Commit 4f97252e authored by Niko Tyni's avatar Niko Tyni

update to debian/5.8.8-1

parent 7f3b0e25
......@@ -1289,8 +1289,7 @@ defvoidused=15
: List of libraries we want.
: If anyone needs extra -lxxx, put those in a hint file.
libswanted="sfio socket bind inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun"
libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD"
libswanted='gdbm gdbm_compat db dl m c crypt'
: We probably want to search /usr/shlib before most other libraries.
: This is only used by the lib/ExtUtils/MakeMaker.pm routine extliblist.
glibpth=`echo " $glibpth " | sed -e 's! /usr/shlib ! !'`
......@@ -20024,7 +20023,7 @@ set mntent.h i_mntent
eval $inhdr
: see if ndbm.h is available
set ndbm.h t_ndbm
set gdbm-ndbm.h t_ndbm
eval $inhdr
case "$t_ndbm" in
......@@ -20875,7 +20874,7 @@ sunos*X4*)
;;
*) case "$usedl" in
$define|true|[yY]*)
set X `echo " $libs " | sed -e 's@ -lndbm @ @' -e 's@ -lgdbm @ @' -e 's@ -ldbm @ @' -e 's@ -ldb @ @'`
set X `echo " $libs " | sed -e 's@ -lgdbm @ @' -e 's@ -lgdbm_compat @ @' -e 's@ -ldb @ @'`
shift
perllibs="$*"
;;
......
......@@ -43,12 +43,7 @@ case "$useshrplib" in
true)
# Prefix all runs of 'miniperl' and 'perl' with
# $ldlibpth so that ./perl finds *this* shared libperl.
case "$LD_LIBRARY_PATH" in
'')
ldlibpth="LD_LIBRARY_PATH=`pwd`";;
*)
ldlibpth="LD_LIBRARY_PATH=`pwd`:${LD_LIBRARY_PATH}";;
esac
ldlibpth=LD_LIBRARY_PATH=`pwd`'$${LD_LIBRARY_PATH:+:}$$LD_LIBRARY_PATH'
pldlflags="$cccdlflags"
static_target='static_pic'
......@@ -101,7 +96,7 @@ true)
;;
esac
case "$ldlibpthname" in
'') ;;
''|LD_LIBRARY_PATH) ;;
*)
case "$osname" in
os2)
......
......@@ -109,7 +109,11 @@ for file do
pp) ;;
pp_ctl) ;;
pp_hot) ;;
pp_pack) ;;
pp_pack)
case $archname in
arm-*|armeb-*)
optimize=-Os;;
esac;;
pp_sys) ;;
regcomp) ;;
regexec) ;;
......
This diff is collapsed.
......@@ -2,17 +2,17 @@ Source: perl
Section: perl
Priority: standard
Maintainer: Brendan O'Dea <bod@debian.org>
Standards-Version: 3.6.1
Build-Depends: file, cpio (>= 2.6-5), libdb4.3-dev, libgdbm-dev, netbase [!hurd-i386], gcc (>= 4:4.0)
Standards-Version: 3.6.2
Build-Depends: file, cpio (>= 2.6-5), libdb4.4-dev, libgdbm-dev, netbase [!hurd-i386], gcc (>= 4:4.0)
Package: perl-base
Essential: yes
Priority: required
Architecture: any
Pre-Depends: ${shlibs:Depends}
Conflicts: perl-5.004-base (<< 6), perl-5.005-base (<< 6), perl-5.6-base (<< 6), data-dumper, autoconf2.13 (<< 2.13-45), libscalar-list-utils-perl (<< 1:1.13-1)
Conflicts: perl-5.004-base (<< 6), perl-5.005-base (<< 6), perl-5.6-base (<< 6), autoconf2.13 (<< 2.13-45), libscalar-list-utils-perl (<< 1:1.18-1)
Replaces: perl-5.005-base (<< 6), perl-5.6-base (<< 6), perl (<< 5.8.0-9), perl-modules (<< 5.8.4-5), libperl5.8 (<< 5.8.0-20), libscalar-list-utils-perl, libclass-multimethods-perl (<< 1.70-4)
Provides: perl5-base, ${perlapi:Provides}, data-dumper, libscalar-list-utils-perl
Provides: perl5-base, ${perlapi:Provides}, libscalar-list-utils-perl
Suggests: perl
Description: The Pathologically Eclectic Rubbish Lister
