CVSROOT: /cvs Module name: src Changes by: [email protected] 2016/08/04 19:00:56
Modified files:
gnu/usr.bin/perl: Tag: OPENBSD_5_8 patchlevel.h
gnu/usr.bin/perl/cpan/Archive-Tar/bin: Tag: OPENBSD_5_8 ptar
ptardiff ptargrep
gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive: Tag: OPENBSD_5_8
Tar.pm
gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive/Tar: Tag:
OPENBSD_5_8
Constant.pm
File.pm
gnu/usr.bin/perl/cpan/CPAN/lib: Tag: OPENBSD_5_8 CPAN.pm
gnu/usr.bin/perl/cpan/CPAN/lib/App: Tag: OPENBSD_5_8 Cpan.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN: Tag: OPENBSD_5_8 Author.pm
Bundle.pm CacheMgr.pm
Complete.pm Debug.pm
DeferredCode.pm
Distribution.pm
Distroprefs.pm
Distrostatus.pm FTP.pm
FirstTime.pm
HandleConfig.pm Index.pm
InfoObj.pm Kwalify.pm
Mirrors.pm Module.pm Nox.pm
Prompt.pm Queue.pm Shell.pm
Tarzip.pm URL.pm Version.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/Exception: Tag: OPENBSD_5_8
RecursiveDependency.pm
blocked_urllist.pm
yaml_not_installed.pm
yaml_process_error.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/FTP: Tag: OPENBSD_5_8
netrc.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP: Tag: OPENBSD_5_8
Client.pm
Credentials.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/LWP: Tag: OPENBSD_5_8
UserAgent.pm
gnu/usr.bin/perl/cpan/CPAN/scripts: Tag: OPENBSD_5_8 cpan
gnu/usr.bin/perl/cpan/Digest: Tag: OPENBSD_5_8 Digest.pm
gnu/usr.bin/perl/cpan/Digest/Digest: Tag: OPENBSD_5_8 base.pm
file.pm
gnu/usr.bin/perl/cpan/Digest-SHA: Tag: OPENBSD_5_8 shasum
gnu/usr.bin/perl/cpan/Digest-SHA/lib/Digest: Tag: OPENBSD_5_8
SHA.pm
gnu/usr.bin/perl/cpan/Encode: Tag: OPENBSD_5_8 Encode.pm
gnu/usr.bin/perl/cpan/Encode/Encode: Tag: OPENBSD_5_8 _PM.e2x
gnu/usr.bin/perl/cpan/Encode/bin: Tag: OPENBSD_5_8 enc2xs piconv
ucmlint unidump
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/bin: Tag: OPENBSD_5_8
instmodsh
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils: Tag:
OPENBSD_5_8
Liblist.pm
MM.pm
MM_AIX.pm
MM_Any.pm
MM_BeOS.pm
MM_Cygwin.pm
MM_DOS.pm
MM_Darwin.pm
MM_MacOS.pm
MM_NW5.pm
MM_OS2.pm
MM_QNX.pm
MM_UWIN.pm
MM_Unix.pm
MM_VMS.pm
MM_VOS.pm
MM_Win32.pm
MM_Win95.pm
MY.pm
MakeMaker.pm
Mkbootstrap.pm
Mksymlists.pm
testlib.pm
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command:
Tag:
OPENBSD_5_8
MM.pm
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist:
Tag:
OPENBSD_5_8
Kid.pm
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker:
Tag:
OPENBSD_5_8
Config.pm
FAQ.pod
Tutorial.pod
gnu/usr.bin/perl/cpan/File-Fetch/lib/File: Tag: OPENBSD_5_8
Fetch.pm
gnu/usr.bin/perl/cpan/HTTP-Tiny/lib/HTTP: Tag: OPENBSD_5_8
Tiny.pm
gnu/usr.bin/perl/cpan/IO-Compress/bin: Tag: OPENBSD_5_8
zipdetails
gnu/usr.bin/perl/cpan/IO-Compress/lib/Compress: Tag: OPENBSD_5_8
Zlib.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/File: Tag: OPENBSD_5_8
GlobMapper.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress: Tag:
OPENBSD_5_8
Base.pm
Bzip2.pm
Deflate.pm
Gzip.pm
RawDeflate.pm
Zip.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Adapter: Tag:
OPENBSD_5_8
Bzip2.pm
Deflate.pm
Identity.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Base: Tag:
OPENBSD_5_8
Common.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Gzip: Tag:
OPENBSD_5_8
Constants.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Zip: Tag:
OPENBSD_5_8
Constants.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Zlib: Tag:
OPENBSD_5_8
Constants.pm
Extra.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Uncompress: Tag:
OPENBSD_5_8
AnyInflate.pm
AnyUncompress.pm
Base.pm
Bunzip2.pm
Gunzip.pm
Inflate.pm
RawInflate.pm
Unzip.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Uncompress/Adapter:
Tag:
OPENBSD_5_8
Bunzip2.pm
Identity.pm
Inflate.pm
gnu/usr.bin/perl/cpan/IO-Compress/private: Tag: OPENBSD_5_8
MakeUtil.pm
gnu/usr.bin/perl/cpan/IPC-Cmd/lib/IPC: Tag: OPENBSD_5_8 Cmd.pm
gnu/usr.bin/perl/cpan/JSON-PP/bin: Tag: OPENBSD_5_8 json_pp
gnu/usr.bin/perl/cpan/JSON-PP/lib/JSON: Tag: OPENBSD_5_8 PP.pm
gnu/usr.bin/perl/cpan/Locale-Maketext-Simple/lib/Locale/Maketext:
Tag:
OPENBSD_5_8
Simple.pm
gnu/usr.bin/perl/cpan/Memoize: Tag: OPENBSD_5_8 Memoize.pm
gnu/usr.bin/perl/cpan/Memoize/Memoize: Tag: OPENBSD_5_8
AnyDBM_File.pm Expire.pm
ExpireFile.pm
ExpireTest.pm
NDBM_File.pm SDBM_File.pm
Storable.pm
gnu/usr.bin/perl/cpan/Pod-Perldoc/lib/Pod: Tag: OPENBSD_5_8
Perldoc.pm
gnu/usr.bin/perl/cpan/Pod-Perldoc/lib/Pod/Perldoc: Tag:
OPENBSD_5_8
BaseTo.pm
GetOptsOO.pm
ToANSI.pm
ToChecker.pm
ToMan.pm
ToNroff.pm
ToPod.pm
ToRtf.pm
ToTerm.pm
ToText.pm
ToTk.pm
ToXml.pm
gnu/usr.bin/perl/cpan/Sys-Syslog: Tag: OPENBSD_5_8 Syslog.pm
gnu/usr.bin/perl/cpan/Test/lib: Tag: OPENBSD_5_8 Test.pm
gnu/usr.bin/perl/cpan/Test-Harness/bin: Tag: OPENBSD_5_8 prove
gnu/usr.bin/perl/cpan/Test-Harness/lib/App: Tag: OPENBSD_5_8
Prove.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/App/Prove: Tag:
OPENBSD_5_8
State.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/App/Prove/State: Tag:
OPENBSD_5_8
Result.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/App/Prove/State/Result:
Tag:
OPENBSD_5_8
Test.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP: Tag: OPENBSD_5_8
Base.pm Harness.pm
Object.pm Parser.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Formatter: Tag:
OPENBSD_5_8
Base.pm
Color.pm
Console.pm
File.pm
Session.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Formatter/Console:
Tag:
OPENBSD_5_8
ParallelSession.pm
Session.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Formatter/File: Tag:
OPENBSD_5_8
Session.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Harness: Tag:
OPENBSD_5_8
Env.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser: Tag:
OPENBSD_5_8
Aggregator.pm
Grammar.pm
Iterator.pm
IteratorFactory.pm
Multiplexer.pm
Result.pm
ResultFactory.pm
Scheduler.pm
Source.pm
SourceHandler.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/Iterator: Tag:
OPENBSD_5_8
Array.pm
Process.pm
Stream.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/Result: Tag:
OPENBSD_5_8
Bailout.pm
Comment.pm
Plan.pm
Pragma.pm
Test.pm
Unknown.pm
Version.pm
YAML.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/Scheduler:
Tag:
OPENBSD_5_8
Job.pm
Spinner.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/SourceHandler:
Tag:
OPENBSD_5_8
Executable.pm
File.pm
Handle.pm
Perl.pm
RawTAP.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/YAMLish: Tag:
OPENBSD_5_8
Reader.pm
Writer.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/Test: Tag: OPENBSD_5_8
Harness.pm
gnu/usr.bin/perl/cpan/libnet/Net: Tag: OPENBSD_5_8 Cmd.pm
Config.pm Domain.pm FTP.pm
NNTP.pm Netrc.pm POP3.pm
SMTP.pm Time.pm
