Commit 0eb1b1ef authored by Natanael Copa's avatar Natanael Copa
Browse files

main/perl: security fix (CVE-2011-3597)

fixes #974
(cherry picked from commit 688926b9)
parent 210aa7df
......@@ -2,12 +2,14 @@
# Contributor: Leonardo Arena <rnalrd@gmail.com>
pkgname=perl
pkgver=5.14.2
pkgrel=0
pkgrel=1
pkgdesc="Larry Wall's Practical Extraction and Report Language"
url=http://www.perl.org
arch="all"
license="Artistic GPL-2"
source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz"
source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz
CVE-2011-3597.patch
"
depends=
subpackages="$pkgname-dev $pkgname-doc miniperl"
......@@ -15,6 +17,11 @@ _builddir="$srcdir/$pkgname-$pkgver"
prepare() {
cd $_builddir
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
sed -i -e 's/less -R/less/g' ./Configure
sed -i -e 's/libswanted="\(.*\) nsl\(.*\)"/libswanted="\1\2"/g' ./Configure
}
......@@ -65,4 +72,5 @@ miniperl() {
cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin"
}
md5sums="3306fbaf976dcebdcd49b2ac0be00eb9 perl-5.14.2.tar.gz"
md5sums="3306fbaf976dcebdcd49b2ac0be00eb9 perl-5.14.2.tar.gz
0212067da7d533fe3939c0984cad4243 CVE-2011-3597.patch"
From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 4 Oct 2011 13:46:39 +0200
Subject: [PATCH] Fix code injection in Digest
See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
---
cpan/Digest/Digest.pm | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
index 384dfc8..4b923ae 100644
--- a/cpan/Digest/Digest.pm
+++ b/cpan/Digest/Digest.pm
@@ -35,7 +35,9 @@ sub new
($class, @args) = @$class if ref($class);
no strict 'refs';
unless (exists ${"$class\::"}{"VERSION"}) {
- eval "require $class";
+ my $pm_file = $class . ".pm";
+ $pm_file =~ s{::}{/}g;
+ eval { require $pm_file };
if ($@) {
$err ||= $@;
next;
--
1.7.6.4
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment