summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2024-04-30 05:49:23 +0100
committerSam James <sam@gentoo.org>2024-04-30 05:51:19 +0100
commit94ef94a19bf6264278a7e0d08014a0cf2ce6184b (patch)
tree3ab4e51c3fb013ef2e93216556b31eb3b423d8dd /perl-core
parentdev-python/numexpr: Add keywords to 2.10.0 (diff)
downloadgentoo-94ef94a19bf6264278a7e0d08014a0cf2ce6184b.tar.gz
gentoo-94ef94a19bf6264278a7e0d08014a0cf2ce6184b.tar.bz2
gentoo-94ef94a19bf6264278a7e0d08014a0cf2ce6184b.zip
perl-core/File-Temp: fix _PC_CHOWN_RESTRICTED
The wrong function was being used (POSIX::sysconf) to determine the value of _PC_CHOWN_RESTRICTED, neutering the security feature. Migrate to POSIX::pathconf, as is now recommended by the Perl documentation (https://github.com/Perl/perl5/pull/22161). This patch hasn't yet been merged upstream into File-Temp, but the documentation change rectifying the error in Perl itself has been merged, so I'm confident it's the right thing to do. Closes: https://bugs.gentoo.org/930949 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'perl-core')
-rw-r--r--perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild21
-rw-r--r--perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch68
2 files changed, 89 insertions, 0 deletions
diff --git a/perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild b/perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild
new file mode 100644
index 000000000000..627209aa0edb
--- /dev/null
+++ b/perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DIST_AUTHOR=ETHER
+DIST_VERSION=0.2311
+inherit perl-module
+
+DESCRIPTION="File::Temp can be used to create and open temporary files in a safe way"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE=""
+
+PATCHES=(
+ # bug #390719
+ "${FILESDIR}/${PN}-0.230.0-symlink-safety.patch"
+ # bug #930949
+ "${FILESDIR}/${PN}-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch"
+)
diff --git a/perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch b/perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch
new file mode 100644
index 000000000000..f8e56f8ae1c5
--- /dev/null
+++ b/perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch
@@ -0,0 +1,68 @@
+https://bugs.gentoo.org/930949
+https://github.com/Perl-Toolchain-Gang/File-Temp/issues/36
+https://github.com/Perl-Toolchain-Gang/File-Temp/pull/41
+https://github.com/Perl/perl5/pull/22156
+https://github.com/Perl/perl5/pull/22161
+
+From 2de518ab67bf3c5be2525ea0a5d78f39de50074f Mon Sep 17 00:00:00 2001
+From: Lukas Mai <lukasmai.403@gmail.com>
+Date: Thu, 18 Apr 2024 20:12:06 +0200
+Subject: [PATCH] use pathconf() to get _PC_CHOWN_RESTRICTED flag
+
+The _PC_* constants are only meaningful in pathconf(); conversely,
+sysconf() only understands _SC_* constants.
+
+Previously, this code didn't do anything meaningful. For example, on x64
+Linux _PC_CHOWN_RESTRICTED is 6, which sysconf() would have interpreted
+as _SC_TZNAME_MAX (also 6).
+---
+ lib/File/Temp.pm | 16 +++++++---------
+ 2 files changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/lib/File/Temp.pm b/lib/File/Temp.pm
+index ef34f6c..563efeb 100644
+--- a/lib/File/Temp.pm
++++ b/lib/File/Temp.pm
+@@ -718,7 +718,7 @@ sub _is_safe {
+
+ # Internal routine to check whether a directory is safe
+ # for temp files. Safer than _is_safe since it checks for
+-# the possibility of chown giveaway and if that is a possibility
++# the possibility of chown giveaway and if that is a possibility,
+ # checks each directory in the path to see if it is safe (with _is_safe)
+
+ # If _PC_CHOWN_RESTRICTED is not set, does the full test of each
+@@ -737,18 +737,16 @@ sub _is_verysafe {
+
+ my $err_ref = shift;
+
+- # Should Get the value of _PC_CHOWN_RESTRICTED if it is defined
+- # and If it is not there do the extensive test
++ # Should get the value of _PC_CHOWN_RESTRICTED if it is defined
++ # and if it is not there, do the extensive test
+ local($@);
+- my $chown_restricted;
+- $chown_restricted = &POSIX::_PC_CHOWN_RESTRICTED()
+- if eval { &POSIX::_PC_CHOWN_RESTRICTED(); 1};
++ my $chown_restricted = eval { POSIX::_PC_CHOWN_RESTRICTED() };
+
+- # If chown_resticted is set to some value we should test it
++ # If chown_restricted is set to some value, we should test it
+ if (defined $chown_restricted) {
+
+ # Return if the current directory is safe
+- return _is_safe($path,$err_ref) if POSIX::sysconf( $chown_restricted );
++ return _is_safe($path, $err_ref) if POSIX::pathconf( $path, $chown_restricted );
+
+ }
+
+@@ -2367,7 +2365,7 @@ for sticky bit.
+
+ In addition to the MEDIUM security checks, also check for the
+ possibility of ``chown() giveaway'' using the L<POSIX|POSIX>
+-sysconf() function. If this is a possibility, each directory in the
++pathconf() function. If this is a possibility, each directory in the
+ path is checked in turn for safeness, recursively walking back to the
+ root directory.
+
+