pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/perl5 Minimally invasive fix for CVE-2014-4330, a...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a3e38fa3a167
branches: trunk
changeset: 639878:a3e38fa3a167
user: spz <spz%pkgsrc.org@localhost>
date: Mon Sep 29 11:36:01 2014 +0000
description:
Minimally invasive fix for CVE-2014-4330, also known as
https://www.lsexperts.de/advisories/lse-2014-06-10.txt,
a stack overflow vulnerability in Data::Dumper
Patches taken from
http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304,
to be removed when updating to 5.20.1 (or later).
perl-5.20.0nb2 is fit for pkg_add -u replacement of perl-5.20.0nb1
diffstat:
lang/perl5/Makefile | 4 +-
lang/perl5/distinfo | 4 +-
lang/perl5/patches/patch-dist_Data-Dumper_Dumper.pm | 65 ++++++++++
lang/perl5/patches/patch-dist_Data-Dumper_Dumper.xs | 123 ++++++++++++++++++++
4 files changed, 193 insertions(+), 3 deletions(-)
diffs (229 lines):
diff -r f7e30d43d418 -r a3e38fa3a167 lang/perl5/Makefile
--- a/lang/perl5/Makefile Mon Sep 29 08:35:51 2014 +0000
+++ b/lang/perl5/Makefile Mon Sep 29 11:36:01 2014 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.229 2014/07/05 05:10:48 richard Exp $
+# $NetBSD: Makefile,v 1.230 2014/09/29 11:36:01 spz Exp $
.include "license.mk"
.include "Makefile.common"
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= Practical Extraction and Report Language
CONFLICTS+= perl-base-[0-9]* perl-thread-[0-9]*
diff -r f7e30d43d418 -r a3e38fa3a167 lang/perl5/distinfo
--- a/lang/perl5/distinfo Mon Sep 29 08:35:51 2014 +0000
+++ b/lang/perl5/distinfo Mon Sep 29 11:36:01 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.122 2014/08/12 05:41:39 mrg Exp $
+$NetBSD: distinfo,v 1.123 2014/09/29 11:36:01 spz Exp $
SHA1 (perl-5.20.0.tar.bz2) = e925e4fc36e90eace19a1ca850f912618ba6788f
RMD160 (perl-5.20.0.tar.bz2) = a14fa854f2d50aa5f16ff3a982244dd6cd0c4730
@@ -14,6 +14,8 @@
SHA1 (patch-ck) = 5c381db130cdf4c315678e2d65380eaaa3065fee
SHA1 (patch-cn) = d1877383e213a414562b5bb4c1e8aa785926fab7
SHA1 (patch-cpan_Socket_Socket.xs) = 9390c42ad456b0ea114c2e57e4d829d630fb698e
+SHA1 (patch-dist_Data-Dumper_Dumper.pm) = 27f9bb4084aa0b21b05bd10d850942b978f7f821
+SHA1 (patch-dist_Data-Dumper_Dumper.xs) = 2e3384973a70b46f8f9ed72c0e9966e00fcbd8af
SHA1 (patch-ext_Errno_Errno__pm.PL) = 4f135e267da17de38f8f1e7e03d5209bfd09a323
SHA1 (patch-hints_cygwin.sh) = 1b21d927d6b7379754c4cd64a2b05d3632c35470
SHA1 (patch-hints_darwin.sh) = c561d1862f8ca76652a35741c691394eb8cda70a
diff -r f7e30d43d418 -r a3e38fa3a167 lang/perl5/patches/patch-dist_Data-Dumper_Dumper.pm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-dist_Data-Dumper_Dumper.pm Mon Sep 29 11:36:01 2014 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-dist_Data-Dumper_Dumper.pm,v 1.1 2014/09/29 11:36:01 spz Exp $
+
+patch for CVE-2014-4330, remove for 5.20.1
+taken from http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304
+
+--- dist/Data-Dumper/Dumper.pm.orig 2014-05-26 13:34:19.000000000 +0000
++++ dist/Data-Dumper/Dumper.pm
+@@ -56,6 +56,7 @@ $Useperl = 0 unless defined $
+ $Sortkeys = 0 unless defined $Sortkeys;
+ $Deparse = 0 unless defined $Deparse;
+ $Sparseseen = 0 unless defined $Sparseseen;
++$Maxrecurse = 1000 unless defined $Maxrecurse;
+
+ #
+ # expects an arrayref of values to be dumped.
