#
1.26 |
|
14-May-2024 |
afresh1 |
Apply local patches - perl-5.38.2
ok gkoehler@ Commit and we'll fix fallout bluhm@ Right away, please deraadt@
|
#
1.25 |
|
14-May-2024 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.38.2 dist
ok gkoehler@ Commit and we'll fix fallout bluhm@ Right away, please deraadt@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.24 |
|
15-Feb-2023 |
afresh1 |
Apply local patches - perl-5.36.0
OK bluhm@ a good time naddy@
|
#
1.23 |
|
15-Feb-2023 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.36.0 dist
OK bluhm@ a good time naddy@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.22 |
|
01-Mar-2021 |
afresh1 |
Apply local patches, remove excess files - perl-5.32.1
OK sthen@
|
#
1.21 |
|
01-Mar-2021 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.32.1 dist
OK sthen@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.20 |
|
30-Dec-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.30.1
Timing is good deraadt@, OK sthen@
|
#
1.19 |
|
30-Dec-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.30.1 dist
Timing is good deraadt@, OK sthen@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
13-Feb-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.28.1
looking good sthen@, Great! bluhm@
|
#
1.17 |
|
13-Feb-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.28.1 dist
looking good sthen@, Great! bluhm@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
29-Oct-2017 |
afresh1 |
Apply local patches, remove excess files - perl-5.24.3
OK bluhm@
|
#
1.15 |
|
29-Oct-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.3 dist
ok bluhm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
14-Aug-2017 |
afresh1 |
Apply local patches - perl-5.24.2
OK bluhm@, Reads ok sthen@
|
#
1.13 |
|
14-Aug-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.2 dist
OK bluhm@, Reads ok sthen@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.12 |
|
05-Feb-2017 |
afresh1 |
Apply local patches - perl-5.24.1
|
#
1.11 |
|
05-Feb-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.1 dist
|
#
1.10 |
|
11-Dec-2016 |
afresh1 |
Create perl directories 0775 in OBJDIR
Allows user to clean up after a noperm build
requested and makes sense to tb@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.9 |
|
25-Jul-2016 |
afresh1 |
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts a user at risk whenever they execute any Perl scripts from a directory that is writable by other accounts on the system. For instance, if a user is logged in as root and changes directory into /tmp or an account's home directory, it is possible to now run any shell commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl, since a significant proportion of Perl scripts will execute code in the current working directory whenever they are run. For example, if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm, and then I log in as root, change directory to /tmp, and run "perldoc perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.8 |
|
25-Apr-2015 |
afresh1 |
branches: 1.8.2; 1.8.4; Apply local patches, remove excess files - perl-5.20.2
|
#
1.7 |
|
25-Apr-2015 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.20.2 dist
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.6 |
|
03-Jan-2015 |
afresh1 |
Fix race condition in perl's ExtUtils::MakeMaker
Many thanks to Nathanael Rensen <nathanael at polymorpheus dot com> for tracking it down and supplying the patch.
Has been reported upstream and the fix incorporated into a larger change https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/192
|
#
1.5 |
|
17-Nov-2014 |
afresh1 |
Fix merge conflicts, remove extra files, match upstream perl-5.20.1
ok deraadt@ sthen@ espie@ miod@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.4 |
|
24-Mar-2014 |
afresh1 |
Merge perl-5.18.2 plus local patches, remove old files
OK espie@ sthen@ deraadt@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.3 |
|
25-Mar-2013 |
sthen |
merge/resolve conflicts (some more to do after this one)
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.2 |
|
24-Sep-2010 |
millert |
merge in perl 5.12.2 plus local changes
|
#
1.1 |
|
24-Sep-2010 |
millert |
branches: 1.1.1; Initial revision
|
#
1.24 |
|
15-Feb-2023 |
afresh1 |
Apply local patches - perl-5.36.0
OK bluhm@ a good time naddy@
|
#
1.23 |
|
15-Feb-2023 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.36.0 dist
OK bluhm@ a good time naddy@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.22 |
|
01-Mar-2021 |
afresh1 |
Apply local patches, remove excess files - perl-5.32.1
OK sthen@
|
#
1.21 |
|
01-Mar-2021 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.32.1 dist
OK sthen@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.20 |
|
30-Dec-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.30.1
Timing is good deraadt@, OK sthen@
|
#
1.19 |
|
30-Dec-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.30.1 dist
Timing is good deraadt@, OK sthen@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
13-Feb-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.28.1
looking good sthen@, Great! bluhm@
|
#
1.17 |
|
13-Feb-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.28.1 dist
looking good sthen@, Great! bluhm@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
29-Oct-2017 |
afresh1 |
Apply local patches, remove excess files - perl-5.24.3
OK bluhm@
|
#
1.15 |
|
29-Oct-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.3 dist
