* [gentoo-commits] repo/gentoo:master commit in: dev-perl/Clipboard/files/, dev-perl/Clipboard/
@ 2016-11-19 11:33 Patrice Clement
0 siblings, 0 replies; 3+ messages in thread
From: Patrice Clement @ 2016-11-19 11:33 UTC (permalink / raw
To: gentoo-commits
commit: 6ea7c366c608b4ea144a8a31cdaf2553b08bf5ef
Author: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 19 11:32:52 2016 +0000
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sat Nov 19 11:33:53 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ea7c366
dev-perl/Clipboard: fix insecure temporary file usage.
This is a community patch taken from
https://anonscm.debian.org/cgit/pkg-perl/packages/libclipboard-perl.git/tree/debian/patches/insecure-tempfile.patch.
Courtesy of Gregor Herrmann <gregoa <AT> debian.org>.
Gentoo-Bug: https://bugs.gentoo.org/521890
Package-Manager: portage-2.3.0
dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild | 22 +++++++++++++++++++++
.../Clipboard-0.130.0-insecure-tempfile.patch | 23 ++++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git a/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild b/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild
new file mode 100644
index 00000000..0696164
--- /dev/null
+++ b/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild
@@ -0,0 +1,22 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MODULE_AUTHOR=KING
+MODULE_VERSION=0.13
+inherit perl-module
+
+DESCRIPTION="Copy and paste with any OS"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+IUSE=""
+
+# See bug 521890.
+PATCHES=(
+ "${FILESDIR}"/"${P}"-insecure-tempfile.patch
+)
+
+RDEPEND="x11-misc/xclip"
diff --git a/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
new file mode 100644
index 00000000..1fd452c
--- /dev/null
+++ b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
@@ -0,0 +1,23 @@
+Description: Fix insecure use of temporary files.
+ This is CVE-2014-5509.
+Origin: vendor
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=98435
+Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=98435
+Author: gregor herrmann <gregoa@debian.org>
+Last-Update: 2016-08-13
+
+--- a/scripts/clipedit
++++ b/scripts/clipedit
+@@ -1,10 +1,11 @@
+ #!/usr/bin/perl
+ use strict;
+ use Clipboard;
++use File::Temp qw( tempfile );
+
+ my $orig = Clipboard->paste;
+
+-my $tmpfilename = "/tmp/clipedit$$";
++my ($tmpfile, $tmpfilename) = tempfile();
+ open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!";
+ print $tmpfile $orig;
+ close $tmpfile;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-perl/Clipboard/files/, dev-perl/Clipboard/
@ 2017-10-18 21:39 Kent Fredric
0 siblings, 0 replies; 3+ messages in thread
From: Kent Fredric @ 2017-10-18 21:39 UTC (permalink / raw
To: gentoo-commits
commit: 04291b6956a571e8e9191274dd20db4027f8d15d
Author: Kent Fredric <kentnl <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 18 21:35:05 2017 +0000
Commit: Kent Fredric <kentnl <AT> gentoo <DOT> org>
CommitDate: Wed Oct 18 21:39:07 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04291b69
dev-perl/Clipboard: EAPI6 + Tests
- EAPI6
- Enable tests
- Fix virtualx needed for tests
- Fix tests broken by '.' in @INC
- Migrate makefile.PL fix to general '.' in @INC patch
Package-Manager: Portage-2.3.8, Repoman-2.3.3
dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild | 26 +++++++++++++
.../files/Clipboard-0.130.0-no-dot-inc.patch | 45 ++++++++++++++++++++++
2 files changed, 71 insertions(+)
diff --git a/dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild b/dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild
new file mode 100644
index 00000000000..1b02d004d0b
--- /dev/null
+++ b/dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild
@@ -0,0 +1,26 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DIST_AUTHOR=KING
+DIST_VERSION=0.13
+inherit perl-module virtualx
+
+DESCRIPTION="Copy and paste with any OS"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+IUSE=""
+
+# See bug 521890.