A scripting language with delusions of full language-hood, Perl is used
......@@ -50,7 +50,7 @@ Package: perl-modules
Priority: standard
Architecture: all
Depends: perl (>= ${Upstream-Version}-1)
Conflicts: libpod-parser-perl (<< 1.30-1), libansicolor-perl (<< 1.09-1), libfile-temp-perl (<< 0.16-1), libnet-perl (<< 1:1.17-1), libattribute-handlers-perl (<< 0.78-1), libcgi-pm-perl (<< 3.10-1), libi18n-langtags-perl (<< 0.35-1), liblocale-maketext-perl (<< 1.08-1), libmath-bigint-perl (<< 1.77-1), libnet-ping-perl (<< 2.31-1), libtest-harness-perl (<< 2.48-1), libtest-simple-perl (<< 0.54-1), liblocale-codes-perl (<< 2.06.1-1)
Conflicts: libpod-parser-perl (<< 1.32-1), libansicolor-perl (<< 1.10-1), libfile-temp-perl (<< 0.16-1), libnet-perl (<< 1:1.17-1), libattribute-handlers-perl (<< 0.78_02-1), libcgi-pm-perl (<< 3.15-1), libi18n-langtags-perl (<< 0.35-1), liblocale-maketext-perl (<< 1.08-1), libmath-bigint-perl (<< 1.77-1), libnet-ping-perl (<< 2.31-1), libtest-harness-perl (<< 2.56-1), libtest-simple-perl (<< 0.62-1), liblocale-codes-perl (<< 2.06.1-1)
Replaces: libpod-parser-perl, libansicolor-perl, libfile-temp-perl, libnet-perl, libattribute-handlers-perl, libcgi-pm-perl, libi18n-langtags-perl, liblocale-maketext-perl, libmath-bigint-perl, libnet-ping-perl, libtest-harness-perl, libtest-simple-perl, liblocale-codes-perl
Provides: libpod-parser-perl, libansicolor-perl, libfile-temp-perl, libnet-perl, libattribute-handlers-perl, libcgi-pm-perl, libi18n-langtags-perl, liblocale-maketext-perl, libmath-bigint-perl, libnet-ping-perl, libtest-harness-perl, libtest-simple-perl, liblocale-codes-perl
Description: Core Perl modules
......@@ -113,9 +113,9 @@ Package: perl
Priority: standard
Architecture: any
Depends: perl-base (= ${Source-Version}), perl-modules (>= ${Source-Version}), ${shlibs:Depends}
Conflicts: perl-5.004 (<< 6), perl-5.005 (<< 6), perl-5.6 (<< 6), perl-doc (<< ${Upstream-Version}-1), libdigest-md5-perl (<< 2.33-1), libmime-base64-perl (<< 3.05-1), libtime-hires-perl (<< 1.66-1), libstorable-perl (<< 2.12-1)
Replaces: perl-5.005 (<< 6), perl-5.6 (<< 6), perl-doc (<< 5.8.0-1), perl-modules (<< 5.8.1-1), libdigest-md5-perl, libmime-base64-perl, libtime-hires-perl, libstorable-perl
Provides: perl5, libdigest-md5-perl, libmime-base64-perl, libtime-hires-perl, libstorable-perl
Conflicts: data-dumper, perl-5.004 (<< 6), perl-5.005 (<< 6), perl-5.6 (<< 6), perl-doc (<< ${Upstream-Version}-1), libdigest-md5-perl (<< 3.07-1), libmime-base64-perl (<< 3.07-1), libtime-hires-perl (<< 1.86-1), libstorable-perl (<< 2.15-1)
Replaces: perl-base (<< 5.8.8-1), perl-5.005 (<< 6), perl-5.6 (<< 6), perl-doc (<< 5.8.0-1), perl-modules (<< 5.8.1-1), libdigest-md5-perl, libmime-base64-perl, libtime-hires-perl, libstorable-perl
Provides: data-dumper, perl5, libdigest-md5-perl, libmime-base64-perl, libtime-hires-perl, libstorable-perl
Recommends: perl-doc
Suggests: libterm-readline-gnu-perl | libterm-readline-perl-perl
Description: Larry Wall's Practical Extraction and Report Language
......
