[pkgsrc/trunk]: pkgsrc Use the vendor-supplied set of fixes for the following...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc Use the vendor-supplied set of fixes for the following...
From: jlam <jlam%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 02:53:58 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0943436626f4
branches:  trunk
changeset: 506291:0943436626f4
user:      jlam <jlam%pkgsrc.org@localhost>
date:      Fri Jan 13 20:04:48 2006 +0000

description:
Use the vendor-supplied set of fixes for the following security advisories:

    CVE-2005-3916 - format string vulnerability in scripts using syslog()
    CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn()

Bump the PKGREVISION to 7.

diffstat:

 doc/CHANGES                 |   3 ++-
 lang/perl5/Makefile         |  24 ++++++++++++++++++++++--
 lang/perl5/distinfo         |   8 +++++++-
 lang/perl5/patches/patch-cm |  17 -----------------
 4 files changed, 31 insertions(+), 21 deletions(-)

diffs (97 lines):

diff -r c5797f5827fc -r 0943436626f4 doc/CHANGES
--- a/doc/CHANGES       Fri Jan 13 20:03:26 2006 +0000
+++ b/doc/CHANGES       Fri Jan 13 20:04:48 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.12492 2006/01/13 18:43:12 wiz Exp $
+$NetBSD: CHANGES,v 1.12493 2006/01/13 20:04:50 jlam Exp $
 
 Changes to the packages collection and infrastructure in 2006:
 
@@ -273,3 +273,4 @@
        Added textproc/po4a version 0.23 [wiz 2006-01-13]
        Updated sysutils/fakeroot to 1.5.6 [wiz 2006-01-13]
        Updated net/ucarp to 1.1 [wiz 2006-01-13]
+       Updated lang/perl5 to 5.8.7nb7 [jlam 2006-01-13]
diff -r c5797f5827fc -r 0943436626f4 lang/perl5/Makefile
--- a/lang/perl5/Makefile       Fri Jan 13 20:03:26 2006 +0000
+++ b/lang/perl5/Makefile       Fri Jan 13 20:04:48 2006 +0000
@@ -1,10 +1,25 @@
-# $NetBSD: Makefile,v 1.113 2006/01/13 19:15:11 jlam Exp $
+# $NetBSD: Makefile,v 1.114 2006/01/13 20:04:48 jlam Exp $
 
 DISTNAME=      perl-5.8.7
-PKGREVISION=   6
+PKGREVISION=   7
 CATEGORIES=    lang devel perl5
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
 EXTRACT_SUFX=  .tar.bz2
+DISTFILES+=    ${DISTNAME}${EXTRACT_SUFX}
+
+# Vendor patch to fix the security vulnerability CVE-2005-3962 regarding
+# an sprintf buffer overflow attack.
+#
+PATCHFILES=    sprintf-5.8.7.patch
+PATCH_SITES=   ${MASTER_SITE_PERL_CPAN:=../../authors/id/N/NW/NWCLARK/}
+PATCH_DIST_STRIP= -p1
+
+# Update the base Sys-Syslog package to a version which fixes a security
+# vulnerabilty CVE-2005-3912 regarding the proper arguments for syslog().
+#
+SYS_SYSLOG=    Sys-Syslog-0.13
+SITES_${SYS_SYSLOG}.tar.gz=    ${MASTER_SITE_PERL_CPAN:=Sys/}
+DISTFILES+=    ${SYS_SYSLOG}.tar.gz
 
 MAINTAINER=    jlam%pkgsrc.org@localhost
 HOMEPAGE=      http://www.perl.org/
@@ -235,6 +250,11 @@
                        lib/ExtUtils/Install.pm
 SUBST_SED.dirmode=     -e "s/755/${PKGDIRMODE}/g;/umask(/d"
 
+# Replace the base Sys-Syslog module with the fixed version.
+post-extract:
+       ${RM} -fr ${WRKSRC}/ext/Sys/Syslog
+       ${CP} -r ${WRKDIR}/${SYS_SYSLOG} ${WRKSRC}/ext/Sys/Syslog
+
 # It's tough to guess which hints file will be used, so add our modifications
 # to all of them:
 #
diff -r c5797f5827fc -r 0943436626f4 lang/perl5/distinfo
--- a/lang/perl5/distinfo       Fri Jan 13 20:03:26 2006 +0000
+++ b/lang/perl5/distinfo       Fri Jan 13 20:04:48 2006 +0000
@@ -1,8 +1,14 @@
-$NetBSD: distinfo,v 1.31 2005/12/29 17:54:45 jlam Exp $
+$NetBSD: distinfo,v 1.32 2006/01/13 20:04:48 jlam Exp $
 
 SHA1 (perl-5.8.7.tar.bz2) = c9477c6fe76b200033694bdc555a0276523d4228
 RMD160 (perl-5.8.7.tar.bz2) = 110c286d73fd89e25da8ea394e763f209a76d283
 Size (perl-5.8.7.tar.bz2) = 9839086 bytes
+SHA1 (Sys-Syslog-0.13.tar.gz) = 172a5aed0a3fe30b1b3e1b4def504248791862b3
+RMD160 (Sys-Syslog-0.13.tar.gz) = 3105071ac2652f651d6ced467564aaadaab77d84
+Size (Sys-Syslog-0.13.tar.gz) = 16894 bytes
+SHA1 (sprintf-5.8.7.patch) = 3327901033010a595d97a28fef6d1a144951f342
+RMD160 (sprintf-5.8.7.patch) = 25c81b3441491996efbf4b036c37f8d537dd9131
+Size (sprintf-5.8.7.patch) = 9332 bytes
 SHA1 (patch-aa) = 965df39b13e67783e851838cf51b34bb248642e8
 SHA1 (patch-ae) = 044ac094cd475a16483552aa6f1bde03bd11f592
 SHA1 (patch-ah) = 7847562d35cd4834a45139b6a8cfe766aa45fa0a
diff -r c5797f5827fc -r 0943436626f4 lang/perl5/patches/patch-cm
--- a/lang/perl5/patches/patch-cm       Fri Jan 13 20:03:26 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $
-
-Fix for Perl format string vulnerability noted in CVE-2005-3962.
-
---- sv.c.orig  2005-05-27 06:38:11.000000000 -0400
-+++ sv.c
-@@ -8520,6 +8520,10 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha
-           if (*q == '$') {
-               ++q;
-               efix = width;
-+              if (width > INT_MAX)
-+                efix = INT_MAX;
-+              else
-+                efix = width;
-           } else {
-               goto gotwidth;
-           }

Prev by Date: [pkgsrc/trunk]: pkgsrc/cad/magic Always include string.h, strdup works better...
Next by Date: [pkgsrc/trunk]: pkgsrc/devel Remove swig-build, swig-python, and swig-perl, r...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/cad/magic Always include string.h, strdup works better...
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel Remove swig-build, swig-python, and swig-perl, r...
Indexes:

Home | Main Index | Thread Index | Old Index