From 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 14 Jul 2018 21:03:06 +0100
Subject: gentoo resync : 14.07.2018

---
 dev-perl/PlRPC/Manifest                            |   8 ++
 dev-perl/PlRPC/PlRPC-0.202.0-r2.ebuild             |  30 ++++++
 dev-perl/PlRPC/PlRPC-0.202.0-r3.ebuild             |  28 ++++++
 dev-perl/PlRPC/files/PlRPC-0.2020-no-dot-inc.patch |  67 +++++++++++++
 dev-perl/PlRPC/files/PlRPC-0.2020-no-perldoc.patch |  27 ++++++
 ...urity-notice-on-Storable-and-reply-attack.patch | 105 +++++++++++++++++++++
 dev-perl/PlRPC/files/perldoc-remove.patch          |  10 ++
 dev-perl/PlRPC/metadata.xml                        |  18 ++++
 8 files changed, 293 insertions(+)
 create mode 100644 dev-perl/PlRPC/Manifest
 create mode 100644 dev-perl/PlRPC/PlRPC-0.202.0-r2.ebuild
 create mode 100644 dev-perl/PlRPC/PlRPC-0.202.0-r3.ebuild
 create mode 100644 dev-perl/PlRPC/files/PlRPC-0.2020-no-dot-inc.patch
 create mode 100644 dev-perl/PlRPC/files/PlRPC-0.2020-no-perldoc.patch
 create mode 100644 dev-perl/PlRPC/files/Security-notice-on-Storable-and-reply-attack.patch
 create mode 100644 dev-perl/PlRPC/files/perldoc-remove.patch
 create mode 100644 dev-perl/PlRPC/metadata.xml

(limited to 'dev-perl/PlRPC')

diff --git a/dev-perl/PlRPC/Manifest b/dev-perl/PlRPC/Manifest
new file mode 100644
index 000000000000..009fbdf8df7a
--- /dev/null
+++ b/dev-perl/PlRPC/Manifest
@@ -0,0 +1,8 @@
+AUX PlRPC-0.2020-no-dot-inc.patch 1263 BLAKE2B 70e84dc34a3af595fee7ca08af7f4122a644578f3aca2bf1fce96eaab653c83ed0b8eda46780b2eb57f1a523d2e8148505381b5509439de3158e8453208a8023 SHA512 d2447873b00d19c7259b54042ce57b7411d6a3adaf7fbcfd790a146eb9f7c01193ab717f155052dead1a37f2c06b76c6f05cfd3cfc7e0c992947407f9eb871d2
+AUX PlRPC-0.2020-no-perldoc.patch 634 BLAKE2B 69f2667a74b9c8b7c8e3d98ecda5ce293aa9d7f9328f0ae9427e3a30e80a1ed8b482abe8edcf3d3d7d0b79928b63fa5641a80a2fb703fd6e2d206ee7f25f1904 SHA512 8a9a1ed654f99a54bf7ebd248f2f6332df731586117460c75459271f8100864e14bc01e98883b52f3d5ab3de0012bd2a205007e034d799904db221d644a69ddd
+AUX Security-notice-on-Storable-and-reply-attack.patch 3844 BLAKE2B 5e58c7fe2f8e5231f00e4cee037deaecab4ae21ba153db412d14aa021cb7b2ff37f4d3ce560ff2985a5912e852c4920b79ac09745f8628d11cec64c3f3362f13 SHA512 21b3db796b34d994d4d967fc69af680f6d5281001829145aa7765b7ef9324cfd021f277358aabb820ef1496d0b8ffe0611fcfa0bf697709b4defd0843837e398
+AUX perldoc-remove.patch 258 BLAKE2B 2efca52930c77c8fa4600aaacaa181bb6ccd88cb7c132de8fab94021e9574b042568900e20bb927a3af8e2cefc22f2a61bbe17e8976e702f02d18160ff7b87cc SHA512 e2fdf9d64b6e8a76eedbbb2eb7677538d3bae0d3eb077ce4f12e8689f39622417532dc51525d9892cb8a990015b01b098df11e8fbb492755f0ba64d26d025ccf
+DIST PlRPC-0.2020.tar.gz 18229 BLAKE2B 1384a4dfe3483e2eeb8c2cd7805a9f1f550a373ba37e328ac57acc0bf1d581fbfffde111b18f5d025cd8bf56e3d8f2171bdd81246c9f54d0151238f0bc264c43 SHA512 2c79c5c27bce7027561f1968023ae4307778f291caa9291fee779537d047a35bb4bd5928fe2b343a2b09dbdcf6450239d79c6898018ea880619a7c69a1498a86
