diff options
| author |   Vladimir Smirnov <civil@gentoo.org> | 2014-03-11 18:40:27 +0000 |
|---|---|---|
| committer | Vladimir Smirnov <civil@gentoo.org> | 2014-03-11 18:40:27 +0000 |
| commit | 7d52d590ff468f1de36f85394572a4dbec8bd120 (patch) | |
| tree | 1b37a85b505d5b1d4763b7bd1838b4a1b28eb53b /dev-perl/perltidy | |
| parent | Remove unnecessary --with-clang-resource-dir that broke the build whenever th... (diff) | |
| download | gentoo-2-7d52d590ff468f1de36f85394572a4dbec8bd120.tar.gz gentoo-2-7d52d590ff468f1de36f85394572a4dbec8bd120.tar.bz2 gentoo-2-7d52d590ff468f1de36f85394572a4dbec8bd120.zip | |
Version bump.
With fix for #504178
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xA832680F)
Diffstat (limited to 'dev-perl/perltidy')
| -rw-r--r-- | dev-perl/perltidy/ChangeLog | 11 | ||||
| -rw-r--r-- | dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch | 80 | ||||
| -rw-r--r-- | dev-perl/perltidy/perltidy-20130922.0.0.ebuild | 30 |
3 files changed, 119 insertions, 2 deletions
diff --git a/dev-perl/perltidy/ChangeLog b/dev-perl/perltidy/ChangeLog index 9e0c16844bcc..e5f0b1548f32 100644 --- a/dev-perl/perltidy/ChangeLog +++ b/dev-perl/perltidy/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-perl/perltidy -# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-perl/perltidy/ChangeLog,v 1.68 2013/03/26 10:12:58 ago Exp $ +# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/dev-perl/perltidy/ChangeLog,v 1.69 2014/03/11 18:40:27 civil Exp $ + +*perltidy-20130922.0.0 (11 Mar 2014) + + 11 Mar 2014; Vladimir Smirnov <civil@gentoo.org> + +files/perltidy-20130922.0.0-CVE-2014-2277.patch, + +perltidy-20130922.0.0.ebuild: + Version bump. With fix for #504178 26 Mar 2013; Agostino Sarubbo <ago@gentoo.org> perltidy-20121207.0.0.ebuild: Stable for ppc, wrt bug #456596 diff --git a/dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch b/dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch new file mode 100644 index 000000000000..f52e3f6b7f1f --- /dev/null +++ b/dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch @@ -0,0 +1,80 @@ +Description: Replace insecure make_temporary_filename with File::Temp::tempfile +Forwarded: http://lists.example.com/2010/03/1234.html +Origin: vendor, http://bugs.debian.org/740670 +Author: Don Armstrong <don@debian.org> +Last-Update: 2010-03-29 +--- a/lib/Perl/Tidy.pm ++++ b/lib/Perl/Tidy.pm +@@ -76,6 +76,7 @@ + use IO::File; + use File::Basename; + use File::Copy; ++use File::Temp qw(tempfile); + + BEGIN { + ( $VERSION = q($Id: perltidy-20130922.0.0-CVE-2014-2277.patch,v 1.1 2014/03/11 18:40:27 civil Exp $) ) =~ s/^.*\s+(\d+)\/(\d+)\/(\d+).*$/$1$2$3/; # all one line for MakeMaker +@@ -235,35 +236,6 @@ + return undef; + } + +-sub make_temporary_filename { +- +- # Make a temporary filename. +- # The POSIX tmpnam() function has been unreliable for non-unix systems +- # (at least for the win32 systems that I've tested), so use a pre-defined +- # name for them. A disadvantage of this is that two perltidy +- # runs in the same working directory may conflict. However, the chance of +- # that is small and manageable by the user, especially on systems for which +- # the POSIX tmpnam function doesn't work. +- my $name = "perltidy.TMP"; +- if ( $^O =~ /win32|dos/i || $^O eq 'VMS' || $^O eq 'MacOs' ) { +- return $name; +- } +- eval "use POSIX qw(tmpnam)"; +- if ($@) { return $name } +- use IO::File; +- +- # just make a couple of tries before giving up and using the default +- for ( 0 .. 3 ) { +- my $tmpname = tmpnam(); +- my $fh = IO::File->new( $tmpname, O_RDWR | O_CREAT | O_EXCL ); +- if ($fh) { +- $fh->close(); +- return ($tmpname); +- last; +- } +- } +- return ($name); +-} + + # Here is a map of the flow of data from the input source to the output + # line sink: +@@ -1324,11 +1296,7 @@ + my ( $fh_stream, $fh_name ) = + Perl::Tidy::streamhandle( $stream, 'r' ); + if ($fh_stream) { +- my ( $fout, $tmpnam ); +- +- # TODO: fix the tmpnam routine to return an open filehandle +- $tmpnam = Perl::Tidy::make_temporary_filename(); +- $fout = IO::File->new( $tmpnam, 'w' ); ++ my ( $fout, $tmpnam ) = tempfile(); + + if ($fout) { + $fname = $tmpnam; +@@ -5159,14 +5127,7 @@ + # Pod::Html requires a real temporary filename + # If we are making a frame, we have a name available + # Otherwise, we have to fine one +- my $tmpfile; +- if ( $rOpts->{'frames'} ) { +- $tmpfile = $self->{_toc_filename}; +- } +- else { +- $tmpfile = Perl::Tidy::make_temporary_filename(); +- } +- my $fh_tmp = IO::File->new( $tmpfile, 'w' ); ++ my ($fh_tmp,$tmpfile) = tempfile(); + unless ($fh_tmp) { + Perl::Tidy::Warn + "unable to open temporary file $tmpfile; cannot use pod2html\n"; diff --git a/dev-perl/perltidy/perltidy-20130922.0.0.ebuild b/dev-perl/perltidy/perltidy-20130922.0.0.ebuild new file mode 100644 index 000000000000..b5c753d44334 --- /dev/null +++ b/dev-perl/perltidy/perltidy-20130922.0.0.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-perl/perltidy/perltidy-20130922.0.0.ebuild,v 1.1 2014/03/11 18:40:27 civil Exp $ + +EAPI=4 + +MY_PN=Perl-Tidy +MODULE_AUTHOR=SHANCOCK +MODULE_VERSION=20130922 +inherit perl-module + +DESCRIPTION="Perl script indenter and beautifier" +HOMEPAGE="http://perltidy.sourceforge.net/ ${HOMEPAGE}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris" +IUSE="" + +SRC_TEST="do" + +src_prepare() { + epatch "${FILESDIR}/${P}-CVE-2014-2277.patch" +} + +src_install() { + perl-module_src_install + docinto examples + dodoc "${S}"/examples/* +} |