[perl-IO-Socket-SSL] Update to 1.52
by Paul Howarth
commit f26c71c8d441dd0d5503f4475750921339a2b08f
Author: Paul Howarth <paul(a)city-fan.org>
Date: Wed Dec 7 11:13:39 2011 +0000
Update to 1.52
- New upstream release 1.52:
- Fix for t/nonblock.t hangs on AIX (CPAN RT#72305)
- Disable t/memleak_bad_handshake.t on AIX, because it might hang
(CPAN RT#72170)
- Fix syntax error in t/memleak_bad_handshake.t
perl-IO-Socket-SSL.spec | 9 ++++++++-
sources | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
---
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 49f5311..535dd30 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -4,7 +4,7 @@
#
Name: perl-IO-Socket-SSL
-Version: 1.49
+Version: 1.52
Release: 1%{?dist}
Summary: Perl library for transparent SSL
Group: Development/Libraries
@@ -59,6 +59,13 @@ rm -rf %{buildroot}
%{_mandir}/man3/IO::Socket::SSL.3pm*
%changelog
+* Wed Dec 7 2011 Paul Howarth <paul(a)city-fan.org> - 1.52-1
+- Update to 1.52
+ - fix for t/nonblock.t hangs on AIX (CPAN RT#72305)
+ - disable t/memleak_bad_handshake.t on AIX, because it might hang
+ (CPAN RT#72170)
+ - fix syntax error in t/memleak_bad_handshake.t
+
* Fri Oct 28 2011 Paul Howarth <paul(a)city-fan.org> - 1.49-1
- Update to 1.49
- another regression for readline fix: this time it failed to return lines
diff --git a/sources b/sources
index e58c583..9b4af00 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-236c754eb3755d280504a7ca8ba5ba01 IO-Socket-SSL-1.49.tar.gz
+d4ea32802f27db54df18c8455936a18d IO-Socket-SSL-1.52.tar.gz
12 years, 6 months
perl-Env-C: review and sponsor request
by Jan Kasprzak
Hello, Fedora Perl developers!
I use both Perl and Fedora extensively at work, and I have decided that
we should try to migrate from locally-compiled Perl to the Perl from Fedora.
This includes building all the CPAN modules we depend on as RPMs.
So far I have about 10 CPAN modules packaged and buildable in mock,
and checked with rpmlint (no errors, some bogus spelling warnings).
I want to contribute these packages to Fedora. In order to learn
the whole packaging process, I have decided to start with one package,
Env::C. The review request is here:
https://bugzilla.redhat.com/show_bug.cgi?id=757156
The other packages I have are the following:
Authen::DecHpwd
Authen::PassPhrase
Crypt::MySQL
Crypt::UnixCrypt_XS
Data::Entropy
Data::Float
Data::Integer
DBD::ODBC
IO::Socket::Multicast
Scalar::String
TeX::Encode
I plan to create review requests for these packages after getting the first
module (Env::C) to Fedora.
Sincerely,
-Jan Kasprzak
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list. --Alan Cox
12 years, 6 months
[perl-PAR-Packer/f14] Fix CVE-2011-4114
by Petr Pisar
commit 88f43bf7a8840b8285a50afab968c4c9bdc04c01
Author: Petr Písař <ppisar(a)redhat.com>
Date: Tue Dec 6 15:11:15 2011 +0100
Fix CVE-2011-4114
perl-PAR-Packer-1.010-CVE-2011-4114.patch | 84 +++++++++++++++++++++++++++++
perl-PAR-Packer.spec | 8 +++-
2 files changed, 91 insertions(+), 1 deletions(-)
---
diff --git a/perl-PAR-Packer-1.010-CVE-2011-4114.patch b/perl-PAR-Packer-1.010-CVE-2011-4114.patch
new file mode 100644
index 0000000..b951322
--- /dev/null
+++ b/perl-PAR-Packer-1.010-CVE-2011-4114.patch
@@ -0,0 +1,84 @@
+From 9aa3d40e0b24bbd3dfa5d51198ffc289fa901c9f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar(a)redhat.com>
+Date: Tue, 6 Dec 2011 14:22:04 +0100
+Subject: [PATCH] Fix CVE-2011-4114 ported for 1.010.
+
+From: r1296 | rschupp | 2011-11-14 21:01:18 +0100 (Po, 14 lis 2011) | 11 lines
+
+myldr/mktmpdir.c:
+- (par_mktmpdir) CVE-2011-4114:
+ - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
+ - if it already exists, check that (and bail out if not)
+ - it's not a symlink
+ - it's mode 0700
+ - it's owned by USER
+
+NOTE: PAR contains a "copy" of par_mktmpdir (in Perl); this
+must be fixed as well and we must require the fixed version.
+
+Adjusted error message from r1313 is included.
+---
+ myldr/mktmpdir.c | 38 +++++++++++++++++++++++++++++++++++---
+ 1 files changed, 35 insertions(+), 3 deletions(-)
+
+diff --git a/myldr/mktmpdir.c b/myldr/mktmpdir.c
+index 6699831..2293268 100644
+--- a/myldr/mktmpdir.c
++++ b/myldr/mktmpdir.c
+@@ -161,10 +161,42 @@ char *par_mktmpdir ( char **argv ) {
+ stmpdir2 is the top $TEMP/par-$USER, needed to build stmpdir. We
+ need 2 buffers because snprintf() can't write to a buffer it's
+ reading from. */
+- stmpdir = malloc( stmp_len );
+ stmpdir2 = malloc( stmp_len );
+ sprintf(stmpdir2, "%s%s%s%s", tmpdir, dir_sep, subdirbuf_prefix, username);
+- my_mkdir(stmpdir2, 0755);
++#ifdef WIN32
++ _mkdir(stmpdir2); /* FIXME bail if error (other than EEXIST) */
++#else
++ {
++ struct stat st;
++
++ if (mkdir(stmpdir2, 0700) == -1 && errno != EEXIST) {
++ fprintf(stderr, "%s: creation of private subdirectory %s failed (errno=%i)\n",
++ argv[0], stmpdir2, errno);
++ return NULL;
++ }
++
++ /* now check that:
++ * - stmpdir2 is a directory (and not a symlink)
++ * - stmpdir2 is owned by the user
++ * - stmpdir2 has mode 0700
++ */
++ if (lstat(stmpdir2, &st) == -1) {
++ fprintf(stderr, "%s: stat of private subdirectory %s failed (errno=%i)\n",
++ argv[0], stmpdir2, errno);
++ return NULL;
++ }
++
++ if (!S_ISDIR(st.st_mode)
++ || st.st_uid != getuid()
++ || (st.st_mode & 0777) != 0700 ) {
++ fprintf(stderr, "%s: private subdirectory %s is unsafe (please remove it and retry your operation)\n",
++ argv[0], stmpdir2);
++ return NULL;
++ }
++ }
++#endif
++
++ stmpdir = malloc( stmp_len );
+
+ /* Doesn't really work - XXX */
+ val = par_getenv( "PATH" );
+@@ -250,7 +282,7 @@ char *par_mktmpdir ( char **argv ) {
+ a prior invocation crashed leaving garbage in a temp directory that
+ might interfere. */
+
+- while (my_mkdir(stmpdir, 0755) == -1 && errno == EEXIST) {
++ while (my_mkdir(stmpdir, 0700) == -1 && errno == EEXIST) {
+ sprintf(
+ stmpdir,
+ "%s%stemp-%u-%u%s",
+--
+1.7.7.4
+
diff --git a/perl-PAR-Packer.spec b/perl-PAR-Packer.spec
index 9473177..c0004b4 100644
--- a/perl-PAR-Packer.spec
+++ b/perl-PAR-Packer.spec
@@ -1,11 +1,13 @@
Name: perl-PAR-Packer
Version: 1.005
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: PAR Packager
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/PAR-Packer/
Source0: http://www.cpan.org/authors/id/S/SM/SMUELLER/PAR-Packer-%{version}.tar.gz
+# Fix CVE-2011-4114, bug #753957, included in upstream 1.011.
