1.1 --- a/perl/perl.patch Thu Sep 15 17:11:15 2011 +0200
1.2 +++ b/perl/perl.patch Thu Sep 15 19:29:29 2011 +0200
1.3 @@ -4,123 +4,29 @@
1.4 area is.
1.5
1.6 Index: installperl
1.7 ---- installperl.orig 2007-12-18 11:47:07 +0100
1.8 -+++ installperl 2008-03-28 15:23:47 +0100
1.9 -@@ -211,6 +211,8 @@
1.10 - my $installarchlib = "$destdir$Config{installarchlib}";
1.11 - my $installsitelib = "$destdir$Config{installsitelib}";
1.12 - my $installsitearch = "$destdir$Config{installsitearch}";
1.13 -+my $installvendorlib = "$destdir$Config{installvendorlib}";
1.14 -+my $installvendorarch = "$destdir$Config{installvendorarch}";
1.15 - my $installman1dir = "$destdir$Config{installman1dir}";
1.16 +--- installperl.orig 2011-06-09 22:04:29.000000000 +0200
1.17 ++++ installperl 2011-06-17 15:20:48.000000000 +0200
1.18 +@@ -200,6 +200,8 @@
1.19 + my $installarchlib = "$opts{destdir}$Config{installarchlib}";
1.20 + my $installsitelib = "$opts{destdir}$Config{installsitelib}";
1.21 + my $installsitearch = "$opts{destdir}$Config{installsitearch}";
1.22 ++my $installvendorlib = "$opts{destdir}$Config{installvendorlib}";
1.23 ++my $installvendorarch = "$opts{destdir}$Config{installvendorarch}";
1.24 + my $installman1dir = "$opts{destdir}$Config{installman1dir}";
1.25 my $man1ext = $Config{man1ext};
1.26 my $libperl = $Config{libperl};
1.27 -@@ -372,6 +374,8 @@
1.28 - mkpath($installarchlib, $verbose, 0777);
1.29 - mkpath($installsitelib, $verbose, 0777) if ($installsitelib);
1.30 - mkpath($installsitearch, $verbose, 0777) if ($installsitearch);
1.31 -+mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib);
1.32 -+mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch);
1.33 +@@ -349,6 +351,8 @@
1.34 + mkpath($installarchlib, $opts{verbose}, 0777);
1.35 + mkpath($installsitelib, $opts{verbose}, 0777) if ($installsitelib);
1.36 + mkpath($installsitearch, $opts{verbose}, 0777) if ($installsitearch);
1.37 ++mkpath($installvendorlib, $opts{verbose}, 0777) if ($installvendorlib);
1.38 ++mkpath($installvendorarch, $opts{verbose}, 0777) if ($installvendorarch);
1.39
1.40 if (chdir "lib") {
1.41 $do_installarchlib = ! samepath($installarchlib, '.');
1.42
1.43 -----------------------------------------------------------------------------
1.44
1.45 -By default, the Perl module search order is "use lib, -I, PERL[5]LIB,
1.46 -perl, site, vendor, other". This means that in OpenPKG both the modules
1.47 -installed via CPAN shell (in "site" area) and the "perl-xxx" packages
1.48 -(in "vendor" area) cannot override the (sometimes obsoleted) module
1.49 -versions distributed with Perl (in "perl" area). Hence, we change
1.50 -the search order to a more reasonable one for OpenPKG: "use lib, -I,
1.51 -PERL[5]LIB, site, vendor, perl, other".
