From 9a4352e6a2a79096638e6f1fa88b1648ef3266e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 11 May 2017 11:31:36 +0200 Subject: [PATCH] Upgrade to 3.67 as provided in perl-5.25.12 --- PathTools-3.62-Upgrade-to-3.63.patch | 31 +- ...-avoid-loading-optional-modules-from.patch | 62 ---- PathTools-3.63-Upgrade-to-3.67.patch | 344 ++++++++++++++++++ ... => PathTools-3.67-Disable-VMS-tests.patch | 23 +- perl-PathTools.spec | 25 +- 5 files changed, 407 insertions(+), 78 deletions(-) delete mode 100644 PathTools-3.63-CVE-2016-1238-avoid-loading-optional-modules-from.patch create mode 100644 PathTools-3.63-Upgrade-to-3.67.patch rename PathTools-3.47-Disable-VMS-tests.patch => PathTools-3.67-Disable-VMS-tests.patch (96%) diff --git a/PathTools-3.62-Upgrade-to-3.63.patch b/PathTools-3.62-Upgrade-to-3.63.patch index 98e1a5f..a4c5ab0 100644 --- a/PathTools-3.62-Upgrade-to-3.63.patch +++ b/PathTools-3.62-Upgrade-to-3.63.patch @@ -1,3 +1,29 @@ +From 37ec7c0cadcde0f86ea87bc025096a7d894c7983 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 11 May 2017 11:36:46 +0200 +Subject: [PATCH] Upgrade to 3.63 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Unbundled from perl-5.24.0. + +Signed-off-by: Petr Písař +--- + Cwd.pm | 2 +- + lib/File/Spec.pm | 2 +- + lib/File/Spec/AmigaOS.pm | 5 +++-- + lib/File/Spec/Cygwin.pm | 2 +- + lib/File/Spec/Epoc.pm | 2 +- + lib/File/Spec/Functions.pm | 2 +- + lib/File/Spec/Mac.pm | 2 +- + lib/File/Spec/OS2.pm | 2 +- + lib/File/Spec/Unix.pm | 2 +- + lib/File/Spec/VMS.pm | 10 ++++------ + lib/File/Spec/Win32.pm | 2 +- + t/abs2rel.t | 6 +++--- + 12 files changed, 19 insertions(+), 20 deletions(-) + diff --git a/Cwd.pm b/Cwd.pm index 9b5183e..e8b9f19 100644 --- a/Cwd.pm @@ -25,7 +51,7 @@ index 2709c39..32b987e 100644 my %module = (MacOS => 'Mac', diff --git a/lib/File/Spec/AmigaOS.pm b/lib/File/Spec/AmigaOS.pm -index e6d6f5f2a..7a5889c 100644 +index e6d6f5f..7a5889c 100644 --- a/lib/File/Spec/AmigaOS.pm +++ b/lib/File/Spec/AmigaOS.pm @@ -4,7 +4,7 @@ use strict; @@ -202,3 +228,6 @@ index 5e33ab6..b77a1c2 100644 open my $OUT2, '>', File::Spec->catfile('second_sub_dir', 'second_file') +-- +2.9.3 + diff --git a/PathTools-3.63-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/PathTools-3.63-CVE-2016-1238-avoid-loading-optional-modules-from.patch deleted file mode 100644 index 98d1075..0000000 --- a/PathTools-3.63-CVE-2016-1238-avoid-loading-optional-modules-from.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff -up PathTools/Cwd.pm.cve PathTools/Cwd.pm ---- PathTools/Cwd.pm.cve 2016-03-01 13:33:02.000000000 +0100 -+++ PathTools/Cwd.pm 2016-08-02 13:39:39.814316060 +0200 -@@ -40,7 +40,10 @@ if ($^O eq 'os2') { - my $use_vms_feature; - BEGIN { - if ($^O eq 'VMS') { -- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { -+ if (eval { local $SIG{__DIE__}; -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; -+ require VMS::Feature; }) { - $use_vms_feature = 1; - } - } -diff -up PathTools/lib/File/Spec/Cygwin.pm.cve PathTools/lib/File/Spec/Cygwin.pm ---- PathTools/lib/File/Spec/Cygwin.pm.cve 2016-03-01 13:33:02.000000000 +0100 -+++ PathTools/lib/File/Spec/Cygwin.pm 2016-08-02 13:39:39.814316060 +0200 -@@ -137,7 +137,11 @@ sub case_tolerant { - if ($mntopts and ($mntopts =~ /,managed/)) { - return 0; - } -- eval { require Win32API::File; } or return 1; -+ eval { -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; -+ require Win32API::File; -+ } or return 1; - my $osFsType = "\0"x256; - my $osVolName = "\0"x256; - my $ouFsFlags = 0; -diff -up PathTools/lib/File/Spec/VMS.pm.cve PathTools/lib/File/Spec/VMS.pm ---- PathTools/lib/File/Spec/VMS.pm.cve 2016-03-01 13:33:02.000000000 +0100 -+++ PathTools/lib/File/Spec/VMS.pm 2016-08-02 13:39:39.814316060 +0200 -@@ -39,7 +39,10 @@ via the C CRT - - my $use_feature; - BEGIN { -- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { -+ if (eval { local $SIG{__DIE__}; -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; -+ require VMS::Feature; }) { - $use_feature = 1; - } - } -diff -up PathTools/lib/File/Spec/Win32.pm.cve PathTools/lib/File/Spec/Win32.pm ---- PathTools/lib/File/Spec/Win32.pm.cve 2016-03-01 13:33:02.000000000 +0100 -+++ PathTools/lib/File/Spec/Win32.pm 2016-08-02 13:39:39.814316060 +0200 -@@ -90,7 +90,11 @@ Default: 1 - =cut - - sub case_tolerant { -- eval { require Win32API::File; } or return 1; -+ eval { -+ local @INC = @INC; -+ pop @INC if $INC[-1] eq '.'; -+ require Win32API::File; -+ } or return 1; - my $drive = shift || "C:"; - my $osFsType = "\0"x256; - my $osVolName = "\0"x256; diff --git a/PathTools-3.63-Upgrade-to-3.67.patch b/PathTools-3.63-Upgrade-to-3.67.patch new file mode 100644 index 0000000..470ca40 --- /dev/null +++ b/PathTools-3.63-Upgrade-to-3.67.patch @@ -0,0 +1,344 @@ +From e096006aef3f45147f77949c6b07f525aba08fc3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 11 May 2017 11:27:40 +0200 +Subject: [PATCH] Upgrade to 3.67 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Unbundled from 5.25.12. + +Signed-off-by: Petr Písař +--- + Changes | 12 ++++++++++++ + Cwd.pm | 7 +++++-- + Cwd.xs | 2 +- + Makefile.PL | 9 +++++++-- + lib/File/Spec.pm | 11 +++++++---- + lib/File/Spec/AmigaOS.pm | 2 +- + lib/File/Spec/Cygwin.pm | 8 ++++++-- + lib/File/Spec/Epoc.pm | 2 +- + lib/File/Spec/Functions.pm | 2 +- + lib/File/Spec/Mac.pm | 6 +++--- + lib/File/Spec/OS2.pm | 2 +- + lib/File/Spec/Unix.pm | 2 +- + lib/File/Spec/VMS.pm | 17 ++++++++++------- + lib/File/Spec/Win32.pm | 8 ++++++-- + 14 files changed, 62 insertions(+), 28 deletions(-) + +diff --git a/Changes b/Changes +index 09e977a..7d0c179 100644 +--- a/Changes ++++ b/Changes +@@ -1,5 +1,17 @@ + Revision history for Perl distribution PathTools. + ++3.67 - Mon Feb 27 09:33:04 EST 2017 ++- Add security usage note to File::Spec::no_upwards ++ ++3.66 - Sat Nov 19 10:30:19 MST 2016 ++- white space change so can compile under C++11 ++ ++3.65 - Mon, 25 Jul 2016 23:15:33 -0700 ++- (perl #127384)(CVE-2016-1238) ++ ++3.64 - Tue May 24 10:00:19 MST 2016 ++- just minor pod changes to silence Pod::Checker ++ + 3.62 - Mon Jan 11 08:39:19 EST 2016 + - ensure File::Spec::canonpath() preserves taint (CVE-2015-8607) + +diff --git a/Cwd.pm b/Cwd.pm +index e8b9f19..ce142cf 100644 +--- a/Cwd.pm ++++ b/Cwd.pm +@@ -3,7 +3,7 @@ use strict; + use Exporter; + use vars qw(@ISA @EXPORT @EXPORT_OK $VERSION); + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + my $xs_version = $VERSION; + $VERSION =~ tr/_//d; + +@@ -40,7 +40,10 @@ if ($^O eq 'os2') { + my $use_vms_feature; + BEGIN { + if ($^O eq 'VMS') { +- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { ++ if (eval { local $SIG{__DIE__}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require VMS::Feature; }) { + $use_vms_feature = 1; + } + } +diff --git a/Cwd.xs b/Cwd.xs +index 3d018dc..c6c600b 100644 +--- a/Cwd.xs ++++ b/Cwd.xs +@@ -424,7 +424,7 @@ int Perl_getcwd_sv(pTHX_ SV *sv) + #endif + + #if USE_MY_CXT +-# define MY_CXT_KEY "Cwd::_guts"XS_VERSION ++# define MY_CXT_KEY "Cwd::_guts" XS_VERSION + typedef struct { + SV *empty_string_sv, *slash_string_sv; + } my_cxt_t; +diff --git a/Makefile.PL b/Makefile.PL +index bc40baf..71b9a60 100644 +--- a/Makefile.PL ++++ b/Makefile.PL +@@ -1,5 +1,11 @@ + +-BEGIN { @INC = grep {!/blib/} @INC } ++# See https://rt.cpan.org/Public/Bug/Display.html?id=4681 ++# and https://rt.perl.org/Ticket/Display.html?id=125603 ++# When installing a newer Cwd on a system with an existing Cwd, ++# under some circumstances the old Cwd.pm and the new Cwd.xs could ++# get mixed up and SEGVs ensue. ++ ++BEGIN { @INC = grep { $_ ne "blib/arch" and $_ ne "blib/lib" } @INC } + + require 5.005; + use ExtUtils::MakeMaker; +@@ -16,7 +22,6 @@ WriteMakefile + 'Carp' => '0', + 'File::Basename' => '0', + 'Scalar::Util' => '0', +- 'Test' => '0', + # done_testing() is used in dist/Cwd/t/Spec.t + 'Test::More' => 0.88, + }, +diff --git a/lib/File/Spec.pm b/lib/File/Spec.pm +index 32b987e..a9a7619 100644 +--- a/lib/File/Spec.pm ++++ b/lib/File/Spec.pm +@@ -3,7 +3,7 @@ package File::Spec; + use strict; + use vars qw(@ISA $VERSION); + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + my %module = (MacOS => 'Mac', +@@ -158,10 +158,13 @@ Returns a string representation of the parent directory. + + =item no_upwards + +-Given a list of file names, strip out those that refer to a parent +-directory. (Does not strip symlinks, only '.', '..', and equivalents.) ++Given a list of files in a directory (such as from C), ++strip out C<'.'> and C<'..'>. + +- @paths = File::Spec->no_upwards( @paths ); ++B This does NOT filter paths containing C<'..'>, like ++C<'../../../../etc/passwd'>, only literal matches to C<'.'> and C<'..'>. ++ ++ @paths = File::Spec->no_upwards( readdir $dirhandle ); + + =item case_tolerant + +diff --git a/lib/File/Spec/AmigaOS.pm b/lib/File/Spec/AmigaOS.pm +index 7a5889c..8d3796e 100644 +--- a/lib/File/Spec/AmigaOS.pm ++++ b/lib/File/Spec/AmigaOS.pm +@@ -4,7 +4,7 @@ use strict; + use vars qw(@ISA $VERSION); + require File::Spec::Unix; + +-$VERSION = '3.64'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + @ISA = qw(File::Spec::Unix); +diff --git a/lib/File/Spec/Cygwin.pm b/lib/File/Spec/Cygwin.pm +index 2092eb8..745df86 100644 +--- a/lib/File/Spec/Cygwin.pm ++++ b/lib/File/Spec/Cygwin.pm +@@ -4,7 +4,7 @@ use strict; + use vars qw(@ISA $VERSION); + require File::Spec::Unix; + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + @ISA = qw(File::Spec::Unix); +@@ -137,7 +137,11 @@ sub case_tolerant { + if ($mntopts and ($mntopts =~ /,managed/)) { + return 