mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: perl: Update to 5.24.0.
* gnu/packages/perl.scm: Update to 5.24.0. [source]: Add and remove patches. * gnu/packages/patches/perl-reproducible-build-date.patch: New file. * gnu/packages/patches/perl-CVE-2015-8607.patch, gnu/packages/patches/perl-CVE-2016-2381.patch, gnu/packages/patches/perl-no-build-time.patch, gnu/packages/patches/perl-source-date-epoch.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Add and remove patches.
This commit is contained in:
parent
9bb1826651
commit
a3d6e1f432
7 changed files with 21 additions and 239 deletions
|
@ -695,8 +695,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/patch-hurd-path-max.patch \
|
%D%/packages/patches/patch-hurd-path-max.patch \
|
||||||
%D%/packages/patches/pcre-CVE-2016-3191.patch \
|
%D%/packages/patches/pcre-CVE-2016-3191.patch \
|
||||||
%D%/packages/patches/pcre2-CVE-2016-3191.patch \
|
%D%/packages/patches/pcre2-CVE-2016-3191.patch \
|
||||||
%D%/packages/patches/perl-CVE-2015-8607.patch \
|
|
||||||
%D%/packages/patches/perl-CVE-2016-2381.patch \
|
|
||||||
%D%/packages/patches/perl-autosplit-default-time.patch \
|
%D%/packages/patches/perl-autosplit-default-time.patch \
|
||||||
%D%/packages/patches/perl-deterministic-ordering.patch \
|
%D%/packages/patches/perl-deterministic-ordering.patch \
|
||||||
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
|
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
|
||||||
|
@ -705,10 +703,9 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/perl-net-amazon-s3-moose-warning.patch \
|
%D%/packages/patches/perl-net-amazon-s3-moose-warning.patch \
|
||||||
%D%/packages/patches/perl-net-ssleay-disable-ede-test.patch \
|
%D%/packages/patches/perl-net-ssleay-disable-ede-test.patch \
|
||||||
%D%/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch \
|
%D%/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch \
|
||||||
%D%/packages/patches/perl-no-build-time.patch \
|
|
||||||
%D%/packages/patches/perl-no-sys-dirs.patch \
|
%D%/packages/patches/perl-no-sys-dirs.patch \
|
||||||
%D%/packages/patches/perl-module-pluggable-search.patch \
|
%D%/packages/patches/perl-module-pluggable-search.patch \
|
||||||
%D%/packages/patches/perl-source-date-epoch.patch \
|
%D%/packages/patches/perl-reproducible-build-date.patch \
|
||||||
%D%/packages/patches/pidgin-add-search-path.patch \
|
%D%/packages/patches/pidgin-add-search-path.patch \
|
||||||
%D%/packages/patches/pinball-const-fix.patch \
|
%D%/packages/patches/pinball-const-fix.patch \
|
||||||
%D%/packages/patches/pinball-cstddef.patch \
|
%D%/packages/patches/pinball-cstddef.patch \
|
||||||
|
|
|
@ -1,68 +0,0 @@
|
||||||
From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tony Cook <tony@develop-help.com>
|
|
||||||
Date: Tue, 15 Dec 2015 10:56:54 +1100
|
|
||||||
Subject: ensure File::Spec::canonpath() preserves taint
|
|
||||||
|
|
||||||
Previously the unix specific XS implementation of canonpath() would
|
|
||||||
return an untainted path when supplied a tainted path.
|
|
||||||
|
|
||||||
For the empty string case, newSVpvs() already sets taint as needed on
|
|
||||||
its result.
|
|
||||||
|
|
||||||
This issue was assigned CVE-2015-8607.