+PATCHES=(
+ "${FILESDIR}"/"${P}"-insecure-tempfile.patch
+ "${FILESDIR}"/"${P}"-no-dot-inc.patch
+)
+
+RDEPEND="x11-misc/xclip"
+
+src_test() {
+ virtx perl-module_src_test
+}
diff --git a/dev-perl/Clipboard/files/Clipboard-0.130.0-no-dot-inc.patch b/dev-perl/Clipboard/files/Clipboard-0.130.0-no-dot-inc.patch
new file mode 100644
index 00000000000..1e9c31be70e
--- /dev/null
+++ b/dev-perl/Clipboard/files/Clipboard-0.130.0-no-dot-inc.patch
@@ -0,0 +1,45 @@
+From 389b272f8696b86f594726544a8280e43cd2ffc6 Mon Sep 17 00:00:00 2001
+From: Kent Fredric <kentnl@gentoo.org>
+Date: Thu, 19 Oct 2017 10:21:36 +1300
+Subject: Fix Makefile.PL & Tests for '.' in @INC removal under Perl 5.26+
+
+Bug: https://bugs.gentoo.org/615138
+Bug: https://rt.cpan.org/Ticket/Display.html?id=121056
+---
+ Makefile.PL | 1 +
+ t/drivers.t | 2 ++
+ t/mock.t | 2 ++
+ 3 files changed, 5 insertions(+)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index 08468ac..ab60784 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -1,3 +1,4 @@
++use lib '.';
+ use inc::Module::Install;
+ name('Clipboard');
+ author('Ryan King <rking@panoptic.com>');
+diff --git a/t/drivers.t b/t/drivers.t
+index 1ae7014..de2478f 100644
+--- a/t/drivers.t
++++ b/t/drivers.t
+@@ -1,3 +1,5 @@
++use File::Spec::Functions qw(rel2abs);
++use lib rel2abs('.');
+ use Test::Clipboard;
+ use strict; # XXX make Test::Clipboard do this
+ my %map = qw(
+diff --git a/t/mock.t b/t/mock.t
+index fbd76f0..2a50ebb 100644
+--- a/t/mock.t
++++ b/t/mock.t
+@@ -1,3 +1,5 @@
++use File::Spec::Functions qw(rel2abs);
++use lib rel2abs('.');
+ use Test::Clipboard;
+ use Test::MockClipboard;
+ use strict; # XXX make Test::Clipboard do this
+--
+2.14.2
+
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-perl/Clipboard/files/, dev-perl/Clipboard/
@ 2020-10-04 5:21 Kent Fredric
0 siblings, 0 replies; 3+ messages in thread
From: Kent Fredric @ 2020-10-04 5:21 UTC (permalink / raw
To: gentoo-commits
commit: 3841dd196aabd4e278ebeac584fdc485fc1b2962
Author: Kent Fredric <kentnl <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 4 05:17:57 2020 +0000
Commit: Kent Fredric <kentnl <AT> gentoo <DOT> org>
CommitDate: Sun Oct 4 05:17:57 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3841dd19
dev-perl/Clipboard: Cleanup old 0.130.0-r3
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Kent Fredric <kentnl <AT> gentoo.org>
dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild | 26 -------------
dev-perl/Clipboard/Manifest | 1 -
.../Clipboard-0.130.0-insecure-tempfile.patch | 23 -----------
.../files/Clipboard-0.130.0-no-dot-inc.patch | 45 ----------------------
4 files changed, 95 deletions(-)
diff --git a/dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild b/dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild
deleted file mode 100644
index e66f219513f..00000000000
--- a/dev-perl/Clipboard/Clipboard-0.130.0-r3.ebuild
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-DIST_AUTHOR=KING
-DIST_VERSION=0.13
-inherit perl-module virtualx
-
-DESCRIPTION="Copy and paste with any OS"
-
-SLOT="0"
-KEYWORDS="amd64 arm ppc ppc64 x86"
-IUSE=""
-
-# See bug 521890.
