rpms/perl/devel perl-5.10.0-CVE-2008-2827.patch, NONE, 1.1 perl.spec, 1.170, 1.171 perl-5.6.0-buildroot.patch, 1.1, NONE perl-5.7.3-syslog.patch, 1.1, NONE perl-5.8.0-links.patch, 1.2, NONE perl-5.8.0-nondbm.patch, 1.1, NONE perl-5.8.0-nptlhint.patch, 1.1, NONE perl-5.8.0-rmtree.patch, 1.1, NONE perl-5.8.0-rpath-make.patch, 1.1, NONE perl-5.8.0-sharedlinker.patch, 1.1, NONE perl-5.8.1-fpic.patch, 1.1, NONE perl-5.8.1-lpthread-link.patch, 1.1, NONE perl-5.8.3-empty-rpath.patch, 1.1, NONE perl-5.8.3-fullinc.patch, 1.1, NONE perl-5.8.3-perlbug-tag.patch, 1.2, NONE perl-5.8.5-CAN-2005-0155+0156.patch, 1.1, NONE perl-5.8.5-dashI.patch, 1.1, NONE perl-5.8.5-incorder.patch, 1.1, NONE perl-5.8.6-CGI-3.1.0.patch, 1.1, NONE perl-5.8.6-filter-simple-update.patch, 1.1, NONE perl-5.8.6-findbin-selinux.patch, 1.3, NONE perl-5.8.7-172396.patch, 1.3, NONE perl-5.8.7-25084.patch, 1.1, NONE perl-5.8.7-CAN-2004-0976.patch, 1.2, NONE perl-5.8.7-CVE-2005-3962-bz174684.patch, 1.3, NONE perl-5.8.7-IOC_SIZE.patch, 1.1, NONE perl-5.8.7-MM_Unix-rpath-136009.patch, 1.1, NONE perl-5.8.7-USE_MM_LD_RUN_PATH.patch, 1.1, NONE perl-5.8.7-bz172236.patch, 1.1, NONE perl-5.8.7-bz172587.patch, 1.1, NONE perl-5.8.7-bz172739_obz36521.patch, 1.1, NONE perl-5.8.7-incpush.patch, 1.1, NONE perl-5.8.7-no-debugging.patch, 1.1, NONE perl-5.8.8-CAN-2004-0976.patch, 1.2, NONE perl-5.8.8-DB_File-1.815.patch, 1.1, NONE perl-5.8.8-R-switch.patch, 1.1, NONE perl-5.8.8-U27116.patch, 1.1, NONE perl-5.8.8-U27329.patch, 1.1, NONE perl-5.8.8-U27391.patch, 1.1, NONE perl-5.8.8-U27426.patch, 1.1, NONE perl-5.8.8-U27509.patch, 1.1, NONE perl-5.8.8-U27512.patch, 1.2, NONE perl-5.8.8-U27604.patch, 1.1, NONE perl-5.8.8-U27605.patch, 1.1, NONE perl-5.8.8-U27914.patch, 1.1, NONE perl-5.8.8-U28775.patch, 1.1, NONE perl-5.8.8-U34297_C28006.patch, 1.1, NONE perl-5.8.8-USE_MM_LD_RUN_PATH.patch, 1.2, NONE perl-5.8.8-bug24254.patch, 1.1, NONE perl-5.8.8-bz178343.patch, 1.2, NONE perl-5.8.8-bz183553_ubz38657.patch, 1.1, NONE perl-5.8.8-bz188441.patch, 1.1, NONE perl-5.8.8-bz191416.patch, 1.1, NONE perl-5.8.8-bz199736.patch, 1.1, NONE perl-5.8.8-bz204679.patch, 1.1, NONE perl-5.8.8-bz247386-file-spec-cwd.patch, 1.1, NONE perl-5.8.8-bz323571.patch, 1.1, NONE perl-5.8.8-dashI.patch, 1.2, NONE perl-5.8.8-debian_fix_net_nntp.patch, 1.1, NONE perl-5.8.8-disable_test_hosts.patch, 1.1, NONE perl-5.8.8-incpush.patch, 1.2, NONE perl-5.8.8-no_asm_page_h.patch, 1.1, NONE perl-5.8.8-perlbug-tag-A.patch, 1.1, NONE perl-5.8.8-perlbug-tag.patch, 1.2, NONE perl-5.8.8-up27133_up27169.patch, 1.1, NONE perl-5.8.8-up27284.patch, 1.1, NONE perl-5.8.8-useCFLAGSwithCC.patch, 1.1, NONE
