perl: Add several patches to improve security.

diff --git a/pkgs/core/perl/patches/perl-5.10.1-USE_MM_LD_RUN_PATH.patch b/pkgs/core/perl/patches/perl-5.10.1-USE_MM_LD_RUN_PATH.patch
new file mode 100644 (file)
index 0000000..adedbb1
--- /dev/null
+++ b/pkgs/core/perl/patches/perl-5.10.1-USE_MM_LD_RUN_PATH.patch
@@ -0,0 +1,109 @@
+diff -up perl-5.10.1/lib/ExtUtils/MM_Unix.pm.runpath perl-5.10.1/lib/ExtUtils/MM_Unix.pm
+--- perl-5.10.1/lib/ExtUtils/MM_Unix.pm.runpath        2009-11-18 16:08:45.000000000 +0100
++++ perl-5.10.1/lib/ExtUtils/MM_Unix.pm        2009-11-18 16:09:32.000000000 +0100
+@@ -944,7 +944,7 @@ $(INST_DYNAMIC): $(OBJECT) $(MYEXTLIB) $
+     }
+ 
+     my $ld_run_path_shell = "";
+-    if ($self->{LD_RUN_PATH} ne "") {
++    if (($self->{LD_RUN_PATH} ne "") && ($self->{USE_MM_LD_RUN_PATH})) {
+       $ld_run_path_shell = 'LD_RUN_PATH="$(LD_RUN_PATH)" ';
+     }
+ 
+diff -up perl-5.10.1/lib/ExtUtils/Liblist.pm.runpath perl-5.10.1/lib/ExtUtils/Liblist.pm
+--- perl-5.10.1/lib/ExtUtils/Liblist.pm.runpath        2009-11-18 16:08:45.000000000 +0100
++++ perl-5.10.1/lib/ExtUtils/Liblist.pm        2009-11-18 16:09:32.000000000 +0100
+@@ -88,6 +88,11 @@ libraries.  LD_RUN_PATH is a colon separ
+ in LDLOADLIBS. It is passed as an environment variable to the process
+ that links the shared library.
+ 
++Fedora extension: This generation of LD_RUN_PATH is disabled by default.
++To use the generated LD_RUN_PATH for all links, set the USE_MM_LD_RUN_PATH
++MakeMaker object attribute / argument, (or set the $USE_MM_LD_RUN_PATH
++environment variable).
++
+ =head2 BSLOADLIBS
+ 
+ List of those libraries that are needed but can be linked in
+diff -up perl-5.10.1/lib/ExtUtils/MakeMaker.pm.runpath perl-5.10.1/lib/ExtUtils/MakeMaker.pm
+--- perl-5.10.1/lib/ExtUtils/MakeMaker.pm.runpath      2009-11-18 16:08:45.000000000 +0100
++++ perl-5.10.1/lib/ExtUtils/MakeMaker.pm      2009-11-18 16:32:50.000000000 +0100
+@@ -262,7 +262,7 @@ sub full_setup {
+     PERL_SRC PERM_DIR PERM_RW PERM_RWX
+     PL_FILES PM PM_FILTER PMLIBDIRS PMLIBPARENTDIRS POLLUTE PPM_INSTALL_EXEC
+     PPM_INSTALL_SCRIPT PREREQ_FATAL PREREQ_PM PREREQ_PRINT PRINT_PREREQ
+-    SIGN SKIP TYPEMAPS VERSION VERSION_FROM XS XSOPT XSPROTOARG
++    SIGN SKIP TYPEMAPS USE_MM_LD_RUN_PATH VERSION VERSION_FROM XS XSOPT XSPROTOARG
+     XS_VERSION clean depend dist dynamic_lib linkext macro realclean
+     tool_autosplit
+ 
+@@ -406,7 +406,27 @@ sub new {
+     # PRINT_PREREQ is RedHatism.
+     if ("@ARGV" =~ /\bPRINT_PREREQ\b/) {
+         $self->_PRINT_PREREQ;
+-   }
++    }
++
++    # USE_MM_LD_RUN_PATH - another RedHatism to disable automatic RPATH generation
++    if ( ( ! $self->{USE_MM_LD_RUN_PATH} )
++       &&( ("@ARGV" =~ /\bUSE_MM_LD_RUN_PATH(=([01]))?\b/)
++        ||( exists( $ENV{USE_MM_LD_RUN_PATH} )
++           &&( $ENV{USE_MM_LD_RUN_PATH} =~ /([01])?$/ )
++           )
++        )
++       )
++    {
++       my $v = $1;
++       if( $v )
++       {
++           $v = ($v=~/=([01])$/)[0];
++       }else
++       {
++           $v = 1;
++       };
++       $self->{USE_MM_LD_RUN_PATH}=$v;
++    };
+ 
+     print STDOUT "MakeMaker (v$VERSION)\n" if $Verbose;
+     if (-f "MANIFEST" && ! -f "Makefile"){
+@@ -2319,6 +2339,40 @@ precedence.  A typemap in the current di
+ precedence, even if it isn't listed in TYPEMAPS.  The default system
+ typemap has lowest precedence.
+ 
++=item USE_MM_LD_RUN_PATH
++
++boolean
++The Fedora perl MakeMaker distribution differs from the standard
++upstream release in that it disables use of the MakeMaker generated
++LD_RUN_PATH by default, UNLESS this attribute is specified , or the
++USE_MM_LD_RUN_PATH environment variable is set during the MakeMaker run.
++
++The upstream MakeMaker will set the ld(1) environment variable LD_RUN_PATH
++to the concatenation of every -L ld(1) option directory in which a -l ld(1)
++option library is found, which is used as the ld(1) -rpath option if none
++is specified. This means that, if your application builds shared libraries
++and your MakeMaker application links to them, that the absolute paths of the
++libraries in the build tree will be inserted into the RPATH header of all
++MakeMaker generated binaries, and that such binaries will be unable to link
++to these libraries if they do not still reside in the build tree directories
++(unlikely) or in the system library directories (/lib or /usr/lib), regardless
++of any LD_LIBRARY_PATH setting. So if you specified -L../mylib -lmylib , and
++ your 'libmylib.so' gets installed into /some_directory_other_than_usr_lib,
++ your MakeMaker application will be unable to link to it, even if LD_LIBRARY_PATH
++is set to include /some_directory_other_than_usr_lib, because RPATH overrides
++LD_LIBRARY_PATH.
++
++So for Fedora MakeMaker builds LD_RUN_PATH is NOT generated by default for
++every link. You can still use explicit -rpath ld options or the LD_RUN_PATH
++environment variable during the build to generate an RPATH for the binaries.
++
++You can set the USE_MM_LD_RUN_PATH attribute to 1 on the MakeMaker command
++line or in the WriteMakefile arguments to enable generation of LD_RUN_PATH
++for every link command.
++
++USE_MM_LD_RUN_PATH will default to 1 (LD_RUN_PATH will be used) IF the
++$USE_MM_LD_RUN_PATH environment variable is set during a MakeMaker run.
++
+ =item VENDORPREFIX
+ 
+ Like PERLPREFIX, but only for the vendor install locations.