Revert DynaLoader to 5.8.3 version so as not to break programs linked
with pre-5.8.4 libperl.so (and DynaLoader.a).
diff -Naur --exclude=debian perl-5.8.7.orig/ext/DynaLoader/DynaLoader_pm.PL perl-5.8.7/ext/DynaLoader/DynaLoader_pm.PL
--- perl-5.8.7.orig/ext/DynaLoader/DynaLoader_pm.PL 2004-11-23 02:32:13.000000000 +1100
+++ perl-5.8.7/ext/DynaLoader/DynaLoader_pm.PL 2005-06-02 23:34:24.000000000 +1000
diff -Naur --exclude=debian perl-5.8.8.orig/ext/DynaLoader/DynaLoader_pm.PL perl-5.8.8/ext/DynaLoader/DynaLoader_pm.PL
--- perl-5.8.8.orig/ext/DynaLoader/DynaLoader_pm.PL 2004-11-23 02:32:13.000000000 +1100
+++ perl-5.8.8/ext/DynaLoader/DynaLoader_pm.PL 2006-02-01 23:34:15.000000000 +1100
@@ -29,7 +29,7 @@
use vars qw($VERSION *AUTOLOAD);
......@@ -50,10 +50,10 @@ diff -Naur --exclude=debian perl-5.8.7.orig/ext/DynaLoader/DynaLoader_pm.PL perl
=item dl_error()
Syntax:
diff -Naur --exclude=debian perl-5.8.7.orig/ext/DynaLoader/XSLoader_pm.PL perl-5.8.7/ext/DynaLoader/XSLoader_pm.PL
--- perl-5.8.7.orig/ext/DynaLoader/XSLoader_pm.PL 2004-05-30 19:41:19.000000000 +1000
+++ perl-5.8.7/ext/DynaLoader/XSLoader_pm.PL 2005-06-02 23:34:24.000000000 +1000
@@ -115,7 +115,6 @@
diff -Naur --exclude=debian perl-5.8.8.orig/ext/DynaLoader/XSLoader_pm.PL perl-5.8.8/ext/DynaLoader/XSLoader_pm.PL
--- perl-5.8.8.orig/ext/DynaLoader/XSLoader_pm.PL 2005-10-16 23:50:05.000000000 +1000
+++ perl-5.8.8/ext/DynaLoader/XSLoader_pm.PL 2006-02-01 23:34:15.000000000 +1100
@@ -118,7 +118,6 @@
my $xs = dl_install_xsub("${module}::bootstrap", $boot_symbol_ref, $file);
# See comment block above
......@@ -61,9 +61,9 @@ diff -Naur --exclude=debian perl-5.8.7.orig/ext/DynaLoader/XSLoader_pm.PL perl-5
return &$xs(@_);
retry:
diff -Naur --exclude=debian perl-5.8.7.orig/ext/DynaLoader/dl_hpux.xs perl-5.8.7/ext/DynaLoader/dl_hpux.xs
--- perl-5.8.7.orig/ext/DynaLoader/dl_hpux.xs 2004-01-20 08:54:32.000000000 +1100
+++ perl-5.8.7/ext/DynaLoader/dl_hpux.xs 2005-06-02 23:34:24.000000000 +1000
diff -Naur --exclude=debian perl-5.8.8.orig/ext/DynaLoader/dl_hpux.xs perl-5.8.8/ext/DynaLoader/dl_hpux.xs
--- perl-5.8.8.orig/ext/DynaLoader/dl_hpux.xs 2004-01-20 08:54:32.000000000 +1100
+++ perl-5.8.8/ext/DynaLoader/dl_hpux.xs 2006-02-01 23:34:15.000000000 +1100
@@ -102,19 +102,6 @@
sv_setiv( ST(0), PTR2IV(obj) );
......
Add simple manpage for instmodsh.
diff -Naur --exclude=debian perl-5.8.7.orig/lib/ExtUtils/instmodsh perl-5.8.7/lib/ExtUtils/instmodsh
--- perl-5.8.7.orig/lib/ExtUtils/instmodsh 2004-01-06 09:34:59.000000000 +1100
+++ perl-5.8.7/lib/ExtUtils/instmodsh 2005-06-02 23:31:47.000000000 +1000
@@ -137,3 +137,28 @@
toplevel();
################################################################################
+
+__END__
+
+=head1 NAME
+
+instmodsh - interactive inventory for installed Perl modules
+
+=head1 SYNOPSIS
+
+instmodsh
+
+=head1 DESCRIPTION
+
+C<instmodsh> provides an interactive shell to query details of
+installed Perl modules.
+
+The shell provides a list of installed modules, each of which
+may be queried to to list files and directories, checked for missing
+files or packaged up as a tar archive.
+
+=head1 SEE ALSO
+
+ExtUtils::Installed(3perl)
+
+=cut
......@@ -4,76 +4,12 @@ CAN-2004-0976:
2.1, and possibly other operating systems, allows local users to
overwrite files via a symlink attack on temporary files.
* An example in MakeMaker.pm that suggets setting PREFIX=/tmp/myperl5
and another that suggets setting DESTDIR=/tmp/
* Insecure use of /tmp file in instmodsh.
* Insecure use of /tmp file in lib/Memoize/t/tie.t, tie_gdbm.t, tie_ndbm.t,
tie_sdbm.t, tie_storable.t, probably exploitable at build time if these
tests are run.