ok bluhm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
14-Aug-2017 |
afresh1 |
Apply local patches - perl-5.24.2
OK bluhm@, Reads ok sthen@
|
#
1.13 |
|
14-Aug-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.2 dist
OK bluhm@, Reads ok sthen@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.12 |
|
05-Feb-2017 |
afresh1 |
Apply local patches - perl-5.24.1
|
#
1.11 |
|
05-Feb-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.1 dist
|
#
1.10 |
|
11-Dec-2016 |
afresh1 |
Create perl directories 0775 in OBJDIR
Allows user to clean up after a noperm build
requested and makes sense to tb@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.9 |
|
25-Jul-2016 |
afresh1 |
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts a user at risk whenever they execute any Perl scripts from a directory that is writable by other accounts on the system. For instance, if a user is logged in as root and changes directory into /tmp or an account's home directory, it is possible to now run any shell commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl, since a significant proportion of Perl scripts will execute code in the current working directory whenever they are run. For example, if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm, and then I log in as root, change directory to /tmp, and run "perldoc perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.8 |
|
25-Apr-2015 |
afresh1 |
branches: 1.8.2; 1.8.4; Apply local patches, remove excess files - perl-5.20.2
|
#
1.7 |
|
25-Apr-2015 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.20.2 dist
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.6 |
|
03-Jan-2015 |
afresh1 |
Fix race condition in perl's ExtUtils::MakeMaker
Many thanks to Nathanael Rensen <nathanael at polymorpheus dot com> for tracking it down and supplying the patch.
Has been reported upstream and the fix incorporated into a larger change https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/192
|
#
1.5 |
|
17-Nov-2014 |
afresh1 |
Fix merge conflicts, remove extra files, match upstream perl-5.20.1
ok deraadt@ sthen@ espie@ miod@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.4 |
|
24-Mar-2014 |
afresh1 |
Merge perl-5.18.2 plus local patches, remove old files
OK espie@ sthen@ deraadt@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.3 |
|
25-Mar-2013 |
sthen |
merge/resolve conflicts (some more to do after this one)
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.2 |
|
24-Sep-2010 |
millert |
merge in perl 5.12.2 plus local changes
|
#
1.1 |
|
24-Sep-2010 |
millert |
branches: 1.1.1; Initial revision
|
#
1.22 |
|
01-Mar-2021 |
afresh1 |
Apply local patches, remove excess files - perl-5.32.1
OK sthen@
|
#
1.21 |
|
01-Mar-2021 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.32.1 dist
OK sthen@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.20 |
|
30-Dec-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.30.1
Timing is good deraadt@, OK sthen@
|
#
1.19 |
|
30-Dec-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.30.1 dist
Timing is good deraadt@, OK sthen@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
13-Feb-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.28.1
looking good sthen@, Great! bluhm@
|
#
1.17 |
|
13-Feb-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.28.1 dist
looking good sthen@, Great! bluhm@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
29-Oct-2017 |
afresh1 |
Apply local patches, remove excess files - perl-5.24.3
OK bluhm@
|
#
1.15 |
|
29-Oct-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.3 dist
ok bluhm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
14-Aug-2017 |
afresh1 |
Apply local patches - perl-5.24.2
OK bluhm@, Reads ok sthen@
|
#
1.13 |
|
14-Aug-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.2 dist
OK bluhm@, Reads ok sthen@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.12 |
|
05-Feb-2017 |
afresh1 |
Apply local patches - perl-5.24.1
|
#
1.11 |
|
05-Feb-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.1 dist
|
#
1.10 |
|
11-Dec-2016 |
afresh1 |
Create perl directories 0775 in OBJDIR
Allows user to clean up after a noperm build
requested and makes sense to tb@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.9 |
|
25-Jul-2016 |
afresh1 |
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts a user at risk whenever they execute any Perl scripts from a directory that is writable by other accounts on the system. For instance, if a user is logged in as root and changes directory into /tmp or an account's home directory, it is possible to now run any shell commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl, since a significant proportion of Perl scripts will execute code in the current working directory whenever they are run. For example, if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm, and then I log in as root, change directory to /tmp, and run "perldoc perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.8 |
|
25-Apr-2015 |
afresh1 |
branches: 1.8.2; 1.8.4; Apply local patches, remove excess files - perl-5.20.2
|
#
1.7 |
|
25-Apr-2015 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.20.2 dist
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.6 |
|
03-Jan-2015 |
afresh1 |
Fix race condition in perl's ExtUtils::MakeMaker
Many thanks to Nathanael Rensen <nathanael at polymorpheus dot com> for tracking it down and supplying the patch.
