CVE-2005-3916 - format string vulnerability in scripts using syslog()
CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn()
Bump the PKGREVISION to 7.
library searches to start in the system directories instead of in the
pkgsrc-controlled directories. This change is in the same spirit as
the one that caused the PKGREVISION bump to 6, but is more likely to
work on IRIX where plibpth needs to be set from the Configure script.
This time, we patch the Configure script instead of setting libpth in
the hints file because we depend on the values of variables which are
defined after the hints file is sourced by the Configure script.
XXX This breaks building perl on a platform that has native pthreads
XXX with PREFER_NATIVE_PTHREADS=no, but that's not really worthwhile
XXX to fix.
perl suffers from an integer wrap overflow inside the explicit
parameter format string functionality. This has been confirmed to
be a vector for remote code execution.
Bump PKGREVISION to 5.
because some Perl modules make some (bad) assumptions about the
structure of a MakeMaker-generated Makefile. Instead, remove the
perllocal.pod file whenever a p5-* module or perl itself is removed.
While here, rename some of the install/deinstall templates to more
descriptive names.
Bump the PKGREVISION to 3.
$(prefix) == $(siteprefix) == $(vendorprefix)
so that if a perl module is configured with "perl Makefile.PL PREFIX=...",
then that single PREFIX definition will override all three of the
above, and files will be properly installed into the correct relative
path. Also, patch a test so that it understands the different behavior
of the pkgsrc ExtUtils::MakeMaker module. Bump the PKGREVISION to 2.
for many "core" modules, UTF-8 and Unicode bugfixes, and ithreads
bugfixes.
The major changes are in the pkgsrc infrastructure to handle Perl and
Perl modules. All pkgsrc-installed Perl modules are now installed in
"vendor" directories, and the perl interpreter has been modifed to
search for libraries in the following order: site, vendor, perl. The
Perl library is stored in a directory that is named for the Perl ABI
version associated with the Perl release, so any updates of Perl to
newer versions can be done "in-place" as long as Perl ABI version
remains the same. All Perl scripts and man pages are stored in
locations that won't conflict between site, vendor, and perl modules,
and a new utility perllink(1) now manages symlinks to those scripts
and man pages under the usual ${LOCALBASE}/bin and ${LOCALBASE}/man/man1.
PERL5_SITEPREFIX may be set to the prefix where local, site-specific
modules will be installed, e.g. PERL5_SITEPREFIX=/usr/local. Note
that modules installed here are completely unmanaged by pkgsrc.
Update the buildlink and tool dependencies on perl to require perl>=5.8.7
to reflect the new locations for Perl modules and the Perl shared
library.
MIPSPro compiler/preprocessor behaves differently if invoked on
stdin vs file. In configure, we test for stdin, but lateron we use files.
So force it to work the way we know it does.
and 5.6.1nb10 include pulling in changes from the latest Perl sources
that add a more complete set of directories on NetBSD systems to the
rpath of Perl modules so that they may find libperl.so. The module
build/installation is now robust against the user overriding the value
of INSTALLARCHLIB.
libgcc.a isn't linked "whole archive" into the perl executable on newer
NetBSD systems (>1.5.x). Newer NetBSD systems have libgcc_pic.a linked
into shared libraries, so this hack isn't needed. This change was tested
by building and testing textproc/xerces-p, a C++ perl5 module that uses
functions in libgcc.a.
we install them into a private directory under the the normal Perl
installation and configure Perl so that site-specific Perl man3 pages
are installed into a private directory within site_perl. This avoids
manpage conflicts between 3rd-party modules, the standard Perl library,
and other packages.
The changes implement some unfinished work that is alluded to in the
MakeMaker.pm module by allowing "installsiteman{1,3}dir" to be set
during the configuration process and are used to provide default values
for INSTALLSITEMAN{1,3}DIR during the Perl module build/install process.
Bump PKGREVISIONs for lang/perl5 and lang/perl58.
changing the default module/library search path to have site_perl come
before the standard directories. In other words, the previous search path
on an i386 was:
/usr/pkg/lib/perl5/5.6.1/i386-netbsd
/usr/pkg/lib/perl5/5.6.1
/usr/pkg/lib/perl5/site_perl/5.6.1/i386-netbsd
/usr/pkg/lib/perl5/site_perl/5.6.1
/usr/pkg/lib/perl5/site_perl
but it is now:
/usr/pkg/lib/perl5/site_perl/5.6.1/i386-netbsd
/usr/pkg/lib/perl5/site_perl/5.6.1
/usr/pkg/lib/perl5/site_perl
/usr/pkg/lib/perl5/5.6.1/i386-netbsd
/usr/pkg/lib/perl5/5.6.1
The rationale for this is that when we install a module that is newer than
one in the standard library, the new module goes into the site_perl
directory as it's an add-on module. However, we can't use the newer module
without modifying either the scripts of the perl environment to find the
newer module explicitly because of the order of the library search path:
the site_perl directories come after the standard directories. The normal
solution is to directly replace the module in the standard library with
the newer module. However, this isn't really on option when installing
via pkgsrc because the older module files are owned by the perl package.