* Insecure use of /tmp file in lib/Memoize/t/tie.t, tie_gdbm.t, tie_ndbm.t,
tie_sdbm.t, tie_storable.t, probably exploitable at build time if these
tests are run.
Also fix a quote typo in utils/c2ph.PL .
diff -Naur --exclude=debian perl-5.8.7.orig/lib/ExtUtils/MakeMaker.pm perl-5.8.7/lib/ExtUtils/MakeMaker.pm
--- perl-5.8.7.orig/lib/ExtUtils/MakeMaker.pm 2004-01-06 09:34:59.000000000 +1100
+++ perl-5.8.7/lib/ExtUtils/MakeMaker.pm 2005-06-02 23:38:22.000000000 +1000
@@ -1013,7 +1013,7 @@
The Makefile to be produced may be altered by adding arguments of the
form C<KEY=VALUE>. E.g.
- perl Makefile.PL PREFIX=/tmp/myperl5
+ perl Makefile.PL PREFIX=~/myperl5
Other interesting targets in the generated Makefile are
@@ -1355,13 +1355,13 @@
This is the root directory into which the code will be installed. It
I<prepends itself to the normal prefix>. For example, if your code
-would normally go into /usr/local/lib/perl you could set DESTDIR=/tmp/
-and installation would go into /tmp/usr/local/lib/perl.
+would normally go into /usr/local/lib/perl you could set DESTDIR=/other/
+and installation would go into /other/usr/local/lib/perl.
This is primarily of use for people who repackage Perl modules.
NOTE: Due to the nature of make, it is important that you put the trailing
-slash on your DESTDIR. "/tmp/" not "/tmp".
+slash on your DESTDIR. "/other/" not "/other".
=item DIR
diff -Naur --exclude=debian perl-5.8.7.orig/lib/ExtUtils/instmodsh perl-5.8.7/lib/ExtUtils/instmodsh
--- perl-5.8.7.orig/lib/ExtUtils/instmodsh 2004-01-06 09:34:59.000000000 +1100
+++ perl-5.8.7/lib/ExtUtils/instmodsh 2005-06-02 23:38:22.000000000 +1000
@@ -2,6 +2,7 @@
use strict;
use IO::File;
+use File::Temp;
use ExtUtils::Packlist;
use ExtUtils::Installed;
@@ -58,16 +59,12 @@
$reply =~ /^t\s*/ and do
{
my $file = (split(' ', $reply))[1];
- my $tmp = "/tmp/inst.$$";
- if (my $fh = IO::File->new($tmp, "w"))
- {
- $fh->print(join("\n", $Inst->files($module)));
- $fh->close();
- system("tar cvf $file -I $tmp");
- unlink($tmp);
- last CASE;
- }
- else { print("Can't open $file: $!\n"); }
+ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1);
+ $fh->print(join("\n", $Inst->files($module)));
+ $fh->close();
+ # This used to use -I which is wrong for GNU tar.
+ system("tar cvf $file -T $tmp");
+ unlink($tmp);
last CASE;
};
$reply eq 'v' and do
diff -Naur --exclude=debian perl-5.8.7.orig/lib/Memoize/t/tie.t perl-5.8.7/lib/Memoize/t/tie.t
--- perl-5.8.7.orig/lib/Memoize/t/tie.t 2002-07-13 05:56:19.000000000 +1000
+++ perl-5.8.7/lib/Memoize/t/tie.t 2005-06-02 23:38:22.000000000 +1000
......
Escape dashes in verbatim text to have groff render them as-is rather
than as \x{2010}.
