head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.40 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.38 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.36 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.34 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.32 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.30 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.28 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.26 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.24 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.22 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.20 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.18 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.16 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.14 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.12 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.10 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.8 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.6 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.4 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.2 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2005.06.24.06.43.47; author jlam; state dead; branches; next 1.1; 1.1 date 2005.02.02.19.09.52; author jlam; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.02.02.19.09.52; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.02.05.17.22.21; author salo; state Exp; branches; next ; desc @@ 1.2 log @Drop the perl-5.6.x package from pkgsrc. Remove lang/perl58 and update lang/perl5 to perl-5.8.6nb4. Modify packages that referred to lang/perl58 to point to lang/perl5 instead. @ text @$NetBSD: patch-bf,v 1.1 2005/02/02 19:09:52 jlam Exp $ --- perlio.c.orig 2004-09-10 03:06:52.000000000 -0400 +++ perlio.c @@@@ -454,7 +454,8 @@@@ PerlIO_debug(const char *fmt, ...) va_list ap; dSYS; va_start(ap, fmt); - if (!dbg) { + /* Tighten uid/gid checks [CAN-2005-0155] */ + if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { char *s = PerlEnv_getenv("PERLIO_DEBUG"); if (s && *s) dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); @@@@ -471,7 +472,8 @@@@ PerlIO_debug(const char *fmt, ...) s = CopFILE(PL_curcop); if (!s) s = "(none)"; - sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + /* Avoid PERLIO_DEBUG buffer overflow [CAN-2005-0156] */ + sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); len = strlen(buffer); vsprintf(buffer+len, fmt, ap); PerlLIO_write(dbg, buffer, strlen(buffer)); @ 1.1 log @Fix a local root exploit and a buffer overflow (CAN-2005-{0155,0156}). Patches from Nicholas Clark in private mail. Bump the PKGREVISION to 3. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-bf was added on branch pkgsrc-2004Q4 on 2005-02-02 19:09:52 +0000 @ text @d1 24 @ 1.1.2.2 log @Pullup ticket 268 - requested by Johnny C. Lam security fix fod perl58 Patch provided by the submitter. PKGREVISION bumped. Fixes for: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 @ text @a0 24 $NetBSD: patch-bf,v 1.1.2.1 2005/02/05 17:22:21 salo Exp $ --- perlio.c.orig 2004-09-10 03:06:52.000000000 -0400 +++ perlio.c @@@@ -448,7 +448,8 @@@@ PerlIO_debug(const char *fmt, ...) va_list ap; dSYS; va_start(ap, fmt); - if (!dbg) { + /* Tighten uid/gid checks [CAN-2005-0155] */ + if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) { char *s = PerlEnv_getenv("PERLIO_DEBUG"); if (s && *s) dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666); @@@@ -465,7 +466,8 @@@@ PerlIO_debug(const char *fmt, ...) s = CopFILE(PL_curcop); if (!s) s = "(none)"; - sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); + /* Avoid PERLIO_DEBUG buffer overflow [CAN-2005-0156] */ + sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop)); len = strlen(buffer); vsprintf(buffer+len, fmt, ap); PerlLIO_write(dbg, buffer, strlen(buffer)); @