Skip to content

Commit

Permalink
MFH r412502 r412503 r413010 r413019 r413036 r413249 r413567:
Browse files Browse the repository at this point in the history 
Apply batch of Perl updates up to security issue fix.

Fix a Perl security issue.

PR:		208879
Reported by:	Sevan Janiyan
Security:	CVE-2016-2381
Sponsored by:	Absolight

Approved by:	ports-secteam (with hat)
  • Loading branch information
@junovitch
junovitch committed May 10, 2016
1 parent aaf5a48 commit ecd4371
Show file tree
Hide file tree
Showing 15 changed files with 376 additions and 26 deletions.
21 changes: 17 additions & 4 deletions lang/perl5-devel/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# $FreeBSD$

PORTNAME= perl
PORTREVISION= 0
PORTREVISION= 2
# XXX Remove second line, uncomment first
#DISTVERSION= ${PERL_VERSION}
DISTVERSION= ${GH_TAGNAME:C/^v//:C/-g[0-9a-f]*$//}
Expand All @@ -23,13 +23,14 @@ LICENSE_FILE_ART10= ${WRKSRC}/Artistic
LICENSE_FILE_GPLv1= ${WRKSRC}/Copying

TEST_TARGET= test_harness
TEST_ENV= ${MAKE_ENV} TEST_JOBS=${MAKE_JOBS_NUMBER}
TEST_ENV= ${MAKE_ENV} TEST_JOBS=${MAKE_JOBS_NUMBER} \
LD_LIBRARY_PATH=${WRKSRC} COMPRESS_ZLIB_RUN_ALL=yes

# XXX Remove github things.
USE_GITHUB= yes
GH_ACCOUNT= Perl
GH_PROJECT= perl5
GH_TAGNAME= v5.23.9-30-g4caf7d8
GH_TAGNAME= v5.23.9-85-g9b1bcf2

OPTIONS_DEFINE= DEBUG GDBM PERL_64BITINT PTHREAD \
MULTIPLICITY SITECUSTOMIZE
Expand Down Expand Up @@ -161,6 +162,7 @@ PLIST_SUB+= PERL_VERSION=${PERL_VERSION} \
SITE_PERL=${SITE_PERL_REL} \
SITE_ARCH=${SITE_ARCH_REL} \
PRIV_LIB=${_PRIV_LIB} \
PKGNAMESUFFIX=${PKGNAMESUFFIX} \
ARCH_LIB=${_ARCH_LIB}
PLIST_SUB+= PORTVERSION=${PORTVERSION} # XXX Remove

Expand Down Expand Up @@ -271,6 +273,17 @@ post-patch-PTHREAD-off:
${REINPLACE_CMD} -e 's|%%PTHREAD_LIBS%%||g;' \
${WRKSRC}/hints/freebsd.sh

post-build:
@${REINPLACE_CMD} -e '/^lddlflags/s|-L${WRKSRC} ||' \
${WRKSRC}/lib/Config_heavy.pl
.if ${CC} == /nxb-bin/usr/bin/cc
@${REINPLACE_CMD} -e 's=/nxb-bin==' \
${WRKSRC}/lib/Config.pm ${WRKSRC}/lib/Config_heavy.pl
# Restore Config.pm's timestamp so that Perl's build system does not think it
# needs to rebuild everything.
@${TOUCH} -r ${WRKSRC}/lib/Config.pm.bak ${WRKSRC}/lib/Config.pm
.endif

post-install:
${MKDIR} ${STAGEDIR}${SITE_MAN1} ${STAGEDIR}${SITE_MAN3}
${MKDIR} ${STAGEDIR}${SITE_ARCH}/auto
Expand All @@ -295,6 +308,6 @@ post-install:
${STRIP_CMD} $$f; \
${CHMOD} 444 $$f; \
done
${INSTALL_DATA} ${WRKDIR}/perl-man.conf ${STAGEDIR}${PREFIX}/etc/man.d/perl${PERL_VER}.conf
${INSTALL_DATA} ${WRKDIR}/perl-man.conf ${STAGEDIR}${PREFIX}/etc/man.d/perl${PKGNAMESUFFIX}.conf

