CVS commit: pkgsrc/devel/p5-File-Find-Rule

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Jun  5 19:00:01 UTC 2025

Modified Files:
        pkgsrc/devel/p5-File-Find-Rule: Makefile distinfo
Added Files:
        pkgsrc/devel/p5-File-Find-Rule/patches: patch-lib_File_Find_Rule.pm

Log Message:
p5-File-Find-Rule: fix CVE-2011-10007 using upstream patch.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 pkgsrc/devel/p5-File-Find-Rule/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/p5-File-Find-Rule/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/devel/p5-File-Find-Rule/patches/patch-lib_File_Find_Rule.pm

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/p5-File-Find-Rule/Makefile
diff -u pkgsrc/devel/p5-File-Find-Rule/Makefile:1.28 pkgsrc/devel/p5-File-Find-Rule/Makefile:1.29
--- pkgsrc/devel/p5-File-Find-Rule/Makefile:1.28        Sat Nov 16 12:04:14 2024
+++ pkgsrc/devel/p5-File-Find-Rule/Makefile     Thu Jun  5 19:00:01 2025
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2024/11/16 12:04:14 wiz Exp $
+# $NetBSD: Makefile,v 1.29 2025/06/05 19:00:01 wiz Exp $
 
 DISTNAME=      File-Find-Rule-0.34
 PKGNAME=       p5-${DISTNAME}
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    devel perl5
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=File/}
 

Index: pkgsrc/devel/p5-File-Find-Rule/distinfo
diff -u pkgsrc/devel/p5-File-Find-Rule/distinfo:1.8 pkgsrc/devel/p5-File-Find-Rule/distinfo:1.9
--- pkgsrc/devel/p5-File-Find-Rule/distinfo:1.8 Tue Oct 26 10:16:35 2021
+++ pkgsrc/devel/p5-File-Find-Rule/distinfo     Thu Jun  5 19:00:01 2025
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.8 2021/10/26 10:16:35 nia Exp $
+$NetBSD: distinfo,v 1.9 2025/06/05 19:00:01 wiz Exp $
 
 BLAKE2s (File-Find-Rule-0.34.tar.gz) = 0878cc75b38e18db754b97b1ad77bcacc8ed64c144321b621dbdb066eb21ac36
 SHA512 (File-Find-Rule-0.34.tar.gz) = 97328a86578942d214f7ac530cc88fc84dc7ef2018db06b8c0c58907a4045e90c9c97d1848ed4f16838bd8ca591aca4fa9f24649c81fd8dfe9efe7a2f9f2722c
 Size (File-Find-Rule-0.34.tar.gz) = 16165 bytes
+SHA1 (patch-lib_File_Find_Rule.pm) = c976b33d815ebc6391e91e088aeba4a78fd451eb

Added files:

Index: pkgsrc/devel/p5-File-Find-Rule/patches/patch-lib_File_Find_Rule.pm
diff -u /dev/null pkgsrc/devel/p5-File-Find-Rule/patches/patch-lib_File_Find_Rule.pm:1.1
--- /dev/null   Thu Jun  5 19:00:01 2025
+++ pkgsrc/devel/p5-File-Find-Rule/patches/patch-lib_File_Find_Rule.pm  Thu Jun  5 19:00:01 2025
@@ -0,0 +1,19 @@
+$NetBSD: patch-lib_File_Find_Rule.pm,v 1.1 2025/06/05 19:00:01 wiz Exp $
+
+File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code
+Execution when `grep()` encounters a crafted file name
+
+CVE-2011-10007
+https://github.com/richardc/perl-file-find-rule/commit/df58128bcee4c1da78c34d7f3fe1357e575ad56f.patch
+
+--- lib/File/Find/Rule.pm.orig 2015-12-03 14:27:56.000000000 +0000
++++ lib/File/Find/Rule.pm
+@@ -420,7 +420,7 @@ sub grep {
+ 
+     $self->exec( sub {
+         local *FILE;
+-        open FILE, $_ or return;
++        open FILE, '<', $_ or return;
+         local ($_, $.);
+         while (<FILE>) {
+             for my $p (@pattern) {