pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/perl5
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jun 16 07:12:10 UTC 2026
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-cpan_Socket_Socket.xs
Log Message:
perl: fix security issue in Socket module
Using upstream patch.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.293 -r1.294 pkgsrc/lang/perl5/Makefile
cvs rdiff -u -r1.198 -r1.199 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/lang/perl5/patches/patch-cpan_Socket_Socket.xs
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/perl5/Makefile
diff -u pkgsrc/lang/perl5/Makefile:1.293 pkgsrc/lang/perl5/Makefile:1.294
--- pkgsrc/lang/perl5/Makefile:1.293 Wed May 27 22:35:30 2026
+++ pkgsrc/lang/perl5/Makefile Tue Jun 16 07:12:10 2026
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.293 2026/05/27 22:35:30 wiz Exp $
+# $NetBSD: Makefile,v 1.294 2026/06/16 07:12:10 wiz Exp $
.include "license.mk"
.include "Makefile.common"
COMMENT= Practical Extraction and Report Language
-PKGREVISION= 2
+PKGREVISION= 3
CONFLICTS+= perl-base-[0-9]* perl-thread-[0-9]*
Index: pkgsrc/lang/perl5/distinfo
diff -u pkgsrc/lang/perl5/distinfo:1.198 pkgsrc/lang/perl5/distinfo:1.199
--- pkgsrc/lang/perl5/distinfo:1.198 Wed May 27 22:35:30 2026
+++ pkgsrc/lang/perl5/distinfo Tue Jun 16 07:12:10 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.198 2026/05/27 22:35:30 wiz Exp $
+$NetBSD: distinfo,v 1.199 2026/06/16 07:12:10 wiz Exp $
BLAKE2s (perl-5.42.2.tar.gz) = a2e271ef18aa3cadeed75cf6bf48cfc30b8a9f6675053194f285cd13d97e0791
SHA512 (perl-5.42.2.tar.gz) = c17925b1146270310fbefd82a98bd94532b499a547f5be005ece204918bfc0034e473a97df643925625a940209f81a65acdd99857b3b18911461571230262c0f
@@ -9,6 +9,7 @@ SHA1 (patch-cpan_Archive-Tar_lib_Archive
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__BeOS.pm) = 79e5aeccfa272ca5ec08bffc616d8053ae90ac51
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 996556f221eb0c75c316315462bf6cea6746e030
SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc
+SHA1 (patch-cpan_Socket_Socket.xs) = 50613ed2966eb389a6816504d339a2a26276b90f
SHA1 (patch-hints_cygwin.sh) = 5e2e7179336c9bc085bd2e83d22755a235ea1a4a
SHA1 (patch-hints_linux.sh) = 4baa8f80695687abb53d4f4e1830cf86db5b2bf7
SHA1 (patch-hints_netbsd.sh) = cb498170c18f1f429eed9be245cd1df24c7ad628
Added files:
Index: pkgsrc/lang/perl5/patches/patch-cpan_Socket_Socket.xs
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-cpan_Socket_Socket.xs:1.3
--- /dev/null Tue Jun 16 07:12:10 2026
+++ pkgsrc/lang/perl5/patches/patch-cpan_Socket_Socket.xs Tue Jun 16 07:12:10 2026
@@ -0,0 +1,144 @@
+$NetBSD: patch-cpan_Socket_Socket.xs,v 1.3 2026/06/16 07:12:10 wiz Exp $
+
+Pull security fix from 2.041
+
+[BUGFIXES]
+* Fix reuse of `STRLEN len` variable in pack_ip_mreq_source()
+
+https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb.patch
+
+--- cpan/Socket/Socket.xs.orig 2026-01-18 17:50:03.000000000 +0000
++++ cpan/Socket/Socket.xs
+@@ -1272,26 +1272,35 @@ pack_ip_mreq(multiaddr, interface=&PL_sv_undef)
+ struct ip_mreq mreq;
+ char * multiaddrbytes;
+ char * interfacebytes;
+- STRLEN len;
+- if (DO_UTF8(multiaddr) && !sv_utf8_downgrade(multiaddr, 1))
+- croak("Wide character in %s", "Socket::pack_ip_mreq");
+- multiaddrbytes = SvPVbyte(multiaddr, len);
+- if (len != sizeof(mreq.imr_multiaddr))
+- croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
+- "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_multiaddr));
++
++ {
++ if (DO_UTF8(multiaddr) && !sv_utf8_downgrade(multiaddr, 1))
++ croak("Wide character in %s", "Socket::pack_ip_mreq");
++
++ STRLEN len;
++ multiaddrbytes = SvPVbyte(multiaddr, len);
++ if (len != sizeof(mreq.imr_multiaddr))
++ croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
++ "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_multiaddr));
++ }
++
+ Zero(&mreq, sizeof(mreq), char);
+ Copy(multiaddrbytes, &mreq.imr_multiaddr, sizeof(mreq.imr_multiaddr), char);
+ if(SvOK(interface)) {
+ if (DO_UTF8(interface) && !sv_utf8_downgrade(interface, 1))
