By default, the "vendor" area is not used, so Perl's installation procedure forgot to create its top-level paths, too. In OpenPKG we use the "vendor" area, so make sure it is created the same way the "site" area is. Index: installperl --- installperl.orig 2006-01-28 16:35:28 +0100 +++ installperl 2006-02-01 20:00:56 +0100 @@ -189,6 +189,8 @@ my $installarchlib = "$destdir$Config{installarchlib}"; my $installsitelib = "$destdir$Config{installsitelib}"; my $installsitearch = "$destdir$Config{installsitearch}"; +my $installvendorlib = "$destdir$Config{installvendorlib}"; +my $installvendorarch = "$destdir$Config{installvendorarch}"; my $installman1dir = "$destdir$Config{installman1dir}"; my $man1ext = $Config{man1ext}; my $libperl = $Config{libperl}; @@ -381,6 +383,8 @@ mkpath($installarchlib, $verbose, 0777); mkpath($installsitelib, $verbose, 0777) if ($installsitelib); mkpath($installsitearch, $verbose, 0777) if ($installsitearch); +mkpath($installvendorlib, $verbose, 0777) if ($installvendorlib); +mkpath($installvendorarch, $verbose, 0777) if ($installvendorarch); if (chdir "lib") { $do_installarchlib = ! samepath($installarchlib, '.'); ----------------------------------------------------------------------------- By default, the Perl module search order is "use lib, -I, PERL[5]LIB, perl, site, vendor, other". This means that in OpenPKG both the modules installed via CPAN shell (in "site" area) and the "perl-xxx" packages (in "vendor" area) cannot override the (sometimes obsoleted) module versions distributed with Perl (in "perl" area). Hence, we change the search order to a more reasonable one for OpenPKG: "use lib, -I, PERL[5]LIB, site, vendor, perl, other". Index: perl.c --- perl.c.orig 2006-01-31 13:34:47 +0100 +++ perl.c 2006-02-01 20:00:56 +0100 @@ -4776,39 +4776,6 @@ incpush(APPLLIB_EXP, TRUE, TRUE, TRUE); #endif -#ifdef ARCHLIB_EXP - incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE); -#endif -#ifdef MACOS_TRADITIONAL - { - Stat_t tmpstatbuf; - SV * privdir = NEWSV(55, 0); - char * macperl = PerlEnv_getenv("MACPERL"); - - if (!macperl) - macperl = ""; - - Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl); - if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) - incpush(SvPVX(privdir), TRUE, FALSE, TRUE); - Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl); - if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) - incpush(SvPVX(privdir), TRUE, FALSE, TRUE); - - SvREFCNT_dec(privdir); - } - if (!PL_tainting) - incpush(":", FALSE, FALSE, TRUE); -#else -#ifndef PRIVLIB_EXP -# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl" -#endif -#if defined(WIN32) - incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE); -#else - incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE); -#endif - #ifdef SITEARCH_EXP /* sitearch is always relative to sitelib on Windows for * DLL-based path intuition to work correctly */ @@ -4850,6 +4817,39 @@ incpush(PERL_VENDORLIB_STEM, FALSE, TRUE, TRUE); #endif +#ifdef ARCHLIB_EXP + incpush(ARCHLIB_EXP, FALSE, FALSE, TRUE); +#endif +#ifdef MACOS_TRADITIONAL + { + Stat_t tmpstatbuf; + SV * privdir = NEWSV(55, 0); + char * macperl = PerlEnv_getenv("MACPERL"); + + if (!macperl) + macperl = ""; + + Perl_sv_setpvf(aTHX_ privdir, "%slib:", macperl); + if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) + incpush(SvPVX(privdir), TRUE, FALSE, TRUE); + Perl_sv_setpvf(aTHX_ privdir, "%ssite_perl:", macperl); + if (PerlLIO_stat(SvPVX(privdir), &tmpstatbuf) >= 