diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..534600c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Perl-Tidy-20121207.tar.gz diff --git a/.perltidy.metadata b/.perltidy.metadata new file mode 100644 index 0000000..1d3dadb --- /dev/null +++ b/.perltidy.metadata @@ -0,0 +1 @@ +82d82d7c47c3b50c3be7b24b282279684521cc4a SOURCES/Perl-Tidy-20121207.tar.gz diff --git a/SOURCES/Fix-CVE-2014-2277.patch b/SOURCES/Fix-CVE-2014-2277.patch new file mode 100644 index 0000000..c8c2c3b --- /dev/null +++ b/SOURCES/Fix-CVE-2014-2277.patch @@ -0,0 +1,80 @@ +Description: Replace insecure make_temporary_filename with File::Temp::tempfile +Forwarded: http://lists.example.com/2010/03/1234.html +Origin: vendor, http://bugs.debian.org/740670 +Author: Don Armstrong +Last-Update: 2010-03-29 +--- a/lib/Perl/Tidy.pm ++++ b/lib/Perl/Tidy.pm +@@ -76,6 +76,7 @@ + use IO::File; + use File::Basename; + use File::Copy; ++use File::Temp qw(tempfile); + + BEGIN { + ( $VERSION = q($Id: Tidy.pm,v 1.74 2012/12/07 13:56:49 perltidy Exp $) ) =~ s/^.*\s+(\d+)\/(\d+)\/(\d+).*$/$1$2$3/; # all one line for MakeMaker +@@ -235,35 +236,6 @@ + return undef; + } + +-sub make_temporary_filename { +- +- # Make a temporary filename. +- # The POSIX tmpnam() function has been unreliable for non-unix systems +- # (at least for the win32 systems that I've tested), so use a pre-defined +- # name for them. A disadvantage of this is that two perltidy +- # runs in the same working directory may conflict. However, the chance of +- # that is small and manageable by the user, especially on systems for which +- # the POSIX tmpnam function doesn't work. +- my $name = "perltidy.TMP"; +- if ( $^O =~ /win32|dos/i || $^O eq 'VMS' || $^O eq 'MacOs' ) { +- return $name; +- } +- eval "use POSIX qw(tmpnam)"; +- if ($@) { return $name } +- use IO::File; +- +- # just make a couple of tries before giving up and using the default +- for ( 0 .. 3 ) { +- my $tmpname = tmpnam(); +- my $fh = IO::File->new( $tmpname, O_RDWR | O_CREAT | O_EXCL ); +- if ($fh) { +- $fh->close(); +- return ($tmpname); +- last; +- } +- } +- return ($name); +-} + + # Here is a map of the flow of data from the input source to the output + # line sink: +@@ -1316,11 +1288,7 @@ + my ( $fh_stream, $fh_name ) = + Perl::Tidy::streamhandle( $stream, 'r' ); + if ($fh_stream) { +- my ( $fout, $tmpnam ); +- +- # TODO: fix the tmpnam routine to return an open filehandle +- $tmpnam = Perl::Tidy::make_temporary_filename(); +- $fout = IO::File->new( $tmpnam, 'w' ); ++ my ( $fout, $tmpnam ) = tempfile(); + + if ($fout) { + $fname = $tmpnam; +@@ -5150,14 +5118,7 @@ + # Pod::Html requires a real temporary filename + # If we are making a frame, we have a name available + # Otherwise, we have to fine one +- my $tmpfile; +- if ( $rOpts->{'frames'} ) { +- $tmpfile = $self->{_toc_filename}; +- } +- else { +- $tmpfile = Perl::Tidy::make_temporary_filename(); +- } +- my $fh_tmp = IO::File->new( $tmpfile, 'w' ); ++ my ($fh_tmp,$tmpfile) = tempfile(); + unless ($fh_tmp) { + Perl::Tidy::Warn + "unable to open temporary file $tmpfile; cannot use pod2html\n"; diff --git a/SPECS/perltidy.spec b/SPECS/perltidy.spec new file mode 100644 index 0000000..a9ba5c4 --- /dev/null +++ b/SPECS/perltidy.spec @@ -0,0 +1,230 @@ +Name: perltidy +Version: 20121207 +Release: 3%{?dist} +Summary: Tool for indenting and reformatting Perl scripts + +License: GPLv2+ +URL: http://perltidy.sourceforge.net/ +Source: http://downloads.sourceforge.net/perltidy/Perl-Tidy-%{version}.tar.gz +# Fix CVE-2014-2277 (Insecure temporary file creation) +Patch0: Fix-CVE-2014-2277.patch + +BuildArch: noarch +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(Carp) +BuildRequires: perl(constant) +BuildRequires: perl(Cwd) +BuildRequires: perl(Exporter) +BuildRequires: perl(IO::File) +BuildRequires: perl(Test) +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description +Perltidy is a Perl script which indents and reformats Perl scripts to +make them easier to read. If you write Perl scripts, or spend much +time reading them, you will probably find it useful. The formatting +can be controlled with command line parameters. The default parameter +settings approximately follow the suggestions in the Perl Style Guide. +Perltidy can also output HTML of both POD and source code. Besides +reformatting scripts, Perltidy can be a great help in tracking down +errors with missing or extra braces, parentheses, and square brackets +because it is very good at localizing errors. + + +%prep +%setup -q -n Perl-Tidy-%{version} +%patch0 -p1 +rm -f docs/perltidy.1 examples/pt.bat +f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f + + +%build +%{__perl} Makefile.PL INSTALLDIRS=vendor +make %{?_smp_mflags} + + +%install +make pure_install PERL_INSTALL_ROOT=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' +find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null ';' +%{_fixperms} $RPM_BUILD_ROOT/* + + +%check +make test + + +%files +%doc BUGS CHANGES COPYING README TODO docs/ examples/ +%{_bindir}/perltidy +%{perl_vendorlib}/Perl/ +%{_mandir}/man1/perltidy.1* +%{_mandir}/man3/Perl::Tidy.3* + + +%changelog +* Tue Mar 11 2014 Jitka Plesnikova - 20121207-3 +- Resolves: rhbz#1074723 / CVE-2014-2277 +- Fix a bogus date in changelog + +* Fri Dec 27 2013 Daniel Mach - 20121207-2 +- Mass rebuild 2013-12-27 + +* Tue Dec 11 2012 Ville Skyttä - 20121207-1 +- Update to 20121207. + +* Wed Aug 15 2012 Jitka Plesnikova - 20120714-3 +- Specify all dependencies. + +* Fri Jul 20 2012 Fedora Release Engineering - 20120714-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 16 2012 Ville Skyttä - 20120714-1 +- Update to 20120714. + +* Mon Jul 09 2012 Petr Pisar - 20120701-2 +- Perl 5.16 rebuild + +* Sat Jul 7 2012 Ville Skyttä - 20120701-1 +- Update to 20120701. + +* Thu Jun 28 2012 Petr Pisar - 20120619-2 +- Perl 5.16 rebuild + +* Wed Jun 20 2012 Ville Skyttä - 20120619-1 +- Update to 20120619. +- Clean up specfile constructs no longer needed in Fedora or EL6+. + +* Fri Jun 08 2012 Petr Pisar - 20101217-5 +- Perl 5.16 rebuild + +* Sat Jan 14 2012 Fedora Release Engineering - 20101217-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Jun 17 2011 Marcela Mašláňová - 20101217-3 +- Perl mass rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 20101217-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Dec 26 2010 Ville Skyttä - 20101217-1 +- Update to 20101217. + +* Fri May 07 2010 Marcela Maslanova - 20090616-4 +- Mass rebuild with perl-5.12.0 + +* Fri Dec 4 2009 Stepan Kasal - 20090616-3 +- rebuild against perl 5.10.1 + +* Sun Jul 26 2009 Fedora Release Engineering - 20090616-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jun 18 2009 Ville Skyttä - 20090616-1 +- Update to 20090616. + +* Thu Feb 26 2009 Fedora Release Engineering - 20071205-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 27 2008 Tom "spot" Callaway - 20071205-3 +- Rebuild for perl 5.10 (again) + +* Sun Jan 13 2008 Tom "spot" Callaway - 20071205-2 +- rebuild for new perl + +* Thu Dec 6 2007 Ville Skyttä - 20071205-1 +- 20071205. +- Convert docs to UTF-8. + +* Wed Aug 1 2007 Ville Skyttä - 20070801-1 +- 20070801. + +* Wed May 9 2007 Ville Skyttä - 20070508-1 +- 20070508. + +* Sat May 5 2007 Ville Skyttä - 20070504-1 +- 20070504. + +* Tue Apr 24 2007 Ville Skyttä - 20070424-1 +- 20070424. + +* Tue Apr 17 2007 Ville Skyttä - 20060719-3 +- BuildRequire perl(ExtUtils::MakeMaker). + +* Fri Sep 15 2006 Ville Skyttä - 20060719-2 +- Rebuild. + +* Thu Jul 20 2006 Ville Skyttä - 20060719-1 +- 20060719. +- Fix order of options to find(1) in %%install. + +* Thu Jun 15 2006 Ville Skyttä - 20060614-1 +- 20060614, specfile cleanups, include examples in docs. + +* Fri Apr 8 2005 Michael Schwendt +- rebuilt + +* Thu Dec 16 2004 Ville Skyttä - 0:20031021-1 +- Sync with fedora-rpmdevtools' Perl spec template to fix x86_64 build. +- Move version to the version field. + +* Wed Oct 22 2003 Ville Skyttä 0:0.0-0.fdr.3.20031021 +- Update to 20031021. + +* Sat Oct 11 2003 Ville Skyttä 0:0.0-0.fdr.3.20030726 +- Install into vendor dirs. +- Spec cleanups. + +* Tue Jul 29 2003 Ville Skyttä 0:0.0-0.fdr.2.20030726 +- Update to 20030726. +- Use fedora-rpm-helper. + +* Mon Jun 23 2003 Ville Skyttä 0:0.0-0.fdr.2.20021130 +- Address issues in #194: +- Patch to get rid of a warning on startup. +- Do defattr before doc. + +* Fri May 30 2003 Ville Skyttä 0:0.0-0.fdr.1.20021130 +- Fix release naming scheme (this is snapshot-only). + +* Wed May 7 2003 Ville Skyttä 0:0.0-0.fdr.0.2.20021130 +- Own dirs. +- Save .spec in UTF-8. + +* Mon Apr 21 2003 Ville Skyttä 0:0.0-0.fdr.0.1.20021130 +- First Fedora release, based on Simon Perreault's work. + +* Mon Mar 10 2003 Simon Perreault 20021130-2 +- Changed architecture from i386 to noarch +- Added my name as packager +- Bumped up release number, which was forgotten by Anthony Rumble + +* Sun Mar 09 2003 Anthony Rumble +- Tidied up RPM Source + +* Sun Dec 1 2002 Simon Perreault +- Update to 20021130 + +* Sat Nov 9 2002 Simon Perreault +- Update to 20021106 + +* Mon Sep 23 2002 Simon Perreault +- Update to 20020922 + +* Wed Aug 28 2002 Simon Perreault +- Update to 20020826 + +* Tue May 7 2002 Simon Perreault +- Require 5.6.1 because Tidy.pm is placed in a directory dependant on perl + version. + +* Sat Apr 27 2002 Simon Perreault +- Update to 20020425. + +* Wed Apr 17 2002 Simon Perreault +- Generalized spec file. Added some documentation. + +* Wed Apr 17 2002 Simon Perreault +- Upgraded to version 20020416 + +* Mon Feb 25 2002 Simon Perreault +- Spec file was created on release of 20020225