head 1.29; access; symbols OPENPKG_E1_MP_HEAD:1.19 OPENPKG_E1_MP:1.19 OPENPKG_E1_MP_2_STABLE:1.19 OPENPKG_E1_FP:1.19 OPENPKG_2_STABLE_MP:1.19 OPENPKG_2_STABLE_20061018:1.19 OPENPKG_2_STABLE_20060622:1.19 OPENPKG_2_STABLE:1.19.0.2 OPENPKG_2_STABLE_BP:1.19 OPENPKG_2_5_RELEASE:1.17 OPENPKG_2_5_SOLID:1.17.0.2 OPENPKG_2_5_SOLID_BP:1.17 OPENPKG_2_4_RELEASE:1.16 OPENPKG_2_4_SOLID:1.16.0.2 OPENPKG_2_4_SOLID_BP:1.16 OPENPKG_CW_FP:1.15 OPENPKG_2_3_RELEASE:1.15 OPENPKG_2_3_SOLID:1.15.0.2 OPENPKG_2_3_SOLID_BP:1.15 OPENPKG_2_2_RELEASE:1.12 OPENPKG_2_2_SOLID:1.12.0.4 OPENPKG_2_2_SOLID_BP:1.12 OPENPKG_2_1_RELEASE:1.12 OPENPKG_2_1_SOLID:1.12.0.2 OPENPKG_2_1_SOLID_BP:1.12 OPENPKG_2_0_RELEASE:1.11 OPENPKG_2_0_SOLID:1.11.0.2 OPENPKG_2_0_SOLID_BP:1.11 OPENPKG_1_3_RELEASE:1.6 OPENPKG_1_3_SOLID:1.6.0.6 OPENPKG_1_3_SOLID_BP:1.6 OPENPKG_1_STABLE_MP:1.6 OPENPKG_1_2_RELEASE:1.6 OPENPKG_1_2_SOLID:1.6.0.4 OPENPKG_1_2_SOLID_BP:1.6 OPENPKG_1_STABLE:1.6.0.2 OPENPKG_1_STABLE_BP:1.6 OPENPKG_1_1_RELEASE:1.4 OPENPKG_1_1_SOLID:1.4.0.2 OPENPKG_1_1_SOLID_BP:1.4; locks; strict; comment @# @; 1.29 date 2009.09.10.07.11.05; author rse; state Exp; branches; next 1.28; commitid na9ZGevk4WCOo63u; 1.28 date 2009.08.24.17.26.31; author rse; state Exp; branches; next 1.27; commitid ys9wezEfaMtPlY0u; 1.27 date 2008.12.25.18.04.40; author rse; state Exp; branches; next 1.26; commitid rqoMNecNhOjclSvt; 1.26 date 2008.03.28.14.28.21; author rse; state Exp; branches; next 1.25; commitid qNhulBYopEo3TTWs; 1.25 date 2007.12.19.13.17.30; author rse; state Exp; branches; next 1.24; commitid UlaSIi7ZzgO1I2Ks; 1.24 date 2007.11.08.07.39.35; author rse; state Exp; branches; next 1.23; commitid 6GDw6v36S41P9KEs; 1.23 date 2007.10.11.13.38.45; author rse; state Exp; branches; next 1.22; commitid 9LPMoppHQpLP2bBs; 1.22 date 2007.07.14.14.44.53; author rse; state Exp; branches; next 1.21; commitid l9go7zuz17wTgKps; 1.21 date 2007.06.01.15.18.35; author cs; state Exp; branches; next 1.20; commitid 1pbvBOlnuPC8Qdks; 1.20 date 2007.05.20.07.39.32; author rse; state Exp; branches; next 1.19; commitid DOCMQA5zu5dAGDis; 1.19 date 2006.02.01.20.38.52; author rse; state Exp; branches; next 1.18; commitid T4CHi0nEdiqxcVjr; 1.18 date 2005.12.03.13.01.56; author rse; state Exp; branches; next 1.17; commitid MFmMLAfpvxRoBacr; 1.17 date 2005.09.21.15.20.42; author rse; state Exp; branches 1.17.2.1; next 1.16; 1.16 date 2005.06.03.07.03.35; author rse; state Exp; branches 1.16.2.1; next 1.15; 1.15 date 2005.02.05.14.12.27; author rse; state Exp; branches 1.15.2.1; next 1.14; 1.14 date 2005.01.11.14.57.34; author thl; state Exp; branches; next 1.13; 1.13 date 2004.11.08.20.59.17; author rse; state Exp; branches; next 1.12; 1.12 date 2004.04.22.08.08.33; author rse; state Exp; branches 1.12.2.1 1.12.4.1; next 1.11; 1.11 date 2004.01.15.17.08.23; author ms; state Exp; branches; next 1.10; 1.10 date 2003.10.28.16.14.08; author rse; state Exp; branches; next 1.9; 1.9 date 2003.09.26.07.34.19; author rse; state Exp; branches; next 1.8; 1.8 date 2003.09.15.13.28.52; author thl; state Exp; branches; next 1.7; 1.7 date 2003.09.03.12.37.46; author rse; state Exp; branches; next 1.6; 1.6 date 2002.12.16.11.25.39; author rse; state Exp; branches 1.6.4.1 1.6.6.1; next 1.5; 1.5 date 2002.11.16.10.18.13; author rse; state dead; branches; next 1.4; 1.4 date 2002.08.26.16.32.48; author rse; state Exp; branches 1.4.2.1; next 1.3; 1.3 date 2002.08.26.15.05.11; author thl; state Exp; branches; next 1.2; 1.2 date 2002.06.05.14.54.08; author rse; state Exp; branches; next 1.1; 1.1 date 2002.05.19.13.37.52; author rse; state Exp; branches; next ; 1.17.2.1 date 2005.12.03.13.03.25; author rse; state Exp; branches; next ; commitid cHe61WikYPJTBacr; 1.16.2.1 date 2005.12.03.13.05.23; author rse; state Exp; branches; next ; commitid iOCL8iNNBUXzCacr; 1.15.2.1 date 2005.12.03.13.10.25; author rse; state Exp; branches; next ; commitid GwmecrqLYbFjEacr; 1.12.2.1 date 2005.01.11.14.57.59; author thl; state Exp; branches; next 1.12.2.2; 1.12.2.2 date 2005.02.05.14.26.54; author rse; state Exp; branches; next ; 1.12.4.1 date 2005.01.11.14.57.46; author thl; state Exp; branches; next 1.12.4.2; 1.12.4.2 date 2005.02.05.14.19.47; author rse; state Exp; branches; next ; 1.6.4.1 date 2003.09.15.13.43.01; author thl; state Exp; branches; next 1.6.4.2; 1.6.4.2 date 2003.10.21.09.06.50; author rse; state Exp; branches; next ; 1.6.6.1 date 2003.09.15.13.41.20; author thl; state Exp; branches; next 1.6.6.2; 1.6.6.2 date 2003.10.21.07.41.18; author rse; state Exp; branches; next ; 1.4.2.1 date 2002.12.16.12.16.36; author rse; state Exp; branches; next ; desc @@ 1.29 log @fix building under SUSE Linux @ text @By default, the "vendor" area is not used, so Perl's installation procedure forgot to create its top-level paths, too. In OpenPKG we use the "vendor" area, so make sure it is created the same way the "site" area is. Index: installperl --- installperl.orig 2009-08-14 00:40:10 +0200 +++ installperl 2009-08-24 09:37:51 +0200 @@@@ -197,6 +197,8 @@@@ my $installarchlib = "$opts{destdir}$Config{installarchlib}"; my $installsitelib = "$opts{destdir}$Config{installsitelib}"; my $installsitearch = "$opts{destdir}$Config{installsitearch}"; +my $installvendorlib = "$opts{destdir}$Config{installvendorlib}"; +my $installvendorarch = "$opts{destdir}$Config{installvendorarch}"; my $installman1dir = "$opts{destdir}$Config{installman1dir}"; my $man1ext = $Config{man1ext}; my $libperl = $Config{libperl}; @@@@ -356,6 +358,8 @@@@ mkpath($installarchlib, $opts{verbose}, 0777); mkpath($installsitelib, $opts{verbose}, 0777) if ($installsitelib); mkpath($installsitearch, $opts{verbose}, 0777) if ($installsitearch); +mkpath($installvendorlib, $opts{verbose}, 0777) if ($installvendorlib); +mkpath($installvendorarch, $opts{verbose}, 0777) if ($installvendorarch); if (chdir "lib") { $do_installarchlib = ! samepath($installarchlib, '.'); ----------------------------------------------------------------------------- By default, the Perl module search order is "use lib, -I, PERL[5]LIB, perl, site, vendor, other". This means that in OpenPKG both the modules installed via CPAN shell (in "site" area) and the "perl-xxx" packages (in "vendor" area) cannot override the (sometimes obsoleted) module versions distributed with Perl (in "perl" area). Hence, we change the search order to a more reasonable one for OpenPKG: "use lib, -I, PERL[5]LIB, site, vendor, perl, other". Index: perl.c --- perl.c.orig 2009-04-22 20:07:41 +0200 +++ perl.c 2009-08-24 09:36:28 +0200 @@@@ -4879,39 +4879,6 @@@@ incpush(APPLLIB_EXP, TRUE, TRUE, TRUE, TRUE); #endif -#ifdef ARCHLIB_EXP - incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE, TRUE); -#endif -#ifdef MACOS_TRADITIONAL - { - Stat_t tmpstatbuf; - SV * privdir = newSV(0); - char * macperl = PerlEnv_getenv("MACPERL"); - - if (!macperl) - macperl = ""; - - Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl); - if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) - incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE); - Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl); - if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) - incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE); - - SvREFCNT_dec(privdir); - } - if (!PL_tainting) - incpush(":", FALSE, FALSE, TRUE, FALSE); -#else -#ifndef PRIVLIB_EXP -# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl" -#endif -#if defined(WIN32) - incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE, TRUE); -#else - incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE, TRUE); -#endif - #ifdef SITEARCH_EXP /* sitearch is always relative to sitelib on Windows for * DLL-based path intuition to work correctly */ @@@@ -4954,6 +4921,39 @@@@ incpush(PERL_VENDORLIB_STEM, FALSE, TRUE, TRUE, TRUE); #endif +#ifdef ARCHLIB_EXP + incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE, TRUE); +#endif +#ifdef MACOS_TRADITIONAL + { + Stat_t tmpstatbuf; + SV * privdir = newSV(0); + char * macperl = PerlEnv_getenv("MACPERL"); + + if (!macperl) + macperl = ""; + + Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl); + if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) + incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE); + Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl); + if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) + incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE); + + SvREFCNT_dec(privdir); + } + if (!PL_tainting) + incpush(":", FALSE, FALSE, TRUE, FALSE); +#else +#ifndef PRIVLIB_EXP +# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl" +#endif +#if defined(WIN32) + incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE, TRUE); +#else + incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE, TRUE); +#endif + #ifdef PERL_OTHERLIBDIRS incpush(PERL_OTHERLIBDIRS, TRUE, TRUE, TRUE, TRUE); #endif ----------------------------------------------------------------------------- Port to [Open]Darwin 6.6.2: 1. In OpenPKG, Perl does not use the vendor GCC and our GCC does not understand "-no-cpp-precomp", so remove this build option. 2. The indirectly includes system specific headers which in turn have fields named "environ" while Perl uses a define of "environ" internally. So wrap the inclusion. 3. Darwin 6 no longer accepts the non-standard "#import" statements, so replace with "#include" and circumvent some header problem related to the non-standard "__private_extern__" attribute. Index: hints/darwin.sh --- hints/darwin.sh.orig 2009-04-14 20:38:15 +0200 +++ hints/darwin.sh 2009-08-24 09:36:28 +0200 @@@@ -120,9 +120,6 @@@@ *-2147483648) ccflags="${ccflags} -DINT32_MIN_BROKEN -DINT64_MIN_BROKEN" ;; esac -# Avoid Apple's cpp precompiler, better for extensions -cppflags="${cppflags} -no-cpp-precomp" - # This is necessary because perl's build system doesn't # apply cppflags to cc compile lines as it should. ccflags="${ccflags} ${cppflags}" @@@@ -182,8 +179,7 @@@@ esac ldlibpthname='DYLD_LIBRARY_PATH'; -# useshrplib=true results in much slower startup times. -# 'false' is the default value. Use Configure -Duseshrplib to override. +useshrplib='true' cat > UU/archname.cbu <<'EOCBU' # This script UU/archname.cbu will get 'called-back' by Configure Index: ext/DynaLoader/dl_dyld.xs --- ext/DynaLoader/dl_dyld.xs.orig 2009-04-15 22:51:42 +0200 +++ ext/DynaLoader/dl_dyld.xs 2009-08-24 09:36:28 +0200 @@@@ -47,7 +47,13 @@@@ #undef environ #undef bool +#ifdef PERL_DARWIN +#define __private_extern__ extern +#include +#undef __private_extern__ +#else #import +#endif static char *dlerror() { Index: perlio.c --- perlio.c.orig 2009-04-15 01:47:25 +0200 +++ perlio.c 2009-08-24 09:36:28 +0200 @@@@ -474,7 +474,14 @@@@ #include #endif #ifdef HAS_MMAP +#ifdef PERL_DARWIN +#define environ_safe environ +#undef environ #include +#define environ environ_safe +#else +#include +#endif #endif void ----------------------------------------------------------------------------- Port to Tru64 5.1: Under Tru64 our gcc has to be built without binutils and the system ld(1) does not accept a "-O" option, so remove the whole passing of optimization flags to ld(1). Under a brain-dead platform like Tru64 we really don't need any more optimization because we are already happy if it works at all. Index: hints/dec_osf.sh --- hints/dec_osf.sh.orig 2009-02-12 23:58:12 +0100 +++ hints/dec_osf.sh 2009-08-24 09:36:28 +0200 @@@@ -73,15 +73,6 @@@@ *) if $test "X$optimize" = "X$undef"; then lddlflags="$lddlflags -msym" else - case "$myosvers" in - *4.0D*) - # QAR 56761: -O4 + .so may produce broken code, - # fixed in 4.0E or better. - ;; - *) - lddlflags="$lddlflags $optimize" - ;; - esac # -msym: If using a sufficiently recent /sbin/loader, # keep the module symbols with the modules. lddlflags="$lddlflags -msym $_lddlflags_strict_ansi" ----------------------------------------------------------------------------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976 Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. Index: lib/CGI/Cookie.pm --- lib/CGI/Cookie.pm.orig 2009-02-12 23:58:12 +0100 +++ lib/CGI/Cookie.pm 2009-08-24 09:36:28 +0200 @@@@ -470,7 +470,7 @@@@ You may also retrieve cookies that were stored in some external form using the parse() class method: - $COOKIES = `cat /usr/tmp/Cookie_stash`; + $COOKIES = `cat /var/run/www/Cookie_stash`; %cookies = parse CGI::Cookie($COOKIES); If you are in a mod_perl environment, you can save some overhead by Index: lib/Shell.pm --- lib/Shell.pm.orig 2009-02-12 23:58:16 +0100 +++ lib/Shell.pm 2009-08-24 09:36:28 +0200 @@@@ -151,7 +151,7 @@@@ use Shell qw(cat ps cp); $passwd = cat('new; ----------------------------------------------------------------------------- Linker flag change for Solaris. Index: Configure --- Configure.orig 2009-08-18 21:03:53 +0200 +++ Configure 2009-08-24 09:36:28 +0200 @@@@ -8056,7 +8056,7 @@@@ ;; linux|irix*|gnu*) dflt="-shared $optimize" ;; next) dflt='none' ;; - solaris) dflt='-G' ;; + solaris) dflt='-shared' ;; sunos) dflt='-assert nodefinitions' ;; svr4*|esix*|nonstopux) dflt="-G $ldflags" ;; *) dflt='none' ;; ----------------------------------------------------------------------------- Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) Index: sv.c --- sv.c.orig 2009-08-05 16:48:19 +0200 +++ sv.c 2009-08-24 09:36:28 +0200 @@@@ -9163,7 +9163,10 @@@@ if ( (width = expect_number(&q)) ) { if (*q == '$') { ++q; - efix = width; + if (width > PERL_INT_MAX) + efix = PERL_INT_MAX; + else + efix = width; } else { goto gotwidth; } ----------------------------------------------------------------------------- Do not use -fstack-protector as it causes too much portability issues. Index: Configure --- Configure.orig 2009-08-24 09:42:33 +0200 +++ Configure 2009-08-24 13:01:27 +0200 @@@@ -5140,17 +5140,6 @@@@ ;; esac - # on x86_64 (at least) we require an extra library (libssp) in the - # link command line. This library is not named, so I infer that it is - # an implementation detail that may change. Hence the safest approach - # is to add the flag to the flags passed to the compiler at link time, - # as that way the compiler can do the right implementation dependant - # thing. (NWC) - case "$gccversion" in - ?*) set stack-protector -fstack-protector - eval $checkccflag - ;; - esac ;; esac @@@@ -5289,15 +5278,6 @@@@ ;; *) dflt="$ldflags";; esac -# See note above about -fstack-protector -case "$ccflags" in -*-fstack-protector*) - case "$dflt" in - *-fstack-protector*) ;; # Don't add it again - *) dflt="$dflt -fstack-protector" ;; - esac - ;; -esac : Try to guess additional flags to pick up local libraries. for thislibdir in $libpth; do @@@@ -8085,14 +8065,6 @@@@ ''|' ') dflt='none' ;; esac - case "$ldflags" in - *-fstack-protector*) - case "$dflt" in - *-fstack-protector*) ;; # Don't add it again - *) dflt="$dflt -fstack-protector" ;; - esac - ;; - esac rp="Any special flags to pass to $ld to create a dynamically loaded library?" ----------------------------------------------------------------------------- Make sure we install into /lib/perl/ and not /lib/perl5/ Index: Configure --- Configure.orig 2009-08-24 18:33:49 +0200 +++ Configure 2009-08-24 18:44:39 +0200 @@@@ -1756,7 +1756,7 @@@@ touch posthint.sh : set package name -package='perl5' +package='perl' first=`echo $package | sed -e 's/^\(.\).*/\1/'` last=`echo $package | sed -e 's/^.\(.*\)/\1/'` case "`echo AbyZ | tr '[:lower:]' '[:upper:]' 2>/dev/null`" in ----------------------------------------------------------------------------- Linking against just libgdbm_compat under at least SUSE fails because it also needs libgdbm (which Perl doesn't pick up, too) Index: hints/linux.sh --- hints/linux.sh.orig 2009-02-12 23:58:12 +0100 +++ hints/linux.sh 2009-09-09 21:01:05 +0200 @@@@ -55,7 +55,9 @@@@ libswanted="$*" # Debian 4.0 puts ndbm in the -lgdbm_compat library. -libswanted="$libswanted gdbm_compat" +if [ -f /etc/debian_version -o -f /etc/ubuntu_version ]; then + libswanted="$libswanted gdbm_compat" +fi # If you have glibc, then report the version for ./myconfig bug reporting. # (Configure doesn't need to know the specific version since it just uses @ 1.28 log @upgrading package: perl 5.10.0 -> 5.10.1 @ text @d369 20 @ 1.27 log @detect NetBSD 5.0 as well @ text @d7 9 a15 9 --- installperl.orig 2007-12-18 11:47:07 +0100 +++ installperl 2008-03-28 15:23:47 +0100 @@@@ -211,6 +211,8 @@@@ my $installarchlib = "$destdir$Config{installarchlib}"; my $installsitelib = "$destdir$Config{installsitelib}"; my $installsitearch = "$destdir$Config{installsitearch}"; +my $installvendorlib = "$destdir$Config{installvendorlib}"; +my $installvendorarch = "$destdir$Config{installvendorarch}"; my $installman1dir = "$destdir$Config{installman1dir}"; d18 6 a23 6 @@@@ -372,6 +374,8 @@@@ mkpath($installarchlib, $verbose, 0777); mkpath($installsitelib, $verbose, 0777) if ($installsitelib); mkpath($installsitearch, $verbose, 0777) if ($installsitearch); +mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib); +mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch); d39 3 a41 3 --- perl.c.orig 2007-12-18 11:47:08 +0100 +++ perl.c 2008-03-28 15:23:47 +0100 @@@@ -4753,39 +4753,6 @@@@ d81 1 a81 1 @@@@ -4828,6 +4795,39 @@@@ d138 2 a139 2 --- hints/darwin.sh.orig 2007-12-18 11:47:07 +0100 +++ hints/darwin.sh 2008-03-28 15:23:47 +0100 d160 17 d178 3 a180 3 --- perlio.c.orig 2007-12-18 11:47:08 +0100 +++ perlio.c 2008-03-28 15:23:47 +0100 @@@@ -472,7 +472,14 @@@@ a194 17 Index: ext/DynaLoader/dl_dyld.xs --- ext/DynaLoader/dl_dyld.xs.orig 2007-12-18 11:47:07 +0100 +++ ext/DynaLoader/dl_dyld.xs 2008-03-28 15:23:47 +0100 @@@@ -45,7 +45,13 @@@@ #undef environ #undef bool +#ifdef PERL_DARWIN +#define __private_extern__ extern +#include +#undef __private_extern__ +#else #import +#endif static char *dlerror() { d207 2 a208 2 --- hints/dec_osf.sh.orig 2007-12-18 11:47:07 +0100 +++ hints/dec_osf.sh 2008-03-28 15:23:47 +0100 d234 2 a235 2 --- lib/CGI/Cookie.pm.orig 2007-12-18 11:47:07 +0100 +++ lib/CGI/Cookie.pm 2008-03-28 15:23:47 +0100 d246 2 a247 2 --- lib/Shell.pm.orig 2007-12-18 11:47:07 +0100 +++ lib/Shell.pm 2008-03-28 15:23:47 +0100 d260 2 d263 3 a265 3 --- Configure.orig 2007-12-18 11:47:07 +0100 +++ Configure 2008-03-28 15:23:47 +0100 @@@@ -7871,7 +7871,7 @@@@ d280 3 a282 3 --- sv.c.orig 2007-12-18 11:47:08 +0100 +++ sv.c 2008-03-28 15:23:47 +0100 @@@@ -8667,7 +8667,10 @@@@ d297 1 a297 1 Detect NetBSD 5.x as well d299 18 a316 4 Index: hints/netbsd.sh --- hints/netbsd.sh.orig 2007-12-18 11:47:07.000000000 +0100 +++ hints/netbsd.sh 2008-12-24 10:51:08.000000000 +0100 @@@@ -79,7 +79,7 @@@@ d319 49 a367 6 case "$osvers" in -0.9*|1.*|2.*|3.*|4.*) +0.9*|1.*|2.*|3.*|4.*|5.*) d_getprotoent_r="$undef" d_getprotobyname_r="$undef" d_getprotobynumber_r="$undef" @ 1.26 log @update patch file to fit exactly fitout fuzzy matching requirements @ text @d293 17 @ 1.25 log @finally switch from Perl 5.8 to 5.10 @ text @d7 2 a8 2 --- installperl.orig 2006-08-15 14:37:41 +0200 +++ installperl 2006-08-18 21:05:05 +0200 d18 1 a18 1 @@@@ -403,6 +405,8 @@@@ d39 3 a41 3 --- perl.c.orig 2006-08-15 14:37:41 +0200 +++ perl.c 2006-08-18 21:08:14 +0200 @@@@ -4749,39 +4749,6 @@@@ d81 1 a81 1 @@@@ -4824,6 +4791,39 @@@@ d138 2 a139 2 --- hints/darwin.sh.orig 2006-08-15 14:37:41 +0200 +++ hints/darwin.sh 2006-08-18 21:05:05 +0200 d161 3 a163 3 --- perlio.c.orig 2006-08-15 14:37:41 +0200 +++ perlio.c 2006-08-18 21:05:05 +0200 @@@@ -461,7 +461,14 @@@@ d179 2 a180 2 --- ext/DynaLoader/dl_dyld.xs.orig 2006-08-15 14:37:40 +0200 +++ ext/DynaLoader/dl_dyld.xs 2006-08-18 21:05:05 +0200 d208 1 a208 1 +++ hints/dec_osf.sh 2007-12-19 12:31:37 +0100 d234 3 a236 3 --- lib/CGI/Cookie.pm.orig 2006-08-15 14:37:41 +0200 +++ lib/CGI/Cookie.pm 2006-08-18 21:05:05 +0200 @@@@ -444,7 +444,7 @@@@ d246 3 a248 3 --- lib/Shell.pm.orig 2006-08-15 14:37:41 +0200 +++ lib/Shell.pm 2006-08-18 21:05:05 +0200 @@@@ -154,7 +154,7 @@@@ d261 5 a265 5 --- Configure.orig 2006-08-15 14:37:40 +0200 +++ Configure 2006-08-18 21:05:05 +0200 @@@@ -7787,7 +7787,7 @@@@ ;; linux|irix*|gnu*) dflt='-shared' ;; d278 3 a280 3 --- sv.c.orig 2006-08-15 14:37:41 +0200 +++ sv.c 2006-08-18 21:05:05 +0200 @@@@ -8595,7 +8595,10 @@@@ @ 1.24 log @Security Fix (CVE-2007-5116) @ text @d7 3 a9 3 --- installperl.orig 2006-01-28 16:35:28 +0100 +++ installperl 2006-02-01 20:00:56 +0100 @@@@ -189,6 +189,8 @@@@ d18 1 a18 1 @@@@ -381,6 +383,8 @@@@ d39 4 a42 4 --- perl.c.orig 2006-01-31 13:34:47 +0100 +++ perl.c 2006-02-01 20:00:56 +0100 @@@@ -4776,39 +4776,6 @@@@ incpush(APPLLIB_EXP, TRUE, TRUE, TRUE); d46 1 a46 1 - incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE); d51 1 a51 1 - SV * privdir = NEWSV(55, 0); d59 1 a59 1 - incpush(SvPVX(privdir), TRUE, FALSE, TRUE); d62 1 a62 1 - incpush(SvPVX(privdir), TRUE, FALSE, TRUE); d67 1 a67 1 - incpush(":", FALSE, FALSE, TRUE); d73 1 a73 1 - incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE); d75 1 a75 1 - incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE); d81 2 a82 2 @@@@ -4850,6 +4817,39 @@@@ incpush(PERL_VENDORLIB_STEM, FALSE, TRUE, TRUE); d86 1 a86 