main/perl: security fix (CVE-2011-3597)

fixes #974 (cherry picked from commit 688926b9)

main/perl: security fix (CVE-2011-3597)
fixes #974 (cherry picked from commit 688926b9)
0eb1b1ef · Natanael Copa · 210aa7df · 0eb1b1ef · 0eb1b1ef
Commit 0eb1b1ef authored Jan 31, 2012 by Natanael Copa
--- a/main/perl/APKBUILD
+++ b/main/perl/APKBUILD
@@ -2,12 +2,14 @@
 # Contributor: Leonardo Arena <rnalrd@gmail.com>
 pkgname=perl
 pkgver=5.14.2
-pkgrel=0
+pkgrel=1
 pkgdesc="Larry Wall's Practical Extraction and Report Language"
 url=http://www.perl.org
 arch="all"
 license="Artistic GPL-2"
-source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz"
+source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz
+	CVE-2011-3597.patch
+	"
 depends=
 subpackages="$pkgname-dev $pkgname-doc miniperl"

@@ -15,6 +17,11 @@ _builddir="$srcdir/$pkgname-$pkgver"

 prepare() {
 	cd $_builddir
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
 	sed -i -e 's/less -R/less/g' ./Configure
 	sed -i -e 's/libswanted="\(.*\) nsl\(.*\)"/libswanted="\1\2"/g' ./Configure
 }
@@ -65,4 +72,5 @@ miniperl() {
 	cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin"
 }

-md5sums="3306fbaf976dcebdcd49b2ac0be00eb9  perl-5.14.2.tar.gz"
+md5sums="3306fbaf976dcebdcd49b2ac0be00eb9  perl-5.14.2.tar.gz
+0212067da7d533fe3939c0984cad4243  CVE-2011-3597.patch"
--- a/main/perl/CVE-2011-3597.patch
+++ b/main/perl/CVE-2011-3597.patch
+From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Tue, 4 Oct 2011 13:46:39 +0200
+Subject: [PATCH] Fix code injection in Digest
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
+---
+ cpan/Digest/Digest.pm |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
+index 384dfc8..4b923ae 100644
+--- a/cpan/Digest/Digest.pm
+++ b/cpan/Digest/Digest.pm
+@@ -35,7 +35,9 @@ sub new
+ 	($class, @args) = @$class if ref($class);
+ 	no strict 'refs';
+ 	unless (exists ${"$class\::"}{"VERSION"}) {
+-	    eval "require $class";
+	    my $pm_file = $class . ".pm";
+	    $pm_file =~ s{::}{/}g;
+	    eval { require $pm_file };
+ 	    if ($@) {
+ 		$err ||= $@;
+ 		next;
+-- 
+1.7.6.4
+