summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVladimir Smirnov <civil@gentoo.org>2014-03-11 18:40:39 +0000
committerVladimir Smirnov <civil@gentoo.org>2014-03-11 18:40:39 +0000
commit5070526532261a0c5badf8d6e2571c72626f81e3 (patch)
tree42c2f519512e0cf53568ae1506123e2905254d0b
parentRemove unnecessary --with-clang-resource-dir that broke the build whenever th... (diff)
downloadhistorical-5070526532261a0c5badf8d6e2571c72626f81e3.tar.gz
historical-5070526532261a0c5badf8d6e2571c72626f81e3.tar.bz2
historical-5070526532261a0c5badf8d6e2571c72626f81e3.zip
Version bump.
With fix for #504178 Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64 Manifest-Sign-Key: 0xA832680F
-rw-r--r--dev-perl/perltidy/ChangeLog11
-rw-r--r--dev-perl/perltidy/Manifest29
-rw-r--r--dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch80
-rw-r--r--dev-perl/perltidy/perltidy-20130922.0.0.ebuild30
4 files changed, 132 insertions, 18 deletions
diff --git a/dev-perl/perltidy/ChangeLog b/dev-perl/perltidy/ChangeLog
index 9e0c16844bcc..e5f0b1548f32 100644
--- a/dev-perl/perltidy/ChangeLog
+++ b/dev-perl/perltidy/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for dev-perl/perltidy
-# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-perl/perltidy/ChangeLog,v 1.68 2013/03/26 10:12:58 ago Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-perl/perltidy/ChangeLog,v 1.69 2014/03/11 18:40:27 civil Exp $
+
+*perltidy-20130922.0.0 (11 Mar 2014)
+
+ 11 Mar 2014; Vladimir Smirnov <civil@gentoo.org>
+ +files/perltidy-20130922.0.0-CVE-2014-2277.patch,
+ +perltidy-20130922.0.0.ebuild:
+ Version bump. With fix for #504178
26 Mar 2013; Agostino Sarubbo <ago@gentoo.org> perltidy-20121207.0.0.ebuild:
Stable for ppc, wrt bug #456596
diff --git a/dev-perl/perltidy/Manifest b/dev-perl/perltidy/Manifest
index d1c6bceb943c..cc46f5db57a6 100644
--- a/dev-perl/perltidy/Manifest
+++ b/dev-perl/perltidy/Manifest
@@ -1,26 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
+Hash: SHA256
+AUX perltidy-20130922.0.0-CVE-2014-2277.patch 2860 SHA256 f23db9075ed3cd947536652d485433e4577fa4a61a3003279366bbec2507e414 SHA512 2e217bf33e3436f30991f1fea29dd3c05a45436b6b8c27737717887c8680153f9efe0796cc26a3c3294be96e3e6ca2177c95088a38048bfa6c25925f0058fe53 WHIRLPOOL 090cbf63461b80c13d50750d0d96def256f5423d18607f30aa90dc8b1c14cc216187e14781052b98a5bd1ba7586de5681e65152adc9b4f6a632e207410a4fc7f
DIST Perl-Tidy-20120714.tar.gz 404151 SHA256 3d79dc61e7f52176d01aa7e459a0c04e1d5eb893dae9d4aa714d4d9c2238ba1d SHA512 65062016fa56a676f77addbf2dd8d67df597515c2f35c680fa08c4784943472f504554e6e2ba17a7f6cb67ced23f35003a023cd0a44ed9857d4dc75d4ff52b03 WHIRLPOOL 4145441b521e20fd18d729b7d66e3e52cefb4471532c6da2c0815165a19ee3c066b16d1d4f80dc1f0265bfbdb7304b36f279d96ddaab47cbe0e3ed8aca16bf50
DIST Perl-Tidy-20121207.tar.gz 420435 SHA256 78e81d595647bd80e6bbd48ffefcc0f61418fec7b9208c4caedb317b7c8475dd SHA512 b3b96dbafaf5657a94813a090318c13b51d46c094a842ea1a2e0cc0fcea42950fef281049bb267dbbbe277084729f0da95e20d8598f790ffccb3bc72fba1999a WHIRLPOOL 4e6112318d8335933005d43e725b124ad2322f3c0fa74f059d63b6fb8ee3f852eda925d1a223186e6895db5dc54f4b51ca1bdbb9d2079c5baa2756b8f687f5cc
+DIST Perl-Tidy-20130922.tar.gz 422005 SHA256 e58cd6f00067dc814d2cecab209087d3b282648371b5a2ebd6f48484c030b762 SHA512 8c8d0cc388f0f74fdbd86238cf0b50c84619102a0dd6ffb0176b05877c7bef616d7f11104294246b7275e526dde29d1f0bb146a36b7234222fb462097976409b WHIRLPOOL 11338dafe884b67884ef73495379ecb1ffbba636de93b224716c353439cf1f1e78ed03baace9bf46daf898025e807706bb4bcc7efb99a7052b0926642c1eae67
EBUILD perltidy-20120714.0.0.ebuild 650 SHA256 b5a139177ca0943447ff97c110242355b6793cb29db6d0bb8056a48c3fc46ebd SHA512 8a8ebd11103490272d0163dda00ff27a5944423b09e5588eef6e76c34096f803e302faccdc0d514f69fd2f330f7dfaf4d809492d76f7895d0f71923aa2b2a4dd WHIRLPOOL 2c994832d14e81ab9d976aa416b4f498b0f060eeb05d51ad3d034af18d23a841fe816e1875be6bc070a8b38dad2946f10829c577c761bd18e4faaba795daf97c
EBUILD perltidy-20121207.0.0.ebuild 646 SHA256 e34b37cdd0f07951f83f777a15afe1aef286181228c7d1ea64d6a86f27096edc SHA512 3f71ff2b8f8dd4bc377a815a1dadb509f7e67b55e2e90e636b14e52eaf3a4b5586dd2fa9f5d60b3ecd6e7db3c29b7611d4989556de200f45bbdaf1c05caa1c98 WHIRLPOOL 51befb4c53e798c0afaca2b54e27ac8a58b2683f6d5b32b30791d788f45cdb35166181bd130fcccb7122070f25095aed02e84086bfeb1634ecd72b0eefc17c94
-MISC ChangeLog 7806 SHA256 623009ad803b060b00f88f81c8bda90c98103d4bd0c11a28be17dd774968fb3b SHA512 c845b3d3e7a78195ccd7365b91569bf2c40ffc8d2883ddcb667685a2f892ecff213fecb0e63cfaf184e6b671dd6087c9ce5e2ece01034e23e8952b0d6f070217 WHIRLPOOL 448349a4fbd08fd1310177d2c0ad351f227816107a3dfd8fba4f5d114096902b236effab11d3db913c57c361dc8d4516ff199f38280e11c5bf5f31e32df168f5
+EBUILD perltidy-20130922.0.0.ebuild 717 SHA256 c9bd7a64dde31780acb7b249755a0944744f70631a5fc7e8e2c4352ee3d19314 SHA512 0ba2ea4958d5713e917a10ca820269651082f0a4ec68225d128011635783c44138017ed18443bb673547b3fcaecceded62e146a67c3cb16e000d10a7a196b0ae WHIRLPOOL 9135fbb15347e5165ce6c4b3fa0cc94473e7de23dd2674b06a5889a36d1c4b0dcf091ab3e1c97ff6b94a90aaa019de9280927cfc2894cc3b7e53be1efcbbfb0e
+MISC ChangeLog 8020 SHA256 121d0b73ebdb37aec13f9cddc74e0fe111af377bc3ee2479a32bafb576a66053 SHA512 d17aa05e241b77e95df9bd0eb77042af5c4a1417cce3a94d5cd9598dca0a81104a15731f8b5b0ab8ea0bda2adc42736832ad6744e7b19b0823f60d4e46b8411a WHIRLPOOL 2b470040841cfeef5c5a14d8dabe4ff1f3f208efbcde95c75925b2044aa9901545b9fb25e12e97b73e446a827c34617644ff70b9ce5d3371eebd9b5f666f894b
MISC metadata.xml 1491 SHA256 576c8c55eddf732b437797d4a78a7423c4b2df16ad31b19918fdeffad40422d7 SHA512 5d4ed6775483d489805fd2ccabbc135ccba3155350bf498077c34cd30b028ce797e01265c0c8863d7b270cfabfdf3ab44311b4b49fc3ed6440c000f0dffe0db2 WHIRLPOOL 0433a2b08ae1c2c04b1d9b840aaec662226e04f0d9df7cf37505c76b445944c8e4d4cd3b81b1e686a2d367880cc682259379f5a6c8e925bbffd8e68654c9e3e4
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
+Version: GnuPG v2.0.22 (GNU/Linux)
-iQIcBAEBCgAGBQJRUXQYAAoJELp701BxlEWfM3gP/j+ehzBmsxkth6udGiaTr2pz
-7cM9siC39lHLbFewMxvZ8RCNgFlBt1LLoG1W35dsq4kKsgQJ0jyrWlLJZ637ukVO
-X6Kk/OPS9Yov+W88Ey5ctEZBBPjqj3NoWTlhthey7n44wcPwyKOnatf87PXX0zrB
-mtcdC+wV0cMSB26hp+z7JGq1Q+FAeZ9BEeKupj8BZ2C3v4ud33MopF/Sox0HCkPo
-QEhxNcPJMmR6KIs/ejiJjJey40KPYuSkqOEm3bbsLXJoN1ifMZyOxucYNAA2JGqP
-l8x73rP7KHCpZnUfdZ6GzyrJpwFRyu6yEDQgK8GLXcA/MxqXB2tkJVONhD4wdUTT
-XJ3Y1S9RmsexeiTboGESDpMCDWMW7Mqb6gfIrcWQkVAQb0M1PhdcieWFucxHVj36
-q84rFeqkD74unBJOOMxD/8E2zWMmD70SEgFU0PeOMt792uhQBan2uhklXlXc4EoE
-dxRFjjIrSX5+kKB6KBqrF69hgxMtEtOjnOKDDzzymg8EeB6umsJMaVKpkEnttbkz
-X0O3f3UvZyTDvo42DPj7C8+jsbVaQO5oZg4zKA9d26ci4WTU3muhoK6jurAM0Wct
-Sn8uiVvUox9RIL2vP5eVkBsydiDxYBA6enqR0fkfw6xpcDiaRcU5m21U+k5CIukt
-uKTKPn/0EXlhrLwLKzqD
-=Ss4z
+iQEcBAEBCAAGBQJTH1i2AAoJEIMvOqnEeZDCYOcH/2bFzA6vhCBILGxzxN0qhyk/
+y7i4EO3h9U5duMRnMjHWStRv5GtZyOas0G3REUhMn1SizX1xPPEQW01KdmxYt7QU
+LKGkt5ndxk5w/7RyM/NKQ1K3unCeN1dinvRldgwWxnEsebI0XJDx4pRBxltPPdJX
+v9GYirDHgEO/4ErV0+nL/7CcoVAgEiy8C8Z2/afAFCMhIuzY629plG8cDy6gbFY7
+kcXcqK208bolvF0BtHJ1gSlFpp6Txt1dMNkqgnwTVDtApjH3hA4+0K0ITK9h2aB1
+wu06Vi6Vjo6pTEjA52uoUjXNdkjKU/1IdabDvud1hZtv4qxHIDLR62uqvVYOevM=
+=mfy1
-----END PGP SIGNATURE-----
diff --git a/dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch b/dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch
new file mode 100644
index 000000000000..f52e3f6b7f1f
--- /dev/null
+++ b/dev-perl/perltidy/files/perltidy-20130922.0.0-CVE-2014-2277.patch
@@ -0,0 +1,80 @@
+Description: Replace insecure make_temporary_filename with File::Temp::tempfile
+Forwarded: http://lists.example.com/2010/03/1234.html
+Origin: vendor, http://bugs.debian.org/740670
+Author: Don Armstrong <don@debian.org>
+Last-Update: 2010-03-29
+--- a/lib/Perl/Tidy.pm
++++ b/lib/Perl/Tidy.pm
+@@ -76,6 +76,7 @@
+ use IO::File;
+ use File::Basename;
+ use File::Copy;
++use File::Temp qw(tempfile);
+
+ BEGIN {
+ ( $VERSION = q($Id: perltidy-20130922.0.0-CVE-2014-2277.patch,v 1.1 2014/03/11 18:40:27 civil Exp $) ) =~ s/^.*\s+(\d+)\/(\d+)\/(\d+).*$/$1$2$3/; # all one line for MakeMaker
+@@ -235,35 +236,6 @@
+ return undef;
+ }
+
+-sub make_temporary_filename {
+-
+- # Make a temporary filename.