1.52 -
1.53 -Index: perl.c
1.54 ---- perl.c.orig 2007-12-18 11:47:08 +0100
1.55 -+++ perl.c 2008-03-28 15:23:47 +0100
1.56 -@@ -4753,39 +4753,6 @@
1.57 - incpush(APPLLIB_EXP, TRUE, TRUE, TRUE, TRUE);
1.58 - #endif
1.59 -
1.60 --#ifdef ARCHLIB_EXP
1.61 -- incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE, TRUE);
1.62 --#endif
1.63 --#ifdef MACOS_TRADITIONAL
1.64 -- {
1.65 -- Stat_t tmpstatbuf;
1.66 -- SV * privdir = newSV(0);
1.67 -- char * macperl = PerlEnv_getenv("MACPERL");
1.68 --
1.69 -- if (!macperl)
1.70 -- macperl = "";
1.71 --
1.72 -- Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl);
1.73 -- if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode))
1.74 -- incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE);
1.75 -- Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl);
1.76 -- if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode))
1.77 -- incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE);
1.78 --
1.79 -- SvREFCNT_dec(privdir);
1.80 -- }
1.81 -- if (!PL_tainting)
1.82 -- incpush(":", FALSE, FALSE, TRUE, FALSE);
1.83 --#else
1.84 --#ifndef PRIVLIB_EXP
1.85 --# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl"
1.86 --#endif
1.87 --#if defined(WIN32)
1.88 -- incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE, TRUE);
1.89 --#else
1.90 -- incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE, TRUE);
1.91 --#endif
1.92 --
1.93 - #ifdef SITEARCH_EXP
1.94 - /* sitearch is always relative to sitelib on Windows for
1.95 - * DLL-based path intuition to work correctly */
1.96 -@@ -4828,6 +4795,39 @@
1.97 - incpush(PERL_VENDORLIB_STEM, FALSE, TRUE, TRUE, TRUE);
1.98 - #endif
1.99 -
1.100 -+#ifdef ARCHLIB_EXP
1.101 -+ incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE, TRUE);
1.102 -+#endif
1.103 -+#ifdef MACOS_TRADITIONAL
1.104 -+ {
1.105 -+ Stat_t tmpstatbuf;
1.106 -+ SV * privdir = newSV(0);
1.107 -+ char * macperl = PerlEnv_getenv("MACPERL");
1.108 -+
1.109 -+ if (!macperl)
1.110 -+ macperl = "";
1.111 -+
1.112 -+ Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl);
1.113 -+ if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode))
1.114 -+ incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE);
1.115 -+ Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl);
1.116 -+ if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode))
1.117 -+ incpush(SvPVX(privdir), TRUE, FALSE, TRUE, FALSE);
1.118 -+
1.119 -+ SvREFCNT_dec(privdir);
1.120 -+ }
1.121 -+ if (!PL_tainting)
1.122 -+ incpush(":", FALSE, FALSE, TRUE, FALSE);
1.123 -+#else
1.124 -+#ifndef PRIVLIB_EXP
1.125 -+# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl"
1.126 -+#endif
1.127 -+#if defined(WIN32)
1.128 -+ incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE, TRUE);
1.129 -+#else
1.130 -+ incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE, TRUE);
1.131 -+#endif
1.132 -+
1.133 - #ifdef PERL_OTHERLIBDIRS
1.134 - incpush(PERL_OTHERLIBDIRS, TRUE, TRUE, TRUE, TRUE);
1.135 - #endif
1.136 -
1.137 ------------------------------------------------------------------------------
1.138 -
1.139 Port to [Open]Darwin 6.6.2:
1.140
1.141 1. In OpenPKG, Perl does not use the vendor GCC and our GCC does not
1.142 @@ -135,19 +41,9 @@
1.143 related to the non-standard "__private_extern__" attribute.
1.144
1.145 Index: hints/darwin.sh
1.146 ---- hints/darwin.sh.orig 2007-12-18 11:47:07 +0100
1.147 -+++ hints/darwin.sh 2008-03-28 15:23:47 +0100
1.148 -@@ -120,9 +120,6 @@
1.149 - *-2147483648) ccflags="${ccflags} -DINT32_MIN_BROKEN -DINT64_MIN_BROKEN" ;;
1.150 - esac
1.151 -
1.152 --# Avoid Apple's cpp precompiler, better for extensions
1.153 --cppflags="${cppflags} -no-cpp-precomp"
1.154 --
1.155 - # This is necessary because perl's build system doesn't
1.156 - # apply cppflags to cc compile lines as it should.
