- openpkg-src/perl/perl.spec 15 Sep 2003 13:28:52 -0000 1.80
+++ openpkg-src/perl/perl.spec 26 Sep 2003 07:34:19 -0000 1.81
@@ -32,8 +32,8 @@
Distribution: OpenPKG [CORE]
Group: Language
License: GPL/Artistic
-Version: 5.8.0
-Release: 20030915
+Version: 5.8.1
+Release: 20030926
# list of sources
Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6742 -r1.6743 news.txt
--- openpkg-web/news.txt 26 Sep 2003 07:32:31 -0000 1.6742
+++ openpkg-web/news.txt 26 Sep 2003 07:34:17 -0000 1.6743
@@ -1,3 +1,4 @@
+26-Sep-2003: Upgraded package: P<perl-5.8.1-20030926>
26-Sep-2003: Upgraded package: P<iozone-3.201-20030926>
26-Sep-2003: Upgraded package: P<mplayer-1.0pre1-20030926>
26-Sep-2003: Upgraded package: P<l2-0.9.4-20030926>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