diff -Naur --exclude=debian perl-5.8.7.orig/lib/Pod/Man.pm perl-5.8.7/lib/Pod/Man.pm
--- perl-5.8.7.orig/lib/Pod/Man.pm 2003-03-31 21:16:36.000000000 +1000
+++ perl-5.8.7/lib/Pod/Man.pm 2005-06-02 23:54:54.000000000 +1000
diff -Naur --exclude=debian perl-5.8.8.orig/lib/Pod/Man.pm perl-5.8.8/lib/Pod/Man.pm
--- perl-5.8.8.orig/lib/Pod/Man.pm 2003-03-31 21:16:36.000000000 +1000
+++ perl-5.8.8/lib/Pod/Man.pm 2006-02-01 23:39:27.000000000 +1100
@@ -517,6 +517,7 @@
my $lines = tr/\n/\n/;
1 while s/^(.*?)(\t+)/$1 . ' ' x (length ($2) * 8 - length ($1) % 8)/me;
......@@ -12,9 +12,9 @@ diff -Naur --exclude=debian perl-5.8.7.orig/lib/Pod/Man.pm perl-5.8.7/lib/Pod/Ma
s/^(\s*\S)/'\&' . $1/gme;
$self->makespace;
$self->output (".Vb $lines\n$_.Ve\n");
diff -Naur --exclude=debian perl-5.8.7.orig/lib/Pod/t/basic.man perl-5.8.7/lib/Pod/t/basic.man
--- perl-5.8.7.orig/lib/Pod/t/basic.man 2002-01-03 01:33:15.000000000 +1100
+++ perl-5.8.7/lib/Pod/t/basic.man 2005-06-02 23:54:54.000000000 +1000
diff -Naur --exclude=debian perl-5.8.8.orig/lib/Pod/t/basic.man perl-5.8.8/lib/Pod/t/basic.man
--- perl-5.8.8.orig/lib/Pod/t/basic.man 2002-01-03 01:33:15.000000000 +1100
+++ perl-5.8.8/lib/Pod/t/basic.man 2006-02-01 23:39:27.000000000 +1100
@@ -332,7 +332,7 @@
.PP
.Vb 2
......
SECURITY [CAN-2005-0448]:
Rewrite File::Path::rmtree to avoid race condition which allows an
attacker with write permission on directories in the tree being
removed to make files setuid or to remove arbitrary files (see
http://bugs.debian.org/286905 and http://bugs.debian.org/286922).
diff -Naur --exclude=debian perl-5.8.7.orig/lib/File/Path.pm perl-5.8.7/lib/File/Path.pm
--- perl-5.8.7.orig/lib/File/Path.pm 2005-05-06 02:00:32.000000000 +1000
+++ perl-5.8.7/lib/File/Path.pm 2005-06-02 23:49:34.000000000 +1000
@@ -72,33 +72,17 @@
=item *
-a boolean value, which if TRUE will cause C<rmtree> to
-skip any files to which you do not have delete access
-(if running under VMS) or write access (if running
-under another OS). This will change in the future when
-a criterion for 'delete permission' under OSs other
-than VMS is settled. (defaults to FALSE)
+a boolean value, which if FALSE (the default for non-root users) will
+cause C<rmtree> to adjust the mode of directories (if required) prior
+to attempting to remove the contents. Note that on interruption or
+failure of C<rmtree>, directories may be left with more permissive
+modes for the owner.
=back
It returns the number of files successfully deleted. Symlinks are
simply deleted and not followed.
-B<NOTE:> There are race conditions internal to the implementation of
-C<rmtree> making it unsafe to use on directory trees which may be
-altered or moved while C<rmtree> is running, and in particular on any
-directory trees with any path components or subdirectories potentially
-writable by untrusted users.
-
-Additionally, if the third parameter is not TRUE and C<rmtree> is
-interrupted, it may leave files and directories with permissions altered
-to allow deletion (and older versions of this module would even set
-files and directories to world-read/writable!)
-
-Note also that the occurrence of errors in C<rmtree> can be determined I<only>
-by trapping diagnostic messages using C<$SIG{__WARN__}>; it is not apparent
-from the return value.
-
=head1 DIAGNOSTICS
=over 4
@@ -124,6 +108,7 @@
use Exporter ();
use strict;
use warnings;
+use Cwd 'getcwd';
our $VERSION = "1.07";
our @ISA = qw( Exporter );
@@ -172,111 +157,129 @@
@created;
}
-sub rmtree {
- my($roots, $verbose, $safe) = @_;
- my(@files);
- my($count) = 0;
- $verbose ||= 0;
- $safe ||= 0;
-
- if ( defined($roots) && length($roots) ) {
- $roots = [$roots] unless ref $roots;
- }
- else {
- carp "No root path(s) specified\n";
- return 0;
- }
-
- my($root);
- foreach $root (@{$roots}) {
- if ($Is_MacOS) {
- $root = ":$root" if $root !~ /:/;
- $root =~ s#([^:])\z#$1:#;
- } else {
- $root =~ s#/\z##;
+sub _rmtree;
+sub _rmtree
+{
+ my ($path, $prefix, $up, $up_dev, $up_ino, $verbose, $safe) = @_;
+
+ my ($dev, $ino) = lstat $path or return 0;
+ unless (-d _)
+ {
+ print "unlink $prefix$path\n" if $verbose;
+ unless (unlink $path)
+ {
+ carp "Can't remove file $prefix$path ($!)";
+ return 0;
}
- (undef, undef, my $rp) = lstat $root or next;
- $rp &= 07777; # don't forget setuid, setgid, sticky bits
- if ( -d _ ) {
- # notabene: 0700 is for making readable in the first place,
- # it's also intended to change it to writable in case we have
- # to recurse in which case we are better than rm -rf for
- # subtrees with strange permissions
- chmod($rp | 0700, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
- or carp "Can't make directory $root read+writeable: $!"