gnu/usr.bin/perl/cpan/libnet/Net/FTP: Tag: OPENBSD_5_8 A.pm E.pm
I.pm L.pm dataconn.pm
gnu/usr.bin/perl/dist/ExtUtils-Command/lib/ExtUtils: Tag:
OPENBSD_5_8
Command.pm
gnu/usr.bin/perl/dist/ExtUtils-ParseXS/lib/ExtUtils: Tag:
OPENBSD_5_8
ParseXS.pm
Typemaps.pm
xsubpp
gnu/usr.bin/perl/dist/ExtUtils-ParseXS/lib/ExtUtils/ParseXS:
Tag:
OPENBSD_5_8
Constants.pm
CountLines.pm
Eval.pm
Utilities.pm
gnu/usr.bin/perl/dist/ExtUtils-ParseXS/lib/ExtUtils/Typemaps:
Tag:
OPENBSD_5_8
Cmd.pm
InputMap.pm
OutputMap.pm
Type.pm
gnu/usr.bin/perl/dist/I18N-LangTags/lib/I18N: Tag: OPENBSD_5_8
LangTags.pm
gnu/usr.bin/perl/dist/I18N-LangTags/lib/I18N/LangTags: Tag:
OPENBSD_5_8
Detect.pm
List.pm
gnu/usr.bin/perl/dist/IO: Tag: OPENBSD_5_8 IO.pm
gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale: Tag:
OPENBSD_5_8
Maketext.pm
gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext: Tag:
OPENBSD_5_8
Guts.pm
GutsLoader.pm
gnu/usr.bin/perl/dist/Module-CoreList: Tag: OPENBSD_5_8 corelist
gnu/usr.bin/perl/dist/Module-CoreList/lib/Module: Tag:
OPENBSD_5_8
CoreList.pm
gnu/usr.bin/perl/dist/Module-CoreList/lib/Module/CoreList: Tag:
OPENBSD_5_8
TieHashDelta.pm
Utils.pm
gnu/usr.bin/perl/dist/Net-Ping/lib/Net: Tag: OPENBSD_5_8 Ping.pm
gnu/usr.bin/perl/dist/PathTools: Tag: OPENBSD_5_8 Cwd.pm
gnu/usr.bin/perl/dist/PathTools/lib/File: Tag: OPENBSD_5_8
Spec.pm
gnu/usr.bin/perl/dist/PathTools/lib/File/Spec: Tag: OPENBSD_5_8
Cygwin.pm Epoc.pm
Functions.pm
Mac.pm OS2.pm
Unix.pm VMS.pm
Win32.pm
gnu/usr.bin/perl/dist/Storable: Tag: OPENBSD_5_8 Storable.pm
gnu/usr.bin/perl/dist/base/lib: Tag: OPENBSD_5_8 base.pm
fields.pm
gnu/usr.bin/perl/dist/bignum/lib: Tag: OPENBSD_5_8 bigint.pm
bignum.pm bigrat.pm
gnu/usr.bin/perl/dist/bignum/lib/Math/BigFloat: Tag: OPENBSD_5_8
Trace.pm
gnu/usr.bin/perl/dist/bignum/lib/Math/BigInt: Tag: OPENBSD_5_8
Trace.pm
gnu/usr.bin/perl/ext/Pod-Html/bin: Tag: OPENBSD_5_8 pod2html
gnu/usr.bin/perl/ext/Pod-Html/lib/Pod: Tag: OPENBSD_5_8 Html.pm
gnu/usr.bin/perl/lib: Tag: OPENBSD_5_8 perl5db.pl
gnu/usr.bin/perl/t/porting: Tag: OPENBSD_5_8 customized.dat
gnu/usr.bin/perl/utils: Tag: OPENBSD_5_8 c2ph.PL h2ph.PL h2xs.PL
libnetcfg.PL perlbug.PL perldoc.PL
perlivp.PL splain.PL
gnu/usr.bin/perl/x2p: Tag: OPENBSD_5_8 find2perl.PL s2p.PL
Log message:
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory ("."). That means that, when "perl" wants to
load a module (during first compilation or during lazy loading of
a module in run-time), perl will look for the module in the current
directory at the end, since '.' is the last include directory in
its array of include directories to seek. The issue is with requiring
libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts
a user at risk whenever they execute any Perl scripts from a directory
that is writable by other accounts on the system. For instance, if
a user is logged in as root and changes directory into /tmp or an
account's home directory, it is possible to now run any shell
commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl,
since a significant proportion of Perl scripts will execute code
in the current working directory whenever they are run. For example,
if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm,
and then I log in as root, change directory to /tmp, and run "perldoc
perlrun", it will execute the code they have placed in the file.