-PATCHES=(
- "${FILESDIR}"/"${P}"-insecure-tempfile.patch
- "${FILESDIR}"/"${P}"-no-dot-inc.patch
-)
-
-RDEPEND="x11-misc/xclip"
-
-src_test() {
- virtx perl-module_src_test
-}
diff --git a/dev-perl/Clipboard/Manifest b/dev-perl/Clipboard/Manifest
index 4e486ec79cb..e3608ccb592 100644
--- a/dev-perl/Clipboard/Manifest
+++ b/dev-perl/Clipboard/Manifest
@@ -1,2 +1 @@
-DIST Clipboard-0.13.tar.gz 21616 BLAKE2B 6e46f36fcfbcbd61ca35dddb85b16da49ee7b2d6f3e0cf6b15e90a5730b649d0bb960108c33d6896903570f3baaf5ce871511dfd3a1330625b9974190fb408bc SHA512 29792efabee3bdbd808c445714f344608f79799561029d3311b3c263e7bd52ddd8be6e17773f2e027b0d38afecd5d7057af3a129e053c1c01928cf2c5a12bd6b
DIST Clipboard-0.26.tar.gz 25159 BLAKE2B d4bb2c311afabf5e6e751b144d71f269aebdc743cab31b1064e1f77f563e109ee1a196ec0a483aa362d39e1549cc02ebfa01b82172dcd10a3a173278fa64ece3 SHA512 68427934e4c460492f0fca1ea45891070e6aa544b49896d383786918055889ab179bc9d926018f85d6f77e89f7882098750d55b8dc656047bc63ec07d1c515c1
diff --git a/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
deleted file mode 100644
index 1fd452c6148..00000000000
--- a/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Description: Fix insecure use of temporary files.
- This is CVE-2014-5509.
-Origin: vendor
-Bug: https://rt.cpan.org/Public/Bug/Display.html?id=98435
-Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=98435
-Author: gregor herrmann <gregoa@debian.org>
-Last-Update: 2016-08-13
-
---- a/scripts/clipedit
-+++ b/scripts/clipedit
-@@ -1,10 +1,11 @@
- #!/usr/bin/perl
- use strict;
- use Clipboard;
-+use File::Temp qw( tempfile );
-
- my $orig = Clipboard->paste;
-
--my $tmpfilename = "/tmp/clipedit$$";
-+my ($tmpfile, $tmpfilename) = tempfile();
- open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!";
- print $tmpfile $orig;
- close $tmpfile;
diff --git a/dev-perl/Clipboard/files/Clipboard-0.130.0-no-dot-inc.patch b/dev-perl/Clipboard/files/Clipboard-0.130.0-no-dot-inc.patch
deleted file mode 100644
index 1e9c31be70e..00000000000
--- a/dev-perl/Clipboard/files/Clipboard-0.130.0-no-dot-inc.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 389b272f8696b86f594726544a8280e43cd2ffc6 Mon Sep 17 00:00:00 2001
-From: Kent Fredric <kentnl@gentoo.org>
-Date: Thu, 19 Oct 2017 10:21:36 +1300
-Subject: Fix Makefile.PL & Tests for '.' in @INC removal under Perl 5.26+
-
-Bug: https://bugs.gentoo.org/615138
-Bug: https://rt.cpan.org/Ticket/Display.html?id=121056
----
- Makefile.PL | 1 +
- t/drivers.t | 2 ++
- t/mock.t | 2 ++
- 3 files changed, 5 insertions(+)
-
-diff --git a/Makefile.PL b/Makefile.PL
-index 08468ac..ab60784 100644
---- a/Makefile.PL
-+++ b/Makefile.PL
-@@ -1,3 +1,4 @@
-+use lib '.';
- use inc::Module::Install;
- name('Clipboard');
- author('Ryan King <rking@panoptic.com>');
-diff --git a/t/drivers.t b/t/drivers.t
-index 1ae7014..de2478f 100644
---- a/t/drivers.t
-+++ b/t/drivers.t
-@@ -1,3 +1,5 @@
-+use File::Spec::Functions qw(rel2abs);
-+use lib rel2abs('.');
- use Test::Clipboard;
- use strict; # XXX make Test::Clipboard do this
- my %map = qw(
-diff --git a/t/mock.t b/t/mock.t
-index fbd76f0..2a50ebb 100644
---- a/t/mock.t
-+++ b/t/mock.t
-@@ -1,3 +1,5 @@
-+use File::Spec::Functions qw(rel2abs);
-+use lib rel2abs('.');
- use Test::Clipboard;
- use Test::MockClipboard;
- use strict; # XXX make Test::Clipboard do this
---
-2.14.2
-
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-10-04 5:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-19 11:33 [gentoo-commits] repo/gentoo:master commit in: dev-perl/Clipboard/files/, dev-perl/Clipboard/ Patrice Clement
-- strict thread matches above, loose matches on Subject: below --
2017-10-18 21:39 Kent Fredric
2020-10-04 5:21 Kent Fredric
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox