$HOME's parent directory isn't readable by an unprivileged user.
Tested on Linux with unprivileged pkgsrc (DreamHost, where the
problem was encountered) and on Mac OS X with a more typical setup.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
explaining that this should prevent a repeat of the current problem where
binary perl packages built for 5.8.8 can be installed together with
perl 5.10.0 without any warning/error. By the perl numbering scheme,
perl 5.12.0 will be the next maintenance version which installs modules
in a different path than what's used for 5.10.0.
The contents of perl itself doesn't change as a result of this change,
so no revision bump, but a revision bump for all packages which depend
directly on perl is forthcoming, as a workaround for the 5.8.8 -> 5.10.0
transition.
at using p5-* packages built with the new perl from being installed
together with an older version of perl. The p5-* packages will not
work because the new and old perls install modules in different
directories. As a consequence, bump package revision.
A large number of packages have had their internal regression tests
run successfully with this update, including mod_perl for Apache.
Pkgsrc changes: a number of our local patches are no longer needed.
Upstream changes from version 5.8.8:
# Core Enhancements
* The feature pragma
* New -E command-line switch
* Defined-or operator
* Switch and Smart Match operator
* Regular expressions
* say()
* Lexical $_
* The _ prototype
* UNITCHECK blocks
* New Pragma, mro
* readdir() may return a "short filename" on Windows
* readpipe() is now overridable
* Default argument for readline()
* state() variables
* Stacked filetest operators
* UNIVERSAL::DOES()
* Formats
* Byte-order modifiers for pack() and unpack()
* no VERSION
* chdir, chmod and chown on filehandles
* OS groups
* Recursive sort subs
* Exceptions in constant folding
* Source filters in @INC
* New internal variables
* Miscellaneous
* UCD 5.0.0
* MAD
* kill() on Windows
# Incompatible Changes
* Packing and UTF-8 strings
* Byte/character count feature in unpack()
* The $* and $# variables have been removed
* substr() lvalues are no longer fixed-length
* Parsing of -f _
* :unique
* Effect of pragmas in eval
* chdir FOO
* Handling of .pmc files
* $^V is now a version object instead of a v-string
* @- and @+ in patterns
* $AUTOLOAD can now be tainted
* Tainting and printf
* undef and signal handlers
* strictures and dereferencing in defined()
* (?p{}) has been removed
* Pseudo-hashes have been removed
* Removal of the bytecode compiler and of perlcc
* Removal of the JPL
* Recursive inheritance detected earlier
# Modules and Pragmata
* Upgrading individual core modules
* Pragmata Changes
* New modules
* Selected Changes to Core Modules
# Utility Changes
# New Documentation
# Performance Enhancements
* In-place sorting
* Lexical array access
* XS-assisted SWASHGET
* Constant subroutines
* PERL_DONT_CREATE_GVSV
* Weak references are cheaper
* sort() enhancements
* Memory optimisations
* UTF-8 cache optimisation
* Sloppy stat on Windows
* Regular expressions optimisations
# Installation and Configuration Improvements
* Configuration improvements
* Compilation improvements
* Installation improvements
* New Or Improved Platforms
# Selected Bug Fixes
# New or Changed Diagnostics
# Changed Internals
* Reordering of SVt_* constants
* Elimination of SVt_PVBM
* New type SVt_BIND
* Removal of CPP symbols
* Less space is used by ops
* New parser
* Use of const
* Mathoms
* AvFLAGS has been removed
* av_* changes
* $^H and %^H
* B:: modules inheritance changed
* Anonymous hash and array constructors
...
See 'perldoc perldelta' or http://perldoc.perl.org/perldelta.html
for explanation of each of these points.
outsmart us and call the tool by name in some parts of the build.
eg just "nbsed" instead of "/usr/pkg/bin/nbsed". This can only have
worked before as long as ${PREFIX}/bin was in the user's path.
Fix this by TOOLS_ALIASES.sed+=${TOOLS_SED:T} so that an "nbsed"
is available in the PATH.
=> 9.0 as it breaks the build. This should just be considered a temporary
work around until the actual problem can be fixed as this worked for
Darwin < 9.0.