+Patch0: perl-PAR-Packer-1.010-CVE-2011-4114.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl(Archive::Zip) >= 1
BuildRequires: perl(Compress::Zlib) >= 1.3
@@ -23,6 +25,7 @@ stand-alone executables, perl scripts and PAR files.
%prep
%setup -q -n PAR-Packer-%{version}
+%patch0 -p1
%build
# DEBUG variable needed to disable stripping binary
@@ -64,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Tue Dec 06 2011 Petr Pisar <ppisar(a)redhat.com> - 1.005-4
+- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #753957)
+
* Fri Feb 25 2011 Petr Pisar <ppisar(a)redhat.com> - 1.005-3
- Do not strip binaries
12 years, 6 months
[perl-PAR-Packer/f15] Fix CVE-2011-4114
by Petr Pisar
commit 6050c9ca3e628a25f2dff1d708c78b98eb33d19a
Author: Petr Písař <ppisar(a)redhat.com>
Date: Tue Dec 6 15:11:15 2011 +0100
Fix CVE-2011-4114
perl-PAR-Packer-1.010-CVE-2011-4114.patch | 84 +++++++++++++++++++++++++++++
perl-PAR-Packer.spec | 8 +++-
2 files changed, 91 insertions(+), 1 deletions(-)
---
diff --git a/perl-PAR-Packer-1.010-CVE-2011-4114.patch b/perl-PAR-Packer-1.010-CVE-2011-4114.patch
new file mode 100644
index 0000000..b951322
--- /dev/null
+++ b/perl-PAR-Packer-1.010-CVE-2011-4114.patch
@@ -0,0 +1,84 @@
+From 9aa3d40e0b24bbd3dfa5d51198ffc289fa901c9f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar(a)redhat.com>
+Date: Tue, 6 Dec 2011 14:22:04 +0100
+Subject: [PATCH] Fix CVE-2011-4114 ported for 1.010.
+
+From: r1296 | rschupp | 2011-11-14 21:01:18 +0100 (Po, 14 lis 2011) | 11 lines
+
+myldr/mktmpdir.c:
+- (par_mktmpdir) CVE-2011-4114:
+ - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
+ - if it already exists, check that (and bail out if not)
+ - it's not a symlink
+ - it's mode 0700
+ - it's owned by USER
+
+NOTE: PAR contains a "copy" of par_mktmpdir (in Perl); this
+must be fixed as well and we must require the fixed version.
+
+Adjusted error message from r1313 is included.
+---
+ myldr/mktmpdir.c | 38 +++++++++++++++++++++++++++++++++++---
+ 1 files changed, 35 insertions(+), 3 deletions(-)
+
+diff --git a/myldr/mktmpdir.c b/myldr/mktmpdir.c
+index 6699831..2293268 100644
+--- a/myldr/mktmpdir.c
++++ b/myldr/mktmpdir.c
+@@ -161,10 +161,42 @@ char *par_mktmpdir ( char **argv ) {
+ stmpdir2 is the top $TEMP/par-$USER, needed to build stmpdir. We
+ need 2 buffers because snprintf() can't write to a buffer it's
+ reading from. */
+- stmpdir = malloc( stmp_len );
+ stmpdir2 = malloc( stmp_len );
+ sprintf(stmpdir2, "%s%s%s%s", tmpdir, dir_sep, subdirbuf_prefix, username);
+- my_mkdir(stmpdir2, 0755);
++#ifdef WIN32
++ _mkdir(stmpdir2); /* FIXME bail if error (other than EEXIST) */
++#else
++ {
++ struct stat st;
++
++ if (mkdir(stmpdir2, 0700) == -1 && errno != EEXIST) {
++ fprintf(stderr, "%s: creation of private subdirectory %s failed (errno=%i)\n",
++ argv[0], stmpdir2, errno);
++ return NULL;
++ }
++
++ /* now check that:
