diff options
| author | jlam <jlam@pkgsrc.org> | 2005-01-04 09:50:15 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2005-01-04 09:50:15 +0000 |
| commit | 85efacebfc1e171ae6d8adedff710e28a9590c18 (patch) | |
| tree | 4b237d019385a5a14c339781e9375f6b66ef55ec /lang/perl58 | |
| parent | 6ee2d07b76e7d55915d225ced7ab20bb77b1bf5e (diff) | |
| download | pkgsrc-85efacebfc1e171ae6d8adedff710e28a9590c18.tar.gz | |
Fix instances of insecure use of /tmp that is subject to symlink attacks
due to race conditions [CAN-2004-0976]. Also fix builds on *BSD boxes
without a hostname set. Bump the PKGREVISION to 1.
Diffstat (limited to 'lang/perl58')
| -rw-r--r-- | lang/perl58/Makefile | 4 | ||||
| -rw-r--r-- | lang/perl58/distinfo | 6 | ||||
| -rw-r--r-- | lang/perl58/patches/patch-bd | 28 | ||||
| -rw-r--r-- | lang/perl58/patches/patch-be | 24 | ||||
| -rw-r--r-- | lang/perl58/patches/patch-ca | 31 |
5 files changed, 88 insertions, 5 deletions
diff --git a/lang/perl58/Makefile b/lang/perl58/Makefile index 983e2362c7d..aeee46ef545 100644 --- a/lang/perl58/Makefile +++ b/lang/perl58/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.69 2004/12/29 19:41:25 jlam Exp $ +# $NetBSD: Makefile,v 1.70 2005/01/04 09:50:15 jlam Exp $ # The following two variables should have empty values unless we're # building a perl snapshot or release candidate. @@ -13,7 +13,7 @@ EXTRACT_SUFX= .tar.bz2 .if empty(PERL5_SNAPSHOT) && empty(PERL5_RC_VERS) DISTNAME= perl-${PERL5_VERS} PKGNAME= perl-${PERL5_VERS} -PKGREVISION= # empty +PKGREVISION= 1 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,} .else . if !empty(PERL5_SNAPSHOT) diff --git a/lang/perl58/distinfo b/lang/perl58/distinfo index 6072e94ee0c..ebbd282616c 100644 --- a/lang/perl58/distinfo +++ b/lang/perl58/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2004/12/29 19:41:25 jlam Exp $ +$NetBSD: distinfo,v 1.25 2005/01/04 09:50:15 jlam Exp $ SHA1 (perl-5.8.6.tar.bz2) = 5267c5b4900a995a10e4fc56fe10a6852004c29b Size (perl-5.8.6.tar.bz2) = 9693085 bytes @@ -6,7 +6,9 @@ SHA1 (patch-aa) = a441cba11b12a4285284e98b6e5918efbd8bafef SHA1 (patch-ae) = fa3bbb1561192ce9214a7a7c756ccb2595a52c80 SHA1 (patch-ah) = cb103c14090b2d61720ee9b555b32085c8eeb810 SHA1 (patch-ba) = 74a01f3a86f263720b9f07d1fdbaadbaecafb012 -SHA1 (patch-ca) = 094b6af2a444b9d1a258faa28a5c4b16913e6de8 +SHA1 (patch-bd) = 9f96ba1912f2a8db93db31f7a63c0b49a045318d +SHA1 (patch-be) = 9f667f33ea24300a5580db84d0978ca53f126f29 +SHA1 (patch-ca) = 0e1f86c77dd07eac66c165fd59d56000438b2a03 SHA1 (patch-cb) = 2221fb87bddd29406d925d1cb5351eb4f3087f76 SHA1 (patch-cc) = 721459e0123c3306c44cca20e37680ec7026dd09 SHA1 (patch-cd) = d9420f57f036567abac821a8144768a2a7057b47 diff --git a/lang/perl58/patches/patch-bd b/lang/perl58/patches/patch-bd new file mode 100644 index 00000000000..f3b45b16eec --- /dev/null +++ b/lang/perl58/patches/patch-bd @@ -0,0 +1,28 @@ +$NetBSD: patch-bd,v 1.1 2005/01/04 09:50:15 jlam Exp $ + +--- lib/ExtUtils/instmodsh.orig 2004-01-05 17:34:59.000000000 -0500 ++++ lib/ExtUtils/instmodsh +@@ -58,16 +58,13 @@ while (1) + $reply =~ /^t\s*/ and do + { + my $file = (split(' ', $reply))[1]; +- my $tmp = "/tmp/inst.