1 + incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE); d91 1 a91 1 + SV * privdir = NEWSV(55, 0); d99 1 a99 1 + incpush(SvPVX(privdir), TRUE, FALSE, TRUE); d102 1 a102 1 + incpush(SvPVX(privdir), TRUE, FALSE, TRUE); d107 1 a107 1 + incpush(":", FALSE, FALSE, TRUE); d113 1 a113 1 + incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE); d115 1 a115 1 + incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE); d119 1 a119 1 incpush(PERL_OTHERLIBDIRS, TRUE, TRUE, TRUE); d138 2 a139 2 --- hints/darwin.sh.orig 2005-09-18 17:13:41 +0200 +++ hints/darwin.sh 2006-02-01 20:00:56 +0100 d161 3 a163 3 --- perlio.c.orig 2006-01-06 23:42:20 +0100 +++ perlio.c 2006-02-01 20:00:56 +0100 @@@@ -448,7 +448,14 @@@@ d179 2 a180 2 --- ext/DynaLoader/dl_dyld.xs.orig 2005-04-18 19:04:24 +0200 +++ ext/DynaLoader/dl_dyld.xs 2006-02-01 20:00:56 +0100 d207 3 a209 3 --- hints/dec_osf.sh.orig 2006-01-08 10:53:29 +0100 +++ hints/dec_osf.sh 2006-02-01 20:00:56 +0100 @@@@ -279,15 +279,6 @@@@ d218 1 a218 1 - *) d234 3 a236 3 --- lib/CGI/Cookie.pm.orig 2005-12-05 17:30:25 +0100 +++ lib/CGI/Cookie.pm 2006-02-01 20:00:56 +0100 @@@@ -407,7 +407,7 @@@@ d246 3 a248 3 --- lib/Shell.pm.orig 2004-06-01 11:42:17 +0200 +++ lib/Shell.pm 2006-02-01 20:00:56 +0100 @@@@ -127,7 +127,7 @@@@ d261 3 a263 3 --- Configure.orig 2006-01-08 15:51:03 +0100 +++ Configure 2006-02-01 20:00:56 +0100 @@@@ -7663,7 +7663,7 @@@@ d278 4 a281 4 --- sv.c.orig 2006-01-16 13:22:21 +0100 +++ sv.c 2006-02-01 20:00:56 +0100 @@@@ -8650,7 +8650,10 @@@@ if (EXPECT_NUMBER(q, width)) { a292 182 ----------------------------------------------------------------------------- - Fix syntax error (unterminated quoted string) - Support GCC 4.2 Index: makedepend.SH --- makedepend.SH.orig 2003-06-05 20:11:10 +0200 +++ makedepend.SH 2007-05-20 09:32:10 +0200 @@@@ -128,7 +128,7 @@@@ *.y) filebase=`basename $file .y` ;; esac case "$file" in - */*) finc="-I`echo $file | sed 's#/[^/]*$##`" ;; + */*) finc="-I`echo $file | sed 's#/[^/]*$##'`" ;; *) finc= ;; esac $echo "Finding dependencies for $filebase$_o." @@@@ -167,6 +167,7 @@@@ -e '/^#.*/d' \ -e '/^#.*/d' \ -e '/^#.*/d' \ + -e '/^#.*/d' \ -e '/^#.*"-"/d' \ -e '/: file path prefix .* never used$/d' \ -e 's#\.[0-9][0-9]*\.c#'"$file.c#" \ ----------------------------------------------------------------------------- Support FreeBSD >= 7.0 where objformat(8) is gone Index: hints/freebsd.sh --- hints/freebsd.sh.orig Wed Mar 24 22:47:33 2004 +++ hints/freebsd.sh Mon Feb 19 20:53:50 2007 @@@@ -116,17 +122,17 @@@@ case "$osvers" in *) objformat=`/usr/bin/objformat` - if [ x$objformat = xelf ]; then - libpth="/usr/lib /usr/local/lib" - glibpth="/usr/lib /usr/local/lib" - ldflags="-Wl,-E " - lddlflags="-shared " - else + if [ x$objformat = xaout ]; then if [ -e /usr/lib/aout ]; then libpth="/usr/lib/aout /usr/local/lib /usr/lib" glibpth="/usr/lib/aout /usr/local/lib /usr/lib" fi lddlflags='-Bshareable' + else + libpth="/usr/lib /usr/local/lib" + glibpth="/usr/lib /usr/local/lib" + ldflags="-Wl,-E " + lddlflags="-shared " fi cccdlflags='-DPIC -fPIC' ;; ----------------------------------------------------------------------------- Fix issue when is missing from the Linux headers. See https://bugs.gentoo.org/show_bug.cgi?id=168312 for details. Index: ext/IPC/SysV/SysV.xs --- ext/IPC/SysV/SysV.xs.orig 2001-06-30 14:46:07.000000000 -0400 +++ ext/IPC/SysV/SysV.xs 2006-06-02 17:37:22.000000000 -0400 @@@@ -3,9 +3,6 @@@@ #include "XSUB.h" #include -#ifdef __linux__ -# include -#endif #if defined(HAS_MSG) || defined(HAS_SEM) || defined(HAS_SHM) #ifndef HAS_SEM # include ----------------------------------------------------------------------------- Security Fix (CVE-2007-5116) Fix a possible buffer overflow with ASCII regexes that really are Unicode regexes. Index: regcomp.c --- regcomp.c.orig 2006-01-08 21:59:27.000000000 +0100 +++ regcomp.c 2007-11-06 22:48:26.000000000 +0100 @@@@ -135,7 +135,10 @@@@ typedef struct RExC_state_t { I32 extralen; I32 seen_zerolen; I32 seen_evals; - I32 utf8; + I32 utf8; /* whether the pattern is utf8 or not */ + I32 orig_utf8; /* whether the pattern was originally in utf8 */ + /* XXX use this for future optimisation of case + * where pattern must be upgraded to utf8. */ #if ADD_TO_REGEXEC char *starttry; /* -Dr: where regtry was called. */ #define RExC_starttry (pRExC_state->starttry) @@@@ -161,6 +164,7 @@@@ typedef struct RExC_state_t { #define RExC_seen_zerolen (pRExC_state->seen_zerolen) #define RExC_seen_evals (pRExC_state->seen_evals) #define RExC_utf8 (pRExC_state->utf8) +#define RExC_orig_utf8 (pRExC_state->orig_utf8) #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?') #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \ @@@@ -1749,15 +1753,16 @@@@ Perl_pregcomp(pTHX_ char *exp, char *xen if (exp == NULL) FAIL("NULL regexp argument"); - RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; + RExC_utf8 = RExC_orig_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; - RExC_precomp = exp; DEBUG_r({ if (!PL_colorset) reginitcolors(); PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n", PL_colors[4],PL_colors[5],PL_colors[0], - (int)(xend - exp), RExC_precomp, PL_colors[1]); + (int)(xend - exp), exp, PL_colors[1]); }); +redo_first_pass: + RExC_precomp = exp; RExC_flags = pm->op_pmflags; RExC_sawback = 0; @@@@ -1783,6 +1788,25 @@@@ Perl_pregcomp(pTHX_ char *exp, char *xen RExC_precomp = Nullch; return(NULL); } + if (RExC_utf8 && !RExC_orig_utf8) { + /* It's possible to write a regexp in ascii that represents unicode + codepoints outside of the byte range, such as via \x{100}. If we + detect such a sequence we have to convert the entire pattern to utf8 + and then recompile, as our sizing calculation will have been based + on 1 byte == 1 character, but we will need to use utf8 to encode + at least some part of the pattern, and therefore must convert the whole + thing. + XXX: somehow figure out how to make this less expensive... + -- dmq */ + STRLEN len = xend-exp; + DEBUG_r(PerlIO_printf(Perl_debug_log, + "UTF8 mismatch! Converting to utf8 for resizing and compile\n")); + exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len); + xend = exp + len; + RExC_orig_utf8 = RExC_utf8; + SAVEFREEPV(exp); + goto redo_first_pass; + } DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size)); /* Small enough for pointer-storage convention? Index: t/op/pat.t --- t/op/pat.t.orig 2006-01-07 13:53:32.000000000 +0100 +++ t/op/pat.t 2007-11-06 21:52:30.000000000 +0100 @@@@ -6,7 +6,7 @@@@ $| = 1; -print "1..1187\n"; +print "1..1189\n"; BEGIN { chdir 't' if -d 't'; @@@@ -3395,5 +3395,14 @@@@ ok(("foba ba$s" =~ qr/(foo|BaSS|bar)/i) "# assigning to original string should not corrupt match vars"); } -# last test 1187 +{ + use warnings; + my @@w; + local $SIG{__WARN__}=sub{push @@w,"@@_"}; + my $c=qq(\x{DF}); + ok($c=~/${c}|\x{100}/, "ASCII pattern that really is utf8"); + ok(@@w==0, "ASCII pattern that really is utf8"); +} + +# last test 1189 @ 1.23 log @the patch is a one-time patch and trivial