Date: Sat, 15 Mar 2003 10:45:24 +0100 (CET) From: Erwin Lansing <erwin@lansing.dk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/50017: Security update to p5-Business-OnlinePayment-WorldPay-Junior-1.03 Message-ID: <200303150945.h2F9jOs0090215@lemur.droso.net>
next in thread | raw e-mail | index | archive | help
>Number: 50017
>Category: ports
>Synopsis: Security update to p5-Business-OnlinePayment-WorldPay-Junior-1.03
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 15 01:50:13 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Erwin Lansing
>Release: FreeBSD 4.8-RC i386
>Organization:
pil.dk
>Environment:
System: FreeBSD lemur.droso.net 4.8-RC FreeBSD 4.8-RC #15: Tue Mar 4 02:07:34 CET 2003 root@panda.droso.net:/usr/obj/usr/src/sys/PANDA i386
>Description:
In the words of the author:
"Please be advised that I have today made an important security update to
the module to fix a serious, remotely exploitable, bug in the module.
I have also renamed the module today to avoid namespace conflicts with the
Business::OnlinePayment API."
Requested by: Jason Clifford <jason@ukpost.com> (author)
>How-To-Repeat:
>Fix:
This diff is to misc/p5-Business-OnlinePayment-WorldPay-Junior. Please repocopy that port to
misc/p5-Business-WorldPay-Junior, remove the old port and apply the following diff.
Note: added file files/patch-Makefile.PL
--- p5-Business-WorldPay-Junior.diff begins here ---
diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/Makefile p5-Business-WorldPay-Junior/Makefile
--- p5-Business-OnlinePayment-WorldPay-Junior/Makefile Thu Feb 20 19:46:29 2003
+++ p5-Business-WorldPay-Junior/Makefile Sat Mar 15 10:40:28 2003
@@ -5,24 +5,31 @@
# $FreeBSD: ports/misc/p5-Business-OnlinePayment-WorldPay-Junior/Makefile,v 1.4 2003/02/20 18:46:29 knu Exp $
#
-PORTNAME= Business-OnlinePayment-WorldPay-Junior
-PORTVERSION= 1.03
+PORTNAME= Business-WorldPay-Junior
+PORTVERSION= 1.06
CATEGORIES= misc perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN}
MASTER_SITE_SUBDIR= Business
PKGNAMEPREFIX= p5-
MAINTAINER= ports@FreeBSD.org
-COMMENT= An Business::OnlinePayment backend module for a WorldPay Select Junior service
+COMMENT= Perl module to handle WorldPay Junior for payment services
BUILD_DEPENDS= ${SITE_PERL}/Business/CreditCard.pm:${PORTSDIR}/misc/p5-Business-CreditCard \
- ${SITE_PERL}/Business/OnlinePayment.pm:${PORTSDIR}/misc/p5-Business-OnlinePayment
+ ${SITE_PERL}/Business/OnlinePayment.pm:${PORTSDIR}/misc/p5-Business-OnlinePayment \
+ ${SITE_PERL}/${PERL_ARCH}/DBI.pm:${PORTSDIR}/databases/p5-DBI
RUN_DEPENDS= ${BUILD_DEPENDS}
PERL_CONFIGURE= yes
SITE_PERL= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}
MAN3PREFIX= ${PREFIX}/lib/perl5/${PERL_VERSION}
-MAN3= Business::OnlinePayment::WorldPay::Junior.3
+MAN3= Business::WorldPay::Junior.3
+
+post-patch:
+ @${PERL} -pi -e 's/^our\s+([\$$\@\%]\w+)/use vars qw($$1);$$1/;' \
+ -e '$$_="" if /use 5/;' \
+ -e '$$_="" if /use warnings/;' \
+ ${WRKSRC}/Junior.pm
.include <bsd.port.mk>
diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/distinfo p5-Business-WorldPay-Junior/distinfo
--- p5-Business-OnlinePayment-WorldPay-Junior/distinfo Thu Oct 24 20:07:00 2002
+++ p5-Business-WorldPay-Junior/distinfo Sat Mar 15 10:23:49 2003
@@ -1 +1 @@
-MD5 (Business-OnlinePayment-WorldPay-Junior-1.03.tar.gz) = 3683f9ea4baf1e3e15e658518dd32051
+MD5 (Business-WorldPay-Junior-1.06.tar.gz) = bcd9b98d21cedcac5fb8b7da0e0012f6
diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/files/patch-Makefile.PL p5-Business-WorldPay-Junior/files/patch-Makefile.PL
--- p5-Business-OnlinePayment-WorldPay-Junior/files/patch-Makefile.PL Thu Jan 1 01:00:00 1970
+++ p5-Business-WorldPay-Junior/files/patch-Makefile.PL Sat Mar 15 10:40:21 2003
@@ -0,0 +1,13 @@
+--- Makefile.PL.orig Fri Mar 14 11:35:10 2003
++++ Makefile.PL Sat Mar 15 10:40:05 2003
+@@ -3,9 +3,6 @@
+ # the contents of the Makefile that is written.
+ WriteMakefile(
+ 'NAME' => 'Business::WorldPay::Junior',
+- 'VERSION_FROM' => 'Junior.pm', # finds $VERSION
++ 'VERSION' => '1.06',
+ 'PREREQ_PM' => {}, # e.g., Module::Name => 1.1
+- ($] >= 5.005 ? ## Add these new keywords supported since 5.005
+- (ABSTRACT_FROM => 'Junior.pm', # retrieve abstract from module
+- AUTHOR => 'Jason Clifford <jason@jasonclifford.com>') : ()),
+ );
diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/pkg-descr p5-Business-WorldPay-Junior/pkg-descr
--- p5-Business-OnlinePayment-WorldPay-Junior/pkg-descr Thu Oct 24 20:07:00 2002
+++ p5-Business-WorldPay-Junior/pkg-descr Sat Mar 15 10:37:26 2003
@@ -5,3 +5,5 @@
then verify the callback data supplied by WorldPay after a payment has been
made. The module is designed with the requirement to immediately verify that
a payment has been made and is as expected in mind.
+
+WWW: http://search.cpan.org/dist/Business-WorldPay-Junior/
diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/pkg-plist p5-Business-WorldPay-Junior/pkg-plist
--- p5-Business-OnlinePayment-WorldPay-Junior/pkg-plist Thu Oct 24 20:07:00 2002
+++ p5-Business-WorldPay-Junior/pkg-plist Sat Mar 15 10:35:06 2003
@@ -1,17 +1,20 @@
-lib/perl5/site_perl/%%PERL_VER%%/Business/OnlinePayment/WorldPay/Junior.pm
-lib/perl5/site_perl/%%PERL_VER%%/Business/OnlinePayment/WorldPay/get-rates.pl
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/authorised.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/autosplit.ix
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/callback.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/db_connect.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/errstr.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/exchange_rate.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/new.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/register.al
-lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/valid_callback_host.al
-lib/perl5/site_perl/%%PERL_VER%%/%%PERL_ARCH%%/auto/Business/OnlinePayment/WorldPay/Junior/.packlist
-@dirrm lib/perl5/site_perl/%%PERL_VER%%/%%PERL_ARCH%%/auto/Business/OnlinePayment/WorldPay/Junior
-@dirrm lib/perl5/site_perl/%%PERL_VER%%/%%PERL_ARCH%%/auto/Business/OnlinePayment/WorldPay
-@dirrm lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior
-@dirrm lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay
-@dirrm lib/perl5/site_perl/%%PERL_VER%%/Business/OnlinePayment/WorldPay
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/new.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/callback.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/valid_callback_host.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/register.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/authorised.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/errstr.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/exchange_rate.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/db_connect.al
+%%SITE_PERL%%/auto/Business/WorldPay/Junior/autosplit.ix
+%%SITE_PERL%%/%%PERL_ARCH%%/auto/Business/WorldPay/Junior/.packlist
+%%SITE_PERL%%/Business/WorldPay/Junior.pm
+%%SITE_PERL%%/Business/WorldPay/get-rates.pl
+lib/perllocal.pod-Business-WorldPay-Junior
+@dirrm %%SITE_PERL%%/auto/Business/WorldPay/Junior
+@dirrm %%SITE_PERL%%/auto/Business/WorldPay
+@dirrm %%SITE_PERL%%/Business/WorldPay
+@unexec rmdir %D/%%SITE_PERL%%/auto/Business 2>/dev/null || true
+@dirrm %%SITE_PERL%%/%%PERL_ARCH%%/auto/Business/WorldPay/Junior
+@dirrm %%SITE_PERL%%/%%PERL_ARCH%%/auto/Business/WorldPay
+@unexec rmdir %D/%%SITE_PERL%%/%%PERL_ARCH%%/auto/Business 2>/dev/null || true
--- p5-Business-WorldPay-Junior.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303150945.h2F9jOs0090215>