diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2018-07-19 00:21:02 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2018-07-21 02:12:33 +0200 |
| commit | f94a8654d686b7ec36fdb28b6f0e8b0f48b14447 (patch) | |
| tree | 954d48707cfd9fab9c2a8d8c6bd214cf7a4295ec /gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch | |
| parent | 1d3de9796778f5a11dc91c666ec2f19e8dd56969 (diff) | |
| download | guix-f94a8654d686b7ec36fdb28b6f0e8b0f48b14447.tar.gz | |
gnu: perl: Update to 5.28.0.
* gnu/packages/patches/perl-deterministic-ordering.patch: Adjust path. * gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch, gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/perl.scm (perl): Update to 5.28.0. [source](patches): Remove obsolete.
Diffstat (limited to 'gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch')
| -rw-r--r-- | gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch deleted file mode 100644 index 6460cf5855..0000000000 --- a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2018-12015: - -https://security-tracker.debian.org/tracker/CVE-2018-12015 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015 -https://rt.cpan.org/Ticket/Display.html?id=125523 - -Patch taken from this upstream commit and adapted to apply to -the bundled copy in the Perl distribution: - -https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5 - -diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm -index 6244369..a83975f 100644 ---- a/cpan/Archive-Tar/lib/Archive/Tar.pm -+++ b/cpan/Archive-Tar/lib/Archive/Tar.pm -@@ -845,6 +845,20 @@ sub _extract_file { - return; - } - -+ ### If a file system already contains a block device with the same name as -+ ### the being extracted regular file, we would write the file's content -+ ### to the block device. So remove the existing file (block device) now. -+ ### If an archive contains multiple same-named entries, the last one -+ ### should replace the previous ones. So remove the old file now. -+ ### If the old entry is a symlink to a file outside of the CWD, the new -+ ### entry would create a file there. This is CVE-2018-12015 -+ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>. -+ if (-l $full || -e _) { -+ if (!unlink $full) { -+ $self->_error( qq[Could not remove old file '$full': $!] ); -+ return; -+ } -+ } - if( length $entry->type && $entry->is_file ) { - my $fh = IO::File->new; - $fh->open( $full, '>' ) or ( |