From e096006aef3f45147f77949c6b07f525aba08fc3 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>

Date: Thu, 11 May 2017 11:27:40 +0200

Subject: [PATCH] Upgrade to 3.67

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Unbundled from 5.25.12.

Signed-off-by: Petr Písař <ppisar@redhat.com>

---

 Changes                    | 12 ++++++++++++

 Cwd.pm                     |  7 +++++--

 Cwd.xs                     |  2 +-

 Makefile.PL                |  9 +++++++--

 lib/File/Spec.pm           | 11 +++++++----

 lib/File/Spec/AmigaOS.pm   |  2 +-

 lib/File/Spec/Cygwin.pm    |  8 ++++++--

 lib/File/Spec/Epoc.pm      |  2 +-

 lib/File/Spec/Functions.pm |  2 +-

 lib/File/Spec/Mac.pm       |  6 +++---

 lib/File/Spec/OS2.pm       |  2 +-

 lib/File/Spec/Unix.pm      |  2 +-

 lib/File/Spec/VMS.pm       | 17 ++++++++++-------

 lib/File/Spec/Win32.pm     |  8 ++++++--

 14 files changed, 62 insertions(+), 28 deletions(-)

diff --git a/Changes b/Changes

index 09e977a..7d0c179 100644

--- a/Changes

+++ b/Changes

@@ -1,5 +1,17 @@

 Revision history for Perl distribution PathTools.

+3.67 - Mon Feb 27 09:33:04 EST 2017

+- Add security usage note to File::Spec::no_upwards

+

+3.66 - Sat Nov 19 10:30:19 MST 2016

+- white space change so can compile under C++11

+

+3.65 - Mon, 25 Jul 2016 23:15:33 -0700

+- (perl #127384)(CVE-2016-1238)

+

+3.64 - Tue May 24 10:00:19 MST 2016

+- just minor pod changes to silence Pod::Checker

+

 3.62 - Mon Jan 11 08:39:19 EST 2016

 - ensure File::Spec::canonpath() preserves taint (CVE-2015-8607)

diff --git a/Cwd.pm b/Cwd.pm

index e8b9f19..ce142cf 100644

--- a/Cwd.pm

+++ b/Cwd.pm

@@ -3,7 +3,7 @@ use strict;

 use Exporter;

 use vars qw(@ISA @EXPORT @EXPORT_OK $VERSION);

-$VERSION = '3.63';

+$VERSION = '3.67';

 my $xs_version = $VERSION;

 $VERSION =~ tr/_//d;

@@ -40,7 +40,10 @@ if ($^O eq 'os2') {

 my $use_vms_feature;

 BEGIN {

     if ($^O eq 'VMS') {

-        if (eval { local $SIG{__DIE__}; require VMS::Feature; }) {

+        if (eval { local $SIG{__DIE__};

+                   local @INC = @INC;

+                   pop @INC if $INC[-1] eq '.';

+                   require VMS::Feature; }) {

             $use_vms_feature = 1;

         }

     }

diff --git a/Cwd.xs b/Cwd.xs

index 3d018dc..c6c600b 100644

--- a/Cwd.xs

+++ b/Cwd.xs

@@ -424,7 +424,7 @@ int Perl_getcwd_sv(pTHX_ SV *sv)

 #endif

 #if USE_MY_CXT

-# define MY_CXT_KEY "Cwd::_guts"XS_VERSION

+# define MY_CXT_KEY "Cwd::_guts" XS_VERSION

 typedef struct {

     SV *empty_string_sv, *slash_string_sv;

 } my_cxt_t;

diff --git a/Makefile.PL b/Makefile.PL

index bc40baf..71b9a60 100644

--- a/Makefile.PL

+++ b/Makefile.PL

@@ -1,5 +1,11 @@

-BEGIN { @INC = grep {!/blib/} @INC }

+# See https://rt.cpan.org/Public/Bug/Display.html?id=4681

+# and https://rt.perl.org/Ticket/Display.html?id=125603

+# When installing a newer Cwd on a system with an existing Cwd,

+# under some circumstances the old Cwd.pm and the new Cwd.xs could

+# get mixed up and SEGVs ensue.