There are no changes to perl on any other platforms.
This should address PR# 37225
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
packlist is used to generate the pkgsrc PLIST. This is the case for most
of the Perl modules, so the default value is "yes".
Currently, there is no change in functionality. After some further
testing, the default will be that a Perl module provides a packlist and
needs to say if it doesn't.
build executable, either by using the same constants or by sourcing the
config.sh script created by Configure.
Don't create $installsitearch and don't attempt to remove
$installvendorarch, the former is easy and the latter not needed.
perllink script. This was causing errors when building perl from
pkgsrc. The perllink script didn't create any symlinks because it
tried to invoke "perl", which silently fails with revision 1.20 of
mk/tools/perl.mk (after the pkgsrc-2006Q2 branch).
Bump the PKGREVISION to 3.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
the pkglint warning:
As {INSTALL,DEINSTALL}_TEMPLATE is modified using "+=", its name
should indicate plural.
This does make the variables a bit more suggestive of the fact that they
hold lists of values.
in declarations when compiling C++ code. Patch the perl.h and XSUB.h
headers to avoid using this attribute if using GCC<3.4 and building
C++ modules. This fixes PR pkg/33403 by OBATA Akio.
Bump PKGREVISION to 2.
* Updates of many standard Perl modules.
* Performance enhancements for loadable modules and memory usage.
* Fixed bug when running with "-w". Previously when running with
warnings enabled globally via "-w", selective disabling of specific
warning categories would actually turn off all warnings. This
is now fixed; now "no warnings 'io';" will only turn off warnings
in the "io" class. This bug fix may cause some programs to start
correctly issuing warnings.
* Perl 5.8.4 introduced a change so that assignments of "undef" to a
scalar, or of an empty list to an array or a hash, were optimised away.
As this could cause problems when "goto" jumps were involved, this
change has been backed out.
* Using the sprintf function with some formats could lead to a
buffer overflow in some specific cases. This has been fixed,
along with several other bugs, notably in bounds checking.
* Fixed bug in pkgsrc-installed perl-5.8.7 and all subsequent
PKGREVISIONs, where perl didn't look for site modules under
/usr/pkg/lib/perl5/site_perl, but only under
/usr/pkg/lib/perl5/site_perl/5.8.0, and similarly for the vendor
modules.
* Honor PKGMANDIR when installing man pages.
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
were lost in PKGREVISION nb7. We do this by avoiding inspecting the
value of ${WRKSRC} within the package Makefile and instead deferring
using ${WRKSRC} until we actually need the value (after extraction).
This is necessary because WRKSRC is defined in bsd.pkg.mk, which is
too late.
Bump the PKGREVISION to 8.
CVE-2005-3916 - format string vulnerability in scripts using syslog()
CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn()
Bump the PKGREVISION to 7.
library searches to start in the system directories instead of in the
pkgsrc-controlled directories. This change is in the same spirit as
the one that caused the PKGREVISION bump to 6, but is more likely to
work on IRIX where plibpth needs to be set from the Configure script.
This time, we patch the Configure script instead of setting libpth in
the hints file because we depend on the values of variables which are
defined after the hints file is sourced by the Configure script.
XXX This breaks building perl on a platform that has native pthreads
XXX with PREFER_NATIVE_PTHREADS=no, but that's not really worthwhile
XXX to fix.
applications much sooner. We do this by making every hints file create
a usethreads.cbu script that prepends the correct LDFLAGS to the
ldflags and lddlflags Perl variables. This should fix PR pkg/31091,
which detailed a problem with building threaded perl on a platform
withat native pthreads that used GNU Pth as its pthread library.
While we're here, also fix some minor variable quoting issues.
Bump the PKGREVISION to 6.
perl suffers from an integer wrap overflow inside the explicit
parameter format string functionality. This has been confirmed to
be a vector for remote code execution.
Bump PKGREVISION to 5.
"yes", then they list the compressed manpages. Implementation stolen
from the PLIST MANZ-handling code in bsd.pkg.mk added by Stoned Elipot.
This should fix pkg/31499.
