pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/perl58 Fix a local root exploit and a buffer over...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/fc608b61ee08
branches:  trunk
changeset: 488516:fc608b61ee08
user:      jlam <jlam%pkgsrc.org@localhost>
date:      Wed Feb 02 19:09:52 2005 +0000

description:
Fix a local root exploit and a buffer overflow (CAN-2005-{0155,0156}).
Patches from Nicholas Clark in private mail.  Bump the PKGREVISION to
3.

diffstat:

 lang/perl58/Makefile         |   4 ++--
 lang/perl58/distinfo         |   3 ++-
 lang/perl58/patches/patch-bf |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diffs (63 lines):

diff -r 9e89d93c4f6e -r fc608b61ee08 lang/perl58/Makefile
--- a/lang/perl58/Makefile      Wed Feb 02 18:04:47 2005 +0000
+++ b/lang/perl58/Makefile      Wed Feb 02 19:09:52 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.74 2005/01/18 00:56:43 jlam Exp $
+# $NetBSD: Makefile,v 1.75 2005/02/02 19:09:52 jlam Exp $
 
 # The following two variables should have empty values unless we're
 # building a perl snapshot or release candidate.
@@ -13,7 +13,7 @@
 .if empty(PERL5_SNAPSHOT) && empty(PERL5_RC_VERS)
 DISTNAME=      perl-${PERL5_VERS}
 PKGNAME=       perl-${PERL5_VERS}
-PKGREVISION=   2
+PKGREVISION=   3
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
 .else
 .  if !empty(PERL5_SNAPSHOT)
diff -r 9e89d93c4f6e -r fc608b61ee08 lang/perl58/distinfo
--- a/lang/perl58/distinfo      Wed Feb 02 18:04:47 2005 +0000
+++ b/lang/perl58/distinfo      Wed Feb 02 19:09:52 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.28 2005/01/21 20:23:22 tv Exp $
+$NetBSD: distinfo,v 1.29 2005/02/02 19:09:52 jlam Exp $
 
 SHA1 (perl-5.8.6.tar.bz2) = 5267c5b4900a995a10e4fc56fe10a6852004c29b
 Size (perl-5.8.6.tar.bz2) = 9693085 bytes
@@ -8,6 +8,7 @@
 SHA1 (patch-ba) = 74a01f3a86f263720b9f07d1fdbaadbaecafb012
 SHA1 (patch-bd) = 9f96ba1912f2a8db93db31f7a63c0b49a045318d
 SHA1 (patch-be) = 9f667f33ea24300a5580db84d0978ca53f126f29
+SHA1 (patch-bf) = 9bc5690b41a70617cde89b805184a8d5605d20d1
 SHA1 (patch-ca) = 3198a5f49c2a850b1ea1f5c6f0738f45da505924
 SHA1 (patch-cb) = de10a31b699d877cedb3ca849458e10071912972
 SHA1 (patch-cc) = b04ea30ac47ae0748aa6b6c83c8de0396ace349f
diff -r 9e89d93c4f6e -r fc608b61ee08 lang/perl58/patches/patch-bf
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl58/patches/patch-bf      Wed Feb 02 19:09:52 2005 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-bf,v 1.1 2005/02/02 19:09:52 jlam Exp $
+
+--- perlio.c.orig      2004-09-10 03:06:52.000000000 -0400
++++ perlio.c
+@@ -454,7 +454,8 @@ PerlIO_debug(const char *fmt, ...)
+     va_list ap;
+     dSYS;
+     va_start(ap, fmt);
+-    if (!dbg) {
++    /* Tighten uid/gid checks [CAN-2005-0155] */
++    if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) {
+       char *s = PerlEnv_getenv("PERLIO_DEBUG");
+       if (s && *s)
+           dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666);
+@@ -471,7 +472,8 @@ PerlIO_debug(const char *fmt, ...)
+       s = CopFILE(PL_curcop);
+       if (!s)
+           s = "(none)";
+-      sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
++      /* Avoid PERLIO_DEBUG buffer overflow [CAN-2005-0156] */
++      sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
+       len = strlen(buffer);
+       vsprintf(buffer+len, fmt, ap);
+       PerlLIO_write(dbg, buffer, strlen(buffer));



Home | Main Index | Thread Index | Old Index