Date: Sat, 15 Mar 2003 10:45:24 +0100 (CET) From: Erwin Lansing <erwin@lansing.dk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/50017: Security update to p5-Business-OnlinePayment-WorldPay-Junior-1.03 Message-ID: <200303150945.h2F9jOs0090215@lemur.droso.net>
next in thread | raw e-mail | index | archive | help
>Number: 50017 >Category: ports >Synopsis: Security update to p5-Business-OnlinePayment-WorldPay-Junior-1.03 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Mar 15 01:50:13 PST 2003 >Closed-Date: >Last-Modified: >Originator: Erwin Lansing >Release: FreeBSD 4.8-RC i386 >Organization: pil.dk >Environment: System: FreeBSD lemur.droso.net 4.8-RC FreeBSD 4.8-RC #15: Tue Mar 4 02:07:34 CET 2003 root@panda.droso.net:/usr/obj/usr/src/sys/PANDA i386 >Description: In the words of the author: "Please be advised that I have today made an important security update to the module to fix a serious, remotely exploitable, bug in the module. I have also renamed the module today to avoid namespace conflicts with the Business::OnlinePayment API." Requested by: Jason Clifford <jason@ukpost.com> (author) >How-To-Repeat: >Fix: This diff is to misc/p5-Business-OnlinePayment-WorldPay-Junior. Please repocopy that port to misc/p5-Business-WorldPay-Junior, remove the old port and apply the following diff. Note: added file files/patch-Makefile.PL --- p5-Business-WorldPay-Junior.diff begins here --- diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/Makefile p5-Business-WorldPay-Junior/Makefile --- p5-Business-OnlinePayment-WorldPay-Junior/Makefile Thu Feb 20 19:46:29 2003 +++ p5-Business-WorldPay-Junior/Makefile Sat Mar 15 10:40:28 2003 @@ -5,24 +5,31 @@ # $FreeBSD: ports/misc/p5-Business-OnlinePayment-WorldPay-Junior/Makefile,v 1.4 2003/02/20 18:46:29 knu Exp $ # -PORTNAME= Business-OnlinePayment-WorldPay-Junior -PORTVERSION= 1.03 +PORTNAME= Business-WorldPay-Junior +PORTVERSION= 1.06 CATEGORIES= misc perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN} MASTER_SITE_SUBDIR= Business PKGNAMEPREFIX= p5- MAINTAINER= ports@FreeBSD.org -COMMENT= An Business::OnlinePayment backend module for a WorldPay Select Junior service +COMMENT= Perl module to handle WorldPay Junior for payment services BUILD_DEPENDS= ${SITE_PERL}/Business/CreditCard.pm:${PORTSDIR}/misc/p5-Business-CreditCard \ - ${SITE_PERL}/Business/OnlinePayment.pm:${PORTSDIR}/misc/p5-Business-OnlinePayment + ${SITE_PERL}/Business/OnlinePayment.pm:${PORTSDIR}/misc/p5-Business-OnlinePayment \ + ${SITE_PERL}/${PERL_ARCH}/DBI.pm:${PORTSDIR}/databases/p5-DBI RUN_DEPENDS= ${BUILD_DEPENDS} PERL_CONFIGURE= yes SITE_PERL= ${LOCALBASE}/lib/perl5/site_perl/${PERL_VER} MAN3PREFIX= ${PREFIX}/lib/perl5/${PERL_VERSION} -MAN3= Business::OnlinePayment::WorldPay::Junior.3 +MAN3= Business::WorldPay::Junior.3 + +post-patch: + @${PERL} -pi -e 's/^our\s+([\$$\@\%]\w+)/use vars qw($$1);$$1/;' \ + -e '$$_="" if /use 5/;' \ + -e '$$_="" if /use warnings/;' \ + ${WRKSRC}/Junior.pm .include <bsd.port.mk> diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/distinfo p5-Business-WorldPay-Junior/distinfo --- p5-Business-OnlinePayment-WorldPay-Junior/distinfo Thu Oct 24 20:07:00 2002 +++ p5-Business-WorldPay-Junior/distinfo Sat Mar 15 10:23:49 2003 @@ -1 +1 @@ -MD5 (Business-OnlinePayment-WorldPay-Junior-1.03.tar.gz) = 3683f9ea4baf1e3e15e658518dd32051 +MD5 (Business-WorldPay-Junior-1.06.tar.gz) = bcd9b98d21cedcac5fb8b7da0e0012f6 diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/files/patch-Makefile.PL p5-Business-WorldPay-Junior/files/patch-Makefile.PL --- p5-Business-OnlinePayment-WorldPay-Junior/files/patch-Makefile.PL Thu Jan 1 01:00:00 1970 +++ p5-Business-WorldPay-Junior/files/patch-Makefile.PL Sat Mar 15 10:40:21 2003 @@ -0,0 +1,13 @@ +--- Makefile.PL.orig Fri Mar 14 11:35:10 2003 ++++ Makefile.PL Sat Mar 15 