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Tue Jun 24 13:00:47 UTC 2008
- Previous message (by thread): rpms/crack-attack/F-8 crack-attack-1.1.14-audio-ppc.patch, NONE, 1.1 crack-attack-1.1.14-gcc43.patch, NONE, 1.1 crack-attack.spec, 1.3, 1.4
- Next message (by thread): rpms/nautilus/F-9 nautilus-2.22.2-preserve-datetime.patch, NONE, 1.1 nautilus.spec, 1.203, 1.204
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmaslano
Update of /cvs/pkgs/rpms/perl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4070
Modified Files:
perl.spec
Added Files:
perl-5.10.0-CVE-2008-2827.patch
Removed Files:
perl-5.6.0-buildroot.patch perl-5.7.3-syslog.patch
perl-5.8.0-links.patch perl-5.8.0-nondbm.patch
perl-5.8.0-nptlhint.patch perl-5.8.0-rmtree.patch
perl-5.8.0-rpath-make.patch perl-5.8.0-sharedlinker.patch
perl-5.8.1-fpic.patch perl-5.8.1-lpthread-link.patch
perl-5.8.3-empty-rpath.patch perl-5.8.3-fullinc.patch
perl-5.8.3-perlbug-tag.patch
perl-5.8.5-CAN-2005-0155+0156.patch perl-5.8.5-dashI.patch
perl-5.8.5-incorder.patch perl-5.8.6-CGI-3.1.0.patch
perl-5.8.6-filter-simple-update.patch
perl-5.8.6-findbin-selinux.patch perl-5.8.7-172396.patch
perl-5.8.7-25084.patch perl-5.8.7-CAN-2004-0976.patch
perl-5.8.7-CVE-2005-3962-bz174684.patch
perl-5.8.7-IOC_SIZE.patch
perl-5.8.7-MM_Unix-rpath-136009.patch
perl-5.8.7-USE_MM_LD_RUN_PATH.patch perl-5.8.7-bz172236.patch
perl-5.8.7-bz172587.patch perl-5.8.7-bz172739_obz36521.patch
perl-5.8.7-incpush.patch perl-5.8.7-no-debugging.patch
perl-5.8.8-CAN-2004-0976.patch perl-5.8.8-DB_File-1.815.patch
perl-5.8.8-R-switch.patch perl-5.8.8-U27116.patch
perl-5.8.8-U27329.patch perl-5.8.8-U27391.patch
perl-5.8.8-U27426.patch perl-5.8.8-U27509.patch
perl-5.8.8-U27512.patch perl-5.8.8-U27604.patch
perl-5.8.8-U27605.patch perl-5.8.8-U27914.patch
perl-5.8.8-U28775.patch perl-5.8.8-U34297_C28006.patch
perl-5.8.8-USE_MM_LD_RUN_PATH.patch perl-5.8.8-bug24254.patch
perl-5.8.8-bz178343.patch perl-5.8.8-bz183553_ubz38657.patch
perl-5.8.8-bz188441.patch perl-5.8.8-bz191416.patch
perl-5.8.8-bz199736.patch perl-5.8.8-bz204679.patch
perl-5.8.8-bz247386-file-spec-cwd.patch
perl-5.8.8-bz323571.patch perl-5.8.8-dashI.patch
perl-5.8.8-debian_fix_net_nntp.patch
perl-5.8.8-disable_test_hosts.patch perl-5.8.8-incpush.patch
perl-5.8.8-no_asm_page_h.patch perl-5.8.8-perlbug-tag-A.patch
perl-5.8.8-perlbug-tag.patch perl-5.8.8-up27133_up27169.patch
perl-5.8.8-up27284.patch perl-5.8.8-useCFLAGSwithCC.patch
Log Message:
Fix CVE-2008-2827, remove old unused patches.