- unless $safe;
-
- if (opendir my $d, $root) {
- no strict 'refs';
- if (!defined ${"\cTAINT"} or ${"\cTAINT"}) {
- # Blindly untaint dir names
- @files = map { /^(.*)$/s ; $1 } readdir $d;
- } else {
- @files = readdir $d;
- }
- closedir $d;
- }
- else {
- carp "Can't read $root: $!";
- @files = ();
- }
- # Deleting large numbers of files from VMS Files-11 filesystems
- # is faster if done in reverse ASCIIbetical order
- @files = reverse @files if $Is_VMS;
- ($root = VMS::Filespec::unixify($root)) =~ s#\.dir\z## if $Is_VMS;
- if ($Is_MacOS) {
- @files = map("$root$_", @files);
- } else {
- @files = map("$root/$_", grep $_!~/^\.{1,2}\z/s,@files);
- }
- $count += rmtree(\@files,$verbose,$safe);
- if ($safe &&
- ($Is_VMS ? !&VMS::Filespec::candelete($root) : !-w $root)) {
- print "skipped $root\n" if $verbose;
- next;
- }
- chmod $rp | 0700, $root
- or carp "Can't make directory $root writeable: $!"
- if $force_writeable;
- print "rmdir $root\n" if $verbose;
- if (rmdir $root) {
- ++$count;
- }
- else {
- carp "Can't remove directory $root: $!";
- chmod($rp, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
- or carp("and can't restore permissions to "
- . sprintf("0%o",$rp) . "\n");
- }
- }
- else {
- if ($safe &&
- ($Is_VMS ? !&VMS::Filespec::candelete($root)
- : !(-l $root || -w $root)))
- {
- print "skipped $root\n" if $verbose;
- next;
- }
- chmod $rp | 0600, $root
- or carp "Can't make file $root writeable: $!"
- if $force_writeable;
- print "unlink $root\n" if $verbose;
- # delete all versions under VMS
- for (;;) {
- unless (unlink $root) {
- carp "Can't unlink file $root: $!";
- if ($force_writeable) {
- chmod $rp, $root
- or carp("and can't restore permissions to "
- . sprintf("0%o",$rp) . "\n");
- }
- last;
- }
- ++$count;
- last unless $Is_VMS && lstat $root;
- }
+ return 1;
+ }
+
+ unless (chdir $path)
+ {
+ carp "Can't chdir to $prefix$path ($!)";
+ return 0;
+ }
+
+ # avoid a race condition where a directory may be replaced by a
+ # symlink between the lstat and the chdir
+ my ($new_dev, $new_ino, $perm) = stat '.';
+ unless ("$new_dev:$new_ino" eq "$dev:$ino")
+ {
+ croak "Directory $prefix$path changed before chdir, aborting";
+ }
+
+ $perm &= 07777;
+ my $nperm = $perm | 0700;
+ unless ($safe or $nperm == $perm or chmod $nperm, '.')
+ {
+ carp "Can't make directory $prefix$path read+writeable ($!)";
+ $nperm = $perm;
+ }
+
+ my $count = 0;
+ if (opendir my $dir, '.')
+ {
+ my $entry;
+ while (defined ($entry = readdir $dir))
+ {
+ next if $entry =~ /^\.\.?$/;
+ $entry =~ /^(.*)$/s; $entry = $1; # untaint
+ $count += _rmtree $entry, "$prefix$path/", '..', $dev, $ino,
+ $verbose, $safe;
}
+
+ closedir $dir;
+ }
+
+ # restore directory permissions if required (in case the rmdir
+ # below fails) now, while we're still in the directory and may do
+ # so without a race via '.'
+ unless ($nperm == $perm or chmod $perm, '.')
+ {
+ carp "Can't restore permissions on directory $prefix$path ($!)";
+ }
+
+ # don't leave the caller in an unexpected directory
+ unless (chdir $up)
+ {
+ croak "Can't return to $up from $prefix$path ($!)";
+ }
+
+ # ensure that a chdir .. didn't take us somewhere other than
+ # where we expected (see CVE-2002-0435)
+ unless (($new_dev, $new_ino) = stat '.'