.include <bsd.port.mk>
4 changes: 2 additions & 2 deletions lang/perl5-devel/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
SHA256 (perl/perl-5.23.9-30_GH0.tar.gz) = c39da02236981dc5acaea469134836083907e393e836a4640d11b7d15bb048f3
SIZE (perl/perl-5.23.9-30_GH0.tar.gz) = 17864815
SHA256 (perl/perl-5.23.9-85_GH0.tar.gz) = d9cf37b24daf8054ee86f6ebcff11197b45b52dcc8281c6521b17eedc686ac1d
SIZE (perl/perl-5.23.9-85_GH0.tar.gz) = 17879774
4 changes: 2 additions & 2 deletions lang/perl5-devel/files/patch-perl.c
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- perl.c.orig 2016-03-20 17:57:16 UTC
--- perl.c.orig 2016-04-11 00:49:39 UTC
+++ perl.c
@@ -1821,23 +1821,7 @@ S_Internals_V(pTHX_ CV *cv)
@@ -1825,23 +1825,7 @@ S_Internals_V(pTHX_ CV *cv)
PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
sizeof(non_bincompat_options) - 1, SVs_TEMP));

Expand Down
4 changes: 2 additions & 2 deletions lang/perl5-devel/files/patch-t_porting_customized.dat
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
--- t/porting/customized.dat.orig 2016-03-14 01:56:49 UTC
--- t/porting/customized.dat.orig 2016-04-04 04:52:21 UTC
+++ t/porting/customized.dat
@@ -14,7 +14,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMa
ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mksymlists.pm 23a4b33b974e036d59bf55aa02e025506a408048
Expand All @@ -9,7 +9,7 @@
ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_BeOS.pm a0ec076bedfa0c2e52fc2b735fbc75b4c2706bbf
ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Cygwin.pm 976b10ec76d1fe6f7ee9000b5596e8950434880b
ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Darwin.pm bc4b33fa5296ab35bcb1be1c18759b93c4de2598
@@ -42,7 +42,7 @@ IPC::SysV cpan/IPC-SysV/lib/IPC/SharedMe
@@ -44,7 +44,7 @@ IPC::SysV cpan/IPC-SysV/lib/IPC/SharedMe
IPC::SysV cpan/IPC-SysV/lib/IPC/SysV.pm 9a0d1c3dcd67321ef1322f29102a1bc7eb91c61c
IPC::SysV cpan/IPC-SysV/t/ipcsysv.t ee2c95e846ea201afe13c9ec53b09cef62c8ac68
Math::BigRat cpan/Math-BigRat/lib/Math/BigRat.pm 6eabc68e04f67694f6fe523e64eb013fc337ca5b
Expand Down
6 changes: 3 additions & 3 deletions lang/perl5-devel/pkg-plist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ bin/shasum%%BINSUFFIX%%
bin/splain%%BINSUFFIX%%
bin/xsubpp%%BINSUFFIX%%
bin/zipdetails%%BINSUFFIX%%
etc/man.d/perl%%PERL_VER%%.conf
etc/man.d/perl%%PKGNAMESUFFIX%%.conf
%%PRIV_LIB%%/AnyDBM_File.pm
%%PRIV_LIB%%/App/Cpan.pm
%%PRIV_LIB%%/App/Prove.pm
Expand Down Expand Up @@ -1448,7 +1448,6 @@ etc/man.d/perl%%PERL_VER%%.conf
%%PRIV_LIB%%/pod/perl5220delta.pod
%%PRIV_LIB%%/pod/perl5221delta.pod
%%PRIV_LIB%%/pod/perl5230delta.pod
%%PRIV_LIB%%/pod/perl52310delta.pod
%%PRIV_LIB%%/pod/perl5231delta.pod
%%PRIV_LIB%%/pod/perl5232delta.pod
%%PRIV_LIB%%/pod/perl5233delta.pod
Expand All @@ -1458,6 +1457,7 @@ etc/man.d/perl%%PERL_VER%%.conf
%%PRIV_LIB%%/pod/perl5237delta.pod
%%PRIV_LIB%%/pod/perl5238delta.pod
%%PRIV_LIB%%/pod/perl5239delta.pod
%%PRIV_LIB%%/pod/perl5240delta.pod
%%PRIV_LIB%%/pod/perl561delta.pod
%%PRIV_LIB%%/pod/perl56delta.pod
%%PRIV_LIB%%/pod/perl581delta.pod
Expand Down Expand Up @@ -2126,7 +2126,6 @@ etc/man.d/perl%%PERL_VER%%.conf
%%MAN1%%/perl5220delta.1.gz
%%MAN1%%/perl5221delta.1.gz
%%MAN1%%/perl5230delta.1.gz
%%MAN1%%/perl52310delta.1.gz
%%MAN1%%/perl5231delta.1.gz
%%MAN1%%/perl5232delta.1.gz
%%MAN1%%/perl5233delta.1.gz
Expand All @@ -2136,6 +2135,7 @@ etc/man.d/perl%%PERL_VER%%.conf
%%MAN1%%/perl5237delta.1.gz
%%MAN1%%/perl5238delta.1.gz
%%MAN1%%/perl5239delta.1.gz
%%MAN1%%/perl5240delta.1.gz
%%MAN1%%/perl561delta.1.gz
%%MAN1%%/perl56delta.1.gz
%%MAN1%%/perl581delta.1.gz
Expand Down
2 changes: 1 addition & 1 deletion lang/perl5-devel/version.mk
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
PERL_VERSION= 5.23.10
PERL_VERSION= 5.24.0
PERL5_DEPEND= perl5>=5.23<5.24
19 changes: 16 additions & 3 deletions lang/perl5.18/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