perl-5.10.0-CVE-2008-2827.patch:
--- NEW FILE perl-5.10.0-CVE-2008-2827.patch ---
diff -up perl-5.10.0/lib/File/Path.pm.cve perl-5.10.0/lib/File/Path.pm
--- perl-5.10.0/lib/File/Path.pm.cve 2007-12-18 11:47:07.000000000 +0100
+++ perl-5.10.0/lib/File/Path.pm 2008-06-24 13:25:53.000000000 +0200
@@ -351,10 +351,8 @@ sub _rmtree {
}
my $nperm = $perm & 07777 | 0600;
- if ($nperm != $perm and not chmod $nperm, $root) {
- if ($Force_Writeable) {
- _error($arg, "cannot make file writeable", $canon);
- }
+ if ($Force_Writeable && $nperm != $perm and not chmod $nperm, $root) {
+ _error($arg, "cannot make file writeable", $canon);
}
print "unlink $canon\n" if $arg->{verbose};
# delete all versions under VMS
Index: perl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl/devel/perl.spec,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- perl.spec 11 Jun 2008 13:33:11 -0000 1.170
+++ perl.spec 24 Jun 2008 12:59:59 -0000 1.171
@@ -11,7 +11,7 @@
Name: perl
Version: %{perl_version}
-Release: 27%{?dist}
+Release: 28%{?dist}
Epoch: %{perl_epoch}
Summary: The Perl programming language
Group: Development/Languages
@@ -75,6 +75,9 @@
# Wrong access test
Patch16: perl-5.10.0-accessXOK.patch
+# CVE-2008-2827 perl: insecure use of chmod in rmtree
+Patch17: perl-5.10.0-CVE-2008-2827.patch
+
BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcsh, dos2unix, man, groff
BuildRequires: gdbm-devel, db4-devel, zlib-devel
@@ -798,6 +801,7 @@
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
#
# Candidates for doc recoding (need case by case review):
@@ -1010,6 +1014,7 @@
perl -x patchlevel.h 'Fedora Patch14: Upgrade CGI to 3.37'
perl -x patchlevel.h 'Fedora Patch15: Adopt upstream commit for assertion'
perl -x patchlevel.h 'Fedora Patch16: Access permission - rt49003'
+perl -x patchlevel.h 'Fedora Patch17: CVE-2008-2827 perl: insecure use of chmod in rmtree'
%clean
rm -rf $RPM_BUILD_ROOT
@@ -1615,6 +1620,9 @@
# Old changelog entries are preserved in CVS.
%changelog
+* Tue Jun 24 2008 Marcela Maslanova <mmaslano at redhat.com> 4:5.10.0-28
+- CVE-2008-2827 perl: insecure use of chmod in rmtree
+
* Wed Jun 11 2008 Marcela Maslanova <mmaslano at redhat.com> 4:5.10.0-27
- 447371 wrong access permission rt49003
--- perl-5.6.0-buildroot.patch DELETED ---
--- perl-5.7.3-syslog.patch DELETED ---
--- perl-5.8.0-links.patch DELETED ---
--- perl-5.8.0-nondbm.patch DELETED ---
--- perl-5.8.0-nptlhint.patch DELETED ---
--- perl-5.8.0-rmtree.patch DELETED ---
--- perl-5.8.0-rpath-make.patch DELETED ---
--- perl-5.8.0-sharedlinker.patch DELETED ---
--- perl-5.8.1-fpic.patch DELETED ---
--- perl-5.8.1-lpthread-link.patch DELETED ---
--- perl-5.8.3-empty-rpath.patch DELETED ---
--- perl-5.8.3-fullinc.patch DELETED ---
--- perl-5.8.3-perlbug-tag.patch DELETED ---
--- perl-5.8.5-CAN-2005-0155+0156.patch DELETED ---
--- perl-5.8.5-dashI.patch DELETED ---
--- perl-5.8.5-incorder.patch DELETED ---
--- perl-5.8.6-CGI-3.1.0.patch DELETED ---
--- perl-5.8.6-filter-simple-update.patch DELETED ---
--- perl-5.8.6-findbin-selinux.patch DELETED ---
--- perl-5.8.7-172396.patch DELETED ---
--- perl-5.8.7-25084.patch DELETED ---
--- perl-5.8.7-CAN-2004-0976.patch DELETED ---
--- perl-5.8.7-CVE-2005-3962-bz174684.patch DELETED ---
--- perl-5.8.7-IOC_SIZE.patch DELETED ---
--- perl-5.8.7-MM_Unix-rpath-136009.patch DELETED ---
--- perl-5.8.7-USE_MM_LD_RUN_PATH.patch DELETED ---
--- perl-5.8.7-bz172236.patch DELETED ---
--- perl-5.8.7-bz172587.patch DELETED ---
--- perl-5.8.7-bz172739_obz36521.patch DELETED ---
--- perl-5.8.7-incpush.patch DELETED ---
--- perl-5.8.7-no-debugging.patch DELETED ---
--- perl-5.8.8-CAN-2004-0976.patch DELETED ---
--- perl-5.8.8-DB_File-1.815.patch DELETED ---
--- perl-5.8.8-R-switch.patch DELETED ---
--- perl-5.8.8-U27116.patch DELETED ---
--- perl-5.8.8-U27329.patch DELETED ---
--- perl-5.8.8-U27391.patch DELETED ---
--- perl-5.8.8-U27426.patch DELETED ---
--- perl-5.8.8-U27509.patch DELETED ---
--- perl-5.8.8-U27512.patch DELETED ---
--- perl-5.8.8-U27604.patch DELETED ---
--- perl-5.8.8-U27605.patch DELETED ---
--- perl-5.8.8-U27914.patch DELETED ---
--- perl-5.8.8-U28775.patch DELETED ---
--- perl-5.8.8-U34297_C28006.patch DELETED ---
--- perl-5.8.8-USE_MM_LD_RUN_PATH.patch DELETED ---
--- perl-5.8.8-bug24254.patch DELETED ---
--- perl-5.8.8-bz178343.patch DELETED ---
--- perl-5.8.8-bz183553_ubz38657.patch DELETED ---
--- perl-5.8.8-bz188441.patch DELETED ---
--- perl-5.8.8-bz191416.patch DELETED ---
--- perl-5.8.8-bz199736.patch DELETED ---
--- perl-5.8.8-bz204679.patch DELETED ---
--- perl-5.8.8-bz247386-file-spec-cwd.patch DELETED ---
--- perl-5.8.8-bz323571.patch DELETED ---
--- perl-5.8.8-dashI.patch DELETED ---
--- perl-5.8.8-debian_fix_net_nntp.patch DELETED ---
--- perl-5.8.8-disable_test_hosts.patch DELETED ---
--- perl-5.8.8-incpush.patch DELETED ---
--- perl-5.8.8-no_asm_page_h.patch DELETED ---
--- perl-5.8.8-perlbug-tag-A.patch DELETED ---
--- perl-5.8.8-perlbug-tag.patch DELETED ---
--- perl-5.8.8-up27133_up27169.patch DELETED ---
--- perl-5.8.8-up27284.patch DELETED ---
--- perl-5.8.8-useCFLAGSwithCC.patch DELETED ---
- Previous message (by thread): rpms/crack-attack/F-8 crack-attack-1.1.14-audio-ppc.patch, NONE, 1.1 crack-attack-1.1.14-gcc43.patch, NONE, 1.1 crack-attack.spec, 1.3, 1.4
- Next message (by thread): rpms/nautilus/F-9 nautilus-2.22.2-preserve-datetime.patch, NONE, 1.1 nautilus.spec, 1.203, 1.204
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list