|
|
||||||
|
|
||||||
Bug: https://rt.perl.org/Ticket/Display.html?id=126862
|
|
||||||
Bug-Debian: https://bugs.debian.org/810719
|
|
||||||
Origin: upstream
|
|
||||||
Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
|
|
||||||
---
|
|
||||||
dist/PathTools/Cwd.xs | 1 +
|
|
||||||
dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
|
|
||||||
2 files changed, 19 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
|
|
||||||
index 9d4dcf0..3d018dc 100644
|
|
||||||
--- a/dist/PathTools/Cwd.xs
|
|
||||||
+++ b/dist/PathTools/Cwd.xs
|
|
||||||
@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
|
|
||||||
*o = 0;
|
|
||||||
SvPOK_on(retval);
|
|
||||||
SvCUR_set(retval, o - SvPVX(retval));
|
|
||||||
+ SvTAINT(retval);
|
|
||||||
return retval;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
|
|
||||||
index 309b3e5..48f8c5b 100644
|
|
||||||
--- a/dist/PathTools/t/taint.t
|
|
||||||
+++ b/dist/PathTools/t/taint.t
|
|
||||||
@@ -12,7 +12,7 @@ use Test::More;
|
|
||||||
BEGIN {
|
|
||||||
plan(
|
|
||||||
${^TAINT}
|
|
||||||
- ? (tests => 17)
|
|
||||||
+ ? (tests => 21)
|
|
||||||
: (skip_all => "A perl without taint support")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
|
|
||||||
|
|
||||||
# Previous versions of Cwd tainted $^O
|
|
||||||
is !tainted($^O), 1, "\$^O should not be tainted";
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ # [perl #126862] canonpath() loses taint
|
|
||||||
+ my $tainted = substr($ENV{PATH}, 0, 0);
|
|
||||||
+ # yes, getcwd()'s result should be tainted, and is tested above
|
|
||||||
+ # but be sure
|
|
||||||
+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
|
|
||||||
+ "canonpath() keeps taint on non-empty string";
|
|
||||||
+ ok tainted(File::Spec->canonpath($tainted)),
|
|
||||||
+ "canonpath() keeps taint on empty string";
|
|
||||||
+
|
|
||||||
+ (Cwd::getcwd() =~ /^(.*)/);
|
|
||||||
+ my $untainted = $1;
|
|
||||||
+ ok !tainted($untainted), "make sure our untainted value is untainted";
|
|
||||||
+ ok !tainted(File::Spec->canonpath($untainted)),
|
|
||||||
+ "canonpath() doesn't add taint to untainted string";
|
|
||||||
+}
|
|
|
@ -1,116 +0,0 @@
|
||||||
Fix CVE-2016-2381 (ambiguous handling of duplicated environment variables).
|
|
||||||
|
|
||||||
Copied from upstream:
|
|
||||||
http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
|
|
||||||
|
|
||||||
References:
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
|
|
||||||
http://www.nntp.perl.org/group/perl.perl5.porters/2016/03/msg234747.html
|
|
||||||
https://security-tracker.debian.org/tracker/CVE-2016-2381
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
From 1237ea93fb2475a5ae576d5ee1358a5bb4ebe426 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tony Cook <tony@develop-help.com>
|
|
||||||
Date: Wed, 27 Jan 2016 11:52:15 +1100
|
|
||||||
Subject: remove duplicate environment variables from environ
|
|
||||||
|
|
||||||
If we see duplicate environment variables while iterating over
|
|
||||||
environ[]:
|
|
||||||
|
|
||||||
a) make sure we use the same value in %ENV that getenv() returns.
|
|
||||||
|
|
||||||
Previously on a duplicate, %ENV would have the last entry for the name
|
|
||||||
from environ[], but a typical getenv() would return the first entry.
|
|
||||||
|
|
||||||
Rather than assuming all getenv() implementations return the first entry
|
|
||||||
explicitly call getenv() to ensure they agree.
|
|
||||||
|
|
||||||
b) remove duplicate entries from environ
|
|
||||||
|
|
||||||
Previously if there was a duplicate definition for a name in environ[]
|
|
||||||
setting that name in %ENV could result in an unsafe value being passed
|
|
||||||
to a child process, so ensure environ[] has no duplicates.
