From e096006aef3f45147f77949c6b07f525aba08fc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 11 May 2017 11:27:40 +0200 Subject: [PATCH] Upgrade to 3.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unbundled from 5.25.12. Signed-off-by: Petr Písař --- Changes | 12 ++++++++++++ Cwd.pm | 7 +++++-- Cwd.xs | 2 +- Makefile.PL | 9 +++++++-- lib/File/Spec.pm | 11 +++++++---- lib/File/Spec/AmigaOS.pm | 2 +- lib/File/Spec/Cygwin.pm | 8 ++++++-- lib/File/Spec/Epoc.pm | 2 +- lib/File/Spec/Functions.pm | 2 +- lib/File/Spec/Mac.pm | 6 +++--- lib/File/Spec/OS2.pm | 2 +- lib/File/Spec/Unix.pm | 2 +- lib/File/Spec/VMS.pm | 17 ++++++++++------- lib/File/Spec/Win32.pm | 8 ++++++-- 14 files changed, 62 insertions(+), 28 deletions(-) diff --git a/Changes b/Changes index 09e977a..7d0c179 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,17 @@ Revision history for Perl distribution PathTools. +3.67 - Mon Feb 27 09:33:04 EST 2017 +- Add security usage note to File::Spec::no_upwards + +3.66 - Sat Nov 19 10:30:19 MST 2016 +- white space change so can compile under C++11 + +3.65 - Mon, 25 Jul 2016 23:15:33 -0700 +- (perl #127384)(CVE-2016-1238) + +3.64 - Tue May 24 10:00:19 MST 2016 +- just minor pod changes to silence Pod::Checker + 3.62 - Mon Jan 11 08:39:19 EST 2016 - ensure File::Spec::canonpath() preserves taint (CVE-2015-8607) diff --git a/Cwd.pm b/Cwd.pm index e8b9f19..ce142cf 100644 --- a/Cwd.pm +++ b/Cwd.pm @@ -3,7 +3,7 @@ use strict; use Exporter; use vars qw(@ISA @EXPORT @EXPORT_OK $VERSION); -$VERSION = '3.63'; +$VERSION = '3.67'; my $xs_version = $VERSION; $VERSION =~ tr/_//d; @@ -40,7 +40,10 @@ if ($^O eq 'os2') { my $use_vms_feature; BEGIN { if ($^O eq 'VMS') { - if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { + if (eval { local $SIG{__DIE__}; + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; + require VMS::Feature; }) { $use_vms_feature = 1; } } diff --git a/Cwd.xs b/Cwd.xs index 3d018dc..c6c600b 100644 --- a/Cwd.xs +++ b/Cwd.xs @@ -424,7 +424,7 @@ int Perl_getcwd_sv(pTHX_ SV *sv) #endif #if USE_MY_CXT -# define MY_CXT_KEY "Cwd::_guts"XS_VERSION +# define MY_CXT_KEY "Cwd::_guts" XS_VERSION typedef struct { SV *empty_string_sv, *slash_string_sv; } my_cxt_t; diff --git a/Makefile.PL b/Makefile.PL index bc40baf..71b9a60 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -1,5 +1,11 @@ -BEGIN { @INC = grep {!/blib/} @INC } +# See https://rt.cpan.org/Public/Bug/Display.html?id=4681 +# and https://rt.perl.org/Ticket/Display.html?id=125603 +# When installing a newer Cwd on a system with an existing Cwd, +# under some circumstances the old Cwd.pm and the new Cwd.xs could +# get mixed up and SEGVs ensue. + +BEGIN { @INC = grep { $_ ne "blib/arch" and $_ ne "blib/lib" } @INC } require 5.005; use ExtUtils::MakeMaker; @@ -16,7 +22,6 @@ WriteMakefile 'Carp' => '0', 'File::Basename' => '0', 'Scalar::Util' => '0', - 'Test' => '0', # done_testing() is used in dist/Cwd/t/Spec.t 'Test::More' => 0.88, }, diff --git a/lib/File/Spec.pm b/lib/File/Spec.pm index 32b987e..a9a7619 100644 --- a/lib/File/Spec.pm +++ b/lib/File/Spec.pm @@ -3,7 +3,7 @@ package File::Spec; use strict; use vars qw(@ISA $VERSION); -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; my %module = (MacOS => 'Mac', @@ -158,10 +158,13 @@ Returns a string representation of the parent directory. =item no_upwards -Given a list of file names, strip out those that refer to a parent -directory. (Does not strip symlinks, only '.', '..', and equivalents.) +Given a list of files in a directory (such as from C), +strip out C<'.'> and C<'..'>. - @paths = File::Spec->no_upwards( @paths ); +B This does NOT filter paths containing C<'..'>, like +C<'../../../../etc/passwd'>, only literal matches to C<'.'> and C<'..'