guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: gnu: perl: Add fix for CVE-2015-8607.


From: Mark H. Weaver
Subject: 02/02: gnu: perl: Add fix for CVE-2015-8607.
Date: Tue, 12 Jan 2016 18:15:44 +0000

mhw pushed a commit to branch core-updates
in repository guix.

commit 203795aceaabec0e0e5818e1650ad407d825d1b3
Author: Mark H Weaver <address@hidden>
Date:   Tue Jan 12 13:12:07 2016 -0500

    gnu: perl: Add fix for CVE-2015-8607.
    
    * gnu/packages/patches/perl-CVE-2015-8607.patch: New file.
    * gnu-system.am (dist_patch_DATA): Add it.
    * gnu/packages/perl.scm (perl)[source]: Add patch.
---
 gnu-system.am                                 |    3 +-
 gnu/packages/patches/perl-CVE-2015-8607.patch |   68 +++++++++++++++++++++++++
 gnu/packages/perl.scm                         |    3 +-
 3 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/gnu-system.am b/gnu-system.am
index 0f0fabc..112e404 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -1,7 +1,7 @@
 # GNU Guix --- Functional package management for GNU
 # Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <address@hidden>
 # Copyright © 2013, 2014, 2015 Andreas Enge <address@hidden>
-# Copyright © 2013, 2014, 2015 Mark H Weaver <address@hidden>
+# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <address@hidden>
 #
 # This file is part of GNU Guix.
 #
@@ -612,6 +612,7 @@ dist_patch_DATA =                                           
\
   gnu/packages/patches/patchelf-rework-for-arm.patch           \
   gnu/packages/patches/patchutils-xfail-gendiff-tests.patch    \
   gnu/packages/patches/patch-hurd-path-max.patch               \
+  gnu/packages/patches/perl-CVE-2015-8607.patch                        \
   gnu/packages/patches/perl-autosplit-default-time.patch       \
   gnu/packages/patches/perl-deterministic-ordering.patch       \
   gnu/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
diff --git a/gnu/packages/patches/perl-CVE-2015-8607.patch 
b/gnu/packages/patches/perl-CVE-2015-8607.patch
new file mode 100644
index 0000000..4c25d41
--- /dev/null
+++ b/gnu/packages/patches/perl-CVE-2015-8607.patch
@@ -0,0 +1,68 @@
+From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
+From: Tony Cook <address@hidden>
+Date: Tue, 15 Dec 2015 10:56:54 +1100
+Subject: ensure File::Spec::canonpath() preserves taint
+
+Previously the unix specific XS implementation of canonpath() would
+return an untainted path when supplied a tainted path.
+
+For the empty string case, newSVpvs() already sets taint as needed on
+its result.
+
+This issue was assigned CVE-2015-8607.
+
+Bug: https://rt.perl.org/Ticket/Display.html?id=126862
+Bug-Debian: https://bugs.debian.org/810719
+Origin: upstream
+Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
+---
+ dist/PathTools/Cwd.xs    |  1 +
+ dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
+index 9d4dcf0..3d018dc 100644
+--- a/dist/PathTools/Cwd.xs
++++ b/dist/PathTools/Cwd.xs
+@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
+     *o = 0;
+     SvPOK_on(retval);
+     SvCUR_set(retval, o - SvPVX(retval));
++    SvTAINT(retval);
+     return retval;
+ }
+ 
+diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
+index 309b3e5..48f8c5b 100644
+--- a/dist/PathTools/t/taint.t
++++ b/dist/PathTools/t/taint.t
+@@ -12,7 +12,7 @@ use Test::More;
+ BEGIN {
+     plan(
+         ${^TAINT}
+-        ? (tests => 17)
++        ? (tests => 21)
+         : (skip_all => "A perl without taint support")
+     );
+ }
+@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
+ 
+ # Previous versions of Cwd tainted $^O
+ is !tainted($^O), 1, "\$^O should not be tainted";
++
++{
++    # [perl #126862] canonpath() loses taint
++    my $tainted = substr($ENV{PATH}, 0, 0);
++    # yes, getcwd()'s result should be tainted, and is tested above
++    # but be sure
++    ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
++        "canonpath() keeps taint on non-empty string";
++    ok tainted(File::Spec->canonpath($tainted)),
++        "canonpath() keeps taint on empty string";
++
++    (Cwd::getcwd() =~ /^(.*)/);
++    my $untainted = $1;
++    ok !tainted($untainted), "make sure our untainted value is untainted";
++    ok !tainted(File::Spec->canonpath($untainted)),
++        "canonpath() doesn't add taint to untainted string";
++}
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 86a979f..162fc9b 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -51,7 +51,8 @@
                              "perl-autosplit-default-time.patch"
                              "perl-source-date-epoch.patch"
                              "perl-deterministic-ordering.patch"
-                             "perl-no-build-time.patch")))))
+                             "perl-no-build-time.patch"
+                             "perl-CVE-2015-8607.patch")))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f



reply via email to

[Prev in Thread] Current Thread [Next in Thread]