CVSROOT: /cvs Module name: src Changes by: afre...@cvs.openbsd.org 2016/08/04 19:01:40
Modified files:
gnu/usr.bin/perl: Tag: OPENBSD_5_9 patchlevel.h
gnu/usr.bin/perl/cpan/Archive-Tar/bin: Tag: OPENBSD_5_9 ptar
ptardiff ptargrep
gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive: Tag: OPENBSD_5_9
Tar.pm
gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive/Tar: Tag:
OPENBSD_5_9
Constant.pm
File.pm
gnu/usr.bin/perl/cpan/CPAN/lib: Tag: OPENBSD_5_9 CPAN.pm
gnu/usr.bin/perl/cpan/CPAN/lib/App: Tag: OPENBSD_5_9 Cpan.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN: Tag: OPENBSD_5_9 Author.pm
Bundle.pm CacheMgr.pm
Complete.pm Debug.pm
DeferredCode.pm
Distribution.pm
Distroprefs.pm
Distrostatus.pm FTP.pm
FirstTime.pm
HandleConfig.pm Index.pm
InfoObj.pm Kwalify.pm
Mirrors.pm Module.pm Nox.pm
Prompt.pm Queue.pm Shell.pm
Tarzip.pm URL.pm Version.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/Exception: Tag: OPENBSD_5_9
RecursiveDependency.pm
blocked_urllist.pm
yaml_not_installed.pm
yaml_process_error.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/FTP: Tag: OPENBSD_5_9
netrc.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/HTTP: Tag: OPENBSD_5_9
Client.pm
Credentials.pm
gnu/usr.bin/perl/cpan/CPAN/lib/CPAN/LWP: Tag: OPENBSD_5_9
UserAgent.pm
gnu/usr.bin/perl/cpan/CPAN/scripts: Tag: OPENBSD_5_9 cpan
gnu/usr.bin/perl/cpan/Digest: Tag: OPENBSD_5_9 Digest.pm
gnu/usr.bin/perl/cpan/Digest/Digest: Tag: OPENBSD_5_9 base.pm
file.pm
gnu/usr.bin/perl/cpan/Digest-SHA: Tag: OPENBSD_5_9 shasum
gnu/usr.bin/perl/cpan/Digest-SHA/lib/Digest: Tag: OPENBSD_5_9
SHA.pm
gnu/usr.bin/perl/cpan/Encode: Tag: OPENBSD_5_9 Encode.pm
gnu/usr.bin/perl/cpan/Encode/Encode: Tag: OPENBSD_5_9 _PM.e2x
gnu/usr.bin/perl/cpan/Encode/bin: Tag: OPENBSD_5_9 enc2xs piconv
ucmlint unidump
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/bin: Tag: OPENBSD_5_9
instmodsh
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils: Tag:
OPENBSD_5_9
Liblist.pm
MM.pm
MM_AIX.pm
MM_Any.pm
MM_BeOS.pm
MM_Cygwin.pm
MM_DOS.pm
MM_Darwin.pm
MM_MacOS.pm
MM_NW5.pm
MM_OS2.pm
MM_QNX.pm
MM_UWIN.pm
MM_Unix.pm
MM_VMS.pm
MM_VOS.pm
MM_Win32.pm
MM_Win95.pm
MY.pm
MakeMaker.pm
Mkbootstrap.pm
Mksymlists.pm
testlib.pm
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command:
Tag:
OPENBSD_5_9
MM.pm
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist:
Tag:
OPENBSD_5_9
Kid.pm
gnu/usr.bin/perl/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker:
Tag:
OPENBSD_5_9
Config.pm
FAQ.pod
Tutorial.pod
gnu/usr.bin/perl/cpan/File-Fetch/lib/File: Tag: OPENBSD_5_9
Fetch.pm
gnu/usr.bin/perl/cpan/HTTP-Tiny/lib/HTTP: Tag: OPENBSD_5_9
Tiny.pm
gnu/usr.bin/perl/cpan/IO-Compress/bin: Tag: OPENBSD_5_9
zipdetails
gnu/usr.bin/perl/cpan/IO-Compress/lib/Compress: Tag: OPENBSD_5_9
Zlib.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/File: Tag: OPENBSD_5_9
GlobMapper.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress: Tag:
OPENBSD_5_9
Base.pm
Bzip2.pm
Deflate.pm
Gzip.pm
RawDeflate.pm
Zip.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Adapter: Tag:
OPENBSD_5_9
Bzip2.pm
Deflate.pm
Identity.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Base: Tag:
OPENBSD_5_9
Common.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Gzip: Tag:
OPENBSD_5_9
Constants.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Zip: Tag:
OPENBSD_5_9