+EBUILD PlRPC-0.202.0-r2.ebuild 845 BLAKE2B b1d02aa79bca84e78040f1e88a7ae313f3b4dd5c7cb30a09297b1f6affad6f88a37d75a8ac08e5248bb3d8d7fc5c5ec1dd24334ccc4bccb67f7471fff9022b65 SHA512 f12d491dfe52f9d3bb82ef18519dfcfb6cb6b92eea2f25e8d0039431b2d81538102b5bf6ef0dd6d71ac09032eacce53fd0636337d5abbf650f393051cfbcb023
+EBUILD PlRPC-0.202.0-r3.ebuild 808 BLAKE2B cc8fef8e38d2c54aaab50d8d95c88c565cddce697fd84602c2f0ffbef385f9024b32e42d33f27ce5fb91d86813da59521a9d6b59e20de3510b1f6ae7b80e6fb7 SHA512 768b7c50b9d344860148aae1a768a0debb7a0f043a9f49ba39e03f2c38ca2daf012e142d1d87918b1222edabee6ff96f2779ff15dbd68580c6cde0685a2a1e8f
+MISC metadata.xml 775 BLAKE2B 3a9dbf3274b5c5cc57ea399f21ce356f05c0a9be7eb5c98b7251461450768a1d46e1db6e652bbc620d8b5d9acf60ab0fe19deb2fea6f8f87397997413f4abc7f SHA512 bbaa42d69e787c17cb1bd20bd9db9504377a89c426d6173659e2637df7efe8744dcb37641cc0ebe3041199b221beacd049cda5eb2628fdd6196b8a93c462d583
diff --git a/dev-perl/PlRPC/PlRPC-0.202.0-r2.ebuild b/dev-perl/PlRPC/PlRPC-0.202.0-r2.ebuild
new file mode 100644
index 000000000000..cf10c0169d48
--- /dev/null
+++ b/dev-perl/PlRPC/PlRPC-0.202.0-r2.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+MODULE_AUTHOR=MNOONING
+MODULE_SECTION=${PN}
+MODULE_VERSION=0.2020
+inherit perl-module
+
+S=${WORKDIR}/${PN}
+
+DESCRIPTION="The Perl RPC Module"
+
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+RDEPEND=">=virtual/perl-Storable-1.0.7
+	>=dev-perl/Net-Daemon-0.34"
+DEPEND="${RDEPEND}"
+
+PATCHES=( "${FILESDIR}/perldoc-remove.patch"
+	  "${FILESDIR}/Security-notice-on-Storable-and-reply-attack.patch" )
+
+src_test() {
+	PERL_DL_NONLAZY=1 /usr/bin/perl \
+		"-MExtUtils::Command::MM" \
+		"-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
+}
diff --git a/dev-perl/PlRPC/PlRPC-0.202.0-r3.ebuild b/dev-perl/PlRPC/PlRPC-0.202.0-r3.ebuild
new file mode 100644
index 000000000000..fbce70783328
--- /dev/null
+++ b/dev-perl/PlRPC/PlRPC-0.202.0-r3.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DIST_AUTHOR=MNOONING
+DIST_SECTION=${PN}
+DIST_VERSION=0.2020
+inherit perl-module
+
+S=${WORKDIR}/${PN}
+
+DESCRIPTION="The Perl RPC Module"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+RDEPEND=">=virtual/perl-Storable-1.0.7
+	>=dev-perl/Net-Daemon-0.34"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.2020-no-perldoc.patch"
+	"${FILESDIR}/Security-notice-on-Storable-and-reply-attack.patch"
+	"${FILESDIR}/${PN}-0.2020-no-dot-inc.patch"
+)
+DIST_TEST="do" # Parallel testing fails
diff --git a/dev-perl/PlRPC/files/PlRPC-0.2020-no-dot-inc.patch b/dev-perl/PlRPC/files/PlRPC-0.2020-no-dot-inc.patch
new file mode 100644
index 000000000000..1f68d2395cc5
--- /dev/null
+++ b/dev-perl/PlRPC/files/PlRPC-0.2020-no-dot-inc.patch
@@ -0,0 +1,67 @@
+From 0c3b094e14b60794eb6c4736a51f505865f14403 Mon Sep 17 00:00:00 2001
+From: Kent Fredric <kentnl@gentoo.org>
+Date: Thu, 28 Dec 2017 15:08:34 +1300
+Subject: Fix test failures due to '.' in @INC removal on 5.26
+
+---
+ t/client.t   | 2 +-
+ t/compress.t | 2 +-
+ t/crypt.t    | 2 +-
+ t/methods.t  | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/t/client.t b/t/client.t
+index a283f2d..f0b3b54 100644
+--- a/t/client.t
++++ b/t/client.t
+@@ -4,7 +4,7 @@
+ require 5.004;
+ use strict;
+ 
+-require "t/lib.pl";
++require "./t/lib.pl";
+ 
+ 
+ my $numTests = 10;
+diff --git a/t/compress.t b/t/compress.t
+index e13f6b3..a551421 100644
+--- a/t/compress.t
++++ b/t/compress.t
+@@ -10,7 +10,7 @@ if ($@) {
+     exit 0;
+ }
+ 
+-require "t/lib.pl";
++require "./t/lib.pl";
+ 
+ 
+ my $numTests = 18;
+diff --git a/t/crypt.t b/t/crypt.t
+index 2695633..6867349 100644
+--- a/t/crypt.t
++++ b/t/crypt.t
+@@ -10,7 +10,7 @@ if ($@ || $Crypt::DES::VERSION < 2.03) {
+     exit 0;
+ }
+ 
+-require "t/lib.pl";
++require "./t/lib.pl";
+ 
+ 
+ my $numTests = 18;
+diff --git a/t/methods.t b/t/methods.t
+index c9d81ca..1c9b2cd 100644
+--- a/t/methods.t
++++ b/t/methods.t
+@@ -4,7 +4,7 @@
+ require 5.004;
+ use strict;
+ 
+-require "t/lib.pl";
++require "./t/lib.pl";
+ 
+ 
+ my $numTests = 11;
+-- 
+2.15.1
+
diff --git a/dev-perl/PlRPC/files/PlRPC-0.2020-no-perldoc.patch b/dev-perl/PlRPC/files/PlRPC-0.2020-no-perldoc.patch
new file mode 100644
index 000000000000..d4d916eabe36
--- /dev/null
+++ b/dev-perl/PlRPC/files/PlRPC-0.2020-no-perldoc.patch
@@ -0,0 +1,27 @@
+From d5df770e01a68a8f90c406a7018c820514fd7371 Mon Sep 17 00:00:00 2001
+From: Michael Cummings <mcummings@gentoo.org>
+Date: Tue, 26 Jun 2007 04:02:12 +1200
+Subject: Fix perldoc generation permissions bug
+
+Bizarre bug that showed up randomly here, but Cardoe had it full time.
+
+Bug: https://bugs.gentoo.org/183157
+---
+ Makefile.PL | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index 22e04c5..c332ffe 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -86,7 +86,6 @@ sub postamble {
+ pm_to_blib: README
+ 
+ README: lib/RPC/PlServer.pm
+-\tperldoc -t lib/RPC/PlServer.pm >README
+ 
+ END_OF_POSTAMBLE
+ }
+-- 
+2.15.1
+
diff --git a/dev-perl/PlRPC/files/Security-notice-on-Storable-and-reply-attack.patch b/dev-perl/PlRPC/files/Security-notice-on-Storable-and-reply-attack.patch
new file mode 100644
index 000000000000..877e7bc816dc
--- /dev/null
+++ b/dev-perl/PlRPC/files/Security-notice-on-Storable-and-reply-attack.patch
@@ -0,0 +1,105 @@
+From 29f5ad4805a04e4c4fd18795f7153798c80a46ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 18 Nov 2013 12:20:52 +0100
+Subject: [PATCH] Security notice on Storable and reply attack
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ README              | 16 ++++++++++++++++
+ lib/RPC/PlServer.pm | 15 +++++++++++++++
+ 2 files changed, 31 insertions(+)
+
+diff --git a/README b/README
+index 8a68657..48a33e4 100644
+--- a/README
++++ b/README
+@@ -204,6 +204,7 @@ EXAMPLE
+         require RPC::PlServer;
+         require MD5;
+ 
++
+         package MD5_Server;  # Clients need to request application
+                              # "MD5_Server"
+ 
+@@ -245,6 +246,10 @@ SECURITY
+     that I missed something. Security was a design goal, but not *the*
+     design goal. (A well known problem ...)
+ 
++    Due to implementation of PlRPC, it's hard to use internal authentication
++    mechanisms properly to achieve secured remote calls. Therefore users are
++    advised to use an external authentication mechanism like TLS or IPsec.
