perl-core/File-Temp: Add from gentoo

It's from gentoo commit 4422984d379c73f5b76891fcb58f694b5ba5a150.
flatcar-archive · Feb 17, 2022 · b32f7ac · b32f7ac
1 parent 889cd34
commit b32f7ac
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 0 deletions.
diff --git a/perl-core/File-Temp/File-Temp-0.231.100.ebuild b/perl-core/File-Temp/File-Temp-0.231.100.ebuild
@@ -0,0 +1,17 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DIST_AUTHOR=ETHER
+DIST_VERSION=0.2311
+inherit perl-module
+
+DESCRIPTION="File::Temp can be used to create and open temporary files in a safe way"
+
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+# bug 390719
+PATCHES=( "${FILESDIR}/${PN}-0.230.0-symlink-safety.patch" )
diff --git a/perl-core/File-Temp/Manifest b/perl-core/File-Temp/Manifest
@@ -0,0 +1 @@
+DIST File-Temp-0.2311.tar.gz 76988 BLAKE2B d867a5c391fb8bdf1534469ad67f3e122666fd857c3cabda67fcc216896159cb95b31a4885ee47c803e147fa246defc12608780e7814ede8e5662c8f8ffd3d0e SHA512 2db3f03f4d25013c60585cd3e6aa7e68fe9bb26f1957adf6674e9cae9e963a41c559d36862943703f567d116c82747b4fae0612253a784addeb53d7867a232d1
diff --git a/perl-core/File-Temp/files/File-Temp-0.230.0-symlink-safety.patch b/perl-core/File-Temp/files/File-Temp-0.230.0-symlink-safety.patch
@@ -0,0 +1,37 @@
+From: John Lightsey <jd@cpanel.net>
+Date: Mon, 27 Jun 2011 13:07:44 -0500
+Subject: [PATCH] symlink safety
+
+Add check for unsafe symbolic links to _is_safe() directory check.
+
+
+diff -ruN File-Temp-0.23.orig/lib/File/Temp.pm File-Temp-0.23/lib/File/Temp.pm
+--- File-Temp-0.23.orig/lib/File/Temp.pm	2013-03-14 22:56:59.000000000 +0100
++++ File-Temp-0.23/lib/File/Temp.pm	2014-10-15 23:46:29.894611586 +0200
+@@ -672,7 +672,25 @@
+   my $err_ref = shift;
+
+   # Stat path
+-  my @info = stat($path);
++  my @info = lstat($path);
++  my $symlink_test_path = $path;
++  my $symlink_loop_count = 0;
++  while (-l _) {
++    if (++$symlink_loop_count >= 50) {
++      $$err_ref = "50 levels of symlinks encountered at $path";
++      return 0;
++    }
++    if ( $info[4] <= File::Temp->top_system_uid() || $info[4] == $>) {
++      # safe to traverse
++      $symlink_test_path = readlink($symlink_test_path);
++      @info = lstat($symlink_test_path);
++    }
++    else {
++      $$err_ref = "Unsafe symlink at $path";
++      return 0;
++    }
++  }
++
+   unless (scalar(@info)) {
+     $$err_ref = "stat(path) returned no values";
+     return 0;
diff --git a/perl-core/File-Temp/metadata.xml b/perl-core/File-Temp/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="project">
+    <email>perl@gentoo.org</email>
+    <name>Gentoo Perl Project</name>
+  </maintainer>
+  <upstream>
+    <remote-id type="cpan">File-Temp</remote-id>
+    <remote-id type="cpan-module">File::Temp</remote-id>
+    <remote-id type="cpan-module">File::Temp::Dir</remote-id>
+  </upstream>
+</pkgmetadata>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		DIST File-Temp-0.2311.tar.gz 76988 BLAKE2B d867a5c391fb8bdf1534469ad67f3e122666fd857c3cabda67fcc216896159cb95b31a4885ee47c803e147fa246defc12608780e7814ede8e5662c8f8ffd3d0e SHA512 2db3f03f4d25013c60585cd3e6aa7e68fe9bb26f1957adf6674e9cae9e963a41c559d36862943703f567d116c82747b4fae0612253a784addeb53d7867a232d1