enough and hence should be included into perl.patch. We use external patches only for official vendor patches or for larger scale patches. Everything else we have to maintain anyway ourself and so it can be included into the local patch. @ text @d371 104 @ 1.22 log @Support FreeBSD >= 7.0 where objformat(8) is gone @ text @d351 20 @ 1.21 log @fix syntax error @ text @d319 32 @ 1.20 log @fix building under GCC 4.2 world order @ text @d295 2 a296 1 Support GCC 4.2 d301 9 @ 1.19 log @upgrade to Perl 5.8.8 @ text @d292 17 @ 1.18 log @Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) @ text @d7 2 a8 2 --- installperl.orig 2003-09-02 15:40:21.000000000 +0200 +++ installperl 2003-09-26 09:23:15.000000000 +0200 d18 1 a18 1 @@@@ -379,6 +381,8 @@@@ d39 3 a41 3 --- perl.c.orig 2003-09-11 23:42:33.000000000 +0200 +++ perl.c 2003-09-26 09:25:11.000000000 +0200 @@@@ -3978,39 +3978,6 @@@@ d81 1 a81 1 @@@@ -4052,6 +4019,39 @@@@ d138 2 a139 2 --- hints/darwin.sh.orig 2004-05-25 22:52:21 +0200 +++ hints/darwin.sh 2004-11-08 20:52:45 +0100 d150 1 a150 1 @@@@ -162,8 +159,7 @@@@ d161 3 a163 3 --- perlio.c.orig 2003-09-24 22:50:22.000000000 +0200 +++ perlio.c 2003-10-28 17:03:59.000000000 +0100 @@@@ -432,7 +432,14 @@@@ d177 1 a177 1 /* d179 2 a180 2 --- ext/DynaLoader/dl_dyld.xs.orig 2003-09-02 15:39:27.000000000 +0200 +++ ext/DynaLoader/dl_dyld.xs 2003-10-28 17:07:31.000000000 +0100 d207 3 a209 3 --- hints/dec_osf.sh.orig 2004-03-24 23:59:53.000000000 +0100 +++ hints/dec_osf.sh 2004-04-22 09:58:40.000000000 +0200 @@@@ -237,15 +237,6 @@@@ d224 1 a224 1 lddlflags="$lddlflags -msym -std" d233 4 a236 3 --- lib/CGI/Cookie.pm 2001-03-04 06:53:20.000000000 +1100 +++ lib/CGI/Cookie.pm 2004-12-22 22:29:46.000000000 +1100 @@@@ -363,7 +363,7 @@@@ d244 2 a245 14 =head2 Manipulating Cookies --- lib/ExtUtils/MakeMaker.pm 2001-02-23 13:57:55.000000000 +1100 +++ lib/ExtUtils/MakeMaker.pm 2004-12-22 22:33:57.000000000 +1100 @@@@ -898,7 +898,7 @@@@ The Makefile to be produced may be altered by adding arguments of the form C. E.g. - perl Makefile.PL PREFIX=/tmp/myperl5 + perl Makefile.PL PREFIX=~/myperl5 Other interesting targets in the generated Makefile are d247 1 a247 1 +++ lib/Shell.pm 2005-01-11 15:07:37 +0100 d258 1 d261 3 a263 3 --- Configure.orig 2005-09-21 10:56:01.133363000 +0000 +++ Configure 2005-09-21 12:15:36.836486000 +0000 @@@@ -7630,7 +7630,7 @@@@ a271 26 Index: utils/h2ph.PL --- utils/h2ph.PL.orig 2005-04-04 23:47:17 +0200 +++ utils/h2ph.PL 2005-09-21 17:08:46 +0200 @@@@ -734,8 +734,9 @@@@ # non-GCC?) C compilers, but gcc uses an additional include directory. sub inc_dirs { - my $from_gcc = `$Config{cc} -v 2>&1`; + my $from_gcc = `$Config{cc} -v 2>&1; $Config{cc} -print-search-dirs 2>&1`; $from_gcc =~ s:^Reading specs from (.*?)/specs\b.*:$1/include:s; + $from_gcc =~ s;^install:\s+([^\n\s]+).*;$1/include;s; length($from_gcc) ? ($from_gcc, $Config{usrinc}) : ($Config{usrinc}); } Index: hints/solaris_2.sh --- hints/solaris_2.sh.orig 2005-04-04 22:03:12 +0200 +++ hints/solaris_2.sh 2005-09-21 16:59:42 +0200 @@@@ -211,7 +211,7 @@@@ # Indent to avoid propagation to config.sh verbose=`${cc:-cc} -v -o try try.c 2>&1` -if echo "$verbose" | grep '^Reading specs from' >/dev/null 2>&1; then +if echo "$verbose" | egrep '^(Reading specs from|Using built-in specs)' >/dev/null 2>&1; then # # Using gcc. # d278 3 a280 3 --- sv.c.orig 2005-05-27 12:38:11 +0200 +++ sv.c 2005-12-03 13:49:26 +0100 @@@@ -8519,7 +8519,10 @@@@ a291 1 @ 1.17 log @Fix building on Solaris under new GCC 4.0 world order @ text @d308 21 @ 1.17.2.1 log @Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) @ text @a307 21 ----------------------------------------------------------------------------- Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) Index: sv.c --- sv.c.orig 2005-05-27 12:38:11 +0200 +++ sv.c 2005-12-03 13:49:26 +0100 @@@@ -8519,7 +8519,10 @@@@ if (EXPECT_NUMBER(q, width)) { if (*q == '$') { ++q; - efix = width; + if (width > PERL_INT_MAX) + efix = PERL_INT_MAX; + else + efix = width; } else { goto gotwidth; } @ 1.16 log @Upgrade to Perl 5.8.7 @ text @d268 40 @ 1.16.2.1 log @Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) @ text @a267 21 ----------------------------------------------------------------------------- Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) Index: sv.c --- sv.c.orig 2005-05-27 12:38:11 +0200 +++ sv.c 2005-12-03 13:49:26 +0100 @@@@ -8519,7 +8519,10 @@@@ if (EXPECT_NUMBER(q, width)) { if (*q == '$') { ++q; - efix = width; + if (width > PERL_INT_MAX) + efix = PERL_INT_MAX; + else + efix = width; } else { goto gotwidth; } @ 1.15 log @Security Fixes: - PERLIO_DEBUG local root exploit: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 - PERLIO_DEBUG buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 @ text @a227 46 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452 Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz [Adapted from Chip Turner's 5.8.0 patch] Fix for CAN-2004-0452. Change chmod's to make files writable/executable by the current user only and not by the entire world. chmod's necessary in the first place but at least this makes them less dangerous. If, for some reason the rm process dies halfway through, at worst some files and dirs were revoked from others, not made available. --- lib/File/Path.pm 2001-03-21 04:40:22.000000000 +1100 +++ lib/File/Path.pm 2004-12-22 23:46:54.000000000 +1100 @@@@ -174,7 +174,7 @@@@ # it's also intended to change it to writable in case we have # to recurse in which case we are better than rm -rf for # subtrees with strange permissions - chmod(0777, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) + chmod(0700, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) or carp "Can't make directory $root read+writeable: $!" unless $safe; @@@@ -202,7 +202,7 @@@@ print "skipped $root\n" if $verbose; next; } - chmod 0777, $root + chmod 0700, $root or carp "Can't make directory $root writeable: $!" if $force_writeable; print "rmdir $root\n" if $verbose; @@@@ -224,7 +224,7 @@@@ print "skipped $root\n" if $verbose; next; } - chmod 0666, $root + chmod 0600, $root or carp "Can't make file $root writeable: $!" if $force_writeable; print "unlink $root\n" if $verbose; ----------------------------------------------------------------------------- a267 54 --- lib/perl5db.pl.orig 2004-11-17 13:51:18 +0100 +++ lib/perl5db.pl 2005-01-11 14:47:21 +0100 @@@@ -215,7 +215,7 @@@@ =item * noTTY if set, goes in NonStop mode. On interrupt, if TTY is not set, -uses the value of noTTY or F to find TTY using +uses the value of noTTY or F<$HOME/.perldbtty$$> to find TTY using Term::Rendezvous. Current variant is to have the name of TTY in this file. @@@@ -6004,8 +6004,8 @@@@ eval "require Term::Rendezvous;" or die; # See if we have anything to pass to Term::Rendezvous. - # Use /tmp/perldbtty$$ if not. - my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$"; + # Use $HOME/.perldbtty$$ if not. + my $rv = $ENV{PERLDB_NOTTY} || "$ENV{HOME}/.perldbtty$$"; # Rendezvous and