1.157 - ccflags="${ccflags} ${cppflags}"
1.158 -@@ -182,8 +179,7 @@
1.159 +--- hints/darwin.sh.orig 2011-06-09 22:04:29.000000000 +0200
1.160 ++++ hints/darwin.sh 2011-06-17 15:20:48.000000000 +0200
1.161 +@@ -189,8 +189,7 @@
1.162 esac
1.163 ldlibpthname='DYLD_LIBRARY_PATH';
1.164
1.165 @@ -157,10 +53,27 @@
1.166
1.167 cat > UU/archname.cbu <<'EOCBU'
1.168 # This script UU/archname.cbu will get 'called-back' by Configure
1.169 +Index: ext/DynaLoader/dl_dyld.xs
1.170 +--- ext/DynaLoader/dl_dyld.xs.orig 2011-04-13 13:36:34.000000000 +0200
1.171 ++++ ext/DynaLoader/dl_dyld.xs 2011-06-17 15:20:48.000000000 +0200
1.172 +@@ -47,7 +47,13 @@
1.173 +
1.174 + #undef environ
1.175 + #undef bool
1.176 ++#ifdef PERL_DARWIN
1.177 ++#define __private_extern__ extern
1.178 ++#include <mach-o/dyld.h>
1.179 ++#undef __private_extern__
1.180 ++#else
1.181 + #import <mach-o/dyld.h>
1.182 ++#endif
1.183 +
1.184 + static char *dlerror()
1.185 + {
1.186 Index: perlio.c
1.187 ---- perlio.c.orig 2007-12-18 11:47:08 +0100
1.188 -+++ perlio.c 2008-03-28 15:23:47 +0100
1.189 -@@ -472,7 +472,14 @@
1.190 +--- perlio.c.orig 2011-06-09 22:04:29.000000000 +0200
1.191 ++++ perlio.c 2011-06-17 15:20:48.000000000 +0200
1.192 +@@ -476,7 +476,14 @@
1.193 #include <unistd.h>
1.194 #endif
1.195 #ifdef HAS_MMAP
1.196 @@ -175,23 +88,6 @@
1.197 #endif
1.198
1.199 void
1.200 -Index: ext/DynaLoader/dl_dyld.xs
1.201 ---- ext/DynaLoader/dl_dyld.xs.orig 2007-12-18 11:47:07 +0100
1.202 -+++ ext/DynaLoader/dl_dyld.xs 2008-03-28 15:23:47 +0100
1.203 -@@ -45,7 +45,13 @@
1.204 -
1.205 - #undef environ
1.206 - #undef bool
1.207 -+#ifdef PERL_DARWIN
1.208 -+#define __private_extern__ extern
1.209 -+#include <mach-o/dyld.h>
1.210 -+#undef __private_extern__
1.211 -+#else
1.212 - #import <mach-o/dyld.h>
1.213 -+#endif
1.214 -
1.215 - static char *dlerror()
1.216 - {
1.217
1.218 -----------------------------------------------------------------------------
1.219
1.220 @@ -204,8 +100,8 @@
1.221 it works at all.
1.222
1.223 Index: hints/dec_osf.sh
1.224 ---- hints/dec_osf.sh.orig 2007-12-18 11:47:07 +0100
1.225 -+++ hints/dec_osf.sh 2008-03-28 15:23:47 +0100
1.226 +--- hints/dec_osf.sh.orig 2011-06-17 02:06:09.000000000 +0200
1.227 ++++ hints/dec_osf.sh 2011-06-17 15:20:48.000000000 +0200
1.228 @@ -73,15 +73,6 @@
1.229 *) if $test "X$optimize" = "X$undef"; then
1.230 lddlflags="$lddlflags -msym"
1.231 @@ -225,59 +121,32 @@
1.232
1.233 -----------------------------------------------------------------------------
1.234
1.235 -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976
1.236 - Multiple scripts in the perl package in Trustix Secure Linux 1.5
1.237 - through 2.1, and possibly other operating systems, allows local
1.238 - users to overwrite files via a symlink attack on temporary files.
1.239 -
1.240 -Index: lib/CGI/Cookie.pm
1.241 ---- lib/CGI/Cookie.pm.orig 2007-12-18 11:47:07 +0100
1.242 -+++ lib/CGI/Cookie.pm 2008-03-28 15:23:47 +0100
1.243 -@@ -470,7 +470,7 @@
1.244 - You may also retrieve cookies that were stored in some external
1.245 - form using the parse() class method:
1.246 -
1.247 -- $COOKIES = `cat /usr/tmp/Cookie_stash`;
1.248 -+ $COOKIES = `cat /var/run/www/Cookie_stash`;
1.249 - %cookies = parse CGI::Cookie($COOKIES);
1.250 -
1.251 - If you are in a mod_perl environment, you can save some overhead by
1.252 -Index: lib/Shell.pm
1.253 ---- lib/Shell.pm.orig 2007-12-18 11:47:07 +0100
1.254 -+++ lib/Shell.pm 2008-03-28 15:23:47 +0100
1.255 -@@ -151,7 +151,7 @@
1.256 - use Shell qw(cat ps cp);
1.257 - $passwd = cat('</etc/passwd');
1.258 - @pslines = ps('-ww'),
1.259 -- cp("/etc/passwd", "/tmp/passwd");
1.260 -+ cp("/etc/passwd", "/etc/passwd.orig");
1.261 -
1.262 - # object oriented
1.263 - my $sh = Shell->new;
1.264 -
1.265 ------------------------------------------------------------------------------
1.266 +Linker flag change for Solaris.
