gnu: perl: Add fix for CVE-2015-8607.

* gnu/packages/patches/perl-CVE-2015-8607.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/perl.scm (perl)[source]: Add patch.
This commit is contained in:
Mark H Weaver 2016-01-12 13:12:07 -05:00
parent ce3ac6670c
commit 203795acea
3 changed files with 72 additions and 2 deletions

View file

@ -1,7 +1,7 @@
# GNU Guix --- Functional package management for GNU
# Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
# Copyright © 2013, 2014, 2015 Mark H Weaver <mhw@netris.org>
# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
#
# This file is part of GNU Guix.
#
@ -612,6 +612,7 @@ dist_patch_DATA = \
gnu/packages/patches/patchelf-rework-for-arm.patch \
gnu/packages/patches/patchutils-xfail-gendiff-tests.patch \
gnu/packages/patches/patch-hurd-path-max.patch \
gnu/packages/patches/perl-CVE-2015-8607.patch \
gnu/packages/patches/perl-autosplit-default-time.patch \
gnu/packages/patches/perl-deterministic-ordering.patch \
gnu/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \

View file

@ -0,0 +1,68 @@
From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Tue, 15 Dec 2015 10:56:54 +1100
Subject: ensure File::Spec::canonpath() preserves taint
Previously the unix specific XS implementation of canonpath() would
return an untainted path when supplied a tainted path.
For the empty string case, newSVpvs() already sets taint as needed on
its result.
This issue was assigned CVE-2015-8607.
Bug: https://rt.perl.org/Ticket/Display.html?id=126862
Bug-Debian: https://bugs.debian.org/810719
Origin: upstream
Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
---
dist/PathTools/Cwd.xs | 1 +
dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
index 9d4dcf0..3d018dc 100644
--- a/dist/PathTools/Cwd.xs
+++ b/dist/PathTools/Cwd.xs
@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
*o = 0;
SvPOK_on(retval);
SvCUR_set(retval, o - SvPVX(retval));
+ SvTAINT(retval);
return retval;
}
diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
index 309b3e5..48f8c5b 100644
--- a/dist/PathTools/t/taint.t
+++ b/dist/PathTools/t/taint.t
@@ -12,7 +12,7 @@ use Test::More;
BEGIN {
plan(
${^TAINT}
- ? (tests => 17)
+ ? (tests => 21)
: (skip_all => "A perl without taint support")
);
}
@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
# Previous versions of Cwd tainted $^O
is !tainted($^O), 1, "\$^O should not be tainted";
+
+{
+ # [perl #126862] canonpath() loses taint
+ my $tainted = substr($ENV{PATH}, 0, 0);
+ # yes, getcwd()'s result should be tainted, and is tested above
+ # but be sure
+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
+ "canonpath() keeps taint on non-empty string";
+ ok tainted(File::Spec->canonpath($tainted)),
+ "canonpath() keeps taint on empty string";
+
+ (Cwd::getcwd() =~ /^(.*)/);
+ my $untainted = $1;
+ ok !tainted($untainted), "make sure our untainted value is untainted";
+ ok !tainted(File::Spec->canonpath($untainted)),
+ "canonpath() doesn't add taint to untainted string";
+}

View file

@ -51,7 +51,8 @@ (define-public perl
"perl-autosplit-default-time.patch"
"perl-source-date-epoch.patch"
"perl-deterministic-ordering.patch"
"perl-no-build-time.patch")))))
"perl-no-build-time.patch"
"perl-CVE-2015-8607.patch")))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f