|
|
||||||
|
|
||||||
Patch-Name: fixes/CVE-2016-2381_duplicate_env.diff
|
|
||||||
---
|
|
||||||
perl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
|
|
||||||
1 file changed, 49 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/perl.c b/perl.c
|
|
||||||
index 67d32ce..26aeb91 100644
|
|
||||||
--- a/perl.c
|
|
||||||
+++ b/perl.c
|
|
||||||
@@ -4277,23 +4277,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env)
|
|
||||||
}
|
|
||||||
if (env) {
|
|
||||||
char *s, *old_var;
|
|
||||||
+ STRLEN nlen;
|
|
||||||
SV *sv;
|
|
||||||
+ HV *dups = newHV();
|
|
||||||
+
|
|
||||||
for (; *env; env++) {
|
|
||||||
old_var = *env;
|
|
||||||
|
|
||||||
if (!(s = strchr(old_var,'=')) || s == old_var)
|
|
||||||
continue;
|
|
||||||
+ nlen = s - old_var;
|
|
||||||
|
|
||||||
#if defined(MSDOS) && !defined(DJGPP)
|
|
||||||
*s = '\0';
|
|
||||||
(void)strupr(old_var);
|
|
||||||
*s = '=';
|
|
||||||
#endif
|
|
||||||
- sv = newSVpv(s+1, 0);
|
|
||||||
- (void)hv_store(hv, old_var, s - old_var, sv, 0);
|
|
||||||
+ if (hv_exists(hv, old_var, nlen)) {
|
|
||||||
+ const char *name = savepvn(old_var, nlen);
|
|
||||||
+
|
|
||||||
+ /* make sure we use the same value as getenv(), otherwise code that
|
|
||||||
+ uses getenv() (like setlocale()) might see a different value to %ENV
|
|
||||||
+ */
|
|
||||||
+ sv = newSVpv(PerlEnv_getenv(name), 0);
|
|
||||||
+
|
|
||||||
+ /* keep a count of the dups of this name so we can de-dup environ later */
|
|
||||||
+ if (hv_exists(dups, name, nlen))
|
|
||||||
+ ++SvIVX(*hv_fetch(dups, name, nlen, 0));
|
|
||||||
+ else
|
|
||||||
+ (void)hv_store(dups, name, nlen, newSViv(1), 0);
|
|
||||||
+
|
|
||||||
+ Safefree(name);
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
+ sv = newSVpv(s+1, 0);
|
|
||||||
+ }
|
|
||||||
+ (void)hv_store(hv, old_var, nlen, sv, 0);
|
|
||||||
if (env_is_not_environ)
|
|
||||||
mg_set(sv);
|
|
||||||
}
|
|
||||||
+ if (HvKEYS(dups)) {
|
|
||||||
+ /* environ has some duplicate definitions, remove them */
|
|
||||||
+ HE *entry;
|
|
||||||
+ hv_iterinit(dups);
|
|
||||||
+ while ((entry = hv_iternext_flags(dups, 0))) {
|
|
||||||
+ STRLEN nlen;
|
|
||||||
+ const char *name = HePV(entry, nlen);
|
|
||||||
+ IV count = SvIV(HeVAL(entry));
|
|
||||||
+ IV i;
|
|
||||||
+ SV **valp = hv_fetch(hv, name, nlen, 0);
|
|
||||||
+
|
|
||||||
+ assert(valp);
|
|
||||||
+
|
|
||||||
+ /* try to remove any duplicate names, depending on the
|
|
||||||
+ * implementation used in my_setenv() the iteration might
|
|
||||||
+ * not be necessary, but let's be safe.
|
|
||||||
+ */
|
|
||||||
+ for (i = 0; i < count; ++i)
|
|
||||||
+ my_setenv(name, 0);
|
|
||||||
+
|
|
||||||
+ /* and set it back to the value we set $ENV{name} to */
|
|
||||||
+ my_setenv(name, SvPV_nolen(*valp));
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ SvREFCNT_dec_NN(dups);
|
|
||||||
}
|
|
||||||
#endif /* USE_ENVIRON_ARRAY */
|
|
||||||
#endif /* !PERL_MICRO */
|
|
|
@ -1,26 +0,0 @@
|
||||||
Do not record the configuration and build time so that builds can be
|
|
||||||
reproduced bit-for-bit.
