diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-31 15:17:32 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-31 15:17:32 +0000 |
| commit | 688926b9e5cfa7f14e59ab8e8875d5bed5e26880 (patch) | |
| tree | 1a8fd6d1e9b9f6f9cee4fe544b63ebf412960f11 /main/perl | |
| parent | e2e255c03845c49b0e24925cf4b307972b1731f9 (diff) | |
| download | aports-688926b9e5cfa7f14e59ab8e8875d5bed5e26880.tar.bz2 aports-688926b9e5cfa7f14e59ab8e8875d5bed5e26880.tar.xz | |
main/perl: security fix (CVE-2011-3597)
fixes #973
Diffstat (limited to 'main/perl')
| -rw-r--r-- | main/perl/APKBUILD | 14 | ||||
| -rw-r--r-- | main/perl/CVE-2011-3597.patch | 28 |
2 files changed, 39 insertions, 3 deletions
diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD index 5090caaf0..21a54bb4d 100644 --- a/main/perl/APKBUILD +++ b/main/perl/APKBUILD @@ -2,12 +2,14 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=perl pkgver=5.14.2 -pkgrel=0 +pkgrel=1 pkgdesc="Larry Wall's Practical Extraction and Report Language" url=http://www.perl.org arch="all" license="Artistic GPL-2" -source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz" +source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz + CVE-2011-3597.patch + " depends= subpackages="$pkgname-dev $pkgname-doc miniperl" @@ -15,6 +17,11 @@ _builddir="$srcdir/$pkgname-$pkgver" prepare() { cd $_builddir + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done sed -i -e 's/less -R/less/g' ./Configure sed -i -e 's/libswanted="\(.*\) nsl\(.*\)"/libswanted="\1\2"/g' ./Configure } @@ -65,4 +72,5 @@ miniperl() { cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin" } -md5sums="3306fbaf976dcebdcd49b2ac0be00eb9 perl-5.14.2.tar.gz" +md5sums="3306fbaf976dcebdcd49b2ac0be00eb9 perl-5.14.2.tar.gz +0212067da7d533fe3939c0984cad4243 CVE-2011-3597.patch" diff --git a/main/perl/CVE-2011-3597.patch b/main/perl/CVE-2011-3597.patch new file mode 100644 index 000000000..dc7cc2d74 --- /dev/null +++ b/main/perl/CVE-2011-3597.patch @@ -0,0 +1,28 @@ +From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Tue, 4 Oct 2011 13:46:39 +0200 +Subject: [PATCH] Fix code injection in Digest + +See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details. +--- + cpan/Digest/Digest.pm | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm +index 384dfc8..4b923ae 100644 +--- a/cpan/Digest/Digest.pm ++++ b/cpan/Digest/Digest.pm +@@ -35,7 +35,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; +-- +1.7.6.4 + |