+ and "$new_dev:$new_ino" eq "$up_dev:$up_ino")
+ {
+ croak "Previous directory $up changed since entering $prefix$path";
+ }
+
+ print "rmdir $prefix$path\n" if $verbose;
+ if (rmdir $path)
+ {
+ $count++;
+ }
+ else
+ {
+ carp "Can't remove directory $prefix$path ($!)";
+ }
+
+ return $count;
+}
+
+sub rmtree
+{
+ my ($p, $verbose, $safe) = @_;
+ $p = [] unless defined $p and length $p;
+ $p = [ $p ] unless ref $p;
+ my @paths = grep defined && length, @$p;
+
+ # default to "unsafe" for non-root (will chmod dirs)
+ $safe = $> ? 0 : 1 unless defined $safe;
+
+ unless (@paths)
+ {
+ carp "No root path(s) specified";
+ return;
+ }
+
+ my $oldpwd = getcwd or do {
+ carp "Can't fetch initial working directory";
+ return;
+ };
+
+ my ($dev, $ino) = stat '.' or do {
+ carp "Can't stat initial working directory";
+ return;
+ };
+
+ # untaint
+ for ($oldpwd) { /^(.*)$/s; $_ = $1 }
+
+ my $count = 0;
+ for my $path (@paths)
+ {
+ $count += _rmtree $path, '', $oldpwd, $dev, $ino, $verbose, $safe;
}
$count;
Fix precedence.
diff -Naur --exclude=debian perl-5.8.7.orig/lib/Net/NNTP.pm perl-5.8.7/lib/Net/NNTP.pm
--- perl-5.8.7.orig/lib/Net/NNTP.pm 2004-05-06 23:36:05.000000000 +1000
+++ perl-5.8.7/lib/Net/NNTP.pm 2005-06-02 23:56:20.000000000 +1000
diff -Naur --exclude=debian perl-5.8.8.orig/lib/Net/NNTP.pm perl-5.8.8/lib/Net/NNTP.pm
--- perl-5.8.8.orig/lib/Net/NNTP.pm 2004-05-06 23:36:05.000000000 +1000
+++ perl-5.8.8/lib/Net/NNTP.pm 2006-02-01 23:41:48.000000000 +1100
@@ -120,7 +120,7 @@
my $nntp = shift;
my @fh;
......
......@@ -5,9 +5,33 @@ Change 25084 by davem@davem-splatty on 2005/07/05 18:17:34
buffer size. later at EOF, the apparent error got 'stuck' as
ERANGE rather than ENOENT, so the buffer size doubled recursively
diff -Naur --exclude=debian perl-5.8.7.orig/reentr.inc perl-5.8.7/reentr.inc
--- perl-5.8.7.orig/reentr.inc 2005-05-14 05:59:00.000000000 +1000
+++ perl-5.8.7/reentr.inc 2005-07-09 11:06:25.000000000 +1000
diff -Naur --exclude=debian perl-5.8.8.orig/reentr.c perl-5.8.8/reentr.c
--- perl-5.8.8.orig/reentr.c 2005-09-22 23:54:31.000000000 +1000
+++ perl-5.8.8/reentr.c 2006-02-02 00:00:13.000000000 +1100
@@ -2,7 +2,7 @@
*
* reentr.c
*
- * Copyright (C) 2002, 2003, 2005 by Larry Wall and others
+ * Copyright (C) 2002, 2003, 2005, 2006 by Larry Wall and others
*
* You may distribute under the terms of either the GNU General Public
* License or the Artistic License, as specified in the README file.
diff -Naur --exclude=debian perl-5.8.8.orig/reentr.h perl-5.8.8/reentr.h
--- perl-5.8.8.orig/reentr.h 2005-09-19 01:58:21.000000000 +1000
+++ perl-5.8.8/reentr.h 2006-02-02 00:00:13.000000000 +1100
@@ -2,7 +2,7 @@
*
* reentr.h
*
- * Copyright (C) 2002, 2003, 2005 by Larry Wall and others
+ * Copyright (C) 2002, 2003, 2005, 2006 by Larry Wall and others
*
* You may distribute under the terms of either the GNU General Public
* License or the Artistic License, as specified in the README file.