+

+BEGIN { @INC = grep { $_ ne "blib/arch" and $_ ne "blib/lib" } @INC }

 require 5.005;

 use ExtUtils::MakeMaker;

@@ -16,7 +22,6 @@ WriteMakefile

                            'Carp' => '0',

                            'File::Basename' => '0',

                            'Scalar::Util' => '0',

-                           'Test' => '0',

                            # done_testing() is used in dist/Cwd/t/Spec.t

                            'Test::More' => 0.88,

                          },

diff --git a/lib/File/Spec.pm b/lib/File/Spec.pm

index 32b987e..a9a7619 100644

--- a/lib/File/Spec.pm

+++ b/lib/File/Spec.pm

@@ -3,7 +3,7 @@ package File::Spec;

 use strict;

 use vars qw(@ISA $VERSION);

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 my %module = (MacOS   => 'Mac',

@@ -158,10 +158,13 @@ Returns a string representation of the parent directory.

 =item no_upwards

-Given a list of file names, strip out those that refer to a parent

-directory. (Does not strip symlinks, only '.', '..', and equivalents.)

+Given a list of files in a directory (such as from C<readdir()>),

+strip out C<'.'> and C<'..'>.

-    @paths = File::Spec->no_upwards( @paths );

+B<SECURITY NOTE:> This does NOT filter paths containing C<'..'>, like

+C<'../../../../etc/passwd'>, only literal matches to C<'.'> and C<'..'>.

+

+    @paths = File::Spec->no_upwards( readdir $dirhandle );

 =item case_tolerant

diff --git a/lib/File/Spec/AmigaOS.pm b/lib/File/Spec/AmigaOS.pm

index 7a5889c..8d3796e 100644

--- a/lib/File/Spec/AmigaOS.pm

+++ b/lib/File/Spec/AmigaOS.pm

@@ -4,7 +4,7 @@ use strict;

 use vars qw(@ISA $VERSION);

 require File::Spec::Unix;

-$VERSION = '3.64';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 @ISA = qw(File::Spec::Unix);

diff --git a/lib/File/Spec/Cygwin.pm b/lib/File/Spec/Cygwin.pm

index 2092eb8..745df86 100644

--- a/lib/File/Spec/Cygwin.pm

+++ b/lib/File/Spec/Cygwin.pm

@@ -4,7 +4,7 @@ use strict;

 use vars qw(@ISA $VERSION);

 require File::Spec::Unix;

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 @ISA = qw(File::Spec::Unix);

@@ -137,7 +137,11 @@ sub case_tolerant {

   if ($mntopts and ($mntopts =~ /,managed/)) {

     return 0;

   }

-  eval { require Win32API::File; } or return 1;

+  eval {

+      local @INC = @INC;

+      pop @INC if $INC[-1] eq '.';

+      require Win32API::File;

+  } or return 1;

   my $osFsType = "\0"x256;

   my $osVolName = "\0"x256;

   my $ouFsFlags = 0;

diff --git a/lib/File/Spec/Epoc.pm b/lib/File/Spec/Epoc.pm

index 22f0192..959261a 100644

--- a/lib/File/Spec/Epoc.pm

+++ b/lib/File/Spec/Epoc.pm

@@ -3,7 +3,7 @@ package File::Spec::Epoc;

 use strict;

 use vars qw($VERSION @ISA);

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 require File::Spec::Unix;

diff --git a/lib/File/Spec/Functions.pm b/lib/File/Spec/Functions.pm

index af2c498..cb7532e 100644

--- a/lib/File/Spec/Functions.pm

+++ b/lib/File/Spec/Functions.pm

@@ -5,7 +5,7 @@ use strict;

 use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION);

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 require Exporter;

diff --git a/lib/File/Spec/Mac.pm b/lib/File/Spec/Mac.pm

index 52c3bfe..192cc8d 100644

--- a/lib/File/Spec/Mac.pm

+++ b/lib/File/Spec/Mac.pm

@@ -4,7 +4,7 @@ use strict;

 use vars qw(@ISA $VERSION);

 require File::Spec::Unix;

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 @ISA = qw(File::Spec::Unix);

@@ -121,7 +121,7 @@ doesn't alter the path, i.e. these arguments are ignored. (When a ""

 is passed as the first argument, it has a special meaning, see

 (6)). This way, a colon ":" is handled like a "." (curdir) on Unix,

 while an empty string "" is generally ignored (see

-C<Unix-E<gt>canonpath()> ). Likewise, a "::" is handled like a ".."

