From e096006aef3f45147f77949c6b07f525aba08fc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 11 May 2017 11:27:40 +0200
Subject: [PATCH] Upgrade to 3.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Unbundled from 5.25.12.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
Changes | 12 ++++++++++++
Cwd.pm | 7 +++++--
Cwd.xs | 2 +-
Makefile.PL | 9 +++++++--
lib/File/Spec.pm | 11 +++++++----
lib/File/Spec/AmigaOS.pm | 2 +-
lib/File/Spec/Cygwin.pm | 8 ++++++--
lib/File/Spec/Epoc.pm | 2 +-
lib/File/Spec/Functions.pm | 2 +-
lib/File/Spec/Mac.pm | 6 +++---
lib/File/Spec/OS2.pm | 2 +-
lib/File/Spec/Unix.pm | 2 +-
lib/File/Spec/VMS.pm | 17 ++++++++++-------
lib/File/Spec/Win32.pm | 8 ++++++--
14 files changed, 62 insertions(+), 28 deletions(-)
diff --git a/Changes b/Changes
index 09e977a..7d0c179 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,17 @@
Revision history for Perl distribution PathTools.
+3.67 - Mon Feb 27 09:33:04 EST 2017
+- Add security usage note to File::Spec::no_upwards
+
+3.66 - Sat Nov 19 10:30:19 MST 2016
+- white space change so can compile under C++11
+
+3.65 - Mon, 25 Jul 2016 23:15:33 -0700
+- (perl #127384)(CVE-2016-1238)
+
+3.64 - Tue May 24 10:00:19 MST 2016
+- just minor pod changes to silence Pod::Checker
+
3.62 - Mon Jan 11 08:39:19 EST 2016
- ensure File::Spec::canonpath() preserves taint (CVE-2015-8607)
diff --git a/Cwd.pm b/Cwd.pm
index e8b9f19..ce142cf 100644
--- a/Cwd.pm
+++ b/Cwd.pm
@@ -3,7 +3,7 @@ use strict;
use Exporter;
use vars qw(@ISA @EXPORT @EXPORT_OK $VERSION);
-$VERSION = '3.63';
+$VERSION = '3.67';
my $xs_version = $VERSION;
$VERSION =~ tr/_//d;
@@ -40,7 +40,10 @@ if ($^O eq 'os2') {
my $use_vms_feature;
BEGIN {
if ($^O eq 'VMS') {
- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) {
+ if (eval { local $SIG{__DIE__};
+ local @INC = @INC;
+ pop @INC if $INC[-1] eq '.';
+ require VMS::Feature; }) {
$use_vms_feature = 1;
}
}
diff --git a/Cwd.xs b/Cwd.xs
index 3d018dc..c6c600b 100644
--- a/Cwd.xs
+++ b/Cwd.xs
@@ -424,7 +424,7 @@ int Perl_getcwd_sv(pTHX_ SV *sv)
#endif
#if USE_MY_CXT
-# define MY_CXT_KEY "Cwd::_guts"XS_VERSION
+# define MY_CXT_KEY "Cwd::_guts" XS_VERSION
typedef struct {
SV *empty_string_sv, *slash_string_sv;
} my_cxt_t;
diff --git a/Makefile.PL b/Makefile.PL
index bc40baf..71b9a60 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -1,5 +1,11 @@
-BEGIN { @INC = grep {!/blib/} @INC }
+# See https://rt.cpan.org/Public/Bug/Display.html?id=4681
+# and https://rt.perl.org/Ticket/Display.html?id=125603
+# When installing a newer Cwd on a system with an existing Cwd,
+# under some circumstances the old Cwd.pm and the new Cwd.xs could
+# get mixed up and SEGVs ensue.
+
+BEGIN { @INC = grep { $_ ne "blib/arch" and $_ ne "blib/lib" } @INC }
require 5.005;
use ExtUtils::MakeMaker;
@@ -16,7 +22,6 @@ WriteMakefile
'Carp' => '0',
'File::Basename' => '0',
'Scalar::Util' => '0',
- 'Test' => '0',
# done_testing() is used in dist/Cwd/t/Spec.t
'Test::More' => 0.88,
},
diff --git a/lib/File/Spec.pm b/lib/File/Spec.pm
index 32b987e..a9a7619 100644
--- a/lib/File/Spec.pm
+++ b/lib/File/Spec.pm
@@ -3,7 +3,7 @@ package File::Spec;
use strict;
use vars qw(@ISA $VERSION);
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
my %module = (MacOS => 'Mac',
@@ -158,10 +158,13 @@ Returns a string representation of the parent directory.
