From owner-svn-ports-all@freebsd.org Thu Aug 11 13:32:06 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEE88BB549F; Thu, 11 Aug 2016 13:32:06 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B71511782; Thu, 11 Aug 2016 13:32:06 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7BDW6m4011152; Thu, 11 Aug 2016 13:32:06 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7BDW5pH011147; Thu, 11 Aug 2016 13:32:05 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201608111332.u7BDW5pH011147@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Thu, 11 Aug 2016 13:32:05 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r420067 - in head/lang: perl5.18 perl5.18/files perl5.20 perl5.20/files perl5.22 perl5.22/files perl5.24 perl5.24/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Aug 2016 13:32:07 -0000 Author: mat Date: Thu Aug 11 13:32:05 2016 New Revision: 420067 URL: https://svnweb.freebsd.org/changeset/ports/420067 Log: Update lang/perl5.* to fix CVE-2016-1238. We're exceptionnaly using the latest release candidates for this, Perl 5.22.3 and 5.24.1 were about to be released when CVE-2016-1238 hit the fan, so we feel confident that EVERYTHING WILL BE FINE. - lang/perl5.24 goes to 5.24.1-RC2. - lang/perl5.22 goes to 5.22.3-RC2. - lang/perl5.20 goes to 5.20.3_14. - lang/perl5.18 goes to 5.18.3_23 PR: 211561 Reported by: Sevan Janiyan MFH: 2016Q3 Security: CVE-2016-1238 Sponsored by: Absolight Added: head/lang/perl5.18/files/patch-CVE-2016-1238 (contents, props changed) head/lang/perl5.20/files/patch-CVE-2016-1238 (contents, props changed) Modified: head/lang/perl5.18/Makefile (contents, props changed) head/lang/perl5.20/Makefile (contents, props changed) head/lang/perl5.22/Makefile (contents, props changed) head/lang/perl5.22/distinfo (contents, props changed) head/lang/perl5.22/files/patch-cpan_Pod-Perldoc_lib_Pod_Perldoc.pm (contents, props changed) head/lang/perl5.22/files/patch-t_porting_customized.dat (contents, props changed) head/lang/perl5.22/pkg-plist (contents, props changed) head/lang/perl5.22/version.mk head/lang/perl5.24/Makefile (contents, props changed) head/lang/perl5.24/distinfo (contents, props changed) head/lang/perl5.24/files/patch-cpan_Pod-Perldoc_lib_Pod_Perldoc.pm (contents, props changed) head/lang/perl5.24/files/patch-t_porting_customized.dat (contents, props changed) head/lang/perl5.24/pkg-plist (contents, props changed) head/lang/perl5.24/version.mk Modified: head/lang/perl5.18/Makefile ============================================================================== --- head/lang/perl5.18/Makefile Thu Aug 11 13:05:58 2016 (r420066) +++ head/lang/perl5.18/Makefile Thu Aug 11 13:32:05 2016 (r420067) @@ -3,7 +3,7 @@ PORTNAME= perl PORTVERSION= ${PERL_VERSION} -PORTREVISION= 22 +PORTREVISION= 23 CATEGORIES= lang devel perl5 MASTER_SITES= CPAN/../../src/5.0 DIST_SUBDIR= perl Added: head/lang/perl5.18/files/patch-CVE-2016-1238 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lang/perl5.18/files/patch-CVE-2016-1238 Thu Aug 11 13:32:05 2016 (r420067) @@ -0,0 +1,706 @@ +--- cpan/Archive-Tar/bin/ptar ++++ cpan/Archive-Tar/bin/ptar +@@ -1,6 +1,7 @@ + #!/usr/bin/perl + use strict; + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use File::Find; + use Getopt::Std; + use Archive::Tar; +--- cpan/Archive-Tar/bin/ptardiff ++++ cpan/Archive-Tar/bin/ptardiff +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use Archive::Tar; + use Getopt::Std; +--- cpan/Archive-Tar/bin/ptargrep ++++ cpan/Archive-Tar/bin/ptargrep +@@ -4,6 +4,7 @@ + # archive. See 'ptargrep --help' for more documentation. + # + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings; + +--- cpan/CPAN/scripts/cpan ++++ cpan/CPAN/scripts/cpan +@@ -1,5 +1,6 @@ + #!