pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/perl58 Fix instances of insecure use of /tmp that...
details: https://anonhg.NetBSD.org/pkgsrc/rev/2739e4b8b7d8
branches: trunk
changeset: 486840:2739e4b8b7d8
user: jlam <jlam%pkgsrc.org@localhost>
date: Tue Jan 04 09:50:15 2005 +0000
description:
Fix instances of insecure use of /tmp that is subject to symlink attacks
due to race conditions [CAN-2004-0976]. Also fix builds on *BSD boxes
without a hostname set. Bump the PKGREVISION to 1.
diffstat:
lang/perl58/Makefile | 4 ++--
lang/perl58/distinfo | 6 ++++--
lang/perl58/patches/patch-bd | 28 ++++++++++++++++++++++++++++
lang/perl58/patches/patch-be | 24 ++++++++++++++++++++++++
lang/perl58/patches/patch-ca | 31 ++++++++++++++++++++++++++++++-
5 files changed, 88 insertions(+), 5 deletions(-)
diffs (139 lines):
diff -r 7a4a246f44bd -r 2739e4b8b7d8 lang/perl58/Makefile
--- a/lang/perl58/Makefile Tue Jan 04 09:32:35 2005 +0000
+++ b/lang/perl58/Makefile Tue Jan 04 09:50:15 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.69 2004/12/29 19:41:25 jlam Exp $
+# $NetBSD: Makefile,v 1.70 2005/01/04 09:50:15 jlam Exp $
# The following two variables should have empty values unless we're
# building a perl snapshot or release candidate.
@@ -13,7 +13,7 @@
.if empty(PERL5_SNAPSHOT) && empty(PERL5_RC_VERS)
DISTNAME= perl-${PERL5_VERS}
PKGNAME= perl-${PERL5_VERS}
-PKGREVISION= # empty
+PKGREVISION= 1
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
.else
. if !empty(PERL5_SNAPSHOT)
diff -r 7a4a246f44bd -r 2739e4b8b7d8 lang/perl58/distinfo
--- a/lang/perl58/distinfo Tue Jan 04 09:32:35 2005 +0000
+++ b/lang/perl58/distinfo Tue Jan 04 09:50:15 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2004/12/29 19:41:25 jlam Exp $
+$NetBSD: distinfo,v 1.25 2005/01/04 09:50:15 jlam Exp $
SHA1 (perl-5.8.6.tar.bz2) = 5267c5b4900a995a10e4fc56fe10a6852004c29b
Size (perl-5.8.6.tar.bz2) = 9693085 bytes
@@ -6,7 +6,9 @@
SHA1 (patch-ae) = fa3bbb1561192ce9214a7a7c756ccb2595a52c80
SHA1 (patch-ah) = cb103c14090b2d61720ee9b555b32085c8eeb810
SHA1 (patch-ba) = 74a01f3a86f263720b9f07d1fdbaadbaecafb012
-SHA1 (patch-ca) = 094b6af2a444b9d1a258faa28a5c4b16913e6de8
+SHA1 (patch-bd) = 9f96ba1912f2a8db93db31f7a63c0b49a045318d
+SHA1 (patch-be) = 9f667f33ea24300a5580db84d0978ca53f126f29
+SHA1 (patch-ca) = 0e1f86c77dd07eac66c165fd59d56000438b2a03
SHA1 (patch-cb) = 2221fb87bddd29406d925d1cb5351eb4f3087f76
SHA1 (patch-cc) = 721459e0123c3306c44cca20e37680ec7026dd09
SHA1 (patch-cd) = d9420f57f036567abac821a8144768a2a7057b47
diff -r 7a4a246f44bd -r 2739e4b8b7d8 lang/perl58/patches/patch-bd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl58/patches/patch-bd Tue Jan 04 09:50:15 2005 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-bd,v 1.1 2005/01/04 09:50:15 jlam Exp $
+
+--- lib/ExtUtils/instmodsh.orig 2004-01-05 17:34:59.000000000 -0500
++++ lib/ExtUtils/instmodsh
+@@ -58,16 +58,13 @@ while (1)
+ $reply =~ /^t\s*/ and do
+ {
+ my $file = (split(' ', $reply))[1];
+- my $tmp = "/tmp/inst.$$";
+- if (my $fh = IO::File->new($tmp, "w"))
+- {
+- $fh->print(join("\n", $Inst->files($module)));
+- $fh->close();
+- system("tar cvf $file -I $tmp");
+- unlink($tmp);
+- last CASE;
+- }
+- else { print("Can't open $file: $!\n"); }
++ # Use File::Temp to create the tempfile and avoid possible symlink
++ # race attacks against a known filename in /tmp [CAN-2004-0976].
++ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1);
++ $fh->print(join("\n", $Inst->files($module)));
++ $fh->close();
++ system("tar cvf $file -T $tmp");
++ unlink($tmp);
+ last CASE;
+ };
+ $reply eq 'v' and do
diff -r 7a4a246f44bd -r 2739e4b8b7d8 lang/perl58/patches/patch-be
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl58/patches/patch-be Tue Jan 04 09:50:15 2005 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-be,v 1.1 2005/01/04 09:50:15 jlam Exp $
+
+--- lib/perl5db.pl.orig 2004-11-17 07:51:18.000000000 -0500
++++ lib/perl5db.pl
+@@ -215,7 +215,7 @@ the TTY to use for debugging i/o.
+ =item * noTTY
+
+ if set, goes in NonStop mode. On interrupt, if TTY is not set,
+-uses the value of noTTY or F</tmp/perldbtty$$> to find TTY using
++uses the value of noTTY or F<$HOME/.perldbtty$$> to find TTY using
+ Term::Rendezvous. Current variant is to have the name of TTY in this
+ file.
+
+@@ -6004,8 +6004,8 @@ sub setterm {
+ eval "require Term::Rendezvous;" or die;
+
+ # See if we have anything to pass to Term::Rendezvous.
+- # Use /tmp/perldbtty$$ if not.
+- my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$";
++ # Use $HOME/.perldbtty$$ if not [CAN-2004-0976].
++ my $rv = $ENV{PERLDB_NOTTY} || "$ENV{HOME}/.perldbtty$$";
+
+ # Rendezvous and get the filehandles.
+ my $term_rv = new Term::Rendezvous $rv;
diff -r 7a4a246f44bd -r 2739e4b8b7d8 lang/perl58/patches/patch-ca
--- a/lang/perl58/patches/patch-ca Tue Jan 04 09:32:35 2005 +0000
+++ b/lang/perl58/patches/patch-ca Tue Jan 04 09:50:15 2005 +0000
@@ -1,7 +1,36 @@
-$NetBSD: patch-ca,v 1.6 2004/12/29 19:41:25 jlam Exp $
+$NetBSD: patch-ca,v 1.7 2005/01/04 09:50:15 jlam Exp $
--- Configure.orig 2004-09-10 02:25:52.000000000 -0400
+++ Configure
+@@ -3111,7 +3111,7 @@ EOM
+ osvers=`echo "$4"|sed 's/^v//'`
+ ;;
+ freebsd) osname=freebsd
+- osvers="$3" ;;
++ osvers=`$uname -r | UU/tr '[A-Z]' '[a-z]'` ;;
+ genix) osname=genix ;;
+ gnu) osname=gnu
+ osvers="$3" ;;
+@@ -3133,7 +3133,7 @@ EOM
+ MiNT) osname=mint
+ ;;
+ netbsd*) osname=netbsd
+- osvers="$3"
++ osvers=`$uname -r | UU/tr '[A-Z]' '[a-z]'`
+ ;;
+ news-os) osvers="$3"
+ case "$3" in
+@@ -3144,8 +3144,8 @@ EOM
+ next*) osname=next ;;
+ nonstop-ux) osname=nonstopux ;;
+ openbsd) osname=openbsd
+- osvers="$3"
+- ;;
++ osvers=`$uname -r | UU/tr '[A-Z]' '[a-z]'`
++ ;;
+ os2) osname=os2
+ osvers="$4"
+ ;;
@@ -7852,7 +7852,7 @@ if "$useshrplib"; then
solaris)
xxx="-R $shrpdir"
Home |
Main Index |
Thread Index |
Old Index