+@@ -92,6 +93,7 @@ sub new {
+ 'bless' => $Bless, # keyword to use for "bless"
+ # expdepth => $Expdepth, # cutoff depth for explicit dumping
+ maxdepth => $Maxdepth, # depth beyond which we give up
++ maxrecurse => $Maxrecurse, # depth beyond which we abort
+ useperl => $Useperl, # use the pure Perl implementation
+ sortkeys => $Sortkeys, # flag or filter for sorting hash keys
+ deparse => $Deparse, # use B::Deparse for coderefs
+@@ -350,6 +352,12 @@ sub _dump {
+ return qq['$val'];
+ }
+
++ # avoid recursing infinitely [perl #122111]
++ if ($s->{maxrecurse} > 0
++ and $s->{level} >= $s->{maxrecurse}) {
++ die "Recursion limit of $s->{maxrecurse} exceeded";
++ }
++
+ # we have a blessed ref
+ my ($blesspad);
+ if ($realpack and !$no_bless) {
+@@ -680,6 +688,11 @@ sub Maxdepth {
+ defined($v) ? (($s->{'maxdepth'} = $v), return $s) : $s->{'maxdepth'};
+ }
+
++sub Maxrecurse {
++ my($s, $v) = @_;
++ defined($v) ? (($s->{'maxrecurse'} = $v), return $s) : $s->{'maxrecurse'};
++}
++
+ sub Useperl {
+ my($s, $v) = @_;
+ defined($v) ? (($s->{'useperl'} = $v), return $s) : $s->{'useperl'};
+@@ -1105,6 +1118,16 @@ no maximum depth.
+
+ =item *
+
++$Data::Dumper::Maxrecurse I<or> $I<OBJ>->Maxrecurse(I<[NEWVAL]>)
++
++Can be set to a positive integer that specifies the depth beyond which
++recursion into a structure will throw an exception. This is intended
++as a security measure to prevent perl running out of stack space when
++dumping an excessively deep structure. Can be set to 0 to remove the
++limit. Default is 1000.
++
++=item *
++
+ $Data::Dumper::Useperl I<or> $I<OBJ>->Useperl(I<[NEWVAL]>)
+
+ Can be set to a boolean value which controls whether the pure Perl
diff -r f7e30d43d418 -r a3e38fa3a167 lang/perl5/patches/patch-dist_Data-Dumper_Dumper.xs
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-dist_Data-Dumper_Dumper.xs Mon Sep 29 11:36:01 2014 +0000
@@ -0,0 +1,123 @@
+$NetBSD: patch-dist_Data-Dumper_Dumper.xs,v 1.1 2014/09/29 11:36:01 spz Exp $
+
+patch for CVE-2014-4330, remove for 5.20.1
+taken from http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304
+
+--- dist/Data-Dumper/Dumper.xs.orig 2014-05-26 13:34:19.000000000 +0000
++++ dist/Data-Dumper/Dumper.xs
+@@ -28,7 +28,7 @@ static I32 DD_dump (pTHX_ SV *val, const
+ SV *pad, SV *xpad, SV *apad, SV *sep, SV *pair,
+ SV *freezer, SV *toaster,
+ I32 purity, I32 deepcopy, I32 quotekeys, SV *bless,
+- I32 maxdepth, SV *sortkeys, int use_sparse_seen_hash, I32 useqq);
++ I32 maxdepth, SV *sortkeys, int use_sparse_seen_hash, I32 useqq, IV maxrecurse);
+
+ #ifndef HvNAME_get
+ #define HvNAME_get HvNAME
+@@ -412,7 +412,7 @@ DD_dump(pTHX_ SV *val, const char *name,
+ AV *postav, I32 *levelp, I32 indent, SV *pad, SV *xpad,
+ SV *apad, SV *sep, SV *pair, SV *freezer, SV *toaster, I32 purity,
+ I32 deepcopy, I32 quotekeys, SV *bless, I32 maxdepth, SV *sortkeys,
+- int use_sparse_seen_hash, I32 useqq)
++ int use_sparse_seen_hash, I32 useqq, IV maxrecurse)
+ {
+ char tmpbuf[128];
+ Size_t i;
+@@ -589,6 +589,10 @@ DD_dump(pTHX_ SV *val, const char *name,
+ return 1;
+ }
+
++ if (maxrecurse > 0 && *levelp >= maxrecurse) {
++ croak("Recursion limit of %" IVdf " exceeded", maxrecurse);
++ }
++
+ if (realpack && !no_bless) { /* we have a blessed ref */
+ STRLEN blesslen;
+ const char * const blessstr = SvPV(bless, blesslen);
+@@ -674,7 +678,8 @@ DD_dump(pTHX_ SV *val, const char *name,