1.267
1.268 Index: Configure
1.269 ---- Configure.orig 2007-12-18 11:47:07 +0100
1.270 -+++ Configure 2008-03-28 15:23:47 +0100
1.271 -@@ -7871,7 +7871,7 @@
1.272 +--- Configure.orig 2011-06-09 22:04:29.000000000 +0200
1.273 ++++ Configure 2011-06-17 15:20:48.000000000 +0200
1.274 +@@ -8078,9 +8058,9 @@
1.275 ;;
1.276 linux|irix*|gnu*) dflt="-shared $optimize" ;;
1.277 next) dflt='none' ;;
1.278 - solaris) dflt='-G' ;;
1.279 + solaris) dflt='-shared' ;;
1.280 sunos) dflt='-assert nodefinitions' ;;
1.281 - svr4*|esix*|nonstopux) dflt="-G $ldflags" ;;
1.282 +- svr4*|esix*|nonstopux) dflt="-G $ldflags" ;;
1.283 ++ svr4*|esix*|nonstopux) dflt="-shared $ldflags" ;;
1.284 *) dflt='none' ;;
1.285 + esac
1.286 + ;;
1.287
1.288 -----------------------------------------------------------------------------
1.289
1.290 Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
1.291
1.292 Index: sv.c
1.293 ---- sv.c.orig 2007-12-18 11:47:08 +0100
1.294 -+++ sv.c 2008-03-28 15:23:47 +0100
1.295 -@@ -8667,7 +8667,10 @@
1.296 +--- sv.c.orig 2011-06-17 02:06:09.000000000 +0200
1.297 ++++ sv.c 2011-06-17 15:20:48.000000000 +0200
1.298 +@@ -10198,7 +10198,10 @@
1.299 if ( (width = expect_number(&q)) ) {
1.300 if (*q == '$') {
1.301 ++q;
1.302 @@ -292,34 +161,127 @@
1.303
1.304 -----------------------------------------------------------------------------
1.305
1.306 -Detect NetBSD 5.x as well
1.307 +Do not use -fstack-protector as it causes too much portability issues.
1.308
1.309 -Index: hints/netbsd.sh
1.310 ---- hints/netbsd.sh.orig 2007-12-18 11:47:07.000000000 +0100
1.311 -+++ hints/netbsd.sh 2008-12-24 10:51:08.000000000 +0100
1.312 -@@ -79,7 +79,7 @@
1.313 +Index: Configure
1.314 +--- Configure.orig 2011-06-09 22:04:29.000000000 +0200
1.315 ++++ Configure 2011-06-17 15:20:48.000000000 +0200
1.316 +@@ -5158,17 +5158,6 @@
1.317 + ;;
1.318 + esac
1.319 +
1.320 +- # on x86_64 (at least) we require an extra library (libssp) in the
1.321 +- # link command line. This library is not named, so I infer that it is
1.322 +- # an implementation detail that may change. Hence the safest approach
1.323 +- # is to add the flag to the flags passed to the compiler at link time,
1.324 +- # as that way the compiler can do the right implementation dependant
1.325 +- # thing. (NWC)
1.326 +- case "$gccversion" in
1.327 +- ?*) set stack-protector -fstack-protector
1.328 +- eval $checkccflag
1.329 +- ;;
1.330 +- esac
1.331 ;;
1.332 esac
1.333 - case "$osvers" in
1.334 --0.9*|1.*|2.*|3.*|4.*)
1.335 -+0.9*|1.*|2.*|3.*|4.*|5.*)
1.336 - d_getprotoent_r="$undef"
1.337 - d_getprotobyname_r="$undef"
1.338 - d_getprotobynumber_r="$undef"
1.339 +
1.340 +@@ -5307,15 +5296,6 @@
1.341 + ;;
1.342 + *) dflt="$ldflags";;
1.343 + esac
1.344 +-# See note above about -fstack-protector
1.345 +-case "$ccflags" in
1.346 +-*-fstack-protector*)
1.347 +- case "$dflt" in
1.348 +- *-fstack-protector*) ;; # Don't add it again
1.349 +- *) dflt="$dflt -fstack-protector" ;;
1.350 +- esac
1.351 +- ;;
1.352 +-esac
1.353 +
1.354 + : Try to guess additional flags to pick up local libraries.
1.355 + for thislibdir in $libpth; do
1.356 +@@ -8107,14 +8087,6 @@
1.357 + ''|' ') dflt='none' ;;
1.358 + esac
1.359 +
1.360 +- case "$ldflags" in
1.361 +- *-fstack-protector*)
1.362 +- case "$dflt" in
1.363 +- *-fstack-protector*) ;; # Don't add it again
1.364 +- *) dflt="$dflt -fstack-protector" ;;
1.365 +- esac
1.366 +- ;;
1.367 +- esac
1.368 +
1.369 +
1.370 + rp="Any special flags to pass to $ld to create a dynamically loaded library?"