++ * - stmpdir2 is a directory (and not a symlink)
++ * - stmpdir2 is owned by the user
++ * - stmpdir2 has mode 0700
++ */
++ if (lstat(stmpdir2, &st) == -1) {
++ fprintf(stderr, "%s: stat of private subdirectory %s failed (errno=%i)\n",
++ argv[0], stmpdir2, errno);
++ return NULL;
++ }
++
++ if (!S_ISDIR(st.st_mode)
++ || st.st_uid != getuid()
++ || (st.st_mode & 0777) != 0700 ) {
++ fprintf(stderr, "%s: private subdirectory %s is unsafe (please remove it and retry your operation)\n",
++ argv[0], stmpdir2);
++ return NULL;
++ }
++ }
++#endif
++
++ stmpdir = malloc( stmp_len );
+
+ /* Doesn't really work - XXX */
+ val = par_getenv( "PATH" );
+@@ -250,7 +282,7 @@ char *par_mktmpdir ( char **argv ) {
+ a prior invocation crashed leaving garbage in a temp directory that
+ might interfere. */
+
+- while (my_mkdir(stmpdir, 0755) == -1 && errno == EEXIST) {
++ while (my_mkdir(stmpdir, 0700) == -1 && errno == EEXIST) {
+ sprintf(
+ stmpdir,
+ "%s%stemp-%u-%u%s",
+--
+1.7.7.4
+
diff --git a/perl-PAR-Packer.spec b/perl-PAR-Packer.spec
index 011c121..6293048 100644
--- a/perl-PAR-Packer.spec
+++ b/perl-PAR-Packer.spec
@@ -1,12 +1,14 @@
Name: perl-PAR-Packer
Version: 1.008
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: PAR Packager
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/PAR-Packer/
Source0: http://www.cpan.org/authors/id/R/RS/RSCHUPP/PAR-Packer-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# Fix CVE-2011-4114, bug #753957, included in upstream 1.011.
+Patch0: perl-PAR-Packer-1.010-CVE-2011-4114.patch
BuildRequires: perl(Archive::Zip) >= 1
BuildRequires: perl(Compress::Zlib) >= 1.3
BuildRequires: perl(ExtUtils::MakeMaker)
@@ -23,6 +25,7 @@ stand-alone executables, perl scripts and PAR files.
%prep
%setup -q -n PAR-Packer-%{version}
+%patch0 -p1
%build
# DEBUG variable needed to disable stripping binary
@@ -64,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Tue Dec 06 2011 Petr Pisar <ppisar(a)redhat.com> - 1.008-4
+- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #753957)
+
* Fri Feb 25 2011 Petr Pisar <ppisar(a)redhat.com> - 1.008-3
- Do not strip binaries
12 years, 6 months
[perl-PAR-Packer/f16] Fix CVE-2011-4114
by Petr Pisar
commit caf5df098adb318c914803819bd550b6c2c17ab6
Author: Petr Písař <ppisar(a)redhat.com>
Date: Tue Dec 6 15:11:15 2011 +0100
Fix CVE-2011-4114
perl-PAR-Packer-1.010-CVE-2011-4114.patch | 84 +++++++++++++++++++++++++++++
perl-PAR-Packer.spec | 8 +++-
2 files changed, 91 insertions(+), 1 deletions(-)
---
diff --git a/perl-PAR-Packer-1.010-CVE-2011-4114.patch b/perl-PAR-Packer-1.010-CVE-2011-4114.patch
new file mode 100644
index 0000000..b951322
--- /dev/null
+++ b/perl-PAR-Packer-1.010-CVE-2011-4114.patch
@@ -0,0 +1,84 @@
+From 9aa3d40e0b24bbd3dfa5d51198ffc289fa901c9f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar(a)redhat.com>
+Date: Tue, 6 Dec 2011 14:22:04 +0100
+Subject: [PATCH] Fix CVE-2011-4114 ported for 1.010.