diff -Naur --exclude=debian perl-5.8.8.orig/reentr.inc perl-5.8.8/reentr.inc
--- perl-5.8.8.orig/reentr.inc 2005-09-19 01:58:21.000000000 +1000
+++ perl-5.8.8/reentr.inc 2006-02-02 00:00:13.000000000 +1100
@@ -146,34 +146,34 @@
# undef getgrent
# if !defined(getgrent) && GETGRENT_R_PROTO == REENTRANT_PROTO_I_SBWR
......@@ -1264,10 +1288,10 @@ diff -Naur --exclude=debian perl-5.8.7.orig/reentr.inc perl-5.8.7/reentr.inc
}
# endif
# endif
diff -Naur --exclude=debian perl-5.8.7.orig/reentr.pl perl-5.8.7/reentr.pl
--- perl-5.8.7.orig/reentr.pl 2005-05-14 05:58:38.000000000 +1000
+++ perl-5.8.7/reentr.pl 2005-07-09 11:04:29.000000000 +1000
@@ -702,7 +702,7 @@
diff -Naur --exclude=debian perl-5.8.8.orig/reentr.pl perl-5.8.8/reentr.pl
--- perl-5.8.8.orig/reentr.pl 2006-01-03 01:43:56.000000000 +1100
+++ perl-5.8.8/reentr.pl 2006-02-01 23:59:20.000000000 +1100
@@ -711,7 +711,7 @@
if ($func =~ /^get/) {
my $rv = $v ? ", $v" : "";
if ($r eq 'I') {
......
Don't add -fPIC if already present.
diff -Naur --exclude=debian perl-5.8.8.orig/hints/linux.sh perl-5.8.8/hints/linux.sh
--- perl-5.8.8.orig/hints/linux.sh 2005-11-18 12:18:45.000000000 +1100
+++ perl-5.8.8/hints/linux.sh 2006-02-03 00:19:15.000000000 +1100
@@ -260,6 +260,7 @@
sparc*)
case "$cccdlflags" in
*-fpic*) cccdlflags="`echo $cccdlflags|sed 's/-fpic/-fPIC/'`" ;;
+ *-fPIC*) ;;
*) cccdlflags="$cccdlflags -fPIC" ;;
esac
;;
This diff is collapsed.
Bug#334516: Program termination message suggests the obsolete O command
rather than o to set options.
diff -Naur --exclude=debian perl-5.8.7.orig/lib/perl5db.pl perl-5.8.7/lib/perl5db.pl
--- perl-5.8.7.orig/lib/perl5db.pl 2004-12-30 10:21:10.000000000 +1100
+++ perl-5.8.7/lib/perl5db.pl 2005-10-29 07:12:16.000000000 +1000
@@ -2034,8 +2034,8 @@
$term || &setterm;
print_help(<<EOP);
Debugged program terminated. Use B<q> to quit or B<R> to restart,
- use B<O> I<inhibit_exit> to avoid stopping after program termination,
- B<h q>, B<h R> or B<h O> to get additional info.
+ use B<o> I<inhibit_exit> to avoid stopping after program termination,
+ B<h q>, B<h R> or B<h o> to get additional info.
EOP
# Set the DB::eval context appropriately.
Bug#303308: Patch for Perl untaint bug (blead #25932).
diff --exclude=debian -Naur perl-5.8.7.orig/mg.c perl-5.8.7/mg.c
--- perl-5.8.7.orig/mg.c 2005-04-23 00:12:49.000000000 +1000
+++ perl-5.8.7/mg.c 2005-11-02 01:36:07.000000000 +1100
@@ -768,7 +768,10 @@
getrx:
if (i >= 0) {
+ int oldtainted = PL_tainted;
+ TAINT_NOT;
sv_setpvn(sv, s, i);
+ PL_tainted = oldtainted;
if (RX_MATCH_UTF8(rx) && is_utf8_string((U8*)s, i))
SvUTF8_on(sv);
else
Use alternate mechanism to locate gcc include directory as recent
versions of gcc emit "Using built-in specs." rather than a path.
diff --exclude=debian -Naur perl-5.8.7.orig/utils/h2ph.PL perl-5.8.7/utils/h2ph.PL
--- perl-5.8.7.orig/utils/h2ph.PL 2005-04-05 07:47:17.000000000 +1000
+++ perl-5.8.7/utils/h2ph.PL 2005-11-13 11:06:37.000000000 +1100
@@ -734,10 +734,13 @@
# non-GCC?) C compilers, but gcc uses an additional include directory.
sub inc_dirs
{
- my $from_gcc = `$Config{cc} -v 2>&1`;
- $from_gcc =~ s:^Reading specs from (.*?)/specs\b.*:$1/include:s;
-
- length($from_gcc) ? ($from_gcc, $Config{usrinc}) : ($Config{usrinc});
+ my @inc = $Config{usrinc};
+ my $from_gcc = `$Config{cc} --print-libgcc-file-name 2>&1`;
+ if ($from_gcc =~ s!/libgcc\..*!/include!s and -d $from_gcc)
+ {
+ unshift @inc, $from_gcc;
+ }
+ @inc;
}
SECURITY [CVE-2005-3962]: Upstream fixes to prevent buffer overflows
in printf/sprintf caused by malicious format strings.