summaryrefslogtreecommitdiff
path: root/lang/perl5
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2006-01-13 20:04:48 +0000
committerjlam <jlam@pkgsrc.org>2006-01-13 20:04:48 +0000
commit272ec6a7a10ee508aa961bbf460d94f43131df10 (patch)
tree300f7531f05d8c0e70d5efaba01f59d9606aeef8 /lang/perl5
parentcefd18eb01d94d504a35e4ca3dcac4bcd42ab1ea (diff)
downloadpkgsrc-272ec6a7a10ee508aa961bbf460d94f43131df10.tar.gz
Use the vendor-supplied set of fixes for the following security advisories:
CVE-2005-3916 - format string vulnerability in scripts using syslog() CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn() Bump the PKGREVISION to 7.
Diffstat (limited to 'lang/perl5')
-rw-r--r--lang/perl5/Makefile24
-rw-r--r--lang/perl5/distinfo8
-rw-r--r--lang/perl5/patches/patch-cm17
3 files changed, 29 insertions, 20 deletions
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile
index 92228f45ea4..a67137baaf3 100644
--- a/lang/perl5/Makefile
+++ b/lang/perl5/Makefile
@@ -1,10 +1,25 @@
-# $NetBSD: Makefile,v 1.113 2006/01/13 19:15:11 jlam Exp $
+# $NetBSD: Makefile,v 1.114 2006/01/13 20:04:48 jlam Exp $
DISTNAME= perl-5.8.7
-PKGREVISION= 6
+PKGREVISION= 7
CATEGORIES= lang devel perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
EXTRACT_SUFX= .tar.bz2
+DISTFILES+= ${DISTNAME}${EXTRACT_SUFX}
+
+# Vendor patch to fix the security vulnerability CVE-2005-3962 regarding
+# an sprintf buffer overflow attack.
+#
+PATCHFILES= sprintf-5.8.7.patch
+PATCH_SITES= ${MASTER_SITE_PERL_CPAN:=../../authors/id/N/NW/NWCLARK/}
+PATCH_DIST_STRIP= -p1
+
+# Update the base Sys-Syslog package to a version which fixes a security
+# vulnerabilty CVE-2005-3912 regarding the proper arguments for syslog().
+#
+SYS_SYSLOG= Sys-Syslog-0.13
+SITES_${SYS_SYSLOG}.tar.gz= ${MASTER_SITE_PERL_CPAN:=Sys/}
+DISTFILES+= ${SYS_SYSLOG}.tar.gz
MAINTAINER= jlam@pkgsrc.org
HOMEPAGE= http://www.perl.org/
@@ -235,6 +250,11 @@ SUBST_FILES.dirmode= installhtml installman installperl \
lib/ExtUtils/Install.pm
SUBST_SED.dirmode= -e "s/755/${PKGDIRMODE}/g;/umask(/d"
+# Replace the base Sys-Syslog module with the fixed version.
+post-extract:
+ ${RM} -fr ${WRKSRC}/ext/Sys/Syslog
+ ${CP} -r ${WRKDIR}/${SYS_SYSLOG} ${WRKSRC}/ext/Sys/Syslog
+
# It's tough to guess which hints file will be used, so add our modifications
# to all of them:
#
diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo
index e36cc15350c..1e9dce28e6c 100644
--- a/lang/perl5/distinfo
+++ b/lang/perl5/distinfo
@@ -1,8 +1,14 @@
-$NetBSD: distinfo,v 1.31 2005/12/29 17:54:45 jlam Exp $
+$NetBSD: distinfo,v 1.32 2006/01/13 20:04:48 jlam Exp $
SHA1 (perl-5.8.7.tar.bz2) = c9477c6fe76b200033694bdc555a0276523d4228
RMD160 (perl-5.8.7.tar.bz2) = 110c286d73fd89e25da8ea394e763f209a76d283
Size (perl-5.8.7.tar.bz2) = 9839086 bytes
+SHA1 (Sys-Syslog-0.13.tar.gz) = 172a5aed0a3fe30b1b3e1b4def504248791862b3
+RMD160 (Sys-Syslog-0.13.tar.gz) = 3105071ac2652f651d6ced467564aaadaab77d84
+Size (Sys-Syslog-0.13.tar.gz) = 16894 bytes
+SHA1 (sprintf-5.8.7.patch) = 3327901033010a595d97a28fef6d1a144951f342
+RMD160 (sprintf-5.8.7.patch) = 25c81b3441491996efbf4b036c37f8d537dd9131
+Size (sprintf-5.8.7.patch) = 9332 bytes
SHA1 (patch-aa) = 965df39b13e67783e851838cf51b34bb248642e8
SHA1 (patch-ae) = 044ac094cd475a16483552aa6f1bde03bd11f592
SHA1 (patch-ah) = 7847562d35cd4834a45139b6a8cfe766aa45fa0a
diff --git a/lang/perl5/patches/patch-cm b/lang/perl5/patches/patch-cm
deleted file mode 100644
index 7c08f95f84f..00000000000
--- a/lang/perl5/patches/patch-cm
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $
-
-Fix for Perl format string vulnerability noted in CVE-2005-3962.
-
---- sv.c.orig 2005-05-27 06:38:11.000000000 -0400
-+++ sv.c
-@@ -8520,6 +8520,10 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha
- if (*q == '$') {
- ++q;
- efix = width;
-+ if (width > INT_MAX)
-+ efix = INT_MAX;
-+ else
-+ efix = width;
- } else {
- goto gotwidth;
- }