/usr/local/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use vars qw($VERSION); + +--- cpan/Digest-SHA/shasum ++++ cpan/Digest-SHA/shasum +@@ -13,6 +13,7 @@ + ## "-0" option for reading bit strings, and + ## "-p" option for portable digests (to be deprecated). + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings; + use Fcntl; +--- cpan/Encode/bin/enc2xs ++++ cpan/Encode/bin/enc2xs +@@ -4,6 +4,7 @@ BEGIN { + # with $ENV{PERL_CORE} set + # In case we need it in future... + require Config; import Config; ++ pop @INC if $INC[-1] eq '.'; + } + use strict; + use warnings; +--- cpan/Encode/bin/piconv ++++ cpan/Encode/bin/piconv +@@ -1,6 +1,7 @@ + #!./perl + # $Id: piconv,v 2.7 2014/05/31 09:48:48 dankogai Exp $ + # ++BEGIN { pop @INC if $INC[-1] eq '.' } + use 5.8.0; + use strict; + use Encode ; +--- cpan/Encode/bin/ucmlint ++++ cpan/Encode/bin/ucmlint +@@ -3,6 +3,7 @@ + # $Id: ucmlint,v 2.2 2008/03/12 09:51:11 dankogai Exp $ + # + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + our $VERSION = do { my @r = (q$Revision: 2.2 $ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r }; + +--- cpan/Encode/bin/unidump ++++ cpan/Encode/bin/unidump +@@ -1,5 +1,6 @@ + #!./perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use Encode; + use Getopt::Std; +--- cpan/ExtUtils-MakeMaker/bin/instmodsh ++++ cpan/ExtUtils-MakeMaker/bin/instmodsh +@@ -1,5 +1,6 @@ + #!/usr/bin/perl -w + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use IO::File; + use ExtUtils::Packlist; +--- cpan/IO-Compress/bin/zipdetails ++++ cpan/IO-Compress/bin/zipdetails +@@ -5,6 +5,7 @@ + # Display info on the contents of a Zip file + # + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings ; + +--- cpan/JSON-PP/bin/json_pp ++++ cpan/JSON-PP/bin/json_pp +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use Getopt::Long; + +--- cpan/Test-Harness/bin/prove ++++ cpan/Test-Harness/bin/prove +@@ -1,5 +1,6 @@ + #!/usr/bin/perl -w + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings; + use App::Prove; +--- dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp ++++ dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp +@@ -1,5 +1,6 @@ + #!perl + use 5.006; ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + eval { + require ExtUtils::ParseXS; +--- dist/Module-CoreList/corelist ++++ dist/Module-CoreList/corelist +@@ -130,6 +130,7 @@ requested perl versions. + + =cut + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Module::CoreList; + use Getopt::Long qw(:config no_ignore_case); + use Pod::Usage; +--- ext/Pod-Html/bin/pod2html ++++ ext/Pod-Html/bin/pod2html +@@ -216,6 +216,7 @@ This program is distributed under the Artistic License. + + =cut + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Pod::Html; + + pod2html @ARGV; +--- utils/c2ph.PL ++++ utils/c2ph.PL +@@ -280,6 +280,7 @@ Anyway, here it is. Should run on perl v4 or greater. Maybe less. + + $RCSID = '$Id: c2ph,v 1.7 95/10/28 10:41:47 tchrist Exp Locker: tchrist $'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use File::Temp; + + ###################################################################### +--- utils/h2ph.PL ++++ utils/h2ph.PL +@@ -36,6 +36,8 @@ $Config{startperl} + + print OUT <<'!NO!SUBS!'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ + use strict; + + use Config; +--- utils/h2xs.PL ++++ utils/h2xs.PL +@@ -35,6 +35,8 @@ $Config{startperl} + + print OUT <<'!NO!SUBS!'