Constants.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Compress/Zlib: Tag:
OPENBSD_5_9
Constants.pm
Extra.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Uncompress: Tag:
OPENBSD_5_9
AnyInflate.pm
AnyUncompress.pm
Base.pm
Bunzip2.pm
Gunzip.pm
Inflate.pm
RawInflate.pm
Unzip.pm
gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Uncompress/Adapter:
Tag:
OPENBSD_5_9
Bunzip2.pm
Identity.pm
Inflate.pm
gnu/usr.bin/perl/cpan/IO-Compress/private: Tag: OPENBSD_5_9
MakeUtil.pm
gnu/usr.bin/perl/cpan/IPC-Cmd/lib/IPC: Tag: OPENBSD_5_9 Cmd.pm
gnu/usr.bin/perl/cpan/JSON-PP/bin: Tag: OPENBSD_5_9 json_pp
gnu/usr.bin/perl/cpan/JSON-PP/lib/JSON: Tag: OPENBSD_5_9 PP.pm
gnu/usr.bin/perl/cpan/Locale-Maketext-Simple/lib/Locale/Maketext:
Tag:
OPENBSD_5_9
Simple.pm
gnu/usr.bin/perl/cpan/Memoize: Tag: OPENBSD_5_9 Memoize.pm
gnu/usr.bin/perl/cpan/Memoize/Memoize: Tag: OPENBSD_5_9
AnyDBM_File.pm Expire.pm
ExpireFile.pm
ExpireTest.pm
NDBM_File.pm SDBM_File.pm
Storable.pm
gnu/usr.bin/perl/cpan/Pod-Perldoc/lib/Pod: Tag: OPENBSD_5_9
Perldoc.pm
gnu/usr.bin/perl/cpan/Pod-Perldoc/lib/Pod/Perldoc: Tag:
OPENBSD_5_9
BaseTo.pm
GetOptsOO.pm
ToANSI.pm
ToChecker.pm
ToMan.pm
ToNroff.pm
ToPod.pm
ToRtf.pm
ToTerm.pm
ToText.pm
ToTk.pm
ToXml.pm
gnu/usr.bin/perl/cpan/Sys-Syslog: Tag: OPENBSD_5_9 Syslog.pm
gnu/usr.bin/perl/cpan/Test/lib: Tag: OPENBSD_5_9 Test.pm
gnu/usr.bin/perl/cpan/Test-Harness/bin: Tag: OPENBSD_5_9 prove
gnu/usr.bin/perl/cpan/Test-Harness/lib/App: Tag: OPENBSD_5_9
Prove.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/App/Prove: Tag:
OPENBSD_5_9
State.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/App/Prove/State: Tag:
OPENBSD_5_9
Result.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/App/Prove/State/Result:
Tag:
OPENBSD_5_9
Test.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP: Tag: OPENBSD_5_9
Base.pm Harness.pm
Object.pm Parser.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Formatter: Tag:
OPENBSD_5_9
Base.pm
Color.pm
Console.pm
File.pm
Session.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Formatter/Console:
Tag:
OPENBSD_5_9
ParallelSession.pm
Session.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Formatter/File: Tag:
OPENBSD_5_9
Session.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Harness: Tag:
OPENBSD_5_9
Env.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser: Tag:
OPENBSD_5_9
Aggregator.pm
Grammar.pm
Iterator.pm
IteratorFactory.pm
Multiplexer.pm
Result.pm
ResultFactory.pm
Scheduler.pm
Source.pm
SourceHandler.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/Iterator: Tag:
OPENBSD_5_9
Array.pm
Process.pm
Stream.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/Result: Tag:
OPENBSD_5_9
Bailout.pm
Comment.pm
Plan.pm
Pragma.pm
Test.pm
Unknown.pm
Version.pm
YAML.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/Scheduler:
Tag:
OPENBSD_5_9
Job.pm
Spinner.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/SourceHandler:
Tag:
OPENBSD_5_9
Executable.pm
File.pm
Handle.pm
Perl.pm
RawTAP.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/TAP/Parser/YAMLish: Tag:
OPENBSD_5_9
Reader.pm
Writer.pm
gnu/usr.bin/perl/cpan/Test-Harness/lib/Test: Tag: OPENBSD_5_9
Harness.pm
gnu/usr.bin/perl/cpan/libnet/Net: Tag: OPENBSD_5_9 Cmd.pm
Config.pm Domain.pm FTP.pm
NNTP.pm Netrc.pm POP3.pm
SMTP.pm Time.pm
gnu/usr.bin/perl/cpan/libnet/Net/FTP: Tag: OPENBSD_5_9 A.pm E.pm
I.pm L.pm dataconn.pm
gnu/usr.bin/perl/dist/ExtUtils-Command/lib/ExtUtils: Tag:
OPENBSD_5_9
Command.pm
gnu/usr.bin/perl/dist/ExtUtils-ParseXS/lib/ExtUtils: Tag:
OPENBSD_5_9
ParseXS.pm
Typemaps.pm
xsubpp
gnu/usr.bin/perl/dist/ExtUtils-ParseXS/lib/ExtUtils/ParseXS:
Tag:
OPENBSD_5_9
Constants.pm
CountLines.pm
Eval.pm
Utilities.pm
gnu/usr.bin/perl/dist/ExtUtils-ParseXS/lib/ExtUtils/Typemaps:
Tag:
OPENBSD_5_9
Cmd.pm
InputMap.pm
OutputMap.pm
Type.pm
gnu/usr.bin/perl/dist/I18N-LangTags/lib/I18N: Tag: OPENBSD_5_9
LangTags.pm
gnu/usr.bin/perl/dist/I18N-LangTags/lib/I18N/LangTags: Tag:
OPENBSD_5_9
Detect.pm
List.pm
gnu/usr.bin/perl/dist/IO: Tag: OPENBSD_5_9 IO.pm
gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale: Tag:
OPENBSD_5_9
Maketext.pm
gnu/usr.bin/perl/dist/Locale-Maketext/lib/Locale/Maketext: Tag:
OPENBSD_5_9
Guts.pm
GutsLoader.pm
gnu/usr.bin/perl/dist/Module-CoreList: Tag: OPENBSD_5_9 corelist
gnu/usr.bin/perl/dist/Module-CoreList/lib/Module: Tag:
OPENBSD_5_9
CoreList.pm
gnu/usr.bin/perl/dist/Module-CoreList/lib/Module/CoreList: Tag:
OPENBSD_5_9
TieHashDelta.pm
Utils.pm
gnu/usr.bin/perl/dist/Net-Ping/lib/Net: Tag: OPENBSD_5_9 Ping.pm
gnu/usr.bin/perl/dist/PathTools: Tag: OPENBSD_5_9 Cwd.pm
gnu/usr.bin/perl/dist/PathTools/lib/File: Tag: OPENBSD_5_9
Spec.pm
gnu/usr.bin/perl/dist/PathTools/lib/File/Spec: Tag: OPENBSD_5_9
Cygwin.pm Epoc.pm
Functions.pm
Mac.pm OS2.pm
Unix.pm VMS.pm
Win32.pm
gnu/usr.bin/perl/dist/Storable: Tag: OPENBSD_5_9 Storable.pm
gnu/usr.bin/perl/dist/base/lib: Tag: OPENBSD_5_9 base.pm
fields.pm
gnu/usr.bin/perl/dist/bignum/lib: Tag: OPENBSD_5_9 bigint.pm
bignum.pm bigrat.pm
gnu/usr.bin/perl/dist/bignum/lib/Math/BigFloat: Tag: OPENBSD_5_9
Trace.pm
gnu/usr.bin/perl/dist/bignum/lib/Math/BigInt: Tag: OPENBSD_5_9
Trace.pm
gnu/usr.bin/perl/ext/Pod-Html/bin: Tag: OPENBSD_5_9 pod2html
gnu/usr.bin/perl/ext/Pod-Html/lib/Pod: Tag: OPENBSD_5_9 Html.pm
gnu/usr.bin/perl/lib: Tag: OPENBSD_5_9 perl5db.pl
gnu/usr.bin/perl/t/porting: Tag: OPENBSD_5_9 customized.dat
gnu/usr.bin/perl/utils: Tag: OPENBSD_5_9 c2ph.PL h2ph.PL h2xs.PL
libnetcfg.PL perlbug.PL perldoc.PL
perlivp.PL splain.PL
gnu/usr.bin/perl/x2p: Tag: OPENBSD_5_9 find2perl.PL s2p.PL
Log message:
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the
includes directory array ("@INC") in which the last element is the
current directory ("."). That means that, when "perl" wants to
load a module (during first compilation or during lazy loading of
a module in run-time), perl will look for the module in the current
directory at the end, since '.' is the last include directory in
its array of include directories to seek. The issue is with requiring
libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts
a user at risk whenever they execute any Perl scripts from a directory
that is writable by other accounts on the system. For instance, if
a user is logged in as root and changes directory into /tmp or an
account's home directory, it is possible to now run any shell
commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl,
since a significant proportion of Perl scripts will execute code
in the current working directory whenever they are run. For example,
if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm,
and then I log in as root, change directory to /tmp, and run "perldoc
perlrun", it will execute the code they have placed in the file.
