From e03bbd44e45aa58a8979703000b99228d45717d5 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Tue, 19 Apr 2022 12:35:20 -0500 Subject: system/perl: bump { 5.34.0 --> 5.34.1 }. patch zlib tests. fixes #530. --- system/perl/APKBUILD | 10 +++-- system/perl/CVE-2021-36770.patch | 29 --------------- system/perl/zlib-test.patch | 80 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 33 deletions(-) delete mode 100644 system/perl/CVE-2021-36770.patch create mode 100644 system/perl/zlib-test.patch (limited to 'system/perl') diff --git a/system/perl/APKBUILD b/system/perl/APKBUILD index adb76b6c4..bdc02b98c 100644 --- a/system/perl/APKBUILD +++ b/system/perl/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Sheila Aman # Maintainer: Adélie Perl Team pkgname=perl -pkgver=5.34.0 +pkgver=5.34.1 pkgrel=0 pkgdesc="Larry Wall's Practical Extraction and Report Language" url="https://www.perl.org/" @@ -16,10 +16,12 @@ subpackages="$pkgname-doc $pkgname-dev" source="https://www.cpan.org/src/5.0/perl-$pkgver.tar.gz musl-locale.patch musl-stack-size.patch - CVE-2021-36770.patch + zlib-test.patch " # secfixes: +# 5.34.1-r0: +# - CVE-2021-36770 # 5.26.3-r0: # - CVE-2018-12015 # - CVE-2018-18311 @@ -112,7 +114,7 @@ dev() { default_dev } -sha512sums="3bd2ae3900df54801b42a1ab1c136b20438f3a162d88c1e030c5d91e96ad5cf76d5ccbcf9e75388fa29bcc26db0b1c5df3d1240d48136159462c912c9258d405 perl-5.34.0.tar.gz +sha512sums="bf17f2c6fce1b046dce11450f28823fe5df6341f259ec351a4445768feb38706413be867a32c1fd916567657ca9f08c838030e02bb8a3bc1cd8a1350c007cf3a perl-5.34.1.tar.gz a78b5fb1a2b6f60b401329cfd2d8349d4fdcc19628cde0e9b840b82e1a02e705f7d7413fe206aa13ed714ab93a65b62ac3d85dfd526ca8048621d5d89b22f0ef musl-locale.patch c004d6612ec754e5947255a2e2d15b5581f187c32495aeeec9f4fa286919bd9f40c72b63db61e3f4004b09288af2063a6a14b67e5c289e9a8b23ebd7c216e16f musl-stack-size.patch -2eb4986ac56f394e584ed5b16be40ccc0b689512fc23746588a3947db49c53be96dbbc25b8256513142c7a613481ea11b9154dfd4d0a67f05ef0662fedfd476a CVE-2021-36770.patch" +bbb2beb49604982c42c833b229852bc8bca4e3498f97fcfbb3bf7de10dddbef3b21c917f333958c64feb99a65f4093773e33018ae0e91dadeecdf985ab0ed3a2 zlib-test.patch" diff --git a/system/perl/CVE-2021-36770.patch b/system/perl/CVE-2021-36770.patch deleted file mode 100644 index c3c443900..000000000 --- a/system/perl/CVE-2021-36770.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c1a937fef07c061600a0078f4cb53fe9c2136bb9 Mon Sep 17 00:00:00 2001 -From: Ricardo Signes -Date: Mon, 9 Aug 2021 08:14:05 -0400 -Subject: [PATCH] Encode.pm: apply a local patch for CVE-2021-36770 - -I expect Encode to see a new release today. - -Without this fix, Encode::ConfigLocal can be loaded from a path relative -to the current directory, because the || operator will evaluate @INC in -scalar context, putting an integer as the only value in @INC. ---- - cpan/Encode/Encode.pm | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm -index a56a99947fd..b96a8504169 100644 ---- a/cpan/Encode/Encode.pm -+++ b/cpan/Encode/Encode.pm -@@ -65,8 +66,8 @@ require Encode::Config; - eval { - local $SIG{__DIE__}; - local $SIG{__WARN__}; -- local @INC = @INC || (); -- pop @INC if $INC[-1] eq '.'; -+ local @INC = @INC; -+ pop @INC if @INC && $INC[-1] eq '.'; - require Encode::ConfigLocal; - }; - diff --git a/system/perl/zlib-test.patch b/system/perl/zlib-test.patch new file mode 100644 index 000000000..1cb8f5e80 --- /dev/null +++ b/system/perl/zlib-test.patch @@ -0,0 +1,80 @@ +diff --git a/cpan/Compress-Raw-Zlib/t/02zlib.t b/cpan/Compress-Raw-Zlib/t/02zlib.t +index 64c8944..9b2e9cb 100644 +--- a/cpan/Compress-Raw-Zlib/t/02zlib.t ++++ b/cpan/Compress-Raw-Zlib/t/02zlib.t +@@ -13,6 +13,7 @@ use bytes; + use Test::More ; + use CompTestUtils; + ++use constant ZLIB_1_2_12_0 => 0x12C0; + + BEGIN + { +@@ -490,7 +491,16 @@ SKIP: + last if $status == Z_STREAM_END or $status != Z_OK ; + } + +- cmp_ok $status, '==', Z_DATA_ERROR ; ++ # Z_STREAM_END returned by 1.12.2, Z_DATA_ERROR for older zlib ++ if (ZLIB_VERNUM >= ZLIB_1_2_12_0) ++ { ++ cmp_ok $status, '==', Z_STREAM_END ; ++ } ++ else ++ { ++ cmp_ok $status, '==', Z_DATA_ERROR ; ++ } ++ + is $GOT, $goodbye ; + + +@@ -514,7 +524,17 @@ SKIP: + is length($rest), $len2, "expected compressed output"; + + $GOT = ''; +- cmp_ok $k->inflate($rest, $GOT), '==', Z_DATA_ERROR, "inflate returns Z_DATA_ERROR"; ++ $status = $k->inflate($rest, $GOT); ++ # Z_STREAM_END returned by 1.12.2, Z_DATA_ERROR for older zlib ++ if (ZLIB_VERNUM >= ZLIB_1_2_12_0) ++ { ++ cmp_ok $status, '==', Z_STREAM_END ; ++ } ++ else ++ { ++ cmp_ok $status, '==', Z_DATA_ERROR ; ++ } ++ + is $GOT, $goodbye ; + } + +diff --git a/cpan/IO-Compress/t/cz-03zlib-v1.t b/cpan/IO-Compress/t/cz-03zlib-v1.t +index 9b75f9b..41734d0 100644 +--- a/cpan/IO-Compress/t/cz-03zlib-v1.t ++++ b/cpan/IO-Compress/t/cz-03zlib-v1.t +@@ -14,6 +14,8 @@ use Test::More ; + use CompTestUtils; + use Symbol; + ++use constant ZLIB_1_2_12_0 => 0x12C0; ++ + BEGIN + { + # use Test::NoWarnings, if available +@@ -700,7 +702,16 @@ EOM + + ($GOT, $status) = $k->inflate($rest) ; + +- ok $status == Z_DATA_ERROR ; ++ # Z_STREAM_END returned by 1.12.2, Z_DATA_ERROR for older zlib ++ if (ZLIB_VERNUM >= ZLIB_1_2_12_0) ++ { ++ cmp_ok $status, '==', Z_STREAM_END ; ++ } ++ else ++ { ++ cmp_ok $status, '==', Z_DATA_ERROR ; ++ } ++ + ok $Z . $GOT eq $goodbye ; + } + -- cgit v1.2.3-70-g09d2