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ + use warnings; + + =head1 NAME +--- utils/libnetcfg.PL ++++ utils/libnetcfg.PL +@@ -97,6 +97,7 @@ Jarkko Hietaniemi, conversion into libnetcfg for inclusion into Perl 5.8. + + # $Id: Configure,v 1.8 1997/03/04 09:22:32 gbarr Exp $ + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use IO::File; + use Getopt::Std; +--- utils/perlbug.PL ++++ utils/perlbug.PL +@@ -57,6 +57,7 @@ print OUT <<'!NO!SUBS!'; + my @patches = Config::local_patches(); + my $patch_tags = join "", map /(\S+)/ ? "+$1 " : (), @patches; + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use warnings; + use strict; + use Config; +--- utils/perldoc.PL ++++ utils/perldoc.PL +@@ -44,7 +44,10 @@ $Config{startperl} + # This "$file" file was generated by "$0" + + require 5; +-BEGIN { \$^W = 1 if \$ENV{'PERLDOCDEBUG'} } ++BEGIN { ++ \$^W = 1 if \$ENV{'PERLDOCDEBUG'}; ++ pop \@INC if \$INC[-1] eq '.'; ++} + use Pod::Perldoc; + exit( Pod::Perldoc->run() ); + +--- utils/perlivp.PL ++++ utils/perlivp.PL +@@ -39,6 +39,8 @@ print OUT "\n# perlivp $^V\n"; + + print OUT <<'!NO!SUBS!'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ + sub usage { + warn "@_\n" if @_; + print << " EOUSAGE"; +--- utils/splain.PL ++++ utils/splain.PL +@@ -38,6 +38,12 @@ $Config{startperl} + if \$running_under_some_shell; + !GROK!THIS! + ++print <<'!NO!SUBS!'; ++ ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ ++!NO!SUBS! ++ + while () { + print OUT unless /^package diagnostics/; + } +--- lib/perl5db.pl ++++ lib/perl5db.pl +@@ -1938,7 +1938,10 @@ sub _DB__handle_y_command { + = $obj->cmd_args =~ /\A(?:(\d*)\s*(.*))?\z/) { + + # See if we've got the necessary support. +- if (!eval { require PadWalker; PadWalker->VERSION(0.08) }) { ++ if (!eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require PadWalker; PadWalker->VERSION(0.08) }) { + my $Err = $@; + _db_warn( + $Err =~ /locate/ +@@ -9420,7 +9423,10 @@ if PadWalker could be loaded. + + =cut + +- if (not $text =~ /::/ and eval { require PadWalker } ) { ++ if (not $text =~ /::/ and eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require PadWalker } ) { + my $level = 1; + while (1) { + my @info = caller($level); +--- cpan/Test/lib/Test.pm ++++ cpan/Test/lib/Test.pm +@@ -480,7 +480,12 @@ sub _diff_complain { + my($result, $expected, $detail, $prefix) = @_; + return _diff_complain_external(@_) if $ENV{PERL_TEST_DIFF}; + return _diff_complain_algdiff(@_) +- if eval { require Algorithm::Diff; Algorithm::Diff->VERSION(1.15); 1; }; ++ if eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require Algorithm::Diff; Algorithm::Diff->VERSION(1.15); ++ 1; ++ }; + + $told_about_diff++ or print $TESTERR <<"EOT"; + # $prefix (Install the Algorithm::Diff module to have differences in multiline +--- dist/I18N-LangTags/lib/I18N/LangTags/Detect.pm ++++ dist/I18N-LangTags/lib/I18N/LangTags/Detect.pm +@@ -145,6 +145,8 @@ sub _try_use { # Basically a wrapper around "require Modulename" + print " About to use $module ...\n" if DEBUG; + { + local $SIG{'__DIE__'}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval "require $module"; # used to be "use $module", but no point in that. + } + if($@) { +--- dist/IO/IO.pm ++++ dist/IO/IO.pm +@@ -18,6 +18,8 @@ sub import { + + my @l = @_ ? @_ : qw(Handle Seekable File Pipe Socket Dir); + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval join("", map { "require IO::" . (/(\w+)/)[0] . ";\n" } @l) + or croak $@; + } +--- dist/Locale-Maketext/lib/Locale/Maketext.pm ++++ dist/Locale-Maketext/lib/Locale/Maketext.pm +@@ -449,6 +449,8 @@ sub _try_use { # Basically a wrapper around "require