diff options
| author | Nicolas Reynolds <fauno@kiwwwi.com.ar> | 2012-01-20 20:41:20 -0300 |
|---|---|---|
| committer | Nicolas Reynolds <fauno@kiwwwi.com.ar> | 2012-01-20 20:41:20 -0300 |
| commit | 33fcf0e7b95e530b849e59e90fdea4001e01283d (patch) | |
| tree | 5eab4f238207cce42c8351067ade9999df065a1f /core/perl | |
| parent | 3b0910bf6527c3b761d9579b2ed37a9a42595fa3 (diff) | |
| parent | a1922d0ec660fdc1892f2783515f781c090df0a9 (diff) | |
Merge branch 'master' of ssh://vparabola/home/parabola/abslibre-pre-mips64el
Conflicts:
community/gnash/PKGBUILD
community/libopenraw/PKGBUILD
community/smalltalk/PKGBUILD
core/coreutils/PKGBUILD
core/libarchive/PKGBUILD
extra/dhcp/PKGBUILD
extra/gmime/PKGBUILD
extra/gvfs/PKGBUILD
extra/kdeutils/PKGBUILD
extra/libreoffice/PKGBUILD
extra/lirc/PKGBUILD
extra/php-suhosin/PKGBUILD
extra/qtwebkit/PKGBUILD
extra/sdl_image/PKGBUILD
extra/sdl_net/PKGBUILD
extra/sdl_ttf/PKGBUILD
extra/spamassassin/PKGBUILD
extra/tftp-hpa/PKGBUILD
extra/totem-plparser/PKGBUILD
extra/tumbler/PKGBUILD
extra/vim/PKGBUILD
extra/wipe/PKGBUILD
extra/xfce4-netload-plugin/PKGBUILD
kde-unstable/kdebase-workspace/PKGBUILD
kde-unstable/kdebase-workspace/kde-np.pam
kde-unstable/kdebase-workspace/kde.pam
multilib/binutils-multilib/PKGBUILD
multilib/chuck/PKGBUILD
multilib/dev86/PKGBUILD
multilib/gcc-multilib/PKGBUILD
multilib/jack2-multilib/PKGBUILD
multilib/lib32-gdk-pixbuf2/PKGBUILD
multilib/lib32-glib2/PKGBUILD
multilib/lib32-glibc/PKGBUILD
multilib/lib32-glibc/lib32-glibc.conf
multilib/lib32-gtk2/PKGBUILD
multilib/lib32-libpulse/PKGBUILD
multilib/lib32-pango/PKGBUILD
multilib/lib32-sdl_image/PKGBUILD
multilib/lib32-sdl_ttf/PKGBUILD
multilib/libtool-multilib/PKGBUILD
multilib/nspluginwrapper/PKGBUILD
multilib/q4wine/PKGBUILD
multilib/wine/PKGBUILD
staging/php/PKGBUILD
staging/php/php-fpm.conf.in.patch
staging/php/php.ini.patch
Diffstat (limited to 'core/perl')
| -rw-r--r-- | core/perl/PKGBUILD | 8 | ||||
| -rw-r--r-- | core/perl/digest_eval_hole.diff | 61 |
2 files changed, 67 insertions, 2 deletions
diff --git a/core/perl/PKGBUILD b/core/perl/PKGBUILD index 7a1ee277e..c32205957 100644 --- a/core/perl/PKGBUILD +++ b/core/perl/PKGBUILD @@ -1,11 +1,11 @@ -# $Id: PKGBUILD 146455 2012-01-11 15:21:16Z stephane $ +# $Id: PKGBUILD 146927 2012-01-19 10:01:03Z bluewind $ # Maintainer: Angel Velasquez <angvp@archlinux.org> # Contributor: kevin <kevin.archlinux.org> # Contributor: judd <jvinet.zeroflux.org> # Contributor: francois <francois.archlinux.org> pkgname=perl pkgver=5.14.2 -pkgrel=6 +pkgrel=7 pkgdesc="A highly capable, feature-rich programming language" arch=(i686 x86_64 'mips64el') license=('GPL' 'PerlArtistic') @@ -17,6 +17,7 @@ source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2 perlbin.sh perlbin.csh provides.pl +digest_eval_hole.diff 0001-Append-CFLAGS-and-LDFLAGS-to-their-Config.pm-counter.patch) install=perl.install options=('makeflags' '!purge') @@ -24,6 +25,7 @@ md5sums=('04a4c5d3c1f9f19d77daff8e8cd19a26' '5ed2542fdb9a60682f215bd33701e61a' '1f0cbbee783e8a6d32f01be5118e0d5e' '31fc0b5bb4935414394c5cfbec2cb8e5' + '490852b3d77c3b3866d0d75f5fbf5c5d' 'c25d86206d649046538c3daab7874564') build() { @@ -37,6 +39,8 @@ build() { arch_opts="" fi + patch -Np1 -i $srcdir/digest_eval_hole.diff + ./Configure -des -Dusethreads -Duseshrplib -Doptimize="${CFLAGS}" \ -Dprefix=/usr -Dinstallprefix=${pkgdir}/usr -Dvendorprefix=/usr \ -Dprivlib=/usr/share/perl5/core_perl \ diff --git a/core/perl/digest_eval_hole.diff b/core/perl/digest_eval_hole.diff new file mode 100644 index 000000000..47904137b --- /dev/null +++ b/core/perl/digest_eval_hole.diff @@ -0,0 +1,61 @@ +From 4b6a7324284e7435a361c58f7ddb32fc0c635bd0 Mon Sep 17 00:00:00 2001 +From: "Michael G. Schwern" <schwern@pobox.com> +Date: Mon, 3 Oct 2011 19:05:29 +0100 +Subject: Close the eval "require $module" security hole in + Digest->new($algorithm) + +Also the filter was incomplete. + +Bug-Debian: http://bugs.debian.org/644108 + +Patch-Name: fixes/digest_eval_hole.diff +--- + cpan/Digest/Digest.pm | 6 ++++-- + cpan/Digest/t/security.t | 14 ++++++++++++++ + 2 files changed, 18 insertions(+), 2 deletions(-) + create mode 100644 cpan/Digest/t/security.t + +diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm +index 384dfc8..d714434 100644 +--- a/cpan/Digest/Digest.pm ++++ b/cpan/Digest/Digest.pm +@@ -24,7 +24,7 @@ sub new + shift; # class ignored + my $algorithm = shift; + my $impl = $MMAP{$algorithm} || do { +- $algorithm =~ s/\W+//; ++ $algorithm =~ s/\W+//g; + "Digest::$algorithm"; + }; + $impl = [$impl] unless ref($impl); +@@ -35,7 +35,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; +diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t +new file mode 100644 +index 0000000..5cba122 +--- /dev/null ++++ b/cpan/Digest/t/security.t +@@ -0,0 +1,14 @@ ++#!/usr/bin/env perl ++ ++# Digest->new() had an exploitable eval ++ ++use strict; ++use warnings; ++ ++use Test::More tests => 1; ++ ++use Digest; ++ ++$LOL::PWNED = 0; ++eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) }; ++is $LOL::PWNED, 0; |