diff options
| author | bsiegert <bsiegert> | 2017-06-05 18:58:44 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert> | 2017-06-05 18:58:44 +0000 |
| commit | 936fc90287cfac9f4bd2bfcb7896388c92c902d9 (patch) | |
| tree | 192af007f5ef05111fbeb25cf66abef306c51b0c /lang | |
| parent | e6789bd40fbb996b775f9b374f6a642616f89b51 (diff) | |
| download | pkgsrc-936fc90287cfac9f4bd2bfcb7896388c92c902d9.tar.gz | |
Apply patch from latest OpenBSD errata (CVE-2017-6512) here, too.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/perl5/Makefile | 3 | ||||
| -rw-r--r-- | lang/perl5/distinfo | 3 | ||||
| -rw-r--r-- | lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm | 64 |
3 files changed, 68 insertions, 2 deletions
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile index 4bff0b69293..2d39b84352f 100644 --- a/lang/perl5/Makefile +++ b/lang/perl5/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.238 2016/05/01 00:05:57 ryoon Exp $ +# $NetBSD: Makefile,v 1.239 2017/06/05 18:58:44 bsiegert Exp $ .include "license.mk" .include "Makefile.common" COMMENT= Practical Extraction and Report Language +PKGREVISION= 1 CONFLICTS+= perl-base-[0-9]* perl-thread-[0-9]* diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo index a9fe747ac5f..d635bace174 100644 --- a/lang/perl5/distinfo +++ b/lang/perl5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.141 2017/06/05 13:41:22 ryoon Exp $ +$NetBSD: distinfo,v 1.142 2017/06/05 18:58:44 bsiegert Exp $ SHA1 (perl-5.26.0.tar.bz2) = 2ca1b28f2c3ed4cc3b74be89d150ed0377f0336a RMD160 (perl-5.26.0.tar.bz2) = a853a1ec299d7c6ba8239e8ed444ee6d922b8938 @@ -15,6 +15,7 @@ SHA1 (patch-caretx.c) = 9f53a9133f8dd2f962b448d7288b5b20454c86fb SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099 SHA1 (patch-ck) = 483e93a782e5627d3c7334d930ee11010fe7f7d8 SHA1 (patch-cn) = d1877383e213a414562b5bb4c1e8aa785926fab7 +SHA1 (patch-cpan_File-Path_lib_File_Path.pm) = e8a08e7e7fdbebabbeef7eaa651147353eedbfd7 SHA1 (patch-dist_Carp_lib_Carp.pm) = fb628ee983462cec9303ceea09852378ec654ecf SHA1 (patch-ext_Errno_Errno__pm.PL) = 4f135e267da17de38f8f1e7e03d5209bfd09a323 SHA1 (patch-ext_File-Glob_bsd_glob.c) = e43252b55f04bb1cd69d48e8155aa110532c9fbe diff --git a/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm b/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm new file mode 100644 index 00000000000..f3261a86438 --- /dev/null +++ b/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm @@ -0,0 +1,64 @@ +$NetBSD: patch-cpan_File-Path_lib_File_Path.pm,v 1.1 2017/06/05 18:58:44 bsiegert Exp $ +OpenBSD 6.1 errata 10, June 04, 2017: + +Use fchmod to avoid a race condition in File::Path. +Fixes CVE-2017-6512. + +--- cpan/File-Path/lib/File/Path.pm 5 Feb 2017 00:31:58 -0000 ++++ cpan/File-Path/lib/File/Path.pm 1 Jun 2017 22:00:11 -0000 +@@ -18,7 +18,7 @@ BEGIN { + + use Exporter (); + use vars qw($VERSION @ISA @EXPORT @EXPORT_OK); +-$VERSION = '2.12_01'; ++$VERSION = '2.12_02'; + $VERSION = eval $VERSION; + @ISA = qw(Exporter); + @EXPORT = qw(mkpath rmtree); +@@ -354,21 +354,32 @@ sub _rmtree { + + # see if we can escalate privileges to get in + # (e.g. funny protection mask such as -w- instead of rwx) +- $perm &= oct '7777'; +- my $nperm = $perm | oct '700'; +- if ( +- !( +- $arg->{safe} +- or $nperm == $perm +- or chmod( $nperm, $root ) +- ) +- ) +- { +- _error( $arg, +- "cannot make child directory read-write-exec", $canon ); +- next ROOT_DIR; ++ # This uses fchmod to avoid traversing outside of the proper ++ # location (CVE-2017-6512) ++ my $root_fh; ++ if (open($root_fh, '<', $root)) { ++ my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1]; ++ $perm &= oct '7777'; ++ my $nperm = $perm | oct '700'; ++ local $@; ++ if ( ++ !( ++ $arg->{safe} ++ or $nperm == $perm ++ or !-d _ ++ or $fh_dev ne $ldev ++ or $fh_inode ne $lino ++ or eval { chmod( $nperm, $root_fh ) } ++ ) ++ ) ++ { ++ _error( $arg, ++ "cannot make child directory read-write-exec", $canon ); ++ next ROOT_DIR; ++ } ++ close $root_fh; + } +- elsif ( !chdir($root) ) { ++ if ( !chdir($root) ) { + _error( $arg, "cannot chdir to child", $canon ); + next ROOT_DIR; + } |