Modulename" + + local $SIG{'__DIE__'}; + local $@; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval "require $module"; # used to be "use $module", but no point in that. + + if($@) { +--- dist/Net-Ping/lib/Net/Ping.pm ++++ dist/Net-Ping/lib/Net/Ping.pm +@@ -410,7 +410,11 @@ sub ping_external { + $timeout # Seconds after which ping times out + ) = @_; + +- eval { require Net::Ping::External; } ++ eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require Net::Ping::External; ++ } + or croak('Protocol "external" not supported on your system: Net::Ping::External not found'); + return Net::Ping::External::ping(ip => $ip, timeout => $timeout); + } +--- dist/Storable/Storable.pm ++++ dist/Storable/Storable.pm +@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERSION); + $VERSION = '2.53_01'; + + BEGIN { +- if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) { ++ if (eval { ++ local $SIG{__DIE__}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require Log::Agent; ++ 1; ++ }) { + Log::Agent->import; + } + # +--- dist/base/lib/base.pm ++++ dist/base/lib/base.pm +@@ -78,7 +78,11 @@ sub import { + my $sigdie; + { + local $SIG{__DIE__}; +- eval "require $base"; ++ do { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ eval "require $base"; ++ }; + # Only ignore "Can't locate" errors from our eval require. + # Other fatal errors (syntax etc) must be reported. + die if $@ && $@ !~ /^Can't locate .*? at \(eval /; +--- cpan/CPAN/lib/App/Cpan.pm ++++ cpan/CPAN/lib/App/Cpan.pm +@@ -530,9 +530,20 @@ sub AUTOLOAD { 1 } + sub DESTROY { 1 } + } + ++# load a module without searching the default entry for the current ++# directory ++sub _safe_load_module { ++ my $name = shift; ++ ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ ++ eval "require $name; 1"; ++} ++ + sub _init_logger + { +- my $log4perl_loaded = eval "require Log::Log4perl; 1"; ++ my $log4perl_loaded = _safe_load_module("Log::Log4perl"); + + unless( $log4perl_loaded ) + { +@@ -993,7 +1004,7 @@ sub _load_local_lib # -I + { + $logger->debug( "Loading local::lib" ); + +- my $rc = eval { require local::lib; 1; }; ++ my $rc = _safe_load_module("local::lib"); + unless( $rc ) { + $logger->die( "Could not load local::lib" ); + } +@@ -1121,7 +1132,7 @@ sub _get_file + { + my $path = shift; + +- my $loaded = eval "require LWP::Simple; 1;"; ++ my $loaded = _safe_load_module("LWP::Simple"); + croak "You need LWP::Simple to use features that fetch files from CPAN\n" + unless $loaded; + +@@ -1143,7 +1154,7 @@ sub _gitify + { + my $args = shift; + +- my $loaded = eval "require Archive::Extract; 1;"; ++ my $loaded = _safe_load_module("Archive::Extract"); + croak "You need Archive::Extract to use features that gitify distributions\n" + unless $loaded; + +@@ -1207,7 +1218,7 @@ sub _show_Changes + sub _get_changes_file + { + croak "Reading Changes files requires LWP::Simple and URI\n" +- unless eval "require LWP::Simple; require URI; 1"; ++ unless _safe_load_module("LWP::Simple") && _safe_load_module("URI"); + + my $url = shift; + +--- cpan/CPAN/lib/CPAN.pm ++++ cpan/CPAN/lib/CPAN.pm +@@ -1104,6 +1104,8 @@ sub has_usable { + ] + }; + if ($usable->{$mod}) { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + for my $c (0..