10:40:05 2003 +@@ -3,9 +3,6 @@ + # the contents of the Makefile that is written. + WriteMakefile( + 'NAME' => 'Business::WorldPay::Junior', +- 'VERSION_FROM' => 'Junior.pm', # finds $VERSION ++ 'VERSION' => '1.06', + 'PREREQ_PM' => {}, # e.g., Module::Name => 1.1 +- ($] >= 5.005 ? ## Add these new keywords supported since 5.005 +- (ABSTRACT_FROM => 'Junior.pm', # retrieve abstract from module +- AUTHOR => 'Jason Clifford <jason@jasonclifford.com>') : ()), + ); diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/pkg-descr p5-Business-WorldPay-Junior/pkg-descr --- p5-Business-OnlinePayment-WorldPay-Junior/pkg-descr Thu Oct 24 20:07:00 2002 +++ p5-Business-WorldPay-Junior/pkg-descr Sat Mar 15 10:37:26 2003 @@ -5,3 +5,5 @@ then verify the callback data supplied by WorldPay after a payment has been made. The module is designed with the requirement to immediately verify that a payment has been made and is as expected in mind. + +WWW: http://search.cpan.org/dist/Business-WorldPay-Junior/ diff -ruN p5-Business-OnlinePayment-WorldPay-Junior/pkg-plist p5-Business-WorldPay-Junior/pkg-plist --- p5-Business-OnlinePayment-WorldPay-Junior/pkg-plist Thu Oct 24 20:07:00 2002 +++ p5-Business-WorldPay-Junior/pkg-plist Sat Mar 15 10:35:06 2003 @@ -1,17 +1,20 @@ -lib/perl5/site_perl/%%PERL_VER%%/Business/OnlinePayment/WorldPay/Junior.pm -lib/perl5/site_perl/%%PERL_VER%%/Business/OnlinePayment/WorldPay/get-rates.pl -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/authorised.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/autosplit.ix -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/callback.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/db_connect.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/errstr.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/exchange_rate.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/new.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/register.al -lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior/valid_callback_host.al -lib/perl5/site_perl/%%PERL_VER%%/%%PERL_ARCH%%/auto/Business/OnlinePayment/WorldPay/Junior/.packlist -@dirrm lib/perl5/site_perl/%%PERL_VER%%/%%PERL_ARCH%%/auto/Business/OnlinePayment/WorldPay/Junior -@dirrm lib/perl5/site_perl/%%PERL_VER%%/%%PERL_ARCH%%/auto/Business/OnlinePayment/WorldPay -@dirrm lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay/Junior -@dirrm lib/perl5/site_perl/%%PERL_VER%%/auto/Business/OnlinePayment/WorldPay -@dirrm lib/perl5/site_perl/%%PERL_VER%%/Business/OnlinePayment/WorldPay +%%SITE_PERL%%/auto/Business/WorldPay/Junior/new.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/callback.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/valid_callback_host.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/register.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/authorised.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/errstr.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/exchange_rate.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/db_connect.al +%%SITE_PERL%%/auto/Business/WorldPay/Junior/autosplit.ix +%%SITE_PERL%%/%%PERL_ARCH%%/auto/Business/WorldPay/Junior/.packlist +%%SITE_PERL%%/Business/WorldPay/Junior.pm +%%SITE_PERL%%/Business/WorldPay/get-rates.pl +lib/perllocal.pod-Business-WorldPay-Junior +@dirrm %%SITE_PERL%%/auto/Business/WorldPay/Junior +@dirrm %%SITE_PERL%%/auto/Business/WorldPay +@dirrm %%SITE_PERL%%/Business/WorldPay +@unexec rmdir %D/%%SITE_PERL%%/auto/Business 2>/dev/null || true +@dirrm %%SITE_PERL%%/%%PERL_ARCH%%/auto/Business/WorldPay/Junior +@dirrm %%SITE_PERL%%/%%PERL_ARCH%%/auto/Business/WorldPay +@unexec rmdir %D/%%SITE_PERL%%/%%PERL_ARCH%%/auto/Business 2>/dev/null || true --- p5-Business-WorldPay-Junior.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303150945.h2F9jOs0090215>