diff --git a/pkgs/core/perl/patches/perl-5.10.1-libresolv.patch b/pkgs/core/perl/patches/perl-5.10.1-libresolv.patch
new file mode 100644 (file)
index 0000000..7676bbb
--- /dev/null
+++ b/pkgs/core/perl/patches/perl-5.10.1-libresolv.patch
@@ -0,0 +1,12 @@
+diff -up perl-5.10.0/Configure.didi perl-5.10.0/Configure
+--- perl-5.10.0/Configure.didi 2007-12-18 11:47:07.000000000 +0100
++++ perl-5.10.0/Configure      2008-07-21 10:51:16.000000000 +0200
+@@ -1327,7 +1327,7 @@ libswanted_uselargefiles=''
+ : set usesocks on the Configure command line to enable socks.
+ : List of libraries we want.
+ : If anyone needs extra -lxxx, put those in a hint file.
+-libswanted="sfio socket bind inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun"
++libswanted="sfio socket resolv inet nsl nm ndbm gdbm dbm db malloc dl dld ld sun"
+ libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD"
+ : We probably want to search /usr/shlib before most other libraries.
+ : This is only used by the lib/ExtUtils/MakeMaker.pm routine extliblist.

diff --git a/pkgs/core/perl/patches/perl-5.10.1-rpath-make.patch b/pkgs/core/perl/patches/perl-5.10.1-rpath-make.patch
new file mode 100644 (file)
index 0000000..9d24326
--- /dev/null
+++ b/pkgs/core/perl/patches/perl-5.10.1-rpath-make.patch
@@ -0,0 +1,32 @@
+--- perl-5.8.8-RC1/Makefile.SH.makerpath       2006-01-20 16:41:26.000000000 -0500
++++ perl-5.8.8-RC1/Makefile.SH 2006-01-20 16:41:57.000000000 -0500
+@@ -125,26 +125,10 @@
+       esac
+ 
+       case "$osname" in
+-      linux)
+-          # If there is a pre-existing $libperl from a previous
+-          # installation, Linux needs to use LD_PRELOAD to
+-          # override the LD_LIBRARY_PATH setting.  See the
+-          # INSTALL file, under "Building a shared perl library".
+-          # If there is no pre-existing $libperl, we don't need
+-          # to do anything further.
+-          if test -f $archlib/CORE/$libperl; then
+-              rm -f preload
+-              cat <<'EOT' > preload
+-#! /bin/sh
+-lib=$1
+-shift
+-test -r $lib && export LD_PRELOAD="$lib $LD_PRELOAD"
+-exec "$@"
+-EOT
+-              chmod 755 preload
+-              ldlibpth="$ldlibpth `pwd`/preload `pwd`/$libperl"
+-          fi
++      linux*)
++          ldlibpth="LD_PRELOAD=`pwd`/libperl.so $ldlibpth"
+           ;;
++
+       os390)  test -f /bin/env && ldlibpth="/bin/env $ldlibpth"
+               ;;
+       esac