pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2021Q3] pkgsrc/databases/p5-DBI
Module Name: pkgsrc
Committed By: tm
Date: Sat Oct 16 17:51:39 UTC 2021
Modified Files:
pkgsrc/databases/p5-DBI [pkgsrc-2021Q3]: Makefile distinfo
Added Files:
pkgsrc/databases/p5-DBI/patches [pkgsrc-2021Q3]: patch-lib_DBD_File.pm
Log Message:
Pullup ticket #6515 - requested by wiz
databases/p5-DBI: security fix
Revisions pulled up:
- databases/p5-DBI/Makefile 1.87
- databases/p5-DBI/distinfo 1.54
- databases/p5-DBI/patches/patch-lib_DBD_File.pm 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Oct 14 07:08:58 UTC 2021
Modified Files:
pkgsrc/databases/p5-DBI: Makefile distinfo
Added Files:
pkgsrc/databases/p5-DBI/patches: patch-lib_DBD_File.pm
Log Message:
p5-DBI: fix CVE-2014-10402
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.86.4.1 pkgsrc/databases/p5-DBI/Makefile
cvs rdiff -u -r1.52 -r1.52.12.1 pkgsrc/databases/p5-DBI/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/databases/p5-DBI/Makefile
diff -u pkgsrc/databases/p5-DBI/Makefile:1.86 pkgsrc/databases/p5-DBI/Makefile:1.86.4.1
--- pkgsrc/databases/p5-DBI/Makefile:1.86 Mon May 24 19:49:34 2021
+++ pkgsrc/databases/p5-DBI/Makefile Sat Oct 16 17:51:39 2021
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.86 2021/05/24 19:49:34 wiz Exp $
+# $NetBSD: Makefile,v 1.86.4.1 2021/10/16 17:51:39 tm Exp $
DISTNAME= DBI-1.643
PKGNAME= p5-${DISTNAME}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= databases perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=DBI/}
Index: pkgsrc/databases/p5-DBI/distinfo
diff -u pkgsrc/databases/p5-DBI/distinfo:1.52 pkgsrc/databases/p5-DBI/distinfo:1.52.12.1
--- pkgsrc/databases/p5-DBI/distinfo:1.52 Sun May 17 09:12:01 2020
+++ pkgsrc/databases/p5-DBI/distinfo Sat Oct 16 17:51:39 2021
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.52 2020/05/17 09:12:01 wen Exp $
+$NetBSD: distinfo,v 1.52.12.1 2021/10/16 17:51:39 tm Exp $
SHA1 (DBI-1.643.tar.gz) = fdbe7a86873eed196be5f9753aabed5c1e22f2cb
RMD160 (DBI-1.643.tar.gz) = c944a9568c4aa0c8f5e936bba47d9ee55d16b6cb
SHA512 (DBI-1.643.tar.gz) = 03812f3eb1e43c8290dadb8cb14bbced9ec6e237228ea2a2ba91f22e52143906a91a7e82945dab30b1d1b9fc925073721111adafd9a09fac070808ab88f908b8
Size (DBI-1.643.tar.gz) = 612372 bytes
+SHA1 (patch-lib_DBD_File.pm) = e268b5f59b4474b8c2f5d72891c31f5d0f53c0c0
Added files:
Index: pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm
diff -u /dev/null pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm:1.1.2.2
--- /dev/null Sat Oct 16 17:51:39 2021
+++ pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm Sat Oct 16 17:51:39 2021
@@ -0,0 +1,28 @@
+$NetBSD: patch-lib_DBD_File.pm,v 1.1.2.2 2021/10/16 17:51:39 tm Exp $
+
+Fix CVE-2014-10402
+https://github.com/perl5-dbi/dbi/pull/93/commits/19d0fb169eed475e1c053e99036b8668625cfa94
+
+--- lib/DBD/File.pm.orig 2016-11-09 10:11:37.000000000 +0000
++++ lib/DBD/File.pm
+@@ -109,7 +109,11 @@ sub connect
+ # We do not (yet) care about conflicting attributes here
+ # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" });
+ # will test here that both test and text should exist
+- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) {
++ #
++ # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter.
++ if ($dbname) {
++ my @attrs = split /;/ => $dbname;
++ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs };
+ if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) {
+ my $msg = "No such directory '$attr_hash->{f_dir}";
+ $drh->set_err (2, $msg);
+@@ -120,7 +124,6 @@ sub connect
+ if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) {
+ my $msg = "No such directory '$attr->{f_dir}";
+ $drh->set_err (2, $msg);
+- $attr->{RaiseError} and croak $msg;
+ return;
+ }
+
Home |
Main Index |
Thread Index |
Old Index