$#{$usable->{$mod}}) { + my $code = $usable->{$mod}[$c]; + my $ret = eval { &$code() }; +@@ -1146,6 +1148,8 @@ sub has_inst { + $CPAN::META->{dontload_hash}{$mod}||=1; # unsafe meta access, ok + return 0; + } ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + my $file = $mod; + my $obj; + $file =~ s|::|/|g; +--- cpan/Digest/Digest.pm ++++ cpan/Digest/Digest.pm +@@ -38,7 +38,11 @@ sub new + unless (exists ${"$class\::"}{"VERSION"}) { + my $pm_file = $class . ".pm"; + $pm_file =~ s{::}{/}g; +- eval { require $pm_file }; ++ eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require $pm_file ++ }; + if ($@) { + $err ||= $@; + next; +--- cpan/Encode/Encode.pm ++++ cpan/Encode/Encode.pm +@@ -56,6 +56,8 @@ require Encode::Config; + eval { + local $SIG{__DIE__}; + local $SIG{__WARN__}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + require Encode::ConfigLocal; + }; + +--- dist/ExtUtils-Command/lib/ExtUtils/Command.pm ++++ dist/ExtUtils-Command/lib/ExtUtils/Command.pm +@@ -19,7 +19,10 @@ if( $Is_VMS ) { + my $vms_efs; + my $vms_case; + +- if (eval { local $SIG{__DIE__}; require VMS::Feature; }) { ++ if (eval { local $SIG{__DIE__}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require VMS::Feature; }) { + $vms_unix_rpt = VMS::Feature::current("filename_unix_report"); + $vms_efs = VMS::Feature::current("efs_charset"); + $vms_case = VMS::Feature::current("efs_case_preserve"); +--- cpan/File-Fetch/lib/File/Fetch.pm ++++ cpan/File-Fetch/lib/File/Fetch.pm +@@ -567,6 +567,8 @@ sub _lwp_fetch { + + }; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + unless( can_load( modules => $use_list ) ) { + $METHOD_FAIL->{'lwp'} = 1; + return; +@@ -619,6 +621,8 @@ sub _httptiny_fetch { + + }; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + unless( can_load(modules => $use_list) ) { + $METHOD_FAIL->{'httptiny'} = 1; + return; +@@ -658,6 +662,8 @@ sub _httplite_fetch { + + }; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + unless( can_load(modules => $use_list) ) { + $METHOD_FAIL->{'httplite'} = 1; + return; +@@ -733,6 +739,8 @@ sub _iosock_fetch { + 'IO::Select' => '0.0', + }; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + unless( can_load(modules => $use_list) ) { + $METHOD_FAIL->{'iosock'} = 1; + return; +@@ -814,6 +822,8 @@ sub _netftp_fetch { + check( $tmpl, \%hash ) or return; + + ### required modules ### ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + my $use_list = { 'Net::FTP' => 0 }; + + unless( can_load( modules => $use_list ) ) { +--- cpan/HTTP-Tiny/lib/HTTP/Tiny.pm ++++ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +@@ -1392,6 +1392,8 @@ sub _find_CA_file { + return $self->{SSL_options}->{SSL_ca_file} + if $self->{SSL_options}->{SSL_ca_file} and -e $self->{SSL_options}->{SSL_ca_file}; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + return Mozilla::CA::SSL_ca_file() + if eval { require Mozilla::CA }; + +--- cpan/IO-Compress/lib/IO/Uncompress/AnyUncompress.pm ++++ cpan/IO-Compress/lib/IO/Uncompress/AnyUncompress.pm +@@ -27,6 +27,8 @@ Exporter::export_ok_tags('all'); + + BEGIN + { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval ' use IO::Uncompress::Adapter::Inflate 2.060 ;'; + eval ' use IO::Uncompress::Adapter::Bunzip2 2.060 ;'; + eval ' use IO::Uncompress::Adapter::LZO 2.060 ;'; +--- cpan/IPC-Cmd/lib/IPC/Cmd.pm ++++ cpan/IPC-Cmd/lib/IPC/Cmd.pm +@@ -125,6 +125,8 @@ sub can_use_ipc_run { + return if IS_WIN98; + + ### if we dont have ipc::run, we obviously can't use it. ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + return unless can_load( + modules => { 'IPC::Run' => '0.55' }, + verbose => ($WARN && $verbose), +@@ -169,6 +171,8 @@ sub can_use_ipc_open3 { + + ### IPC::Open3 works on every non-VMS platform, but it can't + ### capture buffers on win32 :( ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + return unless can_load( + modules => { map {$_ => '0.0'} qw|IPC::Open3 IO::Select Symbol| }, + verbose => ($WARN && $verbose), +--- cpan/Locale-Maketext-Simple/lib/Locale/Maketext/Simple.pm ++++ cpan/Locale-Maketext-Simple/lib/Locale/Maketext/Simple.pm +@@ -134,7 +134,12 @@ sub load_loc { + my $pkg = join('::', grep { defined and length } $args{Class}, $args{Subclass}); + return $Loc{$pkg} if exists $Loc{$pkg}; + +- eval { require Locale::Maketext::Lexicon; 1 } or return; ++ eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require Locale::Maketext::Lexicon; ++ 1 ++ } or return; + $Locale::Maketext::Lexicon::VERSION > 0.20 or return; + eval { require File::Spec; 1 } or return; + +--- cpan/Memoize/Memoize.pm ++++ cpan/Memoize/Memoize.pm +@@ -184,7 +184,11 @@ sub _my_tie { + } + my $modulefile = $module . '.pm'; + $modulefile =~ s{::}{/}g; +- eval { require $modulefile }; ++ eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require $modulefile ++ }; + if ($@) { + croak "Memoize: Couldn't load hash tie module `$module': $@; aborting"; + } +--- cpan/Pod-Perldoc/lib/Pod/Perldoc.pm ++++ cpan/Pod-Perldoc/lib/Pod/Perldoc.pm +@@ -573,6 +573,9 @@ sub find_good_formatter_class { + my @class_list = @{ $self->{'formatter_classes'} || [] }; + $self->die( "WHAT? Nothing in the formatter class list!?" ) unless @class_list; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ + my $good_class_found; + foreach my $c (@class_list) { + DEBUG > 4 and print "Trying to load $c...\n"; +@@ -1004,6 +1007,8 @@ sub new_translator { # $tr = $self->new_translator($lang); + my $self = shift; + my $lang = shift; + ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + my $pack = 'POD2::' . uc($lang); + eval "require $pack"; + if ( !$@ && $pack->can('new') ) { +--- cpan/Sys-Syslog/Syslog.pm ++++ cpan/Sys-Syslog/Syslog.pm +@@ -888,6 +888,8 @@ sub silent_eval (&) { + sub can_load { + my ($module, $verbose) = @_; + local($SIG{__DIE__}, $SIG{__WARN__}, $@); ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + my $loaded = eval "use $module; 1"; + warn $@ if not $loaded and $verbose; + return $loaded +--- cpan/libnet/Net/Config.pm ++++ cpan/libnet/Net/Config.pm +@@ -23,7 +23,12 @@ our $VERSION = "3.05"; + + our($CONFIGURE, $LIBNET_CFG); + +-eval { local $SIG{__DIE__}; require Net::LocalCfg }; ++eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ local $SIG{__DIE__}; ++ require Net::LocalCfg; ++}; + + our %NetConfig = ( + nntp_hosts => [], +--- dist/bignum/lib/bigint.pm.orig Sat Dec 27 03:49:23 2014 ++++ dist/bignum/lib/bigint.pm Sat Jul 23 21:29:44 2016 +@@ -248,6 +248,8 @@ sub import + # see if we can find Math::BigInt::Lite + if (!defined $a && !defined $p) # rounding won't work to well + { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval 'require Math::BigInt::Lite;'; + if ($@ eq '') + { +--- dist/bignum/lib/bignum.pm.orig Sat Dec 27 03:49:23 2014 ++++ dist/bignum/lib/bignum.pm Sat Jul 23 21:29:52 2016 +@@ -155,6 +155,8 @@ sub import + # see if we can find Math::BigInt::Lite + if (!defined $a && !defined $p) # rounding won't work to well + { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval 'require Math::BigInt::Lite;'; + if ($@ eq '') + { +--- dist/bignum/lib/bigrat.pm.orig Sat Dec 27 03:49:23 2014 ++++ dist/bignum/lib/bigrat.pm Sat Jul 23 21:29:59 2016 +@@ -148,6 +148,8 @@ sub import + # see if we can find Math::BigInt::Lite + if (!defined $a && !defined $p) # rounding won't work to well + { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; + eval 'require Math::BigInt::Lite;'; + if ($@ eq '') + { +--- x2p/s2p.PL.orig Sat Jul 23 07:07:58 2016 ++++ x2p/s2p.PL Sat Jul 23 07:10:09 2016 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Config; + use File::Basename qw(&basename &dirname); + use Cwd; +--- x2p/find2perl.PL.orig Sat Jul 23 07:08:21 2016 ++++ x2p/find2perl.PL Sat Jul 23 07:10:15 2016 +@@ -1,5 +1,6 @@ + #!