From 203795aceaabec0e0e5818e1650ad407d825d1b3 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 12 Jan 2016 13:12:07 -0500 Subject: gnu: perl: Add fix for CVE-2015-8607. * gnu/packages/patches/perl-CVE-2015-8607.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/perl.scm (perl)[source]: Add patch. --- gnu/packages/patches/perl-CVE-2015-8607.patch | 68 +++++++++++++++++++++++++++ gnu/packages/perl.scm | 3 +- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/perl-CVE-2015-8607.patch (limited to 'gnu') diff --git a/gnu/packages/patches/perl-CVE-2015-8607.patch b/gnu/packages/patches/perl-CVE-2015-8607.patch new file mode 100644 index 0000000000..4c25d41740 --- /dev/null +++ b/gnu/packages/patches/perl-CVE-2015-8607.patch @@ -0,0 +1,68 @@ +From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Tue, 15 Dec 2015 10:56:54 +1100 +Subject: ensure File::Spec::canonpath() preserves taint + +Previously the unix specific XS implementation of canonpath() would +return an untainted path when supplied a tainted path. + +For the empty string case, newSVpvs() already sets taint as needed on +its result. + +This issue was assigned CVE-2015-8607. + +Bug: https://rt.perl.org/Ticket/Display.html?id=126862 +Bug-Debian: https://bugs.debian.org/810719 +Origin: upstream +Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff +--- + dist/PathTools/Cwd.xs | 1 + + dist/PathTools/t/taint.t | 19 ++++++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs +index 9d4dcf0..3d018dc 100644 +--- a/dist/PathTools/Cwd.xs ++++ b/dist/PathTools/Cwd.xs +@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) + *o = 0; + SvPOK_on(retval); + SvCUR_set(retval, o - SvPVX(retval)); ++ SvTAINT(retval); + return retval; + } + +diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t +index 309b3e5..48f8c5b 100644 +--- a/dist/PathTools/t/taint.t ++++ b/dist/PathTools/t/taint.t +@@ -12,7 +12,7 @@ use Test::More; + BEGIN { + plan( + ${^TAINT} +- ? (tests => 17) ++ ? (tests => 21) + : (skip_all => "A perl without taint support") + ); + } +@@ -34,3 +34,20 @@ foreach my $func (@Functions) { + + # Previous versions of Cwd tainted $^O + is !tainted($^O), 1, "\$^O should not be tainted"; ++ ++{ ++ # [perl #126862] canonpath() loses taint ++ my $tainted = substr($ENV{PATH}, 0, 0); ++ # yes, getcwd()'s result should be tainted, and is tested above ++ # but be sure ++ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), ++ "canonpath() keeps taint on non-empty string"; ++ ok tainted(File::Spec->canonpath($tainted)), ++ "canonpath() keeps taint on empty string"; ++ ++ (Cwd::getcwd() =~ /^(.*)/); ++ my $untainted = $1; ++ ok !tainted($untainted), "make sure our untainted value is untainted"; ++ ok !tainted(File::Spec->canonpath($untainted)), ++ "canonpath() doesn't add taint to untainted string"; ++} diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 86a979f9fc..162fc9b8f3 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -51,7 +51,8 @@ "perl-autosplit-default-time.patch" "perl-source-date-epoch.patch" "perl-deterministic-ordering.patch" - "perl-no-build-time.patch"))))) + "perl-no-build-time.patch" + "perl-CVE-2015-8607.patch"))))) (build-system gnu-build-system) (arguments '(#:tests? #f -- cgit 1.4.1