OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 05-Feb-2005 15:26:54
Branch: OPENPKG_2_1_SOLID Handle: 2005020514265400
Modified files: (Branch: OPENPKG_2_1_SOLID)
openpkg-src/perl perl.patch perl.spec
Log:
Security Fixes:
- PERLIO_DEBUG local root exploit:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155
- PERLIO_DEBUG buffer overflow:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156
Summary:
Revision Changes Path
1.12.2.2 +30 -0 openpkg-src/perl/perl.patch
1.91.2.3 +1 -1 openpkg-src/perl/perl.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.patch
============================================================================
$ cvs diff -u -r1.12.2.1 -r1.12.2.2 perl.patch
--- openpkg-src/perl/perl.patch 11 Jan 2005 14:57:59 -0000 1.12.2.1
+++ openpkg-src/perl/perl.patch 5 Feb 2005 14:26:54 -0000 1.12.2.2
@@ -341,3 +341,33 @@
# Rendezvous and get the filehandles.
my $term_rv = new Term::Rendezvous $rv;
+-----------------------------------------------------------------------------
+
+Security Fixes:
+- PERLIO_DEBUG local root exploit:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155
+- PERLIO_DEBUG buffer overflow:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156
+
+Index: perlio.c
+--- perlio.c.orig Fri Sep 10 08:06:52 2004
++++ perlio.c Tue Feb 1 22:06:52 2005
+@@ -454,7 +454,7 @@ PerlIO_debug(const char *fmt, ...)
+ va_list ap;
+ dSYS;
+ va_start(ap, fmt);
+- if (!dbg) {
++ if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) {
+ char *s = PerlEnv_getenv("PERLIO_DEBUG");
+ if (s && *s)
+ dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666);
+@@ -471,7 +471,7 @@ PerlIO_debug(const char *fmt, ...)
+ s = CopFILE(PL_curcop);
+ if (!s)
+ s = "(none)";
+- sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
++ sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
+ len = strlen(buffer);
+ vsprintf(buffer+len, fmt, ap);
+ PerlLIO_write(dbg, buffer, strlen(buffer));
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.spec
============================================================================
$ cvs diff -u -r1.91.2.2 -r1.91.2.3 perl.spec
--- openpkg-src/perl/perl.spec 11 Jan 2005 14:57:59 -0000 1.91.2.2
+++ openpkg-src/perl/perl.spec 5 Feb 2005 14:26:54 -0000 1.91.2.3
@@ -34,7 +34,7 @@
Group: Language
License: GPL/Artistic
Version: 5.8.4
-Release: 2.1.1
+Release: 2.1.2
# list of sources
Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
