summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2005-12-18 15:25:29 +0000
committerjlam <jlam@pkgsrc.org>2005-12-18 15:25:29 +0000
commitf4cc8975af017eed49407ca6b701ec62c49c5674 (patch)
tree285ec06f4e8b8d202a6fce93d1aee2b9a677a171
parent1ddd52875fbf6129f11adaead5621f11b9c386a0 (diff)
downloadpkgsrc-f4cc8975af017eed49407ca6b701ec62c49c5674.tar.gz
Fix for Perl format string vulnerability noted in CVE-2005-3962:
perl suffers from an integer wrap overflow inside the explicit parameter format string functionality. This has been confirmed to be a vector for remote code execution. Bump PKGREVISION to 5.
Diffstat
-rw-r--r--doc/CHANGES3
-rw-r--r--lang/perl5/Makefile4
-rw-r--r--lang/perl5/distinfo3
-rw-r--r--lang/perl5/patches/patch-cm17
4 files changed, 23 insertions, 4 deletions
diff --git a/doc/CHANGES b/doc/CHANGES
index 4fb00d970c4..dd28b23a0dd 100644
--- a/doc/CHANGES
+++ b/doc/CHANGES
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.12202 2005/12/17 20:50:20 wiz Exp $
+$NetBSD: CHANGES,v 1.12203 2005/12/18 15:25:32 jlam Exp $
Changes to the packages collection and infrastructure in 2005:
@@ -5752,3 +5752,4 @@ Changes to the packages collection and infrastructure in 2005:
Updated x11/kdebase3 version 3.5.0nb1 [markd 2005-12-17]
Added misc/goffice version 0.1.2 [wiz 2005-12-17]
Updated math/gnumeric to 1.6.1 [wiz 2005-12-17]
+ Updated lang/perl5 to 5.8.7nb5 [jlam 2005-12-18]
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile
index 175f1062eb4..4272452921c 100644
--- a/lang/perl5/Makefile
+++ b/lang/perl5/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.107 2005/12/17 05:20:22 jlam Exp $
+# $NetBSD: Makefile,v 1.108 2005/12/18 15:25:29 jlam Exp $
# The following two variables should have empty values unless we're
# building a perl snapshot or release candidate.
@@ -14,7 +14,7 @@ WRKSRC= ${WRKDIR}/${DISTNAME}
.if empty(PERL5_SNAPSHOT) && empty(PERL5_RC_VERS)
DISTNAME= perl-${PERL5_VERS}
PKGNAME= perl-${PERL5_VERS}
-PKGREVISION= 4
+PKGREVISION= 5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
.else
. if !empty(PERL5_SNAPSHOT)
diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo
index 9e33541f982..a393e7c2f49 100644
--- a/lang/perl5/distinfo
+++ b/lang/perl5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2005/10/10 17:11:32 joerg Exp $
+$NetBSD: distinfo,v 1.30 2005/12/18 15:25:29 jlam Exp $
SHA1 (perl-5.8.7.tar.bz2) = c9477c6fe76b200033694bdc555a0276523d4228
RMD160 (perl-5.8.7.tar.bz2) = 110c286d73fd89e25da8ea394e763f209a76d283
@@ -18,4 +18,5 @@ SHA1 (patch-ci) = 908a8bb35c088b994bde49707ab1536b4ab3d7a4
SHA1 (patch-cj) = 3f40f1b166a054d55224c3e79d74516ca608b696
SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097
SHA1 (patch-cl) = 8553c83e721f5ae43a5f6e0e4d2b70510b69e77c
+SHA1 (patch-cm) = a995fbf9d6c5b2c4d42c975bc0ea2ae7a8a292b8
SHA1 (patch-zc) = eb81edd1144ec46285898afc641c03a3aad54977
diff --git a/lang/perl5/patches/patch-cm b/lang/perl5/patches/patch-cm
new file mode 100644
index 00000000000..7c08f95f84f
--- /dev/null
+++ b/lang/perl5/patches/patch-cm
@@ -0,0 +1,17 @@
+$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $
+
+Fix for Perl format string vulnerability noted in CVE-2005-3962.
+
+--- sv.c.orig 2005-05-27 06:38:11.000000000 -0400
++++ sv.c
+@@ -8520,6 +8520,10 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha
+ if (*q == '$') {
+ ++q;
+ efix = width;
++ if (width > INT_MAX)
++ efix = INT_MAX;
++ else
++ efix = width;
+ } else {
+ goto gotwidth;
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-12 23:08:40 +0000