/usr/local/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Config; + use File::Basename qw(&basename &dirname); + use Cwd; Modified: head/lang/perl5.20/Makefile ============================================================================== --- head/lang/perl5.20/Makefile Thu Aug 11 13:05:58 2016 (r420066) +++ head/lang/perl5.20/Makefile Thu Aug 11 13:32:05 2016 (r420067) @@ -3,7 +3,7 @@ PORTNAME= perl PORTVERSION= ${PERL_VERSION} -PORTREVISION= 13 +PORTREVISION= 14 CATEGORIES= lang devel perl5 MASTER_SITES= CPAN/../../src/5.0 DIST_SUBDIR= perl Added: head/lang/perl5.20/files/patch-CVE-2016-1238 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lang/perl5.20/files/patch-CVE-2016-1238 Thu Aug 11 13:32:05 2016 (r420067) @@ -0,0 +1,794 @@ +--- cpan/Archive-Tar/bin/ptar ++++ cpan/Archive-Tar/bin/ptar +@@ -1,6 +1,7 @@ + #!/usr/bin/perl + use strict; + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use File::Find; + use Getopt::Std; + use Archive::Tar; +--- cpan/Archive-Tar/bin/ptardiff ++++ cpan/Archive-Tar/bin/ptardiff +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use Archive::Tar; + use Getopt::Std; +--- cpan/Archive-Tar/bin/ptargrep ++++ cpan/Archive-Tar/bin/ptargrep +@@ -4,6 +4,7 @@ + # archive. See 'ptargrep --help' for more documentation. + # + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings; + +--- cpan/CPAN/scripts/cpan ++++ cpan/CPAN/scripts/cpan +@@ -1,5 +1,6 @@ + #!/usr/local/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use vars qw($VERSION); + +--- cpan/Digest-SHA/shasum ++++ cpan/Digest-SHA/shasum +@@ -13,6 +13,7 @@ + ## "-0" option for reading bit strings, and + ## "-p" option for portable digests (to be deprecated). + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings; + use Fcntl; +--- cpan/Encode/bin/enc2xs ++++ cpan/Encode/bin/enc2xs +@@ -4,6 +4,7 @@ BEGIN { + # with $ENV{PERL_CORE} set + # In case we need it in future... + require Config; import Config; ++ pop @INC if $INC[-1] eq '.'; + } + use strict; + use warnings; +--- cpan/Encode/bin/piconv ++++ cpan/Encode/bin/piconv +@@ -1,6 +1,7 @@ + #!./perl + # $Id: piconv,v 2.7 2014/05/31 09:48:48 dankogai Exp $ + # ++BEGIN { pop @INC if $INC[-1] eq '.' } + use 5.8.0; + use strict; + use Encode ; +--- cpan/Encode/bin/ucmlint ++++ cpan/Encode/bin/ucmlint +@@ -3,6 +3,7 @@ + # $Id: ucmlint,v 2.2 2008/03/12 09:51:11 dankogai Exp $ + # + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + our $VERSION = do { my @r = (q$Revision: 2.2 $ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r }; + +--- cpan/Encode/bin/unidump ++++ cpan/Encode/bin/unidump +@@ -1,5 +1,6 @@ + #!./perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use Encode; + use Getopt::Std; +--- cpan/ExtUtils-MakeMaker/bin/instmodsh ++++ cpan/ExtUtils-MakeMaker/bin/instmodsh +@@ -1,5 +1,6 @@ + #!/usr/bin/perl -w + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use IO::File; + use ExtUtils::Packlist; +--- cpan/IO-Compress/bin/zipdetails ++++ cpan/IO-Compress/bin/zipdetails +@@ -5,6 +5,7 @@ + # Display info on the contents of a Zip file + # + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings ; + +--- cpan/JSON-PP/bin/json_pp ++++ cpan/JSON-PP/bin/json_pp +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use Getopt::Long; + +--- cpan/Test-Harness/bin/prove ++++ cpan/Test-Harness/bin/prove +@@ -1,5 +1,6 @@ + #!