get the filehandles. my $term_rv = new Term::Rendezvous $rv; ----------------------------------------------------------------------------- Security Fixes: - PERLIO_DEBUG local root exploit: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 - PERLIO_DEBUG buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 Index: perlio.c --- perlio.c.orig Fri Sep 10 08:06:52 2004 +++ perlio.c Tue Feb 1 22:06:52 2005 @@@@ -454,7 +454,7 @@@@ PerlIO_debug(const char *fmt, ...) va_list ap; dSYS; va_start(ap, fmt); - if (!dbg) { + if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { char *s = PerlEnv_getenv("PERLIO_DEBUG"); if (s && *s) dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); @@@@ -471,7 +471,7 @@@@ PerlIO_debug(const char *fmt, ...) s = CopFILE(PL_curcop); if (!s) s = "(none)"; - sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); len = strlen(buffer); vsprintf(buffer+len, fmt, ap); PerlLIO_write(dbg, buffer, strlen(buffer)); @ 1.15.2.1 log @Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) @ text @a367 20 ----------------------------------------------------------------------------- Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) Index: sv.c --- sv.c.orig 2005-05-27 12:38:11 +0200 +++ sv.c 2005-12-03 13:49:26 +0100 @@@@ -8519,7 +8519,10 @@@@ if (EXPECT_NUMBER(q, width)) { if (*q == '$') { ++q; - efix = width; + if (width > PERL_INT_MAX) + efix = PERL_INT_MAX; + else + efix = width; } else { goto gotwidth; } @ 1.14 log @SA-2005.001-perl; CAN-2004-0452, CAN-2004-0976 @ text @d226 2 d272 2 d338 30 @ 1.13 log @port to Darwin 7.6.0 (aka MacOS X 10.3.6) @ text @d226 108 @ 1.12 log @port to Tru64 5.1 @ text @d138 3 a140 3 --- hints/darwin.sh.orig 2003-09-02 15:40:19.000000000 +0200 +++ hints/darwin.sh 2003-10-28 16:40:57.000000000 +0100 @@@@ -121,9 +121,6 @@@@ d150 10 @ 1.12.2.1 log @SA-2005.001-perl; CAN-2004-0452, CAN-2004-0976 @ text @a215 128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452 Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz [Adapted from Chip Turner's 5.8.0 patch] Fix for CAN-2004-0452. Change chmod's to make files writable/executable by the current user only and not by the entire world. chmod's necessary in the first place but at least this makes them less dangerous. If, for some reason the rm process dies halfway through, at worst some files and dirs were revoked from others, not made available. --- lib/File/Path.pm 2001-03-21 04:40:22.000000000 +1100 +++ lib/File/Path.pm 2004-12-22 23:46:54.000000000 +1100 @@@@ -174,7 +174,7 @@@@ # it's also intended to change it to writable in case we have # to recurse in which case we are better than rm -rf for # subtrees with strange permissions - chmod(0777, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) + chmod(0700, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) or carp "Can't make directory $root read+writeable: $!" unless $safe; @@@@ -202,7 +202,7 @@@@ print "skipped $root\n" if $verbose; next; } - chmod 0777, $root + chmod 0700, $root or carp "Can't make directory $root writeable: $!" if $force_writeable; print "rmdir $root\n" if $verbose; @@@@ -224,7 +224,7 @@@@ print "skipped $root\n" if $verbose; next; } - chmod 0666, $root + chmod 0600, $root or carp "Can't make file $root writeable: $!" if $force_writeable; print "unlink $root\n" if $verbose; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976 Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. --- ext/DB_File/DB_File.pm 2003-12-27 21:37:53 +0100 +++ ext/DB_File/DB_File.pm 2004-06-23 16:46:20 +0200 @@@@ -1821,7 +1822,7 @@@@ use DB_File ; my %hash ; - my $filename = "/tmp/filt" ; + my $filename = "filt" ; unlink $filename ; my $db = tie %hash, 'DB_File', $filename, O_CREAT|O_RDWR, 0666, $DB_HASH @@@@ -1863,7 +1864,7 @@@@ use strict ; use DB_File ; my %hash ; - my $filename = "/tmp/filt" ; + my $filename = "filt" ; unlink $filename ; @@@@ -1894,8 +1895,8 @@@@ The locking technique went like this. - $db = tie(%db, 'DB_File', '/tmp/foo.db', O_CREAT|O_RDWR, 0666) - || die "dbcreat /tmp/foo.db $!"; + $db = tie(%db, 'DB_File', 'foo.db', O_CREAT|O_RDWR, 0644) + || die "dbcreat foo.db $!"; $fd = $db->fd; open(DB_FH, "+<&=$fd") || die "dup $!"; flock (DB_FH, LOCK_EX) || die "flock: $!"; --- lib/CGI/Cookie.pm 2001-03-04 06:53:20.000000000 +1100 +++ lib/CGI/Cookie.pm 2004-12-22 22:29:46.000000000 +1100 @@@@ -363,7 +363,7 @@@@ You may also retrieve cookies that were stored in some external form using the parse() class method: - $COOKIES = `cat /usr/tmp/Cookie_stash`; + $COOKIES = `cat /var/run/www/Cookie_stash`; %cookies = parse CGI::Cookie($COOKIES); =head2 Manipulating Cookies --- lib/ExtUtils/MakeMaker.pm 2001-02-23 13:57:55.000000000 +1100 +++ lib/ExtUtils/MakeMaker.pm 2004-12-22 22:33:57.000000000 +1100 @@@@ -898,7 +898,7 @@@@ The Makefile to be produced may be altered by adding arguments of the form C. E.g. - perl Makefile.PL PREFIX=/tmp/myperl5 + perl Makefile.PL PREFIX=~/myperl5 Other interesting targets in the generated Makefile are --- lib/perl5db.pl.orig 2004-05-11 13:11:37 +0200 +++ lib/perl5db.pl 2005-01-11 14:51:52 +0100 @@@@ -207,7 +207,7 @@@@ =item * noTTY if set, goes in NonStop mode. On interrupt, if TTY is not set, -uses the value of noTTY or "/tmp/perldbtty$$" to find TTY using +uses the value of noTTY or "$HOME/.perldbtty$$" to find TTY using Term::Rendezvous. Current variant is to have the name of TTY in this file. @@@@ -5810,8 +5810,8 @@@@ eval "require Term::Rendezvous;" or die; # See if we have anything to pass to Term::Rendezvous. - # Use /tmp/perldbtty$$ if not. - my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$"; + # Use $HOME/.perldbtty$$ if not. + my $rv = $ENV{PERLDB_NOTTY} || "$ENV{HOME}/.perldbtty$$"; # Rendezvous and get the filehandles. my $term_rv = new Term::Rendezvous $rv; @ 1.12.2.2 log @Security Fixes: - PERLIO_DEBUG local root exploit: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 - PERLIO_DEBUG buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 @ text @a343 30 ----------------------------------------------------------------------------- Security Fixes: - PERLIO_DEBUG local root exploit: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 - PERLIO_DEBUG buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 Index: perlio.c --- perlio.c.orig Fri Sep 10 08:06:52 2004 +++ perlio.c Tue Feb 1 22:06:52 2005 @@@@ -454,7 +454,7 @@@@ PerlIO_debug(const char *fmt, ...) va_list ap; dSYS; va_start(ap, fmt); - if (!dbg) { + if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { char *s = PerlEnv_getenv("PERLIO_DEBUG"); if (s && *s) dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); @@@@ -471,7 +471,7 @@@@ PerlIO_debug(const char *fmt, ...) s = CopFILE(PL_curcop); if (!s) s = "(none)"; - sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); len = strlen(buffer); vsprintf(buffer+len, fmt, ap); PerlLIO_write(dbg, buffer, strlen(buffer)); @ 1.12.4.1 log @SA-2005.001-perl; CAN-2004-0452, CAN-2004-0976 @ text @a215 108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452 Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz [Adapted from Chip Turner's 5.8.0 patch] Fix for CAN-2004-0452. Change chmod's to make files writable/executable by the current user only and not by the entire world. chmod's necessary in the first place but at least this makes them less dangerous. If, for some reason the rm process dies halfway through, at worst some files and dirs were revoked from others, not made available. --- lib/File/Path.pm 2001-03-21 04:40:22.000000000 +1100 +++ lib/File/Path.pm 2004-12-22 23:46:54.000000000 +1100 @@@@ -174,7 +174,7 @@@@ # it's also intended to change it to writable in case we have # to recurse in which case we are better than rm -rf for # subtrees with strange permissions - chmod(0777, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) + chmod(0700, ($Is_VMS ? VMS::Filespec::fileify($root) : $root)) or carp "Can't make directory $root read+writeable: $!" unless $safe; @@@@ -202,7 +202,7 @@@@ print "skipped $root\n" if $verbose; next; } - chmod 0777, $root + chmod 0700, $root or carp "Can't make directory $root writeable: $!" if $force_writeable; print "rmdir $root\n" if $verbose; @@@@ -224,7 +224,7 @@@@ print "skipped $root\n" if $verbose; next; } - chmod 0666, $root + chmod 0600, $root or carp "Can't make file $root writeable: $!" if $force_writeable; print "unlink $root\n" if $verbose; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976 Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. --- lib/CGI/Cookie.pm 2001-03-04 06:53:20.000000000 +1100 +++ lib/CGI/Cookie.pm 2004-12-22 22:29:46.000000000 +1100 @@@@ -363,7 +363,7 @@@@ You may also retrieve cookies that were stored in some external form using the parse() class method: - $COOKIES = `cat /usr/tmp/Cookie_stash`; + $COOKIES = `cat /var/run/www/Cookie_stash`; %cookies = parse CGI::Cookie($COOKIES); =head2 Manipulating Cookies --- lib/ExtUtils/MakeMaker.pm 2001-02-23 13:57:55.000000000 +1100 +++ lib/ExtUtils/MakeMaker.pm 2004-12-22 22:33:57.000000000 +1100 @@@@ -898,7 +898,7 @@@@ The Makefile to be produced may be altered by adding arguments of the form C. E.g. - perl Makefile.PL PREFIX=/tmp/myperl5 + perl Makefile.PL PREFIX=~/myperl5 Other interesting targets in the generated Makefile are --- lib/Shell.pm.orig 2004-06-01 11:42:17 +0200 +++ lib/Shell.pm 2005-01-11 15:08:51 +0100 @@@@ -127,7 +127,7 @@@@ use Shell qw(cat ps cp); $passwd = cat('new; --- lib/perl5db.pl.orig 2004-05-11 13:11:37 +0200 +++ lib/perl5db.pl 2005-01-11 14:51:52 +0100 @@@@ -207,7 +207,7 @@@@ =item * noTTY if set, goes in NonStop mode. On interrupt, if TTY is not set, -uses the value of noTTY or "/tmp/perldbtty$$" to find TTY using +uses the value of noTTY or "$HOME/.perldbtty$$" to find TTY using Term::Rendezvous. Current variant is to have the name of TTY in this file. @@@@ -5810,8 +5810,8 @@@@ eval "require Term::Rendezvous;" or die; # See if we have anything to pass to Term::Rendezvous. - # Use /tmp/perldbtty$$ if not. - my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$"; + # Use $HOME/.perldbtty$$ if not. + my $rv = $ENV{PERLDB_NOTTY} || "$ENV{HOME}/.perldbtty$$"; # Rendezvous and get the filehandles. my $term_rv = new Term::Rendezvous $rv; @ 1.12.4.2 log @Security Fixes: - PERLIO_DEBUG local root exploit: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 - PERLIO_DEBUG buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 @ text @a323 30 ----------------------------------------------------------------------------- Security Fixes: - PERLIO_DEBUG local root exploit: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 - PERLIO_DEBUG buffer overflow: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 Index: perlio.c --- perlio.c.orig Fri Sep 10 08:06:52 2004 +++ perlio.c Tue Feb 1 22:06:52 2005 @@@@ -454,7 +454,7 @@@@ PerlIO_debug(const char *fmt, ...) va_list ap; dSYS; va_start(ap, fmt); - if (!dbg) { + if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { char *s = PerlEnv_getenv("PERLIO_DEBUG"); if (s && *s) dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); @@@@ -471,7 +471,7 @@@@ PerlIO_debug(const char *fmt, ...) s = CopFILE(PL_curcop); if (!s) s = "(none)"; - sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); len = strlen(buffer); vsprintf(buffer+len, fmt, ap); PerlLIO_write(dbg, buffer, strlen(buffer)); @ 1.11 log @upgrading package: perl 5.8.2 -> 5.8.3 @ text @d185 31 @ 1.10 log @port to OpenDarwin 6.6.2 @ text @d9 1 a9 1 @@@@ -188,6 +188,8 @@@@ d18 1 a18 1 @@@@ -378,6 +380,8 @@@@ d41 1 a41 1 @@@@ -3949,39 +3949,6 @@@@ d81 1 a81 1 @@@@ -4023,6 +3990,39 @@@@ d140 1 a140 1 @@@@ -115,9 +115,6 @@@@ @ 1.9 log @upgrading package: perl 5.8.0 -> 5.8.1 @ text @d121 64 @ 1.8 log @SA-2003.039-perl; CAN-2003-0615 @ text @d1 4 a4 5 "A security hole has been discovered in Safe.pm. When a Safe compartment has already been used, there's no guarantee that it's safe any longer, because there's a way for code executed within the Safe compartment to alter its operation mask. (Thus, programs that use a Safe compartment only once aren't affected by this bug.)" d6 18 a23 19 --- ext/Opcode/Safe.pm.orig +++ ext/Opcode/Safe.pm @@@@ -213,7 +213,7 @@@@ # Create anon sub ref in root of compartment. # Uses a closure (on $expr) to pass in the code to be executed. # (eval on one line to keep line numbers as expected by caller) - my $evalcode = sprintf('package %s; sub { eval $expr; }', $root); + my $evalcode = sprintf('package %s; sub { @@_ = (); eval $expr; }', $root); my $evalsub; if ($strict) { use strict; $evalsub = eval $evalcode; } @@@@ -227,7 +227,7 @@@@ my $root = $obj->{Root}; my $evalsub = eval - sprintf('package %s; sub { do $file }', $root); + sprintf('package %s; sub { @@_ = (); do $file }', $root); return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub); } d25 3 d38 5 a42 4 --- perl.c.orig 2002-07-09 21:41:43.000000000 +0200 +++ perl.c 2003-09-03 14:08:25.000000000 +0200 @@@@ -3679,39 +3679,6 @@@@ incpush(APPLLIB_EXP, TRUE, TRUE); d46 1 a46 1 - incpush(ARCHLIB_EXP, FALSE, FALSE); d59 1 a59 1 - incpush(SvPVX(privdir), TRUE, FALSE); d62 1 a62 1 - incpush(SvPVX(privdir), TRUE, FALSE); d67 1 a67 1 - incpush(":", FALSE, FALSE); d73 1 a73 1 - incpush(PRIVLIB_EXP, TRUE, FALSE); d75 1 a75 1 - incpush(PRIVLIB_EXP, FALSE, FALSE); d81 2 a82 2 @@@@ -3752,6 +3719,39 @@@@ incpush(PERL_VENDORLIB_STEM, FALSE, TRUE); d86 1 a86 1 + incpush(ARCHLIB_EXP, FALSE, FALSE); d99 1 a99 1 + incpush(SvPVX(privdir), TRUE, FALSE); d102 1 a102 1 + incpush(SvPVX(privdir), TRUE, FALSE); d107 1 a107 1 + incpush(":", FALSE, FALSE); d113 1 a113 1 + incpush(PRIVLIB_EXP, TRUE, FALSE); d115 1 a115 1 + incpush(PRIVLIB_EXP, FALSE, FALSE); d119 1 a119 1 incpush(PERL_OTHERLIBDIRS, TRUE, TRUE); a120 60 ----------------------------------------------------------------------------- By default, the "vendor" area is not used, so Perl's installation procedure forgot to create its top-level paths, too. In OpenPKG we use the "vendor" area, so make sure it is created the same way the "site" area is. --- installperl.orig 2002-07-16 