+
+From: r1296 | rschupp | 2011-11-14 21:01:18 +0100 (Po, 14 lis 2011) | 11 lines
+
+myldr/mktmpdir.c:
+- (par_mktmpdir) CVE-2011-4114:
+ - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
+ - if it already exists, check that (and bail out if not)
+ - it's not a symlink
+ - it's mode 0700
+ - it's owned by USER
+
+NOTE: PAR contains a "copy" of par_mktmpdir (in Perl); this
+must be fixed as well and we must require the fixed version.
+
+Adjusted error message from r1313 is included.
+---
+ myldr/mktmpdir.c | 38 +++++++++++++++++++++++++++++++++++---
+ 1 files changed, 35 insertions(+), 3 deletions(-)
+
+diff --git a/myldr/mktmpdir.c b/myldr/mktmpdir.c
+index 6699831..2293268 100644
+--- a/myldr/mktmpdir.c
++++ b/myldr/mktmpdir.c
+@@ -161,10 +161,42 @@ char *par_mktmpdir ( char **argv ) {
+ stmpdir2 is the top $TEMP/par-$USER, needed to build stmpdir. We
+ need 2 buffers because snprintf() can't write to a buffer it's
+ reading from. */
+- stmpdir = malloc( stmp_len );
+ stmpdir2 = malloc( stmp_len );
+ sprintf(stmpdir2, "%s%s%s%s", tmpdir, dir_sep, subdirbuf_prefix, username);
+- my_mkdir(stmpdir2, 0755);
++#ifdef WIN32
++ _mkdir(stmpdir2); /* FIXME bail if error (other than EEXIST) */
++#else
++ {
++ struct stat st;
++
++ if (mkdir(stmpdir2, 0700) == -1 && errno != EEXIST) {
++ fprintf(stderr, "%s: creation of private subdirectory %s failed (errno=%i)\n",
++ argv[0], stmpdir2, errno);
++ return NULL;
++ }
++
++ /* now check that:
++ * - stmpdir2 is a directory (and not a symlink)
++ * - stmpdir2 is owned by the user
++ * - stmpdir2 has mode 0700
++ */
++ if (lstat(stmpdir2, &st) == -1) {
++ fprintf(stderr, "%s: stat of private subdirectory %s failed (errno=%i)\n",
++ argv[0], stmpdir2, errno);
++ return NULL;
++ }
++
++ if (!S_ISDIR(st.st_mode)
++ || st.st_uid != getuid()
++ || (st.st_mode & 0777) != 0700 ) {
++ fprintf(stderr, "%s: private subdirectory %s is unsafe (please remove it and retry your operation)\n",
++ argv[0], stmpdir2);
++ return NULL;
++ }
++ }
++#endif
++
++ stmpdir = malloc( stmp_len );
+
+ /* Doesn't really work - XXX */
+ val = par_getenv( "PATH" );
+@@ -250,7 +282,7 @@ char *par_mktmpdir ( char **argv ) {
+ a prior invocation crashed leaving garbage in a temp directory that
+ might interfere. */
+
+- while (my_mkdir(stmpdir, 0755) == -1 && errno == EEXIST) {
++ while (my_mkdir(stmpdir, 0700) == -1 && errno == EEXIST) {
+ sprintf(
+ stmpdir,
+ "%s%stemp-%u-%u%s",
+--
+1.7.7.4
+
diff --git a/perl-PAR-Packer.spec b/perl-PAR-Packer.spec
index a3299c1..9d00be7 100644
--- a/perl-PAR-Packer.spec
+++ b/perl-PAR-Packer.spec
@@ -1,11 +1,13 @@
Name: perl-PAR-Packer
Version: 1.010
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: PAR Packager
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/PAR-Packer/
Source0: http://www.cpan.org/authors/id/R/RS/RSCHUPP/PAR-Packer-%{version}.tar.gz
+# Fix CVE-2011-4114, bug #753957, included in upstream 1.011.
+Patch0: perl-PAR-Packer-1.010-CVE-2011-4114.patch
BuildRequires: perl(Archive::Zip) >= 1
BuildRequires: perl(Compress::Zlib) >= 1.3
BuildRequires: perl(ExtUtils::MakeMaker)
@@ -24,6 +26,7 @@ stand-alone executables, perl scripts and PAR files.