By placing the the site_perl directories before the standard directories,
newer modules that we install via pkgsrc are simply found before the older
ones in the standard library.
directly against -lperl when built. Combined with the previous update of
perl to add ${LOCALBASE}/lib to the rpath when creating shared
libraries/modules, these two changes make using mod_perl.so (ap-perl) more
painless. All perl shared modules now contain interlibrary dependencies to
the shared libraries they need. Instead of needing (at least on ELF):
LoadFile !/usr/lib/libm.so
LoadFile lib/perl5/5.6.1/i386-netbsd/CORE/libperl.so
...
# Any other libraries needed by perl shared modules need to listed
# with LoadFile here.
...
LoadModule perl_module lib/httpd/mod_perl.so
AddModule mod_perl.c
you'd need only the last two lines as the mod_perl authors intended.
I've tested this patch for many weeks now, successfully loading and using
the p5-Apache-ASP module as my test bed, and I haven't noticed any problems
with normal perl usage.
Also comment the Makefile slightly better.
modules) about -Wl,-R. We cause -Wl,-R/path/to/libdir in LIBS settings
to now get propagated correctly to the link command for shared modules.
The rpath flag is also silently coerced to start with -Wl,-R or -R
depending on the contents of ${LDDLFLAGS} to deal with either cc or ld
being invoked.
* Ensure that shared objects/libraries created by perl Makefiles include
the correct run-time library search path by also including the local
libraries directories. For example, shared objects are linked on ELF
platforms with "cc -Wl,-R/usr/pkg/lib -L/usr/pkg/lib", and not just
"cc -L/usr/pkg/lib" as before.
problem reported in pkg/13663 by John Klos <john@sixgirls.org> where on
older (pre-current) NetBSD/vax, <ieeefp.h> exists but <machine/ieeefp.h>
doesn't, which was broken since <ieeefp.h> included <machine/ieeefp.h>.
include:
- Re-adding ${LOCALBASE}/include and ${LOCALBASE}/lib to the local compiler
search paths,
Other changes include:
- Migrating the setting to not install man3 pages from patch-ab into the
package Makefile so that they aren't installed across all pkgsrc platforms.
- Better document SYSLIBPATH.${OPSYS}.
perl mess I created a year ago and making this a vanilla perl installation
again, and explicitly setting the system library path so that /usr/local/*
doesn't appear anywhere.
The installed perl library now also includes CGI.pm-2.752. The www/p5-CGI
package installs in to ${PERL5_SITEARCH} so there is no conflict with the
"standard" CGI.pm.
(from commit log of perl5-current/Makefile):
* Interpreter cloning, threads, and concurrency
* Lexically scoped warning categories
* Unicode and UTF-8 support
* Support for interpolating named characters
* "our" declarations
* Support for strings represented as a vector of ordinals
* Improved Perl version numbering system
* New syntax for declaring subroutine attributes
* File and directory handles can be autovivified
* open() with more than two arguments
* 64-bit support
* Large file support
* Long doubles
* "more bits"
* Enhanced support for sort() subroutines
* C<sort $coderef @foo> allowed
* File globbing implemented internally
* POSIX character class syntax [: :] supported
* Improved C<qw//> operator
* pack() format 'Z' supported
* pack() format modifier '!' supported
* pack() and unpack() support counted strings
* Comments in pack() templates
* Weak references
* Binary numbers supported
* Lvalue subroutines
* Some arrows may be omitted in calls through references
* Boolean assignment operators are legal lvalues
* exists() is supported on subroutine names
* exists() and delete() are supported on array elements
* Pseudo-hashes work better
* Automatic flushing of output buffers
* Better diagnostics on meaningless filehandle operations
* Where possible, buffered data discarded from duped input filehandle
* eof() has the same old magic as <>
* binmode() can be used to set :crlf and :raw modes
* C<-T> filetest recognizes UTF-8 encoded files as "text"
* system(), backticks and pipe open now reflect exec() failure
* Improved diagnostics
* Diagnostics follow STDERR
* syswrite() ease-of-use
* Better syntax checks on parenthesized unary operators
* Bit operators support full native integer width
* Improved security features
* C<require> and C<do> may be overridden
* $^X variables may now have names longer than one character
* New variable $^C reflects C<-c> switch
* New variable $^V contains Perl version as a string
* Optional Y2K warnings
* Modules
* Pragmata
* dprofpp
* find2perl
* h2xs
* perlcc
* perldoc
* The Perl Debugger
* Simple sort() using { $a <=> $b } and the like are optimized
* Optimized assignments to lexical variables
* Faster subroutine calls
* -Dusethreads means something different
* New Configure flags
* Threadedness and 64-bitness now more daring
* Long Doubles
...
See 'perldoc perldelta' for a full list.