1.371
1.372 -----------------------------------------------------------------------------
1.373
1.374 -Corrections for Solaris 11:
1.375 +Make sure we install into <prefix>/lib/perl/ and not <prefix>/lib/perl5/
1.376
1.377 -Index: perl.h
1.378 -diff -Nau perl.h.orig perl.h
1.379 ---- perl.h.orig 2007-12-18 11:47:08.000000000 +0100
1.380 -+++ perl.h 2009-01-06 15:28:45.843276063 +0100
1.381 -@@ -1393,6 +1393,7 @@
1.382 - */
1.383 +Index: Configure
1.384 +--- Configure.orig 2009-08-24 18:33:49 +0200
1.385 ++++ Configure 2009-08-24 18:44:39 +0200
1.386 +@@ -1769,7 +1769,7 @@
1.387 + touch posthint.sh
1.388
1.389 - #if defined(I_SYSMODE) && !defined(PERL_MICRO)
1.390 -+#include <sys/vnode.h>
1.391 - #include <sys/mode.h>
1.392 - #endif
1.393 + : set package name
1.394 +-package='perl5'
1.395 ++package='perl'
1.396 + first=`echo $package | sed -e 's/^\(.\).*/\1/'`
1.397 + last=`echo $package | sed -e 's/^.\(.*\)/\1/'`
1.398 + case "`echo AbyZ | tr '[:lower:]' '[:upper:]' 2>/dev/null`" in
1.399 +
1.400 +-----------------------------------------------------------------------------
1.401
1.402 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976
1.403 + Multiple scripts in the perl package in Trustix Secure Linux 1.5
1.404 + through 2.1, and possibly other operating systems, allows local
1.405 + users to overwrite files via a symlink attack on temporary files.
1.406 +
1.407 +Index: cpan/CGI/lib/CGI/Cookie.pm
1.408 +--- cpan/CGI/lib/CGI/Cookie.pm.orig 2011-06-09 22:04:29.000000000 +0200
1.409 ++++ cpan/CGI/lib/CGI/Cookie.pm 2011-06-17 15:22:59.000000000 +0200
1.410 +@@ -464,7 +464,7 @@
1.411 + You may also retrieve cookies that were stored in some external
1.412 + form using the parse() class method:
1.413 +
1.414 +- $COOKIES = `cat /usr/tmp/Cookie_stash`;
1.415 ++ $COOKIES = `cat /var/run/www/Cookie_stash`;
1.416 + %cookies = CGI::Cookie->parse($COOKIES);
1.417 +
1.418 + If you are in a mod_perl environment, you can save some overhead by
1.419 +Index: cpan/Shell/Shell.pm
1.420 +--- cpan/Shell/Shell.pm.orig 2011-06-17 02:06:09.000000000 +0200
1.421 ++++ cpan/Shell/Shell.pm 2011-06-17 15:20:48.000000000 +0200
1.422 +@@ -153,7 +153,7 @@
1.423 + use Shell qw(cat ps cp);
1.424 + $passwd = cat('</etc/passwd');
1.425 + @pslines = ps('-ww'),
1.426 +- cp("/etc/passwd", "/tmp/passwd");
1.427 ++ cp("/etc/passwd", "/etc/passwd.orig");
1.428 +
1.429 + # object oriented
1.430 + my $sh = Shell->new;
1.431 +
1.432 +-----------------------------------------------------------------------------
1.433 +
1.434 +Linking against just libgdbm_compat under at least SUSE fails
1.435 +because it also needs libgdbm (which Perl doesn't pick up, too)
1.436 +
1.437 +Index: hints/linux.sh
1.438 +--- hints/linux.sh.orig 2011-06-09 22:04:29.000000000 +0200
1.439 ++++ hints/linux.sh 2011-06-17 15:20:48.000000000 +0200
1.440 +@@ -55,7 +55,9 @@
1.441 + libswanted="$*"
1.442 +
1.443 + # Debian 4.0 puts ndbm in the -lgdbm_compat library.
1.444 +-libswanted="$libswanted gdbm_compat"
1.445 ++if [ -f /etc/debian_version -o -f /etc/ubuntu_version ]; then
1.446 ++ libswanted="$libswanted gdbm_compat"
1.447 ++fi
1.448 +
1.449 + # If you have glibc, then report the version for ./myconfig bug reporting.
1.450 + # (Configure doesn't need to know the specific version since it just uses
1.451 +