%prep
%setup -q -n PAR-Packer-%{version}
+%patch0 -p1
%build
# DEBUG variable needed to disable stripping binary
@@ -58,6 +61,9 @@ export PAR_GLOBAL_TEMP=/var/tmp
%{_mandir}/man3/*
%changelog
+* Tue Dec 06 2011 Petr Pisar <ppisar(a)redhat.com> - 1.010-3
+- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #753957)
+
* Tue Jul 19 2011 Petr Sabata <contyk(a)redhat.com> - 1.010-2
- Perl mass rebuild
12 years, 6 months
[Bug 753955] CVE-2011-4114 perl-PAR-Packer: insecure temporary directory handling
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=753955
--- Comment #9 from Petr Pisar <ppisar(a)redhat.com> 2011-12-06 09:23:39 EST ---
How to test:
Create /tmp/par-$(USER) directory with 0777 mode (or owned by different user,
or create an other user's symlink). Create a PAR archive from a perl script (pp
--par SCRIPT).
Test perl-PAR by running `perl -MPAR=./a.par SCRIPT'. Test perl-PAR-Packer by
running `parl ./a.par'.
For unknown reason, you might need perl-PAR-Packer to get running SCRIPT from
./a.par by -MPAR=.
For unknown reason, old parl might not work because of perl version mismatch.
(This becomes fixed after rebuilding old perl-PAR-Packer against current perl.)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
12 years, 6 months
[perl-PAR/f14] Fix CVE-2011-4114
by Petr Pisar
commit e9c31e5fe012574693edcec484ad502c46db34a2
Author: Petr Písař <ppisar(a)redhat.com>
Date: Thu Dec 1 15:46:19 2011 +0100
Fix CVE-2011-4114
perl-PAR-1.002-CVE-2011-4114.patch | 89 ++++++++++++++++++++++++++++++++++++
perl-PAR.spec | 10 ++++-
2 files changed, 98 insertions(+), 1 deletions(-)
---
diff --git a/perl-PAR-1.002-CVE-2011-4114.patch b/perl-PAR-1.002-CVE-2011-4114.patch
new file mode 100644
index 0000000..4db8a94
--- /dev/null
+++ b/perl-PAR-1.002-CVE-2011-4114.patch
@@ -0,0 +1,89 @@
+Fix CVE-2011-4114
+
+From: r1305 | rschupp | 2011-11-28 17:39:44 +0100 (Po, 28 lis 2011) | 7 lines
+RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe and
+predictable temporary directories
+- create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
+- if it already exists, check that (and bail out if not)
+ - it's not a symlink
+ - it's mode 0700
+ - it's owned by USER
+
+Petr Pisar: Message wording adjustment from r1316 is included too.
+
+Index: lib/PAR/SetupTemp.pm
+===================================================================
+--- lib/PAR/SetupTemp.pm (revision 1304)
++++ lib/PAR/SetupTemp.pm (revision 1305)
+@@ -5,6 +5,8 @@
+ use strict;
+ use warnings;
+
++use Fcntl ':mode';
++
+ use PAR::SetupProgname;
+
+ =head1 NAME
+@@ -42,8 +44,9 @@
+ }
+
+ my $stmpdir = _get_par_user_tempdir();
++ die "unable to create cache directory" unless $stmpdir;
++
+ require File::Spec;
+- if (defined $stmpdir) { # it'd be quite bad if this was not the case
+ if (!$ENV{PAR_CLEAN} and my $mtime = (stat($PAR::SetupProgname::Progname))[9]) {
+ my $ctx = _get_digester();
+
+@@ -71,8 +74,7 @@
+ }
+
+ $ENV{PAR_TEMP} = $stmpdir;
+- mkdir $stmpdir, 0755;
+- } # end if found a temp dir
++ mkdir $stmpdir, 0700;
+
+ $PARTemp = $1 if defined $ENV{PAR_TEMP} and $ENV{PAR_TEMP} =~ /(.+)/;
+ }
+@@ -98,8 +100,25 @@
+ next unless defined $path and -d $path and -w $path;
+ $temp_path = File::Spec->catdir($path, "par-$username");