|
|
||||||
|
|
||||||
--- perl-5.22.0/Configure 1970-01-01 01:00:00.000000000 +0100
|
|
||||||
+++ perl-5.22.0/Configure 2015-12-13 00:14:43.148165080 +0100
|
|
||||||
@@ -3834,6 +3817,7 @@ esac
|
|
||||||
|
|
||||||
: who configured the system
|
|
||||||
cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1`
|
|
||||||
+cf_time='Thu Jan 1 00:00:01 UTC 1970'
|
|
||||||
case "$cf_by" in
|
|
||||||
"")
|
|
||||||
cf_by=`(logname) 2>/dev/null`
|
|
||||||
|
|
||||||
--- perl-5.22.0/perl.c 2015-12-13 00:25:30.269156627 +0100
|
|
||||||
+++ perl-5.22.0/perl.c 2015-12-13 00:25:38.265218175 +0100
|
|
||||||
@@ -1795,7 +1795,7 @@ S_Internals_V(pTHX_ CV *cv)
|
|
||||||
PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
|
|
||||||
sizeof(non_bincompat_options) - 1, SVs_TEMP));
|
|
||||||
|
|
||||||
-#ifdef __DATE__
|
|
||||||
+#if 0
|
|
||||||
# ifdef __TIME__
|
|
||||||
PUSHs(Perl_newSVpvn_flags(aTHX_
|
|
||||||
STR_WITH_LEN("Compiled at " __DATE__ " " __TIME__),
|
|
||||||
|
|
17
gnu/packages/patches/perl-reproducible-build-date.patch
Normal file
17
gnu/packages/patches/perl-reproducible-build-date.patch
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
Don't encode the current timestamp.
|
||||||
|
|
||||||
|
This affects the output of `perl -V`, specifically the message "Compiled
|
||||||
|
at [...]".
|
||||||
|
|
||||||
|
diff --git a/perl.c b/perl.c
|
||||||
|
index 228a0d8..ed38313 100644
|
||||||
|
--- a/perl.c
|
||||||
|
+++ b/perl.c
|
||||||
|
@@ -1825,6 +1825,7 @@ S_Internals_V(pTHX_ CV *cv)
|
||||||
|
PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
|
||||||
|
sizeof(non_bincompat_options) - 1, SVs_TEMP));
|
||||||
|
|
||||||
|
+#define PERL_BUILD_DATE "Jan 1 1970 00:00:00"
|
||||||
|
#ifndef PERL_BUILD_DATE
|
||||||
|
# ifdef __DATE__
|
||||||
|
# ifdef __TIME__
|
|
@ -1,19 +0,0 @@
|
||||||
Adapted from <https://bugs.debian.org/801621>.
|
|
||||||
Make Pod::Man honor the SOURCE_DATE_EPOCH environment variable.
|
|
||||||
|
|
||||||
--- perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:33:03.321787590 +0100
|
|
||||||
+++ perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:36:33.367361338 +0100
|
|
||||||
@@ -884,7 +884,12 @@ sub devise_date {
|
|
||||||
my ($self) = @_;
|
|
||||||
my $input = $self->source_filename;
|
|
||||||
my $time;
|
|
||||||
- if ($input) {
|
|
||||||
+
|
|
||||||
+ if (defined($ENV{SOURCE_DATE_EPOCH}) &&
|
|
||||||
+ $ENV{SOURCE_DATE_EPOCH} !~ /\D/) {
|
|
||||||
+ $time = $ENV{SOURCE_DATE_EPOCH};
|
|
||||||
+ }
|
|
||||||
+ elsif ($input) {
|
|
||||||
$time = (stat $input)[9] || time;
|
|
||||||
} else {
|
|
||||||
$time = time;
|
|
|
@ -44,22 +44,19 @@ (define-public perl
|
||||||
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
|
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
|
||||||
(package
|
(package
|
||||||
(name "perl")
|
(name "perl")
|
||||||
(version "5.22.1")
|
(version "5.24.0")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "http://www.cpan.org/src/5.0/perl-"
|
(uri (string-append "http://www.cpan.org/src/5.0/perl-"
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb"))
|
"00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy"))
|
||||||
(patches (search-patches
|
(patches (search-patches
|
||||||
"perl-no-sys-dirs.patch"
|
"perl-no-sys-dirs.patch"
|
||||||
"perl-autosplit-default-time.patch"
|
"perl-autosplit-default-time.patch"
|
||||||
"perl-source-date-epoch.patch"
|
|
||||||
"perl-deterministic-ordering.patch"
|
"perl-deterministic-ordering.patch"
|
||||||
"perl-no-build-time.patch"
|
"perl-reproducible-build-date.patch"))))
|
||||||
"perl-CVE-2015-8607.patch"
|
|
||||||
"perl-CVE-2016-2381.patch"))))
|
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(#:tests? #f
|
'(#:tests? #f
|
||||||
|
|
Loading…
Reference in a new issue