[arch-commits] Commit in perl/trunk (PKGBUILD perlbin.sh)

Levente Polyak anthraxx at archlinux.org
Thu Sep 17 21:56:45 UTC 2020 

    Date: Thursday, September 17, 2020 @ 21:56:44
  Author: anthraxx
Revision: 396268

upgpkg: perl 5.32.0-3: security: avoid adding relative dir to PATH

Relative dirs in the PATH lead to arbitrary command execution when
any command is invoked in an attacker controller directory.

Furthermore add missing libperl.so dependencies and a checkdepends
for some skipped tests

Modified:
  perl/trunk/PKGBUILD
  perl/trunk/perlbin.sh

------------+
 PKGBUILD   |    7 ++++---
 perlbin.sh |    2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-09-17 21:40:29 UTC (rev 396267)
+++ PKGBUILD	2020-09-17 21:56:44 UTC (rev 396268)
@@ -7,12 +7,13 @@
 pkgname=perl
 pkgver=5.32.0
 _baseversion="${pkgver%.*}"
-pkgrel=2
+pkgrel=3
 pkgdesc="A highly capable, feature-rich programming language"
 arch=(x86_64)
 license=('GPL' 'PerlArtistic')
 url="https://www.perl.org"
-depends=('gdbm>=1.17' 'db' 'glibc')
+depends=('gdbm>=1.17' 'db' 'glibc' 'libxcrypt' 'libcrypt.so')
+checkdepends=('procps-ng')
 # NOTE: This array is automatically generated by `./patchprov`.
 #       If you want to add entries, do so in the next array.
 provides=('perl-archive-tar=2.36'
@@ -137,7 +138,7 @@
         detect-old-perl-modules.hook)
 options=('makeflags' '!purge' 'emptydirs')
 sha512sums=('1540247415893bbd94dfeede7b4fba6052688dc0bf27ced817f448246fcdc6e9a6486abc34577dec5b00bf02ed607b2d24ccd4977c3b3c51e8e6edfc0b81c760'
-            '1b4ccb4eb1be2551fab8871a19825467c1c8e130f32138508d15a34d226847a0a3ec7cab94f314a297448f6a932cf3dff2bb340c4fb20b84c359cef56f761e9c'
+            '6ed5bc6dbdc47bc7f4c0fedbe18deaf35ab02a2e6700988beb545954bb1d0fe20ff1a4de39d6d9fc882ef1741f7bf6d85ba165d0cd8dc0d9939b789c894f48a1'
             '53eb0cddfd637014f3d3a101665db8dcafe5ac5bf3d319a259974334eb89c1c405097518ae96b6d18e520194633c7be57c9b2cd9ae6398443eb08f1a2008d112'
             '881e2efe05ba818cd7300f126800b56bb0685cb5c9c5fb7e67ef6aaf5abd17d2391a979d5d16d109c5111f4b35504ba83d19b0e6eda4431e8421fcbea19d2f1a'
             'bd48af7a6209f2ad51aa1747a7238ecb11607a53f61460d873202bf14b55c3b7dd6f66f4a9f2cac8a24240313789a9a44dbc81b73587de46a6b1866bdfca5e26'

Modified: perlbin.sh
===================================================================
--- perlbin.sh	2020-09-17 21:40:29 UTC (rev 396267)
+++ perlbin.sh	2020-09-17 21:56:44 UTC (rev 396268)
@@ -2,7 +2,7 @@
 # https://wiki.archlinux.org/index.php/Perl_Policy#Binaries_and_scripts
 # Added /usr/bin/*_perl dirs for scripts
 
-[ -d /usr/bin/site_perl ] && append_path 'usr/bin/site_perl'
+[ -d /usr/bin/site_perl ] && append_path '/usr/bin/site_perl'
 
 [ -d /usr/bin/vendor_perl ] && append_path '/usr/bin/vendor_perl'

More information about the arch-commits mailing list