+- # The POSIX tmpnam() function has been unreliable for non-unix systems
+- # (at least for the win32 systems that I've tested), so use a pre-defined
+- # name for them. A disadvantage of this is that two perltidy
+- # runs in the same working directory may conflict. However, the chance of
+- # that is small and manageable by the user, especially on systems for which
+- # the POSIX tmpnam function doesn't work.
+- my $name = "perltidy.TMP";
+- if ( $^O =~ /win32|dos/i || $^O eq 'VMS' || $^O eq 'MacOs' ) {
+- return $name;
+- }
+- eval "use POSIX qw(tmpnam)";
+- if ($@) { return $name }
+- use IO::File;
+-
+- # just make a couple of tries before giving up and using the default
+- for ( 0 .. 3 ) {
+- my $tmpname = tmpnam();
+- my $fh = IO::File->new( $tmpname, O_RDWR | O_CREAT | O_EXCL );
+- if ($fh) {
+- $fh->close();
+- return ($tmpname);
+- last;
+- }
+- }
+- return ($name);
+-}
+
+ # Here is a map of the flow of data from the input source to the output
+ # line sink:
+@@ -1324,11 +1296,7 @@
+ my ( $fh_stream, $fh_name ) =
+ Perl::Tidy::streamhandle( $stream, 'r' );
+ if ($fh_stream) {
+- my ( $fout, $tmpnam );
+-
+- # TODO: fix the tmpnam routine to return an open filehandle
+- $tmpnam = Perl::Tidy::make_temporary_filename();
+- $fout = IO::File->new( $tmpnam, 'w' );
++ my ( $fout, $tmpnam ) = tempfile();
+
+ if ($fout) {
+ $fname = $tmpnam;
+@@ -5159,14 +5127,7 @@
+ # Pod::Html requires a real temporary filename
+ # If we are making a frame, we have a name available
+ # Otherwise, we have to fine one
+- my $tmpfile;
+- if ( $rOpts->{'frames'} ) {
+- $tmpfile = $self->{_toc_filename};
+- }
+- else {
+- $tmpfile = Perl::Tidy::make_temporary_filename();
+- }
+- my $fh_tmp = IO::File->new( $tmpfile, 'w' );
++ my ($fh_tmp,$tmpfile) = tempfile();
+ unless ($fh_tmp) {
+ Perl::Tidy::Warn
+ "unable to open temporary file $tmpfile; cannot use pod2html\n";
diff --git a/dev-perl/perltidy/perltidy-20130922.0.0.ebuild b/dev-perl/perltidy/perltidy-20130922.0.0.ebuild
new file mode 100644
index 000000000000..b5c753d44334
--- /dev/null
+++ b/dev-perl/perltidy/perltidy-20130922.0.0.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-perl/perltidy/perltidy-20130922.0.0.ebuild,v 1.1 2014/03/11 18:40:27 civil Exp $
+
+EAPI=4
+
+MY_PN=Perl-Tidy
+MODULE_AUTHOR=SHANCOCK
+MODULE_VERSION=20130922
+inherit perl-module
+
+DESCRIPTION="Perl script indenter and beautifier"
+HOMEPAGE="http://perltidy.sourceforge.net/ ${HOMEPAGE}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris"
+IUSE=""
+
+SRC_TEST="do"
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-CVE-2014-2277.patch"
+}
+
+src_install() {
+ perl-module_src_install
+ docinto examples
+ dodoc "${S}"/examples/*
+}