0 && S_ISDIR(tmpstatbuf.st_mode)) + incpush(SvPVX(privdir), TRUE, FALSE, TRUE); + + SvREFCNT_dec(privdir); + } + if (!PL_tainting) + incpush(":", FALSE, FALSE, TRUE); +#else +#ifndef PRIVLIB_EXP +# define PRIVLIB_EXP "/usr/local/lib/perl5:/usr/local/lib/perl" +#endif +#if defined(WIN32) + incpush(PRIVLIB_EXP, TRUE, FALSE, TRUE); +#else + incpush(PRIVLIB_EXP, FALSE, FALSE, TRUE); +#endif + #ifdef PERL_OTHERLIBDIRS incpush(PERL_OTHERLIBDIRS, TRUE, TRUE, TRUE); #endif ----------------------------------------------------------------------------- Port to [Open]Darwin 6.6.2: 1. In OpenPKG, Perl does not use the vendor GCC and our GCC does not understand "-no-cpp-precomp", so remove this build option. 2. The indirectly includes system specific headers which in turn have fields named "environ" while Perl uses a define of "environ" internally. So wrap the inclusion. 3. Darwin 6 no longer accepts the non-standard "#import" statements, so replace with "#include" and circumvent some header problem related to the non-standard "__private_extern__" attribute. Index: hints/darwin.sh --- hints/darwin.sh.orig 2005-09-18 17:13:41 +0200 +++ hints/darwin.sh 2006-02-01 20:00:56 +0100 @@ -120,9 +120,6 @@ *-2147483648) ccflags="${ccflags} -DINT32_MIN_BROKEN -DINT64_MIN_BROKEN" ;; esac -# Avoid Apple's cpp precompiler, better for extensions -cppflags="${cppflags} -no-cpp-precomp" - # This is necessary because perl's build system doesn't # apply cppflags to cc compile lines as it should. ccflags="${ccflags} ${cppflags}" @@ -182,8 +179,7 @@ esac ldlibpthname='DYLD_LIBRARY_PATH'; -# useshrplib=true results in much slower startup times. -# 'false' is the default value. Use Configure -Duseshrplib to override. +useshrplib='true' cat > UU/archname.cbu <<'EOCBU' # This script UU/archname.cbu will get 'called-back' by Configure Index: perlio.c --- perlio.c.orig 2006-01-06 23:42:20 +0100 +++ perlio.c 2006-02-01 20:00:56 +0100 @@ -448,7 +448,14 @@ #include #endif #ifdef HAS_MMAP +#ifdef PERL_DARWIN +#define environ_safe environ +#undef environ #include +#define environ environ_safe +#else +#include +#endif #endif void Index: ext/DynaLoader/dl_dyld.xs --- ext/DynaLoader/dl_dyld.xs.orig 2005-04-18 19:04:24 +0200 +++ ext/DynaLoader/dl_dyld.xs 2006-02-01 20:00:56 +0100 @@ -45,7 +45,13 @@ #undef environ #undef bool +#ifdef PERL_DARWIN +#define __private_extern__ extern +#include +#undef __private_extern__ +#else #import +#endif static char *dlerror() { ----------------------------------------------------------------------------- Port to Tru64 5.1: Under Tru64 our gcc has to be built without binutils and the system ld(1) does not accept a "-O" option, so remove the whole passing of optimization flags to ld(1). Under a brain-dead platform like Tru64 we really don't need any more optimization because we are already happy if it works at all. Index: hints/dec_osf.sh --- hints/dec_osf.sh.orig 2006-01-08 10:53:29 +0100 +++ hints/dec_osf.sh 2006-02-01 20:00:56 +0100 @@ -279,15 +279,6 @@ *) if $test "X$optimize" = "X$undef"; then lddlflags="$lddlflags -msym" else - case "$myosvers" in - *4.0D*) - # QAR 56761: -O4 + .so may produce broken code, - # fixed in 4.0E or better. - ;; - *) - lddlflags="$lddlflags $optimize" - ;; - esac # -msym: If using a sufficiently recent /sbin/loader, # keep the module symbols with the modules. lddlflags="$lddlflags -msym $_lddlflags_strict_ansi" ----------------------------------------------------------------------------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976 Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. Index: lib/CGI/Cookie.pm --- lib/CGI/Cookie.pm.orig 2005-12-05 17:30:25 +0100 +++ lib/CGI/Cookie.pm 2006-02-01 20:00:56 +0100 @@ -407,7 +407,7 @@ You may also retrieve cookies that were stored in some external form using the parse() class method: - $COOKIES = `cat /usr/tmp/Cookie_stash`; + $COOKIES = `cat /var/run/www/Cookie_stash`; %cookies = parse CGI::Cookie($COOKIES); If you are in a mod_perl environment, you can save some overhead by Index: lib/Shell.pm --- lib/Shell.pm.orig 2004-06-01 11:42:17 +0200 +++ lib/Shell.pm 2006-02-01 20:00:56 +0100 @@ -127,7 +127,7 @@ use Shell qw(cat ps cp); $passwd = cat('new; ----------------------------------------------------------------------------- Index: Configure --- Configure.orig 2006-01-08 15:51:03 +0100 +++ Configure 2006-02-01 20:00:56 +0100 @@ -7663,7 +7663,7 @@ ;; linux|irix*|gnu*) dflt='-shared' ;; next) dflt='none' ;; - solaris) dflt='-G' ;; + solaris) dflt='-shared' ;; sunos) dflt='-assert nodefinitions' ;; svr4*|esix*|nonstopux) dflt="-G $ldflags" ;; *) dflt='none' ;; ----------------------------------------------------------------------------- Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl) Index: sv.c --- sv.c.orig 2006-01-16 13:22:21 +0100 +++ sv.c 2006-02-01 20:00:56 +0100 @@ -8650,7 +8650,10 @@ if (EXPECT_NUMBER(q, width)) { if (*q == '$') { ++q; - efix = width; + if (width > PERL_INT_MAX) + efix = PERL_INT_MAX; + else + efix = width; } else { goto gotwidth; } ----------------------------------------------------------------------------- - Fix syntax error (unterminated quoted string) - Support GCC 4.2 Index: makedepend.SH --- makedepend.SH.orig 2003-06-05 20:11:10 +0200 +++ makedepend.SH 2007-05-20 09:32:10 +0200 @@ -128,7 +128,7 @@ *.y) filebase=`basename $file .y` ;; esac case "$file" in - */*) finc="-I`echo $file | sed 's#/[^/]*$##`" ;; + */*) finc="-I`echo $file | sed 's#/[^/]*$##'`" ;; *) finc= ;; esac $echo "Finding dependencies for $filebase$_o." @@ -167,6 +167,7 @@ -e '/^#.*/d' \ -e '/^#.*/d' \ -e '/^#.*/d' \ + -e '/^#.*/d' \ -e '/^#.*"-"/d' \ -e '/: file path prefix .* never used$/d' \ -e 's#\.[0-9][0-9]*\.c#'"$file.c#" \ ----------------------------------------------------------------------------- Support FreeBSD >= 7.0 where objformat(8) is gone Index: hints/freebsd.sh --- hints/freebsd.sh.orig Wed Mar 24 22:47:33 2004 +++ hints/freebsd.sh Mon Feb 19 20:53:50 2007 @@ -116,17 +122,17 @@ case "$osvers" in *) objformat=`/usr/bin/objformat` - if [ x$objformat = xelf ]; then - libpth="/usr/lib /usr/local/lib" - glibpth="/usr/lib /usr/local/lib" - ldflags="-Wl,-E " - lddlflags="-shared " - else + if [ x$objformat = xaout ]; then if [ -e /usr/lib/aout ]; then libpth="/usr/lib/aout /usr/local/lib /usr/lib" glibpth="/usr/lib/aout /usr/local/lib /usr/lib" fi lddlflags='-Bshareable' + else + libpth="/usr/lib /usr/local/lib" + glibpth="/usr/lib /usr/local/lib" + ldflags="-Wl,-E " + lddlflags="-shared " fi cccdlflags='-DPIC -fPIC' ;; ----------------------------------------------------------------------------- Fix issue when is missing from the Linux headers. See https://bugs.gentoo.org/show_bug.cgi?id=168312 for details. Index: ext/IPC/SysV/SysV.xs --- ext/IPC/SysV/SysV.xs.orig 2001-06-30 14:46:07.000000000 -0400 +++ ext/IPC/SysV/SysV.xs 2006-06-02 17:37:22.000000000 -0400 @@ -3,9 +3,6 @@ #include "XSUB.h" #include -#ifdef __linux__ -# include -#endif #if defined(HAS_MSG) || defined(HAS_SEM) || defined(HAS_SHM) #ifndef HAS_SEM # include ----------------------------------------------------------------------------- Security Fix (CVE-2007-5116) Fix a possible buffer overflow with ASCII regexes that really are Unicode regexes. Index: regcomp.c --- regcomp.c.orig 2006-01-08 21:59:27.000000000 +0100 +++ regcomp.c 2007-11-06 22:48:26.000000000 +0100 @@ -135,7 +135,10 @@ typedef struct RExC_state_t { I32 extralen; I32 seen_zerolen; I32 seen_evals; - I32 utf8; + I32 utf8; /* whether the pattern is utf8 or not */ + I32 orig_utf8; /* whether the pattern was originally in utf8 */ + /* XXX use this for future optimisation of case + * where pattern must be upgraded to utf8. */ #if ADD_TO_REGEXEC char *starttry; /* -Dr: where regtry was called. */ #define RExC_starttry (pRExC_state->starttry) @@ -161,6 +164,7 @@ typedef struct RExC_state_t { #define RExC_seen_zerolen (pRExC_state->seen_zerolen) #define RExC_seen_evals (pRExC_state->seen_evals) #define RExC_utf8 (pRExC_state->utf8) +#define RExC_orig_utf8 (pRExC_state->orig_utf8) #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?') #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \ @@ -1749,15 +1753,16 @@ Perl_pregcomp(pTHX_ char *exp, char *xen if (exp == NULL) FAIL("NULL regexp argument"); - RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; + RExC_utf8 = RExC_orig_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; - RExC_precomp = exp; DEBUG_r({ if (!PL_colorset) reginitcolors(); PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n", PL_colors[4],PL_colors[5],PL_colors[0], - (int)(xend - exp), RExC_precomp, PL_colors[1]); + (int)(xend - exp), exp, PL_colors[1]); }); +redo_first_pass: + RExC_precomp = exp; RExC_flags = pm->op_pmflags; RExC_sawback = 0; @@ -1783,6 +1788,25 @@ Perl_pregcomp(pTHX_ char *exp, char *xen RExC_precomp = Nullch; return(NULL); } + if (RExC_utf8 && !RExC_orig_utf8) { + /* It's possible to write a regexp in ascii that represents unicode + codepoints outside of the byte range, such as via \x{100}. If we + detect such a sequence we have to convert the entire pattern to utf8 + and then recompile, as our sizing calculation will have been based + on 1 byte == 1 character, but we will need to use utf8 to encode + at least some part of the pattern, and therefore must convert the whole + thing. + XXX: somehow figure out how to make this less expensive... + -- dmq */ + STRLEN len = xend-exp; + DEBUG_r(PerlIO_printf(Perl_debug_log, + "UTF8 mismatch! Converting to utf8 for resizing and compile\n")); + exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len); + xend = exp + len; + RExC_orig_utf8 = RExC_utf8; + SAVEFREEPV(exp); + goto redo_first_pass; + } DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size)); /* Small enough for pointer-storage convention? Index: t/op/pat.t --- t/op/pat.t.orig 2006-01-07 13:53:32.000000000 +0100 +++ t/op/pat.t 2007-11-06 21:52:30.000000000 +0100 @@ -6,7 +6,7 @@ $| = 1; -print "1..1187\n"; +print "1..1189\n"; BEGIN { chdir 't' if -d 't'; @@ -3395,5 +3395,14 @@ ok(("foba ba$s" =~ qr/(foo|BaSS|bar)/i) "# assigning to original string should not corrupt match vars"); } -# last test 1187 +{ + use warnings; + my @w; + local $SIG{__WARN__}=sub{push @w,"@_"}; + my $c=qq(\x{DF}); + ok($c=~/${c}|\x{100}/, "ASCII pattern that really is utf8"); + ok(@w==0, "ASCII pattern that really is utf8"); +} + +# last test 1189