>. + + @paths = File::Spec->no_upwards( readdir $dirhandle ); =item case_tolerant diff --git a/lib/File/Spec/AmigaOS.pm b/lib/File/Spec/AmigaOS.pm index 7a5889c..8d3796e 100644 --- a/lib/File/Spec/AmigaOS.pm +++ b/lib/File/Spec/AmigaOS.pm @@ -4,7 +4,7 @@ use strict; use vars qw(@ISA $VERSION); require File::Spec::Unix; -$VERSION = '3.64'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; @ISA = qw(File::Spec::Unix); diff --git a/lib/File/Spec/Cygwin.pm b/lib/File/Spec/Cygwin.pm index 2092eb8..745df86 100644 --- a/lib/File/Spec/Cygwin.pm +++ b/lib/File/Spec/Cygwin.pm @@ -4,7 +4,7 @@ use strict; use vars qw(@ISA $VERSION); require File::Spec::Unix; -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; @ISA = qw(File::Spec::Unix); @@ -137,7 +137,11 @@ sub case_tolerant { if ($mntopts and ($mntopts =~ /,managed/)) { return 0; } - eval { require Win32API::File; } or return 1; + eval { + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; + require Win32API::File; + } or return 1; my $osFsType = "\0"x256; my $osVolName = "\0"x256; my $ouFsFlags = 0; diff --git a/lib/File/Spec/Epoc.pm b/lib/File/Spec/Epoc.pm index 22f0192..959261a 100644 --- a/lib/File/Spec/Epoc.pm +++ b/lib/File/Spec/Epoc.pm @@ -3,7 +3,7 @@ package File::Spec::Epoc; use strict; use vars qw($VERSION @ISA); -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; require File::Spec::Unix; diff --git a/lib/File/Spec/Functions.pm b/lib/File/Spec/Functions.pm index af2c498..cb7532e 100644 --- a/lib/File/Spec/Functions.pm +++ b/lib/File/Spec/Functions.pm @@ -5,7 +5,7 @@ use strict; use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION); -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; require Exporter; diff --git a/lib/File/Spec/Mac.pm b/lib/File/Spec/Mac.pm index 52c3bfe..192cc8d 100644 --- a/lib/File/Spec/Mac.pm +++ b/lib/File/Spec/Mac.pm @@ -4,7 +4,7 @@ use strict; use vars qw(@ISA $VERSION); require File::Spec::Unix; -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; @ISA = qw(File::Spec::Unix); @@ -121,7 +121,7 @@ doesn't alter the path, i.e. these arguments are ignored. (When a "" is passed as the first argument, it has a special meaning, see (6)). This way, a colon ":" is handled like a "." (curdir) on Unix, while an empty string "" is generally ignored (see -Ccanonpath()> ). Likewise, a "::" is handled like a ".." +L ). Likewise, a "::" is handled like a ".." (updir), and a ":::" is handled like a "../.." etc. E.g. catdir("a",":",":","b") = ":a:b:" @@ -168,7 +168,7 @@ their Unix counterparts: # (e.g. "HD:a:") However, this approach is limited to the first arguments following -"root" (again, see Ccanonpath()> ). If there are more +"root" (again, see L. If there are more arguments that move up the directory tree, an invalid path going beyond root can be created. diff --git a/lib/File/Spec/OS2.pm b/lib/File/Spec/OS2.pm index 804ecdb..1e201eb 100644 --- a/lib/File/Spec/OS2.pm +++ b/lib/File/Spec/OS2.pm @@ -4,7 +4,7 @@ use strict; use vars qw(@ISA $VERSION); require File::Spec::Unix; -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; @ISA = qw(File::Spec::Unix); diff --git a/lib/File/Spec/Unix.pm b/lib/File/Spec/Unix.pm index 3916a11..ff3599a 100644 --- a/lib/File/Spec/Unix.pm +++ b/lib/File/Spec/Unix.pm @@ -3,7 +3,7 @@ package File::Spec::Unix; use strict; use vars qw($VERSION); -$VERSION = '3.63'; +$VERSION = '3.67'; my $xs_version = $VERSION; $VERSION =~ tr/_//d; diff --git a/lib/File/Spec/VMS.pm b/lib/File/Spec/VMS.pm index 02cc0b0..fb4351f 100644 --- a/lib/File/Spec/VMS.pm +++ b/lib/File/Spec/VMS.pm @@ -4,7 +4,7 @@ use strict; use vars qw(@ISA $VERSION); require File::Spec::Unix; -$VERSION = '3.63'; +$VERSION = '3.67'; $VERSION =~ tr/_//d; @ISA = qw(File::Spec::Unix); @@ -39,7 +39,10 @@ via the C CRTL feature. my $use_feature; BEGIN { - if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { + if (eval { local $SIG{__DIE__}; + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; + require VMS::Feature; }) { $use_feature = 1; } } @@ -94,7 +97,7 @@ sub canonpath { # [-.-. ==> [--. # .-.-] ==> .--] # [-.-] ==> [--] - 1 while ($path =~ s/(? [- - $path =~ s/(? . - $path =~ s/(? [ - $path =~ s/(? ] + $path =~ s/(? . + $path =~ s/(? [ + $path =~ s/(? ] # [foo.-] ==> [000000] - $path =~ s/(? $path =~ s/(?