=item no_upwards
-Given a list of file names, strip out those that refer to a parent
-directory. (Does not strip symlinks, only '.', '..', and equivalents.)
+Given a list of files in a directory (such as from C<readdir()>),
+strip out C<'.'> and C<'..'>.
- @paths = File::Spec->no_upwards( @paths );
+B<SECURITY NOTE:> This does NOT filter paths containing C<'..'>, like
+C<'../../../../etc/passwd'>, only literal matches to C<'.'> and C<'..'>.
+
+ @paths = File::Spec->no_upwards( readdir $dirhandle );
=item case_tolerant
diff --git a/lib/File/Spec/AmigaOS.pm b/lib/File/Spec/AmigaOS.pm
index 7a5889c..8d3796e 100644
--- a/lib/File/Spec/AmigaOS.pm
+++ b/lib/File/Spec/AmigaOS.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.64';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
@ISA = qw(File::Spec::Unix);
diff --git a/lib/File/Spec/Cygwin.pm b/lib/File/Spec/Cygwin.pm
index 2092eb8..745df86 100644
--- a/lib/File/Spec/Cygwin.pm
+++ b/lib/File/Spec/Cygwin.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
@ISA = qw(File::Spec::Unix);
@@ -137,7 +137,11 @@ sub case_tolerant {
if ($mntopts and ($mntopts =~ /,managed/)) {
return 0;
}
- eval { require Win32API::File; } or return 1;
+ eval {
+ local @INC = @INC;
+ pop @INC if $INC[-1] eq '.';
+ require Win32API::File;
+ } or return 1;
my $osFsType = "\0"x256;
my $osVolName = "\0"x256;
my $ouFsFlags = 0;
diff --git a/lib/File/Spec/Epoc.pm b/lib/File/Spec/Epoc.pm
index 22f0192..959261a 100644
--- a/lib/File/Spec/Epoc.pm
+++ b/lib/File/Spec/Epoc.pm
@@ -3,7 +3,7 @@ package File::Spec::Epoc;
use strict;
use vars qw($VERSION @ISA);
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
require File::Spec::Unix;
diff --git a/lib/File/Spec/Functions.pm b/lib/File/Spec/Functions.pm
index af2c498..cb7532e 100644
--- a/lib/File/Spec/Functions.pm
+++ b/lib/File/Spec/Functions.pm
@@ -5,7 +5,7 @@ use strict;
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION);
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
require Exporter;
diff --git a/lib/File/Spec/Mac.pm b/lib/File/Spec/Mac.pm
index 52c3bfe..192cc8d 100644
--- a/lib/File/Spec/Mac.pm
+++ b/lib/File/Spec/Mac.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
@ISA = qw(File::Spec::Unix);
@@ -121,7 +121,7 @@ doesn't alter the path, i.e. these arguments are ignored. (When a ""
is passed as the first argument, it has a special meaning, see
(6)). This way, a colon ":" is handled like a "." (curdir) on Unix,
while an empty string "" is generally ignored (see
-C<Unix-E<gt>canonpath()> ). Likewise, a "::" is handled like a ".."
+L<File::Spec::Unix/canonpath()> ). Likewise, a "::" is handled like a ".."