$$"; +- if (my $fh = IO::File->new($tmp, "w")) +- { +- $fh->print(join("\n", $Inst->files($module))); +- $fh->close(); +- system("tar cvf $file -I $tmp"); +- unlink($tmp); +- last CASE; +- } +- else { print("Can't open $file: $!\n"); } ++ # Use File::Temp to create the tempfile and avoid possible symlink ++ # race attacks against a known filename in /tmp [CAN-2004-0976]. ++ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1); ++ $fh->print(join("\n", $Inst->files($module))); ++ $fh->close(); ++ system("tar cvf $file -T $tmp"); ++ unlink($tmp); + last CASE; + }; + $reply eq 'v' and do diff --git a/lang/perl58/patches/patch-be b/lang/perl58/patches/patch-be new file mode 100644 index 00000000000..ef3d58716ac --- /dev/null +++ b/lang/perl58/patches/patch-be @@ -0,0 +1,24 @@ +$NetBSD: patch-be,v 1.1 2005/01/04 09:50:15 jlam Exp $ + +--- lib/perl5db.pl.orig 2004-11-17 07:51:18.000000000 -0500 ++++ lib/perl5db.pl +@@ -215,7 +215,7 @@ the TTY to use for debugging i/o. + =item * noTTY + + if set, goes in NonStop mode. On interrupt, if TTY is not set, +-uses the value of noTTY or F</tmp/perldbtty$$> to find TTY using ++uses the value of noTTY or F<$HOME/.perldbtty$$> to find TTY using + Term::Rendezvous. Current variant is to have the name of TTY in this + file. + +@@ -6004,8 +6004,8 @@ sub setterm { + eval "require Term::Rendezvous;" or die; + + # See if we have anything to pass to Term::Rendezvous. +- # Use /tmp/perldbtty$$ if not. +- my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$"; ++ # Use $HOME/.perldbtty$$ if not [CAN-2004-0976]. ++ my $rv = $ENV{PERLDB_NOTTY} || "$ENV{HOME}/.perldbtty$$"; + + # Rendezvous and get the filehandles. + my $term_rv = new Term::Rendezvous $rv; diff --git a/lang/perl58/patches/patch-ca b/lang/perl58/patches/patch-ca index 5a13e0bde8e..a815f691495 100644 --- a/lang/perl58/patches/patch-ca +++ b/lang/perl58/patches/patch-ca @@ -1,7 +1,36 @@ -$NetBSD: patch-ca,v 1.6 2004/12/29 19:41:25 jlam Exp $ +$NetBSD: patch-ca,v 1.7 2005/01/04 09:50:15 jlam Exp $ --- Configure.orig 2004-09-10 02:25:52.000000000 -0400 +++ Configure +@@ -3111,7 +3111,7 @@ EOM + osvers=`echo "$4"|sed 's/^v//'` + ;; + freebsd) osname=freebsd +- osvers="$3" ;; ++ osvers=`$uname -r | UU/tr '[A-Z]' '[a-z]'` ;; + genix) osname=genix ;; + gnu) osname=gnu + osvers="$3" ;; +@@ -3133,7 +3133,7 @@ EOM + MiNT) osname=mint + ;; + netbsd*) osname=netbsd +- osvers="$3" ++ osvers=`$uname -r | UU/tr '[A-Z]' '[a-z]'` + ;; + news-os) osvers="$3" + case "$3" in +@@ -3144,8 +3144,8 @@ EOM + next*) osname=next ;; + nonstop-ux) osname=nonstopux ;; + openbsd) osname=openbsd +- osvers="$3" +- ;; ++ osvers=`$uname -r | UU/tr '[A-Z]' '[a-z]'` ++ ;; + os2) osname=os2 + osvers="$4" + ;; @@ -7852,7 +7852,7 @@ if "$useshrplib"; then solaris) xxx="-R $shrpdir" |