++
+     I highly recommend the following design principles:
+ 
+   Protection against "trusted" users
+@@ -263,6 +268,14 @@ SECURITY
+     Be restrictive
+         Think twice, before you give a client access to a method.
+ 
++    Use of Storable
++        Storable module used for serialization and deserialization
++        underneath is inherently insecure. Deserialized data can contain
++        objects which lead to loading foreign modules and executing possible
++        attached destructors. Do not accept host-based unauthorized
++        connections. The Storable module is exercised before checking user
++        password.
++
+     perlsec
+         And just in case I forgot it: Read the "perlsec" man page. :-)
+ 
+@@ -283,6 +296,9 @@ SECURITY
+         authorized, you should switch to a user based key. See the
+         DBI::ProxyServer for an example.
+ 
++        Please note PlRPC encryption does not protect from reply attacks.
++        You should have implement it on the application or the cipher level.
++
+ AUTHOR AND COPYRIGHT
+     The PlRPC-modules are
+ 
+diff --git a/lib/RPC/PlServer.pm b/lib/RPC/PlServer.pm
+index 10b56c9..ce38594 100644
+--- a/lib/RPC/PlServer.pm
++++ b/lib/RPC/PlServer.pm
+@@ -613,6 +613,10 @@ I did my best to avoid security problems, but it is more than likely,
+ that I missed something. Security was a design goal, but not *the*
+ design goal. (A well known problem ...)
+ 
++Due to implementation of PlRPC, it's hard to use internal authentication
++mechanisms properly to achieve secured remote calls. Therefore users are
++advised to use an external authentication mechanism like TLS or IPsec.
++
+ I highly recommend the following design principles:
+ 
+ =head2 Protection against "trusted" users
+@@ -637,6 +641,14 @@ object handle is valid before coercing a method on it.
+ 
+ Think twice, before you give a client access to a method.
+ 
++=item Use of Storable
++
++L<Storable> module used for serialization and deserialization underneath is
++inherently insecure. Deserialized data can contain objects which lead to
++loading foreign modules and executing possible attached destructors. Do not
++accept host-based unauthorized connections. The L<Storable> module is
++exercised before checking user password.
++
+ =item perlsec
+ 
+ And just in case I forgot it: Read the C<perlsec> man page. :-)
+@@ -667,6 +679,9 @@ login phase, where to use a host based key. As soon as the user
+ has authorized, you should switch to a user based key. See the
+ DBI::ProxyServer for an example.
+ 
++Please note PlRPC encryption does not protect from reply attacks. You should
++have implement it on the application or the cipher level.
++
+ =back
+ 
+ =head1 AUTHOR AND COPYRIGHT
+-- 
+1.8.3.1
+
diff --git a/dev-perl/PlRPC/files/perldoc-remove.patch b/dev-perl/PlRPC/files/perldoc-remove.patch
new file mode 100644
index 000000000000..0b8fbe14bbe1
--- /dev/null
+++ b/dev-perl/PlRPC/files/perldoc-remove.patch
@@ -0,0 +1,10 @@
+--- Makefile.PL.old	2007-06-25 11:58:33.000000000 -0400
++++ Makefile.PL	2007-06-25 11:58:37.000000000 -0400
+@@ -86,7 +86,6 @@ sub postamble {
+ pm_to_blib: README
+ 
+ README: lib/RPC/PlServer.pm
+-\tperldoc -t lib/RPC/PlServer.pm >README
+ 
+ END_OF_POSTAMBLE
+ }
diff --git a/dev-perl/PlRPC/metadata.xml b/dev-perl/PlRPC/metadata.xml
new file mode 100644
index 000000000000..0642a8afe5ac
--- /dev/null
+++ b/dev-perl/PlRPC/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="project">
+    <email>perl@gentoo.org</email>
+    <name>Gentoo Perl Project</name>
+  </maintainer>
+  <upstream>
+    <remote-id type="cpan">PlRPC</remote-id>
+    <remote-id type="cpan-module">Bundle::PlRPC</remote-id>
+    <remote-id type="cpan-module">RPC::PlClient</remote-id>
+    <remote-id type="cpan-module">RPC::PlClient::Comm</remote-id>
+    <remote-id type="cpan-module">RPC::PlClient::Object</remote-id>
+    <remote-id type="cpan-module">RPC::PlServer</remote-id>
+    <remote-id type="cpan-module">RPC::PlServer::Comm</remote-id>
+    <remote-id type="cpan-module">RPC::PlServer::Test</remote-id>
+  </upstream>
+</pkgmetadata>
-- 
cgit v1.2.3