+ croak("Wide character in %s", "Socket::pack_ip_mreq");
++
++ STRLEN len;
+ interfacebytes = SvPVbyte(interface, len);
+ if (len != sizeof(mreq.imr_interface))
+ croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
+ "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_interface));
++
+ Copy(interfacebytes, &mreq.imr_interface, sizeof(mreq.imr_interface), char);
+ }
+ else
+ mreq.imr_interface.s_addr = INADDR_ANY;
++
+ ST(0) = sv_2mortal(newSVpvn((char *)&mreq, sizeof(mreq)));
+ #else
+ not_here("pack_ip_mreq");
+@@ -1331,25 +1340,38 @@ pack_ip_mreq_source(multiaddr, source, interface=&PL_s
+ char * multiaddrbytes;
+ char * sourcebytes;
+ char * interfacebytes;
+- STRLEN len;
+- if (DO_UTF8(multiaddr) && !sv_utf8_downgrade(multiaddr, 1))
+- croak("Wide character in %s", "Socket::pack_ip_mreq_source");
+- multiaddrbytes = SvPVbyte(multiaddr, len);
+- if (len != sizeof(mreq.imr_multiaddr))
+- croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
+- "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_multiaddr));
+- if (DO_UTF8(source) && !sv_utf8_downgrade(source, 1))
+- croak("Wide character in %s", "Socket::pack_ip_mreq_source");
+- if (len != sizeof(mreq.imr_sourceaddr))
+- croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
+- "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_sourceaddr));
+- sourcebytes = SvPVbyte(source, len);
++
++ {
++ if (DO_UTF8(multiaddr) && !sv_utf8_downgrade(multiaddr, 1))
++ croak("Wide character in %s", "Socket::pack_ip_mreq_source");
++
++ STRLEN len;
++ multiaddrbytes = SvPVbyte(multiaddr, len);
++ if (len != sizeof(mreq.imr_multiaddr))
++ croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
++ "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_multiaddr));
++ }
++
++ {
++ if (DO_UTF8(source) && !sv_utf8_downgrade(source, 1))
++ croak("Wide character in %s", "Socket::pack_ip_mreq_source");
++
++ STRLEN len;
++ sourcebytes = SvPVbyte(source, len);
++ if (len != sizeof(mreq.imr_sourceaddr))
++ croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
++ "Socket::pack_ip_mreq", (UV)len, (UV)sizeof(mreq.imr_sourceaddr));
++ }
++
+ Zero(&mreq, sizeof(mreq), char);
+ Copy(multiaddrbytes, &mreq.imr_multiaddr, sizeof(mreq.imr_multiaddr), char);
+ Copy(sourcebytes, &mreq.imr_sourceaddr, sizeof(mreq.imr_sourceaddr), char);
++
+ if(SvOK(interface)) {
+ if (DO_UTF8(interface) && !sv_utf8_downgrade(interface, 1))
+ croak("Wide character in %s", "Socket::pack_ip_mreq");
++
++ STRLEN len;
+ interfacebytes = SvPVbyte(interface, len);
+ if (len != sizeof(mreq.imr_interface))
+ croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
+@@ -1358,6 +1380,7 @@ pack_ip_mreq_source(multiaddr, source, interface=&PL_s
+ }
+ else
+ mreq.imr_interface.s_addr = INADDR_ANY;
++
+ ST(0) = sv_2mortal(newSVpvn((char *)&mreq, sizeof(mreq)));
+ #else
+ PERL_UNUSED_VAR(multiaddr);
+@@ -1398,16 +1421,22 @@ pack_ipv6_mreq(multiaddr, ifindex)
+ #ifdef HAS_IPV6_MREQ
+ struct ipv6_mreq mreq;
+ char * multiaddrbytes;
+- STRLEN len;
+- if (DO_UTF8(multiaddr) && !sv_utf8_downgrade(multiaddr, 1))
+- croak("Wide character in %s", "Socket::pack_ipv6_mreq");
+- multiaddrbytes = SvPVbyte(multiaddr, len);
+- if (len != sizeof(mreq.ipv6mr_multiaddr))
+- croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
+- "Socket::pack_ipv6_mreq", (UV)len, (UV)sizeof(mreq.ipv6mr_multiaddr));
++
++ {
++ if (DO_UTF8(multiaddr) && !sv_utf8_downgrade(multiaddr, 1))
++ croak("Wide character in %s", "Socket::pack_ipv6_mreq");
++
++ STRLEN len;
++ multiaddrbytes = SvPVbyte(multiaddr, len);
++ if (len != sizeof(mreq.ipv6mr_multiaddr))
++ croak("Bad arg length %s, length is %" UVuf ", should be %" UVuf,
++ "Socket::pack_ipv6_mreq", (UV)len, (UV)sizeof(mreq.ipv6mr_multiaddr));
++ }
++
+ Zero(&mreq, sizeof(mreq), char);
+ Copy(multiaddrbytes, &mreq.ipv6mr_multiaddr, sizeof(mreq.ipv6mr_multiaddr), char);
+ mreq.ipv6mr_interface = ifindex;
++
+ ST(0) = sv_2mortal(newSVpvn((char *)&mreq, sizeof(mreq)));
+ #else
+ PERL_UNUSED_VAR(multiaddr);
Home |
Main Index |
Thread Index |
Old Index