pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Use the vendor-supplied set of fixes for the following...
details: https://anonhg.NetBSD.org/pkgsrc/rev/0943436626f4
branches: trunk
changeset: 506291:0943436626f4
user: jlam <jlam%pkgsrc.org@localhost>
date: Fri Jan 13 20:04:48 2006 +0000
description:
Use the vendor-supplied set of fixes for the following security advisories:
CVE-2005-3916 - format string vulnerability in scripts using syslog()
CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn()
Bump the PKGREVISION to 7.
diffstat:
doc/CHANGES | 3 ++-
lang/perl5/Makefile | 24 ++++++++++++++++++++++--
lang/perl5/distinfo | 8 +++++++-
lang/perl5/patches/patch-cm | 17 -----------------
4 files changed, 31 insertions(+), 21 deletions(-)
diffs (97 lines):
diff -r c5797f5827fc -r 0943436626f4 doc/CHANGES
--- a/doc/CHANGES Fri Jan 13 20:03:26 2006 +0000
+++ b/doc/CHANGES Fri Jan 13 20:04:48 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.12492 2006/01/13 18:43:12 wiz Exp $
+$NetBSD: CHANGES,v 1.12493 2006/01/13 20:04:50 jlam Exp $
Changes to the packages collection and infrastructure in 2006:
@@ -273,3 +273,4 @@
Added textproc/po4a version 0.23 [wiz 2006-01-13]
Updated sysutils/fakeroot to 1.5.6 [wiz 2006-01-13]
Updated net/ucarp to 1.1 [wiz 2006-01-13]
+ Updated lang/perl5 to 5.8.7nb7 [jlam 2006-01-13]
diff -r c5797f5827fc -r 0943436626f4 lang/perl5/Makefile
--- a/lang/perl5/Makefile Fri Jan 13 20:03:26 2006 +0000
+++ b/lang/perl5/Makefile Fri Jan 13 20:04:48 2006 +0000
@@ -1,10 +1,25 @@
-# $NetBSD: Makefile,v 1.113 2006/01/13 19:15:11 jlam Exp $
+# $NetBSD: Makefile,v 1.114 2006/01/13 20:04:48 jlam Exp $
DISTNAME= perl-5.8.7
-PKGREVISION= 6
+PKGREVISION= 7
CATEGORIES= lang devel perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
EXTRACT_SUFX= .tar.bz2
+DISTFILES+= ${DISTNAME}${EXTRACT_SUFX}
+
+# Vendor patch to fix the security vulnerability CVE-2005-3962 regarding
+# an sprintf buffer overflow attack.
+#
+PATCHFILES= sprintf-5.8.7.patch
+PATCH_SITES= ${MASTER_SITE_PERL_CPAN:=../../authors/id/N/NW/NWCLARK/}
+PATCH_DIST_STRIP= -p1
+
+# Update the base Sys-Syslog package to a version which fixes a security
+# vulnerabilty CVE-2005-3912 regarding the proper arguments for syslog().
+#
+SYS_SYSLOG= Sys-Syslog-0.13
+SITES_${SYS_SYSLOG}.tar.gz= ${MASTER_SITE_PERL_CPAN:=Sys/}
+DISTFILES+= ${SYS_SYSLOG}.tar.gz
MAINTAINER= jlam%pkgsrc.org@localhost
HOMEPAGE= http://www.perl.org/
@@ -235,6 +250,11 @@
lib/ExtUtils/Install.pm
SUBST_SED.dirmode= -e "s/755/${PKGDIRMODE}/g;/umask(/d"
+# Replace the base Sys-Syslog module with the fixed version.
+post-extract:
+ ${RM} -fr ${WRKSRC}/ext/Sys/Syslog
+ ${CP} -r ${WRKDIR}/${SYS_SYSLOG} ${WRKSRC}/ext/Sys/Syslog
+
# It's tough to guess which hints file will be used, so add our modifications
# to all of them:
#
diff -r c5797f5827fc -r 0943436626f4 lang/perl5/distinfo
--- a/lang/perl5/distinfo Fri Jan 13 20:03:26 2006 +0000
+++ b/lang/perl5/distinfo Fri Jan 13 20:04:48 2006 +0000
@@ -1,8 +1,14 @@
-$NetBSD: distinfo,v 1.31 2005/12/29 17:54:45 jlam Exp $
+$NetBSD: distinfo,v 1.32 2006/01/13 20:04:48 jlam Exp $
SHA1 (perl-5.8.7.tar.bz2) = c9477c6fe76b200033694bdc555a0276523d4228
RMD160 (perl-5.8.7.tar.bz2) = 110c286d73fd89e25da8ea394e763f209a76d283
Size (perl-5.8.7.tar.bz2) = 9839086 bytes
+SHA1 (Sys-Syslog-0.13.tar.gz) = 172a5aed0a3fe30b1b3e1b4def504248791862b3
+RMD160 (Sys-Syslog-0.13.tar.gz) = 3105071ac2652f651d6ced467564aaadaab77d84
+Size (Sys-Syslog-0.13.tar.gz) = 16894 bytes
+SHA1 (sprintf-5.8.7.patch) = 3327901033010a595d97a28fef6d1a144951f342
+RMD160 (sprintf-5.8.7.patch) = 25c81b3441491996efbf4b036c37f8d537dd9131
+Size (sprintf-5.8.7.patch) = 9332 bytes
SHA1 (patch-aa) = 965df39b13e67783e851838cf51b34bb248642e8
SHA1 (patch-ae) = 044ac094cd475a16483552aa6f1bde03bd11f592
SHA1 (patch-ah) = 7847562d35cd4834a45139b6a8cfe766aa45fa0a
diff -r c5797f5827fc -r 0943436626f4 lang/perl5/patches/patch-cm
--- a/lang/perl5/patches/patch-cm Fri Jan 13 20:03:26 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $
-
-Fix for Perl format string vulnerability noted in CVE-2005-3962.
-
---- sv.c.orig 2005-05-27 06:38:11.000000000 -0400
-+++ sv.c
-@@ -8520,6 +8520,10 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha
- if (*q == '$') {
- ++q;
- efix = width;
-+ if (width > INT_MAX)
-+ efix = INT_MAX;
-+ else
-+ efix = width;
- } else {
- goto gotwidth;
- }
Home |
Main Index |
Thread Index |
Old Index