diff options
author | Sam James <sam@gentoo.org> | 2024-04-30 05:49:23 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-04-30 05:51:19 +0100 |
commit | 94ef94a19bf6264278a7e0d08014a0cf2ce6184b (patch) | |
tree | 3ab4e51c3fb013ef2e93216556b31eb3b423d8dd /perl-core/File-Temp | |
parent | dev-python/numexpr: Add keywords to 2.10.0 (diff) | |
download | gentoo-94ef94a19bf6264278a7e0d08014a0cf2ce6184b.tar.gz gentoo-94ef94a19bf6264278a7e0d08014a0cf2ce6184b.tar.bz2 gentoo-94ef94a19bf6264278a7e0d08014a0cf2ce6184b.zip |
perl-core/File-Temp: fix _PC_CHOWN_RESTRICTED
The wrong function was being used (POSIX::sysconf) to determine the value
of _PC_CHOWN_RESTRICTED, neutering the security feature.
Migrate to POSIX::pathconf, as is now recommended by the Perl documentation
(https://github.com/Perl/perl5/pull/22161).
This patch hasn't yet been merged upstream into File-Temp, but the documentation
change rectifying the error in Perl itself has been merged, so I'm confident
it's the right thing to do.
Closes: https://bugs.gentoo.org/930949
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'perl-core/File-Temp')
-rw-r--r-- | perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild | 21 | ||||
-rw-r--r-- | perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch | 68 |
2 files changed, 89 insertions, 0 deletions
diff --git a/perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild b/perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild new file mode 100644 index 000000000000..627209aa0edb --- /dev/null +++ b/perl-core/File-Temp/File-Temp-0.231.100-r1.ebuild @@ -0,0 +1,21 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DIST_AUTHOR=ETHER +DIST_VERSION=0.2311 +inherit perl-module + +DESCRIPTION="File::Temp can be used to create and open temporary files in a safe way" + +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="" + +PATCHES=( + # bug #390719 + "${FILESDIR}/${PN}-0.230.0-symlink-safety.patch" + # bug #930949 + "${FILESDIR}/${PN}-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch" +) diff --git a/perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch b/perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch new file mode 100644 index 000000000000..f8e56f8ae1c5 --- /dev/null +++ b/perl-core/File-Temp/files/File-Temp-0.231.100-pathconf-_PC_CHOWN_RESTRICTED.patch @@ -0,0 +1,68 @@ +https://bugs.gentoo.org/930949 +https://github.com/Perl-Toolchain-Gang/File-Temp/issues/36 +https://github.com/Perl-Toolchain-Gang/File-Temp/pull/41 +https://github.com/Perl/perl5/pull/22156 +https://github.com/Perl/perl5/pull/22161 + +From 2de518ab67bf3c5be2525ea0a5d78f39de50074f Mon Sep 17 00:00:00 2001 +From: Lukas Mai <lukasmai.403@gmail.com> +Date: Thu, 18 Apr 2024 20:12:06 +0200 +Subject: [PATCH] use pathconf() to get _PC_CHOWN_RESTRICTED flag + +The _PC_* constants are only meaningful in pathconf(); conversely, +sysconf() only understands _SC_* constants. + +Previously, this code didn't do anything meaningful. For example, on x64 +Linux _PC_CHOWN_RESTRICTED is 6, which sysconf() would have interpreted +as _SC_TZNAME_MAX (also 6). +--- + lib/File/Temp.pm | 16 +++++++--------- + 2 files changed, 8 insertions(+), 10 deletions(-) + +diff --git a/lib/File/Temp.pm b/lib/File/Temp.pm +index ef34f6c..563efeb 100644 +--- a/lib/File/Temp.pm ++++ b/lib/File/Temp.pm +@@ -718,7 +718,7 @@ sub _is_safe { + + # Internal routine to check whether a directory is safe + # for temp files. Safer than _is_safe since it checks for +-# the possibility of chown giveaway and if that is a possibility ++# the possibility of chown giveaway and if that is a possibility, + # checks each directory in the path to see if it is safe (with _is_safe) + + # If _PC_CHOWN_RESTRICTED is not set, does the full test of each +@@ -737,18 +737,16 @@ sub _is_verysafe { + + my $err_ref = shift; + +- # Should Get the value of _PC_CHOWN_RESTRICTED if it is defined +- # and If it is not there do the extensive test ++ # Should get the value of _PC_CHOWN_RESTRICTED if it is defined ++ # and if it is not there, do the extensive test + local($@); +- my $chown_restricted; +- $chown_restricted = &POSIX::_PC_CHOWN_RESTRICTED() +- if eval { &POSIX::_PC_CHOWN_RESTRICTED(); 1}; ++ my $chown_restricted = eval { POSIX::_PC_CHOWN_RESTRICTED() }; + +- # If chown_resticted is set to some value we should test it ++ # If chown_restricted is set to some value, we should test it + if (defined $chown_restricted) { + + # Return if the current directory is safe +- return _is_safe($path,$err_ref) if POSIX::sysconf( $chown_restricted ); ++ return _is_safe($path, $err_ref) if POSIX::pathconf( $path, $chown_restricted ); + + } + +@@ -2367,7 +2365,7 @@ for sticky bit. + + In addition to the MEDIUM security checks, also check for the + possibility of ``chown() giveaway'' using the L<POSIX|POSIX> +-sysconf() function. If this is a possibility, each directory in the ++pathconf() function. If this is a possibility, each directory in the + path is checked in turn for safeness, recursively walking back to the + root directory. + + |