+ ($temp_path) = $temp_path =~ /^(.*)$/s;
+- mkdir $temp_path, 0755;
++ unless (mkdir($temp_path, 0700) || $!{EEXIST}) {
++ warn "creation of private subdirectory $temp_path failed (errno=$!)";
++ return;
++ }
+
++ unless ($^O eq 'MSWin32') {
++ my @st;
++ unless (@st = lstat($temp_path)) {
++ warn "stat of private subdirectory $temp_path failed (errno=$!)";
++ return;
++ }
++ if (!S_ISDIR($st[2])
++ || $st[4] != $<
++ || ($st[2] & 0777) != 0700 ) {
++ warn "private subdirectory $temp_path is unsafe";
++ return;
++ }
++ }
++
+ last;
+ }
+ return $temp_path;
+
+
+Index: lib/PAR/SetupTemp.pm
+===================================================================
+--- lib/PAR/SetupTemp.pm (revision 1315)
++++ lib/PAR/SetupTemp.pm (revision 1316)
+@@ -114,7 +114,7 @@
+ if (!S_ISDIR($st[2])
+ || $st[4] != $<
+ || ($st[2] & 0777) != 0700 ) {
+- warn "private subdirectory $temp_path is unsafe";
++ warn "private subdirectory $temp_path is unsafe (please remove it and retry your operation)";
+ return;
+ }
+ }
diff --git a/perl-PAR.spec b/perl-PAR.spec
index fa7d29d..9d42f87 100644
--- a/perl-PAR.spec
+++ b/perl-PAR.spec
@@ -1,11 +1,13 @@
Name: perl-PAR
Version: 1.000
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Perl Archive Toolkit
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/PAR/
Source0: http://www.cpan.org/authors/id/S/SM/SMUELLER/PAR-%{version}.tar.gz
+# Fix CVE-2011-4114, bug #760132, included in upstream 1.004.
+Patch0: perl-PAR-1.002-CVE-2011-4114.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl(Archive::Zip) >= 1
@@ -23,6 +25,7 @@ libraries from which Perl modules can be loaded.
%prep
%setup -q -n PAR-%{version}
+%patch0 -p0
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -39,7 +42,9 @@ find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null \;
%{_fixperms} $RPM_BUILD_ROOT/*
%check
+export TEMP="$(mktemp -d)"
make test
+rm -rf "$TEMP"
%clean
rm -rf $RPM_BUILD_ROOT
@@ -51,6 +56,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Thu Dec 01 2011 Petr Pisar <ppisar(a)redhat.com> - 1.000-3
+- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #760132)
+
* Tue Aug 24 2010 Adam Tkac <atkac redhat com> - 1.000-2
- rebuild
12 years, 6 months
[perl-PAR/f15] Fix CVE-2011-4114
by Petr Pisar
commit 29555072e8e22a681a67c4046d2dd76a1e0eac27
Author: Petr Písař <ppisar(a)redhat.com>
Date: Thu Dec 1 15:46:19 2011 +0100
Fix CVE-2011-4114
perl-PAR-1.002-CVE-2011-4114.patch | 89 ++++++++++++++++++++++++++++++++++++
perl-PAR.spec | 10 ++++-
2 files changed, 98 insertions(+), 1 deletions(-)
---
diff --git a/perl-PAR-1.002-CVE-2011-4114.patch b/perl-PAR-1.002-CVE-2011-4114.patch
new file mode 100644
index 0000000..4db8a94
--- /dev/null
+++ b/perl-PAR-1.002-CVE-2011-4114.patch
@@ -0,0 +1,89 @@
+Fix CVE-2011-4114
+
+From: r1305 | rschupp | 2011-11-28 17:39:44 +0100 (Po, 28 lis 2011) | 7 lines
+RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe and
+predictable temporary directories
+- create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
+- if it already exists, check that (and bail out if not)
+ - it's not a symlink
+ - it's mode 0700
+ - it's owned by USER
+
+Petr Pisar: Message wording adjustment from r1316 is included too.
