head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.36 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.34 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.32 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.30 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.28 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.26 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.24 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.22 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.20 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.18 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.16 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.14 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.12 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.10 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.8 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.6 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.4 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.0.2 pkgsrc-2005Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2006.01.13.20.04.48; author jlam; state dead; branches; next 1.1; 1.1 date 2005.12.18.15.25.29; author jlam; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.01.14.16.38.49; author salo; state dead; branches; next ; desc @@ 1.2 log @Use the vendor-supplied set of fixes for the following security advisories: CVE-2005-3916 - format string vulnerability in scripts using syslog() CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn() Bump the PKGREVISION to 7. @ text @$NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $ Fix for Perl format string vulnerability noted in CVE-2005-3962. --- sv.c.orig 2005-05-27 06:38:11.000000000 -0400 +++ sv.c @@@@ -8520,6 +8520,10 @@@@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const cha if (*q == '$') { ++q; efix = width; + if (width > INT_MAX) + efix = INT_MAX; + else + efix = width; } else { goto gotwidth; } @ 1.1 log @Fix for Perl format string vulnerability noted in CVE-2005-3962: perl suffers from an integer wrap overflow inside the explicit parameter format string functionality. This has been confirmed to be a vector for remote code execution. Bump PKGREVISION to 5. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @Pullup ticket 1026 - requested by Johnny C. Lam security fix for perl5 Revisions pulled up: - pkgsrc/lang/perl5/Makefile 1.112, 1.113, 1.114 - pkgsrc/lang/perl5/distinfo 1.32 - pkgsrc/lang/perl5/patches/patch-cm removed Module Name: pkgsrc Committed By: jlam Date: Fri Jan 13 16:48:11 UTC 2006 Modified Files: pkgsrc/lang/perl5: Makefile Log Message: Remove snapshot and release-candidate code since they're outdated and are no longer applicable to the current "stable" development branch. Also, fix the HOMEPAGE to point to perl.org instead of perl.com. --- Module Name: pkgsrc Committed By: jlam Date: Fri Jan 13 19:15:11 UTC 2006 Modified Files: pkgsrc/lang/perl5: Makefile Log Message: Finish removing extraneous code only useful for snapshots missed in the previous commit. --- Module Name: pkgsrc Committed By: jlam Date: Fri Jan 13 20:04:48 UTC 2006 Modified Files: pkgsrc/lang/perl5: Makefile distinfo Removed Files: pkgsrc/lang/perl5/patches: patch-cm Log Message: Use the vendor-supplied set of fixes for the following security advisories: CVE-2005-3916 - format string vulnerability in scripts using syslog() CVS-2005-3962 - format string vulnerability in Perl_sv_vcatpvfn() Bump the PKGREVISION to 7. @ text @d1 1 a1 1 $NetBSD: patch-cm,v 1.1 2005/12/18 15:25:29 jlam Exp $ @