(updir), and a ":::" is handled like a "../.." etc. E.g.
catdir("a",":",":","b") = ":a:b:"
@@ -168,7 +168,7 @@ their Unix counterparts:
# (e.g. "HD:a:")
However, this approach is limited to the first arguments following
-"root" (again, see C<Unix-E<gt>canonpath()> ). If there are more
+"root" (again, see L<File::Spec::Unix/canonpath()>. If there are more
arguments that move up the directory tree, an invalid path going
beyond root can be created.
diff --git a/lib/File/Spec/OS2.pm b/lib/File/Spec/OS2.pm
index 804ecdb..1e201eb 100644
--- a/lib/File/Spec/OS2.pm
+++ b/lib/File/Spec/OS2.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
@ISA = qw(File::Spec::Unix);
diff --git a/lib/File/Spec/Unix.pm b/lib/File/Spec/Unix.pm
index 3916a11..ff3599a 100644
--- a/lib/File/Spec/Unix.pm
+++ b/lib/File/Spec/Unix.pm
@@ -3,7 +3,7 @@ package File::Spec::Unix;
use strict;
use vars qw($VERSION);
-$VERSION = '3.63';
+$VERSION = '3.67';
my $xs_version = $VERSION;
$VERSION =~ tr/_//d;
diff --git a/lib/File/Spec/VMS.pm b/lib/File/Spec/VMS.pm
index 02cc0b0..fb4351f 100644
--- a/lib/File/Spec/VMS.pm
+++ b/lib/File/Spec/VMS.pm
@@ -4,7 +4,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
@ISA = qw(File::Spec::Unix);
@@ -39,7 +39,10 @@ via the C<DECC$FILENAME_UNIX_REPORT> CRTL feature.
my $use_feature;
BEGIN {
- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) {
+ if (eval { local $SIG{__DIE__};
+ local @INC = @INC;
+ pop @INC if $INC[-1] eq '.';
+ require VMS::Feature; }) {
$use_feature = 1;
}
}
@@ -94,7 +97,7 @@ sub canonpath {
# [-.-. ==> [--.
# .-.-] ==> .--]
# [-.-] ==> [--]
- 1 while ($path =~ s/(?<!\^)([\[\.])[^\]\.]+\.-(-+)([\]\.])/$1$2$3/);
+ 1 while ($path =~ s/(?<!\^)([\[\.])(?:\^.|[^\]\.])+\.-(-+)([\]\.])/$1$2$3/);
# That loop does the following
# with any amount (minimum 2)
# of dashes:
@@ -105,11 +108,11 @@ sub canonpath {
#
# And then, the remaining cases
$path =~ s/(?<!\^)\[\.-/[-/; # [.- ==> [-
- $path =~ s/(?<!\^)\.[^\]\.]+\.-\./\./g; # .foo.-. ==> .
- $path =~ s/(?<!\^)\[[^\]\.]+\.-\./\[/g; # [foo.-. ==> [
- $path =~ s/(?<!\^)\.[^\]\.]+\.-\]/\]/g; # .foo.-] ==> ]
+ $path =~ s/(?<!\^)\.(?:\^.|[^\]\.])+\.-\./\./g; # .foo.-. ==> .
+ $path =~ s/(?<!\^)\[(?:\^.|[^\]\.])+\.-\./\[/g; # [foo.-. ==> [
+ $path =~ s/(?<!\^)\.(?:\^.|[^\]\.])+\.-\]/\]/g; # .foo.-] ==> ]
# [foo.-] ==> [000000]
- $path =~ s/(?<!\^)\[[^\]\.]+\.-\]/\[000000\]/g;
+ $path =~ s/(?<!\^)\[(?:\^.|[^\]\.])+\.-\]/\[000000\]/g;
# [] ==>
$path =~ s/(?<!\^)\[\]// unless $path eq '[]';
return $unix_rpt ? unixify($path) : $path;
diff --git a/lib/File/Spec/Win32.pm b/lib/File/Spec/Win32.pm
index 1105b67..17f1c5a 100644
--- a/lib/File/Spec/Win32.pm
+++ b/lib/File/Spec/Win32.pm
@@ -5,7 +5,7 @@ use strict;
use vars qw(@ISA $VERSION);
require File::Spec::Unix;
-$VERSION = '3.63';
+$VERSION = '3.67';
$VERSION =~ tr/_//d;
@ISA = qw(File::Spec::Unix);
@@ -90,7 +90,11 @@ Default: 1
=cut
sub case_tolerant {
- eval { require Win32API::File; } or return 1;
+ eval {
+ local @INC = @INC;
+ pop @INC if $INC[-1] eq '.';
+ require Win32API::File;
+ } or return 1;
my $drive = shift || "C:";
my $osFsType = "\0"x256;
my $osVolName = "\0"x256;
--
2.9.3