Apply fixes for CAN-2004-0452, CAN-2005-0155 and CAN-2005-0156 (#156128).

2005-04-28 23:30:47 +00:00 · 2005-04-28 23:30:47 +00:00 · fb212f209d
commit fb212f209d
parent 2977073dd3
3 changed files with 69 additions and 3 deletions
--- a/perl-5.8.0-rmtree.patch
+++ b/perl-5.8.0-rmtree.patch
@ -0,0 +1,35 @@
 Fix for CAN-2004-0452.  Change chmod's to make files writable/executable
 by the current user only and not by the entire world.  chmod's necessary
 in the first place but at least this makes them less dangerous.  If, for
 some reason the rm process dies halfway through, at worst some files and
 dirs were revoked from others, not made available.
 --- perl-5.8.0/lib/File/Path.pm.chmod	2004-11-23 10:41:57.594065752 -0500
 +++ perl-5.8.0/lib/File/Path.pm	2004-11-23 10:43:41.453380351 -0500
@@ -184,7 +184,7 @@
 	    # it's also intended to change it to writable in case we have
 	    # to recurse in which case we are better than rm -rf for 
 	    # subtrees with strange permissions
 -	    chmod(0777, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
 +	    chmod(0700, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
 	      or carp "Can't make directory $root read+writeable: $!"
 		unless $safe;
@@ -218,7 +218,7 @@
 		print "skipped $root\n" if $verbose;
 		next;
 	    }
 -	    chmod 0777, $root
 +	    chmod 0700, $root
 	      or carp "Can't make directory $root writeable: $!"
 		if $force_writeable;
 	    print "rmdir $root\n" if $verbose;
@@ -240,7 +240,7 @@
 		print "skipped $root\n" if $verbose;
 		next;
 	    }
 -	    chmod 0666, $root
 +	    chmod 0600, $root
 	      or carp "Can't make file $root writeable: $!"
 		if $force_writeable;
 	    print "unlink $root\n" if $verbose;
--- a/perl-5.8.5-CAN-2005-0155+0156.patch
+++ b/perl-5.8.5-CAN-2005-0155+0156.patch
@ -0,0 +1,22 @@
 Index: perlio.c
 ===================================================================
 --- perlio.c	(revision 4342)
 +++ perlio.c	(revision 4346)
@@ -454,7 +454,7 @@
     va_list ap;
     dSYS;
     va_start(ap, fmt);
 -    if (!dbg) {
 +    if (!dbg && !PL_tainting && PL_uid == PL_euid && PL_gid == PL_egid) {
 	char *s = PerlEnv_getenv("PERLIO_DEBUG");
 	if (s && *s)
 	    dbg = PerlLIO_open3(s, O_WRONLY | O_CREAT | O_APPEND, 0666);
@@ -471,7 +471,7 @@
 	s = CopFILE(PL_curcop);
 	if (!s)
 	    s = "(none)";
 -	sprintf(buffer, "%s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
 +	sprintf(buffer, "%.40s:%" IVdf " ", s, (IV) CopLINE(PL_curcop));
 	len = strlen(buffer);
 	vsprintf(buffer+len, fmt, ap);
 	PerlLIO_write(dbg, buffer, strlen(buffer));
--- a/perl.spec
+++ b/perl.spec
@ -5,7 +5,7 @@
 %define multilib_64_archs x86_64 s390x ppc64 sparc64
 %define perlver 5.8.6
-%define perlrel 9
+%define perlrel 10
 %define perlepoch 3
 Provides: perl(:WITH_PERLIO)
@ -100,6 +100,12 @@ Patch24: perl-5.8.3-empty-rpath.patch
 # mod_perl 2.0.0 RC5 requires CGI.pm 3.08
 Patch25: perl-5.8.6-CGI-3.08.patch
 # CAN-2004-0452 fix
 Patch26: perl-5.8.0-rmtree.patch
 # CAN-2005-0155 and CAN-2005-0156 fix
 Patch27: perl-5.8.5-CAN-2005-0155+0156.patch
 # arch-specific patches
 Patch100: perl-5.8.1-fpic.patch
 Patch101: perl-5.8.0-libdir64.patch
@ -189,8 +195,6 @@ system to handle Perl scripts.
 %if %{suidperl}
 %package suidperl
 Version: %{perlver}
 Release: %{perlrel}
 Summary: suidperl, for use with setuid perl scripts
 Group: Development/Languages
 Requires: perl = %{perlepoch}:%{perlver}-%{perlrel}
@ -217,6 +221,8 @@ more secure running of setuid perl scripts.
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
 %patch27 -p0
 %patch100 -p1
@ -416,6 +422,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 %changelog
 * Thu Apr 28 2005 Ville Skyttä <ville.skytta at iki.fi> - 3:5.8.6-10
 - Apply fixes for CAN-2004-0452, CAN-2005-0155 and CAN-2005-0156 (#156128).
 * Tue Apr 26 2005 Warren Togami <wtogami@redhat.com. - 3:5.8.6-8
 - -Dinstallusrbinperl=n (#141182 Aaron Sherman)
 - remove 5.8.0 and 5.8.1 ABI compat (#154295)