PORTNAME= perl
PORTVERSION= ${PERL_VERSION}
PORTREVISION= 17
PORTREVISION= 21
CATEGORIES= lang devel perl5
MASTER_SITES= CPAN/../../src/5.0
DIST_SUBDIR= perl
Expand All @@ -20,7 +20,8 @@ DEPRECATED= Unsupported, please upgrade to a more recent version of Perl
EXPIRATION_DATE=2016-12-31

TEST_TARGET= test_harness
TEST_ENV= ${MAKE_ENV} TEST_JOBS=${MAKE_JOBS_NUMBER}
TEST_ENV= ${MAKE_ENV} TEST_JOBS=${MAKE_JOBS_NUMBER} \
LD_LIBRARY_PATH=${WRKSRC} COMPRESS_ZLIB_RUN_ALL=yes

OPTIONS_DEFINE= DEBUG GDBM PERL_64BITINT PTHREAD \
MULTIPLICITY SITECUSTOMIZE USE_PERL
Expand Down Expand Up @@ -201,6 +202,7 @@ PLIST_SUB+= PERL_VERSION=${PERL_VERSION} \
SITE_PERL=${SITE_PERL_REL} \
SITE_ARCH=${SITE_ARCH_REL} \
PRIV_LIB=${_PRIV_LIB} \
PKGNAMESUFFIX=${PKGNAMESUFFIX} \
ARCH_LIB=${_ARCH_LIB}

# Put a symlink to the future libperl.so.x.yy so that -lperl works.
Expand Down Expand Up @@ -238,6 +240,17 @@ post-patch-PTHREAD-off:
${WRKSRC}/hints/freebsd.sh
.endif

post-build:
@${REINPLACE_CMD} -e '/^lddlflags/s|-L${WRKSRC} ||' \
${WRKSRC}/lib/Config_heavy.pl
.if ${CC} == /nxb-bin/usr/bin/cc
@${REINPLACE_CMD} -e 's=/nxb-bin==' \
${WRKSRC}/lib/Config.pm ${WRKSRC}/lib/Config_heavy.pl
# Restore Config.pm's timestamp so that Perl's build system does not think it
# needs to rebuild everything.
@${TOUCH} -r ${WRKSRC}/lib/Config.pm.bak ${WRKSRC}/lib/Config.pm
.endif

post-install:
${MKDIR} ${STAGEDIR}${SITE_MAN1} ${STAGEDIR}${SITE_MAN3}
${MKDIR} ${STAGEDIR}${SITE_ARCH}/auto
Expand All @@ -261,6 +274,6 @@ post-install:
${STRIP_CMD} $$f; \
${CHMOD} 444 $$f; \
done
${INSTALL_DATA} ${WRKDIR}/perl-man.conf ${STAGEDIR}${PREFIX}/etc/man.d/perl${PERL_VER}.conf
${INSTALL_DATA} ${WRKDIR}/perl-man.conf ${STAGEDIR}${PREFIX}/etc/man.d/perl${PKGNAMESUFFIX}.conf

.include <bsd.port.mk>
98 changes: 98 additions & 0 deletions lang/perl5.18/files/patch-7098eff
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
commit 7098efff946437a2db6013d12c4fc3193fc328ce
Author: Tony Cook <tony@develop-help.com>
Date: 2016-01-27 11:52:15 +1100

remove duplicate environment variables from environ

If we see duplicate environment variables while iterating over
environ[]:

a) make sure we use the same value in %ENV that getenv() returns.

Previously on a duplicate, %ENV would have the last entry for the name
from environ[], but a typical getenv() would return the first entry.

Rather than assuming all getenv() implementations return the first entry
explicitly call getenv() to ensure they agree.

b) remove duplicate entries from environ

Previously if there was a duplicate definition for a name in environ[]
setting that name in %ENV could result in an unsafe value being passed
to a child process, so ensure environ[] has no duplicates.

--- perl.c.orig 2014-10-01 01:33:00 UTC
+++ perl.c
@@ -4272,23 +4272,70 @@ S_init_postdump_symbols(pTHX_ int argc,
}
if (env) {
char *s, *old_var;
+ STRLEN nlen;
SV *sv;
+ HV *dups = newHV();
+
for (; *env; env++) {
old_var = *env;

if (!(s = strchr(old_var,'=')) || s == old_var)
continue;
+ nlen = s - old_var;

#if defined(MSDOS) && !defined(DJGPP)
*s = '\0';
(void)strupr(old_var);
*s = '=';
#endif
- sv = newSVpv(s+1, 0);
- (void)hv_store(hv, old_var, s - old_var, sv, 0);
+ if (hv_exists(hv, old_var, nlen)) {
+ const char *name = savepvn(old_var, nlen);
+
+ /* make sure we use the same value as getenv(), otherwise code that
+ uses getenv() (like setlocale()) might see a different value to %ENV
+ */
+ sv = newSVpv(PerlEnv_getenv(name), 0);
+
+ /* keep a count of the dups of this name so we can de-dup environ later */
+ if (hv_exists(dups, name, nlen))
+ ++SvIVX(*hv_fetch(dups, name, nlen, 0));
+ else
+ (void)hv_store(dups, name, nlen, newSViv(1), 0);
+
+ Safefree(name);
+ }
+ else {
+ sv = newSVpv(s+1, 0);
+ }
+ (void)hv_store(hv, old_var, nlen, sv, 0);
if (env_is_not_environ)
mg_set(sv);
}
+ if (HvKEYS(dups)) {
+ /* environ has some duplicate definitions, remove them */
+ HE *entry;
+ hv_iterinit(dups);
+ while ((entry = hv_iternext_flags(dups, 0))) {
+ STRLEN nlen;
+ const char *name = HePV(entry, nlen);
+ IV count = SvIV(HeVAL(entry));
+ IV i;
+ SV **valp = hv_fetch(hv, name, nlen, 0);
+
+ assert(valp);
+
+ /* try to remove any duplicate names, depending on the
+ * implementation used in my_setenv() the iteration might
+ * not be necessary, but let's be safe.
+ */
+ for (i = 0; i < count; ++i)
+ my_setenv(name, 0);
+
+ /* and set it back to the value we set $ENV{name} to */
+ my_setenv(name, SvPV_nolen(*valp));
+ }
+ }
+ SvREFCNT_dec_NN(dups);
}
#endif /* USE_ENVIRON_ARRAY */
#endif /* !PERL_MICRO */
2 changes: 1 addition & 1 deletion lang/perl5.18/pkg-plist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ bin/shasum%%BINSUFFIX%%
bin/splain%%BINSUFFIX%%
bin/xsubpp%%BINSUFFIX%%
bin/zipdetails%%BINSUFFIX%%
etc/man.d/perl%%PERL_VER%%.conf
etc/man.d/perl%%PKGNAMESUFFIX%%.conf
%%PRIV_LIB%%/AnyDBM_File.pm
%%PRIV_LIB%%/App/Cpan.pm
%%PRIV_LIB%%/App/Prove.pm
Expand Down
19 changes: 16 additions & 3 deletions lang/perl5.20/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

PORTNAME= perl
PORTVERSION= ${PERL_VERSION}
PORTREVISION= 8
PORTREVISION= 12
CATEGORIES= lang devel perl5
MASTER_SITES= CPAN/../../src/5.0
DIST_SUBDIR= perl
Expand All @@ -17,7 +17,8 @@ LICENSE_FILE_ART10= ${WRKSRC}/Artistic
LICENSE_FILE_GPLv1= ${WRKSRC}/Copying

TEST_TARGET= test_harness
TEST_ENV= ${MAKE_ENV} TEST_JOBS=${MAKE_JOBS_NUMBER}
TEST_ENV= ${MAKE_ENV} TEST_JOBS=${MAKE_JOBS_NUMBER} \
LD_LIBRARY_PATH=${WRKSRC} COMPRESS_ZLIB_RUN_ALL=yes

OPTIONS_DEFINE= DEBUG GDBM PERL_64BITINT PTHREAD \
MULTIPLICITY SITECUSTOMIZE
Expand Down Expand Up @@ -145,6 +146,7 @@ PLIST_SUB+= PERL_VERSION=${PERL_VERSION} \
SITE_PERL=${SITE_PERL_REL} \
SITE_ARCH=${SITE_ARCH_REL} \
PRIV_LIB=${_PRIV_LIB} \
PKGNAMESUFFIX=${PKGNAMESUFFIX} \
ARCH_LIB=${_ARCH_LIB}

_PERL5_DEFAULT_FILE= /tmp/PERL5_DEFAULT
Expand Down Expand Up @@ -233,6 +235,17 @@ post-patch-PTHREAD-off:
${WRKSRC}/hints/freebsd.sh
.endif

post-build:
@${REINPLACE_CMD} -e '/^lddlflags/s|-L${WRKSRC} ||' \
${WRKSRC}/lib/Config_heavy.pl
.if ${CC} == /nxb-bin/usr/bin/cc
@${REINPLACE_CMD} -e 's=/nxb-bin==' \
${WRKSRC}/lib/Config.pm ${WRKSRC}/lib/Config_heavy.pl
# Restore Config.pm's timestamp so that Perl's build system does not think it
# needs to rebuild everything.
@${TOUCH} -r ${WRKSRC}/lib/Config.pm.bak ${WRKSRC}/lib/Config.pm
.endif

post-install:
${MKDIR} ${STAGEDIR}${SITE_MAN1} ${STAGEDIR}${SITE_MAN3}
${MKDIR} ${STAGEDIR}${SITE_ARCH}/auto
Expand All @@ -255,6 +268,6 @@ post-install:
${STRIP_CMD} $$f; \
${CHMOD} 444 $$f; \
done
${INSTALL_DATA} ${WRKDIR}/perl-man.conf ${STAGEDIR}${PREFIX}/etc/man.d/perl${PERL_VER}.conf
${INSTALL_DATA} ${WRKDIR}/perl-man.conf ${STAGEDIR}${PREFIX}/etc/man.d/perl${PKGNAMESUFFIX}.conf

.include <bsd.port.mk>
Loading

0 comments on commit ecd4371

Please sign in to comment.