+L<File::Spec::Unix/canonpath()> ). Likewise, a "::" is handled like a ".."

 (updir), and a ":::" is handled like a "../.." etc.  E.g.

     catdir("a",":",":","b")   = ":a:b:"

@@ -168,7 +168,7 @@ their Unix counterparts:

                                                     # (e.g. "HD:a:")

 However, this approach is limited to the first arguments following

-"root" (again, see C<Unix-E<gt>canonpath()> ). If there are more

+"root" (again, see L<File::Spec::Unix/canonpath()>. If there are more

 arguments that move up the directory tree, an invalid path going

 beyond root can be created.

diff --git a/lib/File/Spec/OS2.pm b/lib/File/Spec/OS2.pm

index 804ecdb..1e201eb 100644

--- a/lib/File/Spec/OS2.pm

+++ b/lib/File/Spec/OS2.pm

@@ -4,7 +4,7 @@ use strict;

 use vars qw(@ISA $VERSION);

 require File::Spec::Unix;

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 @ISA = qw(File::Spec::Unix);

diff --git a/lib/File/Spec/Unix.pm b/lib/File/Spec/Unix.pm

index 3916a11..ff3599a 100644

--- a/lib/File/Spec/Unix.pm

+++ b/lib/File/Spec/Unix.pm

@@ -3,7 +3,7 @@ package File::Spec::Unix;

 use strict;

 use vars qw($VERSION);

-$VERSION = '3.63';

+$VERSION = '3.67';

 my $xs_version = $VERSION;

 $VERSION =~ tr/_//d;

diff --git a/lib/File/Spec/VMS.pm b/lib/File/Spec/VMS.pm

index 02cc0b0..fb4351f 100644

--- a/lib/File/Spec/VMS.pm

+++ b/lib/File/Spec/VMS.pm

@@ -4,7 +4,7 @@ use strict;

 use vars qw(@ISA $VERSION);

 require File::Spec::Unix;

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 @ISA = qw(File::Spec::Unix);

@@ -39,7 +39,10 @@ via the C<DECC$FILENAME_UNIX_REPORT> CRTL feature.

 my $use_feature;

 BEGIN {

-    if (eval { local $SIG{__DIE__}; require VMS::Feature; }) {

+    if (eval { local $SIG{__DIE__};

+               local @INC = @INC;

+               pop @INC if $INC[-1] eq '.';

+               require VMS::Feature; }) {

         $use_feature = 1;

     }

 }

@@ -94,7 +97,7 @@ sub canonpath {

 						# [-.-.		==> [--.

 						# .-.-]		==> .--]

 						# [-.-]		==> [--]

-    1 while ($path =~ s/(?

+    1 while ($path =~ s/(?

 						# That loop does the following

 						# with any amount (minimum 2)

 						# of dashes:

@@ -105,11 +108,11 @@ sub canonpath {

 						#

 						# And then, the remaining cases

     $path =~ s/(? [-

-    $path =~ s/(? .

-    $path =~ s/(? [

-    $path =~ s/(? ]

+    $path =~ s/(? .

+    $path =~ s/(? [

+    $path =~ s/(? ]

 						# [foo.-]       ==> [000000]

-    $path =~ s/(?

+    $path =~ s/(?

 						# []		==>

     $path =~ s/(?

     return $unix_rpt ? unixify($path) : $path;

diff --git a/lib/File/Spec/Win32.pm b/lib/File/Spec/Win32.pm

index 1105b67..17f1c5a 100644

--- a/lib/File/Spec/Win32.pm

+++ b/lib/File/Spec/Win32.pm

@@ -5,7 +5,7 @@ use strict;

 use vars qw(@ISA $VERSION);

 require File::Spec::Unix;

-$VERSION = '3.63';

+$VERSION = '3.67';

 $VERSION =~ tr/_//d;

 @ISA = qw(File::Spec::Unix);

@@ -90,7 +90,11 @@ Default: 1

 =cut

 sub case_tolerant {

-  eval { require Win32API::File; } or return 1;

+  eval {

+    local @INC = @INC;

+    pop @INC if $INC[-1] eq '.';

+    require Win32API::File;

+  } or return 1;

   my $drive = shift || "C:";

   my $osFsType = "\0"x256;

   my $osVolName = "\0"x256;

-- 

2.9.3