0; + } +- eval { require Win32API::File; } or return 1; ++ eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require Win32API::File; ++ } or return 1; + my $osFsType = "\0"x256; + my $osVolName = "\0"x256; + my $ouFsFlags = 0; +diff --git a/lib/File/Spec/Epoc.pm b/lib/File/Spec/Epoc.pm +index 22f0192..959261a 100644 +--- a/lib/File/Spec/Epoc.pm ++++ b/lib/File/Spec/Epoc.pm +@@ -3,7 +3,7 @@ package File::Spec::Epoc; + use strict; + use vars qw($VERSION @ISA); + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + require File::Spec::Unix; +diff --git a/lib/File/Spec/Functions.pm b/lib/File/Spec/Functions.pm +index af2c498..cb7532e 100644 +--- a/lib/File/Spec/Functions.pm ++++ b/lib/File/Spec/Functions.pm +@@ -5,7 +5,7 @@ use strict; + + use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION); + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + require Exporter; +diff --git a/lib/File/Spec/Mac.pm b/lib/File/Spec/Mac.pm +index 52c3bfe..192cc8d 100644 +--- a/lib/File/Spec/Mac.pm ++++ b/lib/File/Spec/Mac.pm +@@ -4,7 +4,7 @@ use strict; + use vars qw(@ISA $VERSION); + require File::Spec::Unix; + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + @ISA = qw(File::Spec::Unix); +@@ -121,7 +121,7 @@ doesn't alter the path, i.e. these arguments are ignored. (When a "" + is passed as the first argument, it has a special meaning, see + (6)). This way, a colon ":" is handled like a "." (curdir) on Unix, + while an empty string "" is generally ignored (see +-Ccanonpath()> ). Likewise, a "::" is handled like a ".." ++L ). Likewise, a "::" is handled like a ".." + (updir), and a ":::" is handled like a "../.." etc. E.g. + + catdir("a",":",":","b") = ":a:b:" +@@ -168,7 +168,7 @@ their Unix counterparts: + # (e.g. "HD:a:") + + However, this approach is limited to the first arguments following +-"root" (again, see Ccanonpath()> ). If there are more ++"root" (again, see L. If there are more + arguments that move up the directory tree, an invalid path going + beyond root can be created. + +diff --git a/lib/File/Spec/OS2.pm b/lib/File/Spec/OS2.pm +index 804ecdb..1e201eb 100644 +--- a/lib/File/Spec/OS2.pm ++++ b/lib/File/Spec/OS2.pm +@@ -4,7 +4,7 @@ use strict; + use vars qw(@ISA $VERSION); + require File::Spec::Unix; + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + @ISA = qw(File::Spec::Unix); +diff --git a/lib/File/Spec/Unix.pm b/lib/File/Spec/Unix.pm +index 3916a11..ff3599a 100644 +--- a/lib/File/Spec/Unix.pm ++++ b/lib/File/Spec/Unix.pm +@@ -3,7 +3,7 @@ package File::Spec::Unix; + use strict; + use vars qw($VERSION); + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + my $xs_version = $VERSION; + $VERSION =~ tr/_//d; + +diff --git a/lib/File/Spec/VMS.pm b/lib/File/Spec/VMS.pm +index 02cc0b0..fb4351f 100644 +--- a/lib/File/Spec/VMS.pm ++++ b/lib/File/Spec/VMS.pm +@@ -4,7 +4,7 @@ use strict; + use vars qw(@ISA $VERSION); + require File::Spec::Unix; + +-$VERSION = '3.63'; ++$VERSION = '3.67'; + $VERSION =~ tr/_//d; + + @ISA = qw(File::Spec::Unix); +@@ -39,7 +39,10 @@ via the C CRTL feature. + + my $use_feature; + BEGIN { +- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { ++ if (eval { local $SIG{__DIE__}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require VMS::Feature; }) { + $use_feature = 1; + } + } +@@ -94,7 +97,7 @@ sub canonpath { + # [-.-. ==> [--. + # .-.-] ==> .--] + # [-.-] ==> [--] +- 1 while ($path =~ s/(? [- +- $path =~ s/(? . +- $path =~ s/(? [ +- $path =~ s/(? ] ++ $path =~ s/(? . ++ $path =~ s/(? [ ++ $path =~ s/(? ] + # [foo.-] ==> [000000] +- $path =~ s/(? + $path =~ s/(? +Date: Thu, 11 May 2017 11:36:46 +0200 +Subject: [PATCH] Disable VMS test (bug #973713) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + t/Spec.t | 186 +-------------------------------------------------------------- + 1 file changed, 1 insertion(+), 185 deletions(-) + +diff --git a/t/Spec.t b/t/Spec.t +index 74c18aa..adba01c 100644 +--- a/t/Spec.t ++++ b/t/Spec.t @@ -38,7 +38,7 @@ if ( $@ ) { $INC{"VMS/Filespec.pm"} = 1 ; } @@ -201,3 +215,6 @@ diff -up PathTools-3.47/t/Spec.t.orig PathTools-3.47/t/Spec.t [ "OS2->case_tolerant()", '1' ], +-- +2.9.3 + diff --git a/perl-PathTools.spec b/perl-PathTools.spec index 57b4b18..d08c127 100644 --- a/perl-PathTools.spec +++ b/perl-PathTools.spec @@ -1,22 +1,21 @@ %global base_version 3.62 Name: perl-PathTools -Version: 3.63 -Release: 367%{?dist} +Version: 3.67 +Release: 1%{?dist} Summary: PathTools Perl module (Cwd, File::Spec) # Cwd.xs: BSD # other files: GPL+ or Artistic ## Not in the binary package # t/lib/Test/Tutorial.pod: (GPL+ or Artistic) and Public Domain License: (GPL+ or Artistic) and BSD -Group: Development/Libraries URL: http://search.cpan.org/dist/PathTools/ Source0: http://www.cpan.org/authors/id/R/RJ/RJBS/PathTools-%{base_version}.tar.gz -# Disable VMS test (bug #973713) -Patch0: PathTools-3.47-Disable-VMS-tests.patch # Unbundled from perl 5.24.0 -Patch1: PathTools-3.62-Upgrade-to-3.63.patch -# Avoid loading optional modules from default . (CVE-2016-1238) -Patch2: PathTools-3.63-CVE-2016-1238-avoid-loading-optional-modules-from.patch +Patch0: PathTools-3.62-Upgrade-to-3.63.patch +# Unbundled from perl 5.25.12 +Patch1: PathTools-3.63-Upgrade-to-3.67.patch +# Disable VMS tests (bug #973713) +Patch2: PathTools-3.67-Disable-VMS-tests.patch BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc @@ -24,7 +23,7 @@ BuildRequires: make BuildRequires: perl BuildRequires: perl-devel BuildRequires: perl-generators -BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 BuildRequires: sed # Run-time: BuildRequires: perl(Carp) @@ -65,13 +64,12 @@ rm -rf t/lib sed -i -e '/t\/lib\//d' MANIFEST %build -perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="$RPM_OPT_FLAGS" +perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 OPTIMIZE="$RPM_OPT_FLAGS" make %{?_smp_mflags} %install make pure_install DESTDIR=$RPM_BUILD_ROOT -find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \; -find $RPM_BUILD_ROOT -type f -name '*.bs' -size 0 -exec rm -f {} \; +find $RPM_BUILD_ROOT -type f -name '*.bs' -size 0 -delete %{_fixperms} $RPM_BUILD_ROOT/* %check @@ -85,6 +83,9 @@ make test %{_mandir}/man3/* %changelog +* Thu May 11 2017 Petr Pisar - 3.67-1 +- Upgrade to 3.67 as provided in perl-5.25.12 + * Sat Feb 11 2017 Fedora Release Engineering - 3.63-367 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild