pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Fix for Perl format string vulnerability noted in CVE-...
details: https://anonhg.NetBSD.org/pkgsrc/rev/fd4caaed840f
branches: trunk
changeset: 504654:fd4caaed840f
user: jlam <jlam%pkgsrc.org@localhost>
date: Sun Dec 18 15:25:29 2005 +0000
description:
Fix for Perl format string vulnerability noted in CVE-2005-3962:
perl suffers from an integer wrap overflow inside the explicit
parameter format string functionality. This has been confirmed to
be a vector for remote code execution.
Bump PKGREVISION to 5.
diffstat:
doc/CHANGES | 3 ++-
lang/perl5/Makefile | 4 ++--
lang/perl5/distinfo | 3 ++-
lang/perl5/patches/patch-cm | 17 +++++++++++++++++
4 files changed, 23 insertions(+), 4 deletions(-)
diffs (68 lines):
diff -r 19e328f6a6a7 -r fd4caaed840f doc/CHANGES
--- a/doc/CHANGES Sun Dec 18 15:20:21 2005 +0000
+++ b/doc/CHANGES Sun Dec 18 15:25:29 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.12202 2005/12/17 20:50:20 wiz Exp $
+$NetBSD: CHANGES,v 1.12203 2005/12/18 15:25:32 jlam Exp $
Changes to the packages collection and infrastructure in 2005:
@@ -5752,3 +5752,4 @@
Updated x11/kdebase3 version 3.5.0nb1 [markd 2005-12-17]
Added misc/goffice version 0.1.2 [wiz 2005-12-17]
Updated math/gnumeric to 1.6.1 [wiz 2005-12-17]
+ Updated lang/perl5 to 5.8.7nb5 [jlam 2005-12-18]
diff -r 19e328f6a6a7 -r fd4caaed840f lang/perl5/Makefile
--- a/lang/perl5/Makefile Sun Dec 18 15:20:21 2005 +0000
+++ b/lang/perl5/Makefile Sun Dec 18 15:25:29 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.107 2005/12/17 05:20:22 jlam Exp $
+# $NetBSD: Makefile,v 1.108 2005/12/18 15:25:29 jlam Exp $
# The following two variables should have empty values unless we're
# building a perl snapshot or release candidate.
@@ -14,7 +14,7 @@
.if empty(PERL5_SNAPSHOT) && empty(PERL5_RC_VERS)
DISTNAME= perl-${PERL5_VERS}
PKGNAME= perl-${PERL5_VERS}
-PKGREVISION= 4
+PKGREVISION= 5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
.else
. if !empty(PERL5_SNAPSHOT)
diff -r 19e328f6a6a7 -r fd4caaed840f lang/perl5/distinfo
--- a/lang/perl5/distinfo Sun Dec 18 15:20:21 2005 +0000
+++ b/lang/perl5/distinfo Sun Dec 18 15:25:29 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2005/10/10 17:11:32 joerg Exp $
+$NetBSD: distinfo,v 1.30 2005/12/18 15:25:29 jlam Exp $
SHA1 (perl-5.8.7.tar.bz2) = c9477c6fe76b200033694bdc555a0276523d4228
RMD160 (perl-5.8.7.tar.bz2) = 110c286d73fd89e25da8ea394e763f209a76d283
@@ -18,4 +18,5 @@
SHA1 (patch-cj) = 3f40f1b166a054d55224c3e79d74516ca608b696
SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097
SHA1 (patch-cl) = 8553c83e721f5ae43a5f6e0e4d2b70510b69e77c
+SHA1 (patch-cm) = a995fbf9d6c5b2c4d42c975bc0ea2ae7a8a292b8
SHA1 (patch-zc) = eb81edd1144ec46285898afc641c03a3aad54977
diff -r 19e328f6a6a7 -r fd4caaed840f lang/perl5/patches/patch-cm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-cm Sun Dec 18 15:25:29 2005 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $
+
+Fix for Perl format string vulnerability noted in CVE-2005-3962.
+
+--- sv.c.orig 2005-05-27 06:38:11.000000000 -0400
++++ sv.c
+@@ -8520,6 +8520,10 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha
+ if (*q == '$') {
+ ++q;
+ efix = width;
++ if (width > INT_MAX)
++ efix = INT_MAX;
++ else
++ efix = width;
+ } else {
+ goto gotwidth;
+ }
Home |
Main Index |
Thread Index |
Old Index