diff options
| -rw-r--r-- | dev-lang/perl/ChangeLog | 7 | ||||
| -rw-r--r-- | dev-lang/perl/Manifest | 17 | ||||
| -rw-r--r-- | dev-lang/perl/files/CAN-2005-0156-suid.patch | 20 | ||||
| -rw-r--r-- | dev-lang/perl/perl-5.8.2-r2.ebuild | 10 | ||||
| -rw-r--r-- | dev-lang/perl/perl-5.8.4-r2.ebuild | 9 | ||||
| -rw-r--r-- | dev-lang/perl/perl-5.8.5-r3.ebuild | 9 | ||||
| -rw-r--r-- | dev-lang/perl/perl-5.8.6-r2.ebuild | 9 |
7 files changed, 67 insertions, 14 deletions
diff --git a/dev-lang/perl/ChangeLog b/dev-lang/perl/ChangeLog index 7ece688cc828..86a7903497c9 100644 --- a/dev-lang/perl/ChangeLog +++ b/dev-lang/perl/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for dev-lang/perl # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/ChangeLog,v 1.107 2005/02/05 11:24:37 mcummings Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/ChangeLog,v 1.108 2005/02/05 12:05:51 mcummings Exp $ + + 05 Feb 2005; Michael Cummings <mcummings@gentoo.org> + +files/CAN-2005-0156-suid.patch, perl-5.8.2-r2.ebuild, + perl-5.8.4-r2.ebuild, perl-5.8.5-r3.ebuild, perl-5.8.6-r2.ebuild: + Bug 80460, perlsuid vulnerability 05 Feb 2005; Michael Cummings <mcummings@gentoo.org> -perl-5.8.2-r1.ebuild, -perl-5.8.4-r1.ebuild, -perl-5.8.5-r1.ebuild, diff --git a/dev-lang/perl/Manifest b/dev-lang/perl/Manifest index e12968f27bad..d104baad9825 100644 --- a/dev-lang/perl/Manifest +++ b/dev-lang/perl/Manifest @@ -1,12 +1,13 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 00f334898c2abb635fbfef271ab096b5 ChangeLog 32552 +MD5 988fbf750a131491284c3b1f999cf2dc ChangeLog 32769 MD5 e2d8f1bf77722def1dd432e26455c818 metadata.xml 305 -MD5 96cd0e466f12c964156591508069e0df perl-5.8.2-r2.ebuild 10143 -MD5 e344a13cc5d4622febb94084d96bc551 perl-5.8.4-r2.ebuild 12283 -MD5 76a8c5fdfe242de0f3922676f994d716 perl-5.8.5-r3.ebuild 11906 -MD5 af8a06628a3c86f87c2506c07f8528ee perl-5.8.6-r2.ebuild 11923 +MD5 48a5930089759ab50c9e401b0ea51dd3 perl-5.8.2-r2.ebuild 10254 +MD5 3c410abcd96b63ab1bd4ab3d5473cfc9 perl-5.8.4-r2.ebuild 12395 +MD5 9bd8742450431303dfdbc48118139d33 perl-5.8.5-r3.ebuild 12018 +MD5 2cce4b453f4dfeaf6629862f0f69cdd8 perl-5.8.6-r2.ebuild 12035 +MD5 bd75f0242e3b7791803d089c38a3f920 files/CAN-2005-0156-suid.patch 703 MD5 8381e239056a7895edf8f3c6c05c835c files/digest-perl-5.8.2-r2 64 MD5 93155b02a7e9d3cdc6d6934ce78d9f11 files/digest-perl-5.8.4-r2 64 MD5 c354e2fbf8141a769c20032e94f45fd3 files/digest-perl-5.8.5-r3 64 @@ -44,7 +45,7 @@ MD5 803b7c028f59008ea1e6d577e5c0bab0 files/stat.t 8884 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) -iD8DBQFCBKxZtG5z4I8BtQoRAmj/AKCNkOvX39a5zPVp+P8Hb6BP4oxtWwCfR0ZK -pB0VGhwRzKrujEpZJtZJeVQ= -=L4I9 +iD8DBQFCBLYKtG5z4I8BtQoRAkpiAJ9LEH3ZHfIhMTHIshleDFSVkJ6bZQCeKJdd +s/6pTEt3HM0Z+/SsiB1rFxc= +=9Jzk -----END PGP SIGNATURE----- diff --git a/dev-lang/perl/files/CAN-2005-0156-suid.patch b/dev-lang/perl/files/CAN-2005-0156-suid.patch new file mode 100644 index 000000000000..8305cdb4415e --- /dev/null +++ b/dev-lang/perl/files/CAN-2005-0156-suid.patch @@ -0,0 +1,20 @@ +--- perlio.c.orig 2005-02-04 17:29:22.196825296 -0500 ++++ perlio.c 2005-02-04 17:31:42.538687640 -0500 +@@ -448,7 +448,7 @@ + va_list ap; + dSYS; + va_start(ap, fmt); +- if (!dbg) { ++ if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { + char *s = PerlEnv_getenv("PERLIO_DEBUG"); + if (s && *s) + dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); +@@ -465,7 +465,7 @@ + s = CopFILE(PL_curcop); + if (!s) + s = "(none)"; +- sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); ++ sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + len = strlen(buffer); + vsprintf(buffer+len, fmt, ap); + PerlLIO_write(dbg, buffer, strlen(buffer)); diff --git a/dev-lang/perl/perl-5.8.2-r2.ebuild b/dev-lang/perl/perl-5.8.2-r2.ebuild index 8d1f17c8336c..be326c1ddfa5 100644 --- a/dev-lang/perl/perl-5.8.2-r2.ebuild +++ b/dev-lang/perl/perl-5.8.2-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.2-r2.ebuild,v 1.1 2005/01/26 17:11:49 mcummings Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.2-r2.ebuild,v 1.2 2005/02/05 12:05:51 mcummings Exp $ inherit eutils flag-o-matic gcc @@ -97,8 +97,14 @@ src_unpack() { epatch ${FILESDIR}/perl-5.8.2-uclibc.patch # An additional tempfile patch, bug 75696 - epatch ${FILESDIR}/file_path_rmtree.patch + + # Bug 80460, perlsuid vulnerability + if use perlsuid + then + epatch ${FILESDIR}/CAN-2005-0156-suid.patch + fi + } src_compile() { diff --git a/dev-lang/perl/perl-5.8.4-r2.ebuild b/dev-lang/perl/perl-5.8.4-r2.ebuild index 53651457f49d..4876a211bdf5 100644 --- a/dev-lang/perl/perl-5.8.4-r2.ebuild +++ b/dev-lang/perl/perl-5.8.4-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.4-r2.ebuild,v 1.1 2005/01/26 17:11:49 mcummings Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.4-r2.ebuild,v 1.2 2005/02/05 12:05:51 mcummings Exp $ inherit eutils flag-o-matic gcc @@ -121,6 +121,13 @@ src_unpack() { # An additional tempfile patch, bug 75696 epatch ${FILESDIR}/file_path_rmtree.patch + + # Bug 80460, perlsuid vulnerability + if use perlsuid + then + epatch ${FILESDIR}/CAN-2005-0156-suid.patch + fi + } src_configure() { diff --git a/dev-lang/perl/perl-5.8.5-r3.ebuild b/dev-lang/perl/perl-5.8.5-r3.ebuild index 9067256ecad7..37ac3b3fe5eb 100644 --- a/dev-lang/perl/perl-5.8.5-r3.ebuild +++ b/dev-lang/perl/perl-5.8.5-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.5-r3.ebuild,v 1.1 2005/01/26 17:11:49 mcummings Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.5-r3.ebuild,v 1.2 2005/02/05 12:05:51 mcummings Exp $ inherit eutils flag-o-matic gcc @@ -124,6 +124,13 @@ src_unpack() { # An additional tempfile patch, bug 75696 epatch ${FILESDIR}/file_path_rmtree.patch + # Bug 80460, perlsuid vulnerability + if use perlsuid + then + epatch ${FILESDIR}/CAN-2005-0156-suid.patch + fi + + } src_configure() { diff --git a/dev-lang/perl/perl-5.8.6-r2.ebuild b/dev-lang/perl/perl-5.8.6-r2.ebuild index f6d41a42f9e8..e47bdce675e7 100644 --- a/dev-lang/perl/perl-5.8.6-r2.ebuild +++ b/dev-lang/perl/perl-5.8.6-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.6-r2.ebuild,v 1.1 2005/01/26 17:11:49 mcummings Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/perl/perl-5.8.6-r2.ebuild,v 1.2 2005/02/05 12:05:51 mcummings Exp $ inherit eutils flag-o-matic gcc @@ -124,6 +124,13 @@ src_unpack() { # An additional tempfile patch, bug 75696 epatch ${FILESDIR}/file_path_rmtree.patch + + # Bug 80460, perlsuid vulnerability + if use perlsuid + then + epatch ${FILESDIR}/CAN-2005-0156-suid.patch + fi + } src_configure() { |