+
+Index: lib/PAR/SetupTemp.pm
+===================================================================
+--- lib/PAR/SetupTemp.pm (revision 1304)
++++ lib/PAR/SetupTemp.pm (revision 1305)
+@@ -5,6 +5,8 @@
+ use strict;
+ use warnings;
+
++use Fcntl ':mode';
++
+ use PAR::SetupProgname;
+
+ =head1 NAME
+@@ -42,8 +44,9 @@
+ }
+
+ my $stmpdir = _get_par_user_tempdir();
++ die "unable to create cache directory" unless $stmpdir;
++
+ require File::Spec;
+- if (defined $stmpdir) { # it'd be quite bad if this was not the case
+ if (!$ENV{PAR_CLEAN} and my $mtime = (stat($PAR::SetupProgname::Progname))[9]) {
+ my $ctx = _get_digester();
+
+@@ -71,8 +74,7 @@
+ }
+
+ $ENV{PAR_TEMP} = $stmpdir;
+- mkdir $stmpdir, 0755;
+- } # end if found a temp dir
++ mkdir $stmpdir, 0700;
+
+ $PARTemp = $1 if defined $ENV{PAR_TEMP} and $ENV{PAR_TEMP} =~ /(.+)/;
+ }
+@@ -98,8 +100,25 @@
+ next unless defined $path and -d $path and -w $path;
+ $temp_path = File::Spec->catdir($path, "par-$username");
+ ($temp_path) = $temp_path =~ /^(.*)$/s;
+- mkdir $temp_path, 0755;
++ unless (mkdir($temp_path, 0700) || $!{EEXIST}) {
++ warn "creation of private subdirectory $temp_path failed (errno=$!)";
++ return;
++ }
+
++ unless ($^O eq 'MSWin32') {
++ my @st;
++ unless (@st = lstat($temp_path)) {
++ warn "stat of private subdirectory $temp_path failed (errno=$!)";
++ return;
++ }
++ if (!S_ISDIR($st[2])
++ || $st[4] != $<
++ || ($st[2] & 0777) != 0700 ) {
++ warn "private subdirectory $temp_path is unsafe";
++ return;
++ }
++ }
++
+ last;
+ }
+ return $temp_path;
+
+
+Index: lib/PAR/SetupTemp.pm
+===================================================================
+--- lib/PAR/SetupTemp.pm (revision 1315)
++++ lib/PAR/SetupTemp.pm (revision 1316)
+@@ -114,7 +114,7 @@
+ if (!S_ISDIR($st[2])
+ || $st[4] != $<
+ || ($st[2] & 0777) != 0700 ) {
+- warn "private subdirectory $temp_path is unsafe";
++ warn "private subdirectory $temp_path is unsafe (please remove it and retry your operation)";
+ return;
+ }
+ }
diff --git a/perl-PAR.spec b/perl-PAR.spec
index 4b1d46f..f426506 100644
--- a/perl-PAR.spec
+++ b/perl-PAR.spec
@@ -1,11 +1,13 @@
Name: perl-PAR
Version: 1.002
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Perl Archive Toolkit
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/PAR/
Source0: http://www.cpan.org/authors/id/S/SM/SMUELLER/PAR-%{version}.tar.gz
+# Fix CVE-2011-4114, bug #760132, included in upstream 1.004.
+Patch0: perl-PAR-1.002-CVE-2011-4114.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl(Archive::Zip) >= 1
@@ -23,6 +25,7 @@ libraries from which Perl modules can be loaded.
%prep
%setup -q -n PAR-%{version}
+%patch0 -p0
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -39,7 +42,9 @@ find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null \;
%{_fixperms} $RPM_BUILD_ROOT/*
%check
+export TEMP="$(mktemp -d)"
make test
+rm -rf "$TEMP"
%clean
rm -rf $RPM_BUILD_ROOT
@@ -51,6 +56,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Thu Dec 01 2011 Petr Pisar <ppisar(a)redhat.com> - 1.002-4
+- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #760132)
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.002-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
12 years, 6 months