20:57:32.000000000 +0200 +++ installperl 2003-09-03 14:27:11.000000000 +0200 @@@@ -174,6 +174,8 @@@@ my $installarchlib = $Config{installarchlib}; my $installsitelib = $Config{installsitelib}; my $installsitearch = $Config{installsitearch}; +my $installvendorlib = $Config{installvendorlib}; +my $installvendorarch = $Config{installvendorarch}; my $installman1dir = $Config{installman1dir}; my $man1ext = $Config{man1ext}; my $libperl = $Config{libperl}; @@@@ -336,6 +338,8 @@@@ mkpath($installarchlib, $verbose, 0777); mkpath($installsitelib, $verbose, 0777) if ($installsitelib); mkpath($installsitearch, $verbose, 0777) if ($installsitearch); +mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib); +mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch); if (chdir "lib") { $do_installarchlib = ! samepath($installarchlib, '.'); ----------------------------------------------------------------------------- http://stein.cshl.org/WWW/software/CGI/ under "Revision History" find "Fixed cross-site scripting bug reported by obscure" note attached to Version 2.94. A quick fix was introduced in 2.94. It was replaced by a more careful patch in 2.99. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter This is a backport of the 2.99 patch for 2.81 which is the version embedded with perl 5.8.0 --- lib/CGI.pm.orig 2003-09-15 14:09:34.000000000 +0200 +++ lib/CGI.pm 2003-09-15 14:16:26.000000000 +0200 @@@@ -1533,8 +1533,11 @@@@ $enctype = $enctype || &URL_ENCODED; unless (defined $action) { $action = $self->url(-absolute=>1,-path=>1); - $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING}; + if (length($ENV{QUERY_STRING})>0) { + $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1); + } } + $action = escape($action); $action = qq(action="$action"); my($other) = @@other ? " @@other" : ''; $self->{'.parametersToAdd'}={}; @ 1.7 log @1. By default, the Perl module search order is "use lib, -I, PERL[5]LIB, perl, site, vendor, other". This means that in OpenPKG both the modules installed via CPAN shell (in "site" area) and the "perl-xxx" packages (in "vendor" area) cannot override the (sometimes obsoleted) module versions distributed with Perl (in "perl" area). Hence, we change the search order to a more reasonable one for OpenPKG: "use lib, -I, PERL[5]LIB, site, vendor, perl, other". 2. Already activate "vendor" area, althouh it is still unused in OpenPKG. It will be soon used by the "perl-xxx" packages to make "site" area available for manual (think CPAN shell) module installations. @ text @d147 32 @ 1.6 log @include security bugfix for Safe.pm @ text @d27 120 @ 1.6.4.1 log @MFC: SA-2003.039-perl; CAN-2003-0615 @ text @a26 29 http://stein.cshl.org/WWW/software/CGI/ under "Revision History" find "Fixed cross-site scripting bug reported by obscure" note attached to Version 2.94. A quick fix was introduced in 2.94. It was replaced by a more careful patch in 2.99. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter This is a backport of the 2.99 patch for 2.81 which is the version embedded with perl 5.8.0 --- lib/CGI.pm.orig 2003-09-15 14:09:34.000000000 +0200 +++ lib/CGI.pm 2003-09-15 14:16:26.000000000 +0200 @@@@ -1533,8 +1533,11 @@@@ $enctype = $enctype || &URL_ENCODED; unless (defined $action) { $action = $self->url(-absolute=>1,-path=>1); - $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING}; + if (length($ENV{QUERY_STRING})>0) { + $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1); + } } + $action = escape($action); $action = qq(action="$action"); my($other) = @@other ? " @@other" : ''; $self->{'.parametersToAdd'}={}; @ 1.6.4.2 log @fix CGI.pm form URL generation by backporting more correct security fix from CGI.pm 3.00 @ text @d37 1 a37 1 This is a backport of the 3.00 patch for 2.81 which is the version d40 3 a42 5 Index: lib/CGI.pm --- lib/CGI.pm.orig 2002-06-01 19:03:14.000000000 +0200 +++ lib/CGI.pm 2003-10-21 09:36:08.000000000 +0200 @@@@ -1532,8 +1532,10 @@@@ $method = lc($method) || 'post'; d45 1 a45 1 - $action = $self->url(-absolute=>1,-path=>1); a46 1 + $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1)); d51 1 d54 2 @ 1.6.6.1 log @MFC: SA-2003.039-perl; CAN-2003-0615 @ text @a26 29 http://stein.cshl.org/WWW/software/CGI/ under "Revision History" find "Fixed cross-site scripting bug reported by obscure" note attached to Version 2.94. A quick fix was introduced in 2.94. It was replaced by a more careful patch in 2.99. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter This is a backport of the 2.99 patch for 2.81 which is the version embedded with perl 5.8.0 --- lib/CGI.pm.orig 2003-09-15 14:09:34.000000000 +0200 +++ lib/CGI.pm 2003-09-15 14:16:26.000000000 +0200 @@@@ -1533,8 +1533,11 @@@@ $enctype = $enctype || &URL_ENCODED; unless (defined $action) { $action = $self->url(-absolute=>1,-path=>1); - $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING}; + if (length($ENV{QUERY_STRING})>0) { + $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1); + } } + $action = escape($action); $action = qq(action="$action"); my($other) = @@other ? " @@other" : ''; $self->{'.parametersToAdd'}={}; @ 1.6.6.2 log @fix CGI.pm form URL generation by backporting more correct security fix from CGI.pm 3.00 @ text @d37 1 a37 1 This is a backport of the 3.00 patch for 2.81 which is the version d40 3 a42 5 Index: lib/CGI.pm --- lib/CGI.pm.orig 2002-06-01 19:03:14.000000000 +0200 +++ lib/CGI.pm 2003-10-21 09:36:08.000000000 +0200 @@@@ -1532,8 +1532,10 @@@@ $method = lc($method) || 'post'; d45 1 a45 1 - $action = $self->url(-absolute=>1,-path=>1); a46 1 + $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1)); d51 1 d54 2 @ 1.5 log @finally it is time to switch to 5.8 in CURRENT @ text @d1 26 a26 47 --- makedepend.SH.orig Mon Mar 19 08:33:17 2001 +++ makedepend.SH Sun May 19 15:17:49 2002 @@@@ -141,6 +141,8 @@@@ $cppstdin $finc -I. $cppflags $cppminus /d' \ + -e '/^#.*/d' \ + -e '/^#.*/d' \ -e '/^#.*"-"/d' \ -e 's#\.[0-9][0-9]*\.c#'"$file.c#" \ -e 's/^[ ]*#[ ]*line/#/' \ @@@@ -155,6 +157,8 @@@@ $sed \ -e '1d' \ -e '/^#.*/d' \ + -e '/^#.*/d' \ + -e '/^#.*/d' \ -e '/^#.*"-"/d' \ -e 's#\.[0-9][0-9]*\.c#'"$file.c#" \ -e 's/^[ ]*#[ ]*line/#/' \ --- hints/dec_osf.sh.orig Fri Feb 23 03:57:55 2001 +++ hints/dec_osf.sh Wed Jun 5 16:34:54 2002 @@@@ -65,7 +65,7 @@@@ # reset _DEC_cc_style= case "`$cc -v 2>&1 | grep cc`" in -*gcc*) _gcc_version=`$cc --version 2>&1 | tr . ' '` +*gcc*) _gcc_version=`$cc --version 2>&1 | head -1 | sed -e 's;^gcc (GCC) ;;' -e 's;^cc (GCC) ;;' | tr . ' '` set $_gcc_version if test "$1" -lt 2 -o \( "$1" -eq 2 -a \( "$2" -lt 95 -o \( "$2" -eq 95 -a "$3" -lt 2 \) \) \); then cat >&4 <{Root}; my $evalsub = eval - sprintf('package %s; sub { do $file }', $root); + sprintf('package %s; sub { @@_ = (); do $file }', $root); return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub); } @ 1.3 log @fix ldflags on FreeBSD @ text @a20 1 @ 1.2 log @fix gcc version check for Tru64 @ text @d21 1 d33 16 @ 1.1 log @fix building under new gcc 3.1 @ text @d21 11 @