+ DD_dump(aTHX_ ival, SvPVX_const(namesv), SvCUR(namesv), retval, seenhv,
+ postav, levelp, indent, pad, xpad, apad, sep, pair,
+ freezer, toaster, purity, deepcopy, quotekeys, bless,
+- maxdepth, sortkeys, use_sparse_seen_hash, useqq);
++ maxdepth, sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ sv_catpvn(retval, ")}", 2);
+ } /* plain */
+ else {
+@@ -682,7 +687,8 @@ DD_dump(pTHX_ SV *val, const char *name,
+ DD_dump(aTHX_ ival, SvPVX_const(namesv), SvCUR(namesv), retval, seenhv,
+ postav, levelp, indent, pad, xpad, apad, sep, pair,
+ freezer, toaster, purity, deepcopy, quotekeys, bless,
+- maxdepth, sortkeys, use_sparse_seen_hash, useqq);
++ maxdepth, sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ }
+ SvREFCNT_dec(namesv);
+ }
+@@ -694,7 +700,8 @@ DD_dump(pTHX_ SV *val, const char *name,
+ DD_dump(aTHX_ ival, SvPVX_const(namesv), SvCUR(namesv), retval, seenhv,
+ postav, levelp, indent, pad, xpad, apad, sep, pair,
+ freezer, toaster, purity, deepcopy, quotekeys, bless,
+- maxdepth, sortkeys, use_sparse_seen_hash, useqq);
++ maxdepth, sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ SvREFCNT_dec(namesv);
+ }
+ else if (realtype == SVt_PVAV) {
+@@ -767,7 +774,8 @@ DD_dump(pTHX_ SV *val, const char *name,
+ DD_dump(aTHX_ elem, iname, ilen, retval, seenhv, postav,
+ levelp, indent, pad, xpad, apad, sep, pair,
+ freezer, toaster, purity, deepcopy, quotekeys, bless,
+- maxdepth, sortkeys, use_sparse_seen_hash, useqq);
++ maxdepth, sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ if (ix < ixmax)
+ sv_catpvn(retval, ",", 1);
+ }
+@@ -970,7 +978,8 @@ DD_dump(pTHX_ SV *val, const char *name,
+ DD_dump(aTHX_ hval, SvPVX_const(sname), SvCUR(sname), retval, seenhv,
+ postav, levelp, indent, pad, xpad, newapad, sep, pair,
+ freezer, toaster, purity, deepcopy, quotekeys, bless,
+- maxdepth, sortkeys, use_sparse_seen_hash, useqq);
++ maxdepth, sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ SvREFCNT_dec(sname);
+ Safefree(nkey_buffer);
+ if (indent >= 2)
+@@ -1179,7 +1188,8 @@ DD_dump(pTHX_ SV *val, const char *name,
+ seenhv, postav, &nlevel, indent, pad, xpad,
+ newapad, sep, pair, freezer, toaster, purity,
+ deepcopy, quotekeys, bless, maxdepth,
+- sortkeys, use_sparse_seen_hash, useqq);
++ sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ SvREFCNT_dec(e);
+ }
+ }
+@@ -1269,6 +1279,7 @@ Data_Dumper_Dumpxs(href, ...)
+ SV *val, *name, *pad, *xpad, *apad, *sep, *pair, *varname;
+ SV *freezer, *toaster, *bless, *sortkeys;
+ I32 purity, deepcopy, quotekeys, maxdepth = 0;
++ IV maxrecurse = 1000;
+ char tmpbuf[1024];
+ I32 gimme = GIMME;
+ int use_sparse_seen_hash = 0;
+@@ -1355,6 +1366,8 @@ Data_Dumper_Dumpxs(href, ...)
+ bless = *svp;
+ if ((svp = hv_fetch(hv, "maxdepth", 8, FALSE)))
+ maxdepth = SvIV(*svp);
++ if ((svp = hv_fetch(hv, "maxrecurse", 10, FALSE)))
++ maxrecurse = SvIV(*svp);
+ if ((svp = hv_fetch(hv, "sortkeys", 8, FALSE))) {
+ sortkeys = *svp;
+ if (! SvTRUE(sortkeys))
+@@ -1434,7 +1447,8 @@ Data_Dumper_Dumpxs(href, ...)
+ DD_dump(aTHX_ val, SvPVX_const(name), SvCUR(name), valstr, seenhv,
+ postav, &level, indent, pad, xpad, newapad, sep, pair,
+ freezer, toaster, purity, deepcopy, quotekeys,
+- bless, maxdepth, sortkeys, use_sparse_seen_hash, useqq);
++ bless, maxdepth, sortkeys, use_sparse_seen_hash, useqq,
++ maxrecurse);
+ SPAGAIN;
+
+ if (indent >= 2 && !terse)
Home |
Main Index |
Thread Index |
Old Index