diff options
| author | jlam <jlam@pkgsrc.org> | 2006-01-13 20:04:48 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2006-01-13 20:04:48 +0000 |
| commit | a9d5dfc7cac98a50729449f7a07202e75c2705f8 (patch) | |
| tree | 300f7531f05d8c0e70d5efaba01f59d9606aeef8 /lang | |
| parent | 3257506d81dc8c93fada02bbbb9c2312a3e66d40 (diff) | |
| download | pkgsrc-a9d5dfc7cac98a50729449f7a07202e75c2705f8.tar.gz | |
Use the vendor-supplied set of fixes for the following security advisories:
CVE-2005-3916 - format string vulnerability in scripts using syslog()
CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn()
Bump the PKGREVISION to 7.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/perl5/Makefile | 24 | ||||
| -rw-r--r-- | lang/perl5/distinfo | 8 | ||||
| -rw-r--r-- | lang/perl5/patches/patch-cm | 17 |
3 files changed, 29 insertions, 20 deletions
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile index 92228f45ea4..a67137baaf3 100644 --- a/lang/perl5/Makefile +++ b/lang/perl5/Makefile @@ -1,10 +1,25 @@ -# $NetBSD: Makefile,v 1.113 2006/01/13 19:15:11 jlam Exp $ +# $NetBSD: Makefile,v 1.114 2006/01/13 20:04:48 jlam Exp $ DISTNAME= perl-5.8.7 -PKGREVISION= 6 +PKGREVISION= 7 CATEGORIES= lang devel perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,} EXTRACT_SUFX= .tar.bz2 +DISTFILES+= ${DISTNAME}${EXTRACT_SUFX} + +# Vendor patch to fix the security vulnerability CVE-2005-3962 regarding +# an sprintf buffer overflow attack. +# +PATCHFILES= sprintf-5.8.7.patch +PATCH_SITES= ${MASTER_SITE_PERL_CPAN:=../../authors/id/N/NW/NWCLARK/} +PATCH_DIST_STRIP= -p1 + +# Update the base Sys-Syslog package to a version which fixes a security +# vulnerabilty CVE-2005-3912 regarding the proper arguments for syslog(). +# +SYS_SYSLOG= Sys-Syslog-0.13 +SITES_${SYS_SYSLOG}.tar.gz= ${MASTER_SITE_PERL_CPAN:=Sys/} +DISTFILES+= ${SYS_SYSLOG}.tar.gz MAINTAINER= jlam@pkgsrc.org HOMEPAGE= http://www.perl.org/ @@ -235,6 +250,11 @@ SUBST_FILES.dirmode= installhtml installman installperl \ lib/ExtUtils/Install.pm SUBST_SED.dirmode= -e "s/755/${PKGDIRMODE}/g;/umask(/d" +# Replace the base Sys-Syslog module with the fixed version. +post-extract: + ${RM} -fr ${WRKSRC}/ext/Sys/Syslog + ${CP} -r ${WRKDIR}/${SYS_SYSLOG} ${WRKSRC}/ext/Sys/Syslog + # It's tough to guess which hints file will be used, so add our modifications # to all of them: # diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo index e36cc15350c..1e9dce28e6c 100644 --- a/lang/perl5/distinfo +++ b/lang/perl5/distinfo @@ -1,8 +1,14 @@ -$NetBSD: distinfo,v 1.31 2005/12/29 17:54:45 jlam Exp $ +$NetBSD: distinfo,v 1.32 2006/01/13 20:04:48 jlam Exp $ SHA1 (perl-5.8.7.tar.bz2) = c9477c6fe76b200033694bdc555a0276523d4228 RMD160 (perl-5.8.7.tar.bz2) = 110c286d73fd89e25da8ea394e763f209a76d283 Size (perl-5.8.7.tar.bz2) = 9839086 bytes +SHA1 (Sys-Syslog-0.13.tar.gz) = 172a5aed0a3fe30b1b3e1b4def504248791862b3 +RMD160 (Sys-Syslog-0.13.tar.gz) = 3105071ac2652f651d6ced467564aaadaab77d84 +Size (Sys-Syslog-0.13.tar.gz) = 16894 bytes +SHA1 (sprintf-5.8.7.patch) = 3327901033010a595d97a28fef6d1a144951f342 +RMD160 (sprintf-5.8.7.patch) = 25c81b3441491996efbf4b036c37f8d537dd9131 +Size (sprintf-5.8.7.patch) = 9332 bytes SHA1 (patch-aa) = 965df39b13e67783e851838cf51b34bb248642e8 SHA1 (patch-ae) = 044ac094cd475a16483552aa6f1bde03bd11f592 SHA1 (patch-ah) = 7847562d35cd4834a45139b6a8cfe766aa45fa0a diff --git a/lang/perl5/patches/patch-cm b/lang/perl5/patches/patch-cm deleted file mode 100644 index 7c08f95f84f..00000000000 --- a/lang/perl5/patches/patch-cm +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $ - -Fix for Perl format string vulnerability noted in CVE-2005-3962. - ---- sv.c.orig 2005-05-27 06:38:11.000000000 -0400 -+++ sv.c -@@ -8520,6 +8520,10 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha - if (*q == '$') { - ++q; - efix = width; -+ if (width > INT_MAX) -+ efix = INT_MAX; -+ else -+ efix = width; - } else { - goto gotwidth; - } |