/usr/bin/perl -w + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use warnings; + use App::Prove; +--- dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp ++++ dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp +@@ -1,5 +1,6 @@ + #!perl + use 5.006; ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + eval { + require ExtUtils::ParseXS; +--- dist/Module-CoreList/corelist ++++ dist/Module-CoreList/corelist +@@ -130,6 +130,7 @@ requested perl versions. + + =cut + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Module::CoreList; + use Getopt::Long qw(:config no_ignore_case); + use Pod::Usage; +--- ext/Pod-Html/bin/pod2html ++++ ext/Pod-Html/bin/pod2html +@@ -216,6 +216,7 @@ This program is distributed under the Artistic License. + + =cut + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use Pod::Html; + + pod2html @ARGV; +--- utils/c2ph.PL ++++ utils/c2ph.PL +@@ -280,6 +280,7 @@ Anyway, here it is. Should run on perl v4 or greater. Maybe less. + + $RCSID = '$Id: c2ph,v 1.7 95/10/28 10:41:47 tchrist Exp Locker: tchrist $'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use File::Temp; + + ###################################################################### +--- utils/h2ph.PL ++++ utils/h2ph.PL +@@ -36,6 +36,8 @@ $Config{startperl} + + print OUT <<'!NO!SUBS!'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ + use strict; + + use Config; +--- utils/h2xs.PL ++++ utils/h2xs.PL +@@ -35,6 +35,8 @@ $Config{startperl} + + print OUT <<'!NO!SUBS!'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ + use warnings; + + =head1 NAME +--- utils/libnetcfg.PL ++++ utils/libnetcfg.PL +@@ -97,6 +97,7 @@ Jarkko Hietaniemi, conversion into libnetcfg for inclusion into Perl 5.8. + + # $Id: Configure,v 1.8 1997/03/04 09:22:32 gbarr Exp $ + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use strict; + use IO::File; + use Getopt::Std; +--- utils/perlbug.PL ++++ utils/perlbug.PL +@@ -57,6 +57,7 @@ print OUT <<'!NO!SUBS!'; + my @patches = Config::local_patches(); + my $patch_tags = join "", map /(\S+)/ ? "+$1 " : (), @patches; + ++BEGIN { pop @INC if $INC[-1] eq '.' } + use warnings; + use strict; + use Config; +--- utils/perldoc.PL ++++ utils/perldoc.PL +@@ -44,7 +44,10 @@ $Config{startperl} + # This "$file" file was generated by "$0" + + require 5; +-BEGIN { \$^W = 1 if \$ENV{'PERLDOCDEBUG'} } ++BEGIN { ++ \$^W = 1 if \$ENV{'PERLDOCDEBUG'}; ++ pop \@INC if \$INC[-1] eq '.'; ++} + use Pod::Perldoc; + exit( Pod::Perldoc->run() ); + +--- utils/perlivp.PL ++++ utils/perlivp.PL +@@ -39,6 +39,8 @@ print OUT "\n# perlivp $^V\n"; + + print OUT <<'!NO!SUBS!'; + ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ + sub usage { + warn "@_\n" if @_; + print << " EOUSAGE"; +--- utils/splain.PL ++++ utils/splain.PL +@@ -38,6 +38,12 @@ $Config{startperl} + if \$running_under_some_shell; + !GROK!THIS! + ++print <<'!NO!SUBS!'; ++ ++BEGIN { pop @INC if $INC[-1] eq '.' } ++ ++!NO!SUBS! ++ + while () { + print OUT unless /^package diagnostics/; + } +--- lib/perl5db.pl ++++ lib/perl5db.pl +@@ -1938,7 +1938,10 @@ sub _DB__handle_y_command { + = $obj->cmd_args =~ /\A(?:(\d*)\s*(.*))?\z/) { + + # See if we've got the necessary support. +- if (!eval { require PadWalker; PadWalker->VERSION(0.08) }) { ++ if (!eval { ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require PadWalker; PadWalker->VERSION(0.08) }) { + my $Err = $@; + _db_warn( + $Err =~ /locate/ +@@ -9420,7 +9423,10 @@ if PadWalker could be loaded. + + =cut + +- if (not $text =~ /::/ and eval { require PadWalker } ) { ++ if (not $text =~ /::/ and eval { ++ local @INC = @INC; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***