CVS commit: pkgsrc/lang/perl5

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/perl5
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Mon, 5 Jun 2017 18:58:44 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Mon Jun  5 18:58:44 UTC 2017

Modified Files:
        pkgsrc/lang/perl5: Makefile distinfo
Added Files:
        pkgsrc/lang/perl5/patches: patch-cpan_File-Path_lib_File_Path.pm

Log Message:
Apply patch from latest OpenBSD errata (CVE-2017-6512) here, too.


To generate a diff of this commit:
cvs rdiff -u -r1.238 -r1.239 pkgsrc/lang/perl5/Makefile
cvs rdiff -u -r1.141 -r1.142 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/perl5/Makefile
diff -u pkgsrc/lang/perl5/Makefile:1.238 pkgsrc/lang/perl5/Makefile:1.239
--- pkgsrc/lang/perl5/Makefile:1.238    Sun May  1 00:05:57 2016
+++ pkgsrc/lang/perl5/Makefile  Mon Jun  5 18:58:44 2017
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.238 2016/05/01 00:05:57 ryoon Exp $
+# $NetBSD: Makefile,v 1.239 2017/06/05 18:58:44 bsiegert Exp $
 
 .include "license.mk"
 .include "Makefile.common"
 
 COMMENT=       Practical Extraction and Report Language
+PKGREVISION=   1
 
 CONFLICTS+=    perl-base-[0-9]* perl-thread-[0-9]*
 

Index: pkgsrc/lang/perl5/distinfo
diff -u pkgsrc/lang/perl5/distinfo:1.141 pkgsrc/lang/perl5/distinfo:1.142
--- pkgsrc/lang/perl5/distinfo:1.141    Mon Jun  5 13:41:22 2017
+++ pkgsrc/lang/perl5/distinfo  Mon Jun  5 18:58:44 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.141 2017/06/05 13:41:22 ryoon Exp $
+$NetBSD: distinfo,v 1.142 2017/06/05 18:58:44 bsiegert Exp $
 
 SHA1 (perl-5.26.0.tar.bz2) = 2ca1b28f2c3ed4cc3b74be89d150ed0377f0336a
 RMD160 (perl-5.26.0.tar.bz2) = a853a1ec299d7c6ba8239e8ed444ee6d922b8938
@@ -15,6 +15,7 @@ SHA1 (patch-caretx.c) = 9f53a9133f8dd2f9
 SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099
 SHA1 (patch-ck) = 483e93a782e5627d3c7334d930ee11010fe7f7d8
 SHA1 (patch-cn) = d1877383e213a414562b5bb4c1e8aa785926fab7
+SHA1 (patch-cpan_File-Path_lib_File_Path.pm) = e8a08e7e7fdbebabbeef7eaa651147353eedbfd7
 SHA1 (patch-dist_Carp_lib_Carp.pm) = fb628ee983462cec9303ceea09852378ec654ecf
 SHA1 (patch-ext_Errno_Errno__pm.PL) = 4f135e267da17de38f8f1e7e03d5209bfd09a323
 SHA1 (patch-ext_File-Glob_bsd_glob.c) = e43252b55f04bb1cd69d48e8155aa110532c9fbe

Added files:

Index: pkgsrc/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm:1.1
--- /dev/null   Mon Jun  5 18:58:44 2017
+++ pkgsrc/lang/perl5/patches/patch-cpan_File-Path_lib_File_Path.pm     Mon Jun  5 18:58:44 2017
@@ -0,0 +1,64 @@
+$NetBSD: patch-cpan_File-Path_lib_File_Path.pm,v 1.1 2017/06/05 18:58:44 bsiegert Exp $
+OpenBSD 6.1 errata 10, June 04, 2017:
+
+Use fchmod to avoid a race condition in File::Path.  
+Fixes CVE-2017-6512.
+
+--- cpan/File-Path/lib/File/Path.pm    5 Feb 2017 00:31:58 -0000
++++ cpan/File-Path/lib/File/Path.pm    1 Jun 2017 22:00:11 -0000
+@@ -18,7 +18,7 @@ BEGIN {
+ 
+ use Exporter ();
+ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);
+-$VERSION   = '2.12_01';
++$VERSION   = '2.12_02';
+ $VERSION   = eval $VERSION;
+ @ISA       = qw(Exporter);
+ @EXPORT    = qw(mkpath rmtree);
+@@ -354,21 +354,32 @@ sub _rmtree {
+ 
+                 # see if we can escalate privileges to get in
+                 # (e.g. funny protection mask such as -w- instead of rwx)
+-                $perm &= oct '7777';
+-                my $nperm = $perm | oct '700';
+-                if (
+-                    !(
+-                           $arg->{safe}
+-                        or $nperm == $perm
+-                        or chmod( $nperm, $root )
+-                    )
+-                  )
+-                {
+-                    _error( $arg,
+-                        "cannot make child directory read-write-exec", $canon );
+-                    next ROOT_DIR;
++                # This uses fchmod to avoid traversing outside of the proper
++                # location (CVE-2017-6512)
++                my $root_fh;
++                if (open($root_fh, '<', $root)) {
++                    my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1];
++                    $perm &= oct '7777';
++                    my $nperm = $perm | oct '700';
++                    local $@;
++                    if (
++                        !(
++                            $arg->{safe}
++                           or $nperm == $perm
++                           or !-d _
++                           or $fh_dev ne $ldev
++                           or $fh_inode ne $lino
++                           or eval { chmod( $nperm, $root_fh ) }
++                        )
++                      )
++                    {
++                        _error( $arg,
++                            "cannot make child directory read-write-exec", $canon );
++                        next ROOT_DIR;
++                    }
++                    close $root_fh;
+                 }
+-                elsif ( !chdir($root) ) {
++                if ( !chdir($root) ) {
+                     _error( $arg, "cannot chdir to child", $canon );
+                     next ROOT_DIR;
+                 }

Prev by Date: CVS commit: pkgsrc/devel/p5-File-Path
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/p5-File-Path
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index