summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/perl/APKBUILD22
-rw-r--r--system/perl/CVE-2021-36770.patch29
-rw-r--r--system/perl/musl-locale.patch37
3 files changed, 75 insertions, 13 deletions
diff --git a/system/perl/APKBUILD b/system/perl/APKBUILD
index 40277eb72..88d72cf5a 100644
--- a/system/perl/APKBUILD
+++ b/system/perl/APKBUILD
@@ -2,22 +2,20 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Contributor: Sheila Aman <sheila@vulpine.house>
# Maintainer: Adélie Perl Team <adelie-perl@lists.adelielinux.org>
-# Proxy-For: solar
pkgname=perl
-pkgver=5.26.3
-pkgrel=2
+pkgver=5.34.0
+pkgrel=0
pkgdesc="Larry Wall's Practical Extraction and Report Language"
url="https://www.perl.org/"
arch="all"
-# remove !check when tests pass.
-options="!check !fhs"
+options="!fhs"
license="Artistic-1.0-Perl GPL-2.0"
depends=""
makedepends="bzip2-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-dev"
-# XXX - Remove Getopt::Long when upgrading to 5.32+
source="https://www.cpan.org/src/5.0/perl-$pkgver.tar.gz
- https://cpan.metacpan.org/authors/id/J/JV/JV/Getopt-Long-2.51.tar.gz
+ musl-locale.patch
+ CVE-2021-36770.patch
"
# secfixes:
@@ -47,9 +45,6 @@ prepare() {
rm -rf cpan/Compress-Raw-Zlib/zlib-src
rm -rf cpan/Compress-Raw-Bzip2/bzip2-src
sed -i '/\(bzip2\|zlib\)-src/d' MANIFEST
-
- rm -rf cpan/Getopt-Long && mv "$srcdir"/Getopt-Long-2.51 cpan/Getopt-Long
- rm cpan/Getopt-Long/Makefile.PL
}
build() {
@@ -91,7 +86,7 @@ build() {
}
check() {
- make test
+ TEST_JOBS=$JOBS make test_harness
}
package() {
@@ -116,5 +111,6 @@ dev() {
default_dev
}
-sha512sums="03914ed51163c998a6afa45610a13cf50124a2c68d291c344b0d52fa15c27fc5d5d4f5dc117516078a03dfd51250097b87c8d5e2b17c7858a4c8c536aecd05af perl-5.26.3.tar.gz
-e70b2c30f5f85d7bf387381782a22b55f76598e1b4e19102fbf463c4333e91090ad2da49965be6211821d4f7f109aa7e4153348a9142f38fdb1a39299c997c02 Getopt-Long-2.51.tar.gz"
+sha512sums="3bd2ae3900df54801b42a1ab1c136b20438f3a162d88c1e030c5d91e96ad5cf76d5ccbcf9e75388fa29bcc26db0b1c5df3d1240d48136159462c912c9258d405 perl-5.34.0.tar.gz
+a78b5fb1a2b6f60b401329cfd2d8349d4fdcc19628cde0e9b840b82e1a02e705f7d7413fe206aa13ed714ab93a65b62ac3d85dfd526ca8048621d5d89b22f0ef musl-locale.patch
+2eb4986ac56f394e584ed5b16be40ccc0b689512fc23746588a3947db49c53be96dbbc25b8256513142c7a613481ea11b9154dfd4d0a67f05ef0662fedfd476a CVE-2021-36770.patch"
diff --git a/system/perl/CVE-2021-36770.patch b/system/perl/CVE-2021-36770.patch
new file mode 100644
index 000000000..c3c443900
--- /dev/null
+++ b/system/perl/CVE-2021-36770.patch
@@ -0,0 +1,29 @@
+From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001
+From: Ricardo Signes <rjbs@semiotic.systems>
+Date: Mon, 9 Aug 2021 08:14:05 -0400
+Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770
+
+I expect Encode to see a new release today.
+
+Without this fix, Encode::ConfigLocal can be loaded from a path relative
+to the current directory, because the || operator will evaluate @INC in
+scalar context, putting an integer as the only value in @INC.
+---
+ cpan/Encode/Encode.pm | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
+index a56a99947fd..b96a8504169 100644
+--- a/cpan/Encode/Encode.pm
++++ b/cpan/Encode/Encode.pm
+@@ -65,8 +66,8 @@ require Encode::Config;
+ eval {
+ local $SIG{__DIE__};
+ local $SIG{__WARN__};
+- local @INC = @INC || ();
+- pop @INC if $INC[-1] eq '.';
++ local @INC = @INC;
++ pop @INC if @INC && $INC[-1] eq '.';
+ require Encode::ConfigLocal;
+ };
+
diff --git a/system/perl/musl-locale.patch b/system/perl/musl-locale.patch
new file mode 100644
index 000000000..65839f1fe
--- /dev/null
+++ b/system/perl/musl-locale.patch
@@ -0,0 +1,37 @@
+diff --git a/locale.c b/locale.c
+index 7653340..7243cb1 100644
+--- a/locale.c
++++ b/locale.c
+@@ -581,6 +581,10 @@ S_emulate_setlocale(const int category,
+
+ return (char *) querylocale(mask, cur_obj);
+
++# elif defined(_NL_LOCALE_NAME)
++
++ return (char *) nl_langinfo_l(_NL_LOCALE_NAME(category), cur_obj);
++
+ # else
+
+ /* If this assert fails, adjust the size of curlocales in intrpvar.h */
+@@ -737,7 +741,7 @@ S_emulate_setlocale(const int category,
+
+ /* Here, we are switching locales. */
+
+-# ifndef HAS_QUERYLOCALE
++# if !defined(HAS_QUERYLOCALE) && !defined(_NL_LOCALE_NAME)
+
+ if (strEQ(locale, "")) {
+
+@@ -1094,6 +1098,12 @@ S_emulate_setlocale(const int category,
+ locale = querylocale(mask, new_obj);
+ }
+
++# elif defined(_NL_LOCALE_NAME)
++
++ if (strEQ(locale, "")) {
++ locale = nl_langinfo_l(_NL_LOCALE_NAME(category), new_obj);
++ }
++
+ # else
+
+ /* Here, 'locale' is the return value */