Has been reported upstream and the fix incorporated into a larger change https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/192
|
#
1.5 |
|
17-Nov-2014 |
afresh1 |
Fix merge conflicts, remove extra files, match upstream perl-5.20.1
ok deraadt@ sthen@ espie@ miod@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.4 |
|
24-Mar-2014 |
afresh1 |
Merge perl-5.18.2 plus local patches, remove old files
OK espie@ sthen@ deraadt@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.3 |
|
25-Mar-2013 |
sthen |
merge/resolve conflicts (some more to do after this one)
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.2 |
|
24-Sep-2010 |
millert |
merge in perl 5.12.2 plus local changes
|
#
1.1 |
|
24-Sep-2010 |
millert |
branches: 1.1.1; Initial revision
|
#
1.20 |
|
30-Dec-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.30.1
Timing is good deraadt@, OK sthen@
|
#
1.19 |
|
30-Dec-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.30.1 dist
Timing is good deraadt@, OK sthen@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE
|
#
1.18 |
|
13-Feb-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.28.1
looking good sthen@, Great! bluhm@
|
#
1.17 |
|
13-Feb-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.28.1 dist
looking good sthen@, Great! bluhm@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
29-Oct-2017 |
afresh1 |
Apply local patches, remove excess files - perl-5.24.3
OK bluhm@
|
#
1.15 |
|
29-Oct-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.3 dist
ok bluhm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
14-Aug-2017 |
afresh1 |
Apply local patches - perl-5.24.2
OK bluhm@, Reads ok sthen@
|
#
1.13 |
|
14-Aug-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.2 dist
OK bluhm@, Reads ok sthen@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.12 |
|
05-Feb-2017 |
afresh1 |
Apply local patches - perl-5.24.1
|
#
1.11 |
|
05-Feb-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.1 dist
|
#
1.10 |
|
11-Dec-2016 |
afresh1 |
Create perl directories 0775 in OBJDIR
Allows user to clean up after a noperm build
requested and makes sense to tb@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.9 |
|
25-Jul-2016 |
afresh1 |
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts a user at risk whenever they execute any Perl scripts from a directory that is writable by other accounts on the system. For instance, if a user is logged in as root and changes directory into /tmp or an account's home directory, it is possible to now run any shell commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl, since a significant proportion of Perl scripts will execute code in the current working directory whenever they are run. For example, if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm, and then I log in as root, change directory to /tmp, and run "perldoc perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.8 |
|
25-Apr-2015 |
afresh1 |
branches: 1.8.2; 1.8.4; Apply local patches, remove excess files - perl-5.20.2
|
#
1.7 |
|
25-Apr-2015 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.20.2 dist
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.6 |
|
03-Jan-2015 |
afresh1 |
Fix race condition in perl's ExtUtils::MakeMaker
Many thanks to Nathanael Rensen <nathanael at polymorpheus dot com> for tracking it down and supplying the patch.
Has been reported upstream and the fix incorporated into a larger change https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/192
|
#
1.5 |
|
17-Nov-2014 |
afresh1 |
Fix merge conflicts, remove extra files, match upstream perl-5.20.1
ok deraadt@ sthen@ espie@ miod@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.4 |
|
24-Mar-2014 |
afresh1 |
Merge perl-5.18.2 plus local patches, remove old files
OK espie@ sthen@ deraadt@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.3 |
|
25-Mar-2013 |
sthen |
merge/resolve conflicts (some more to do after this one)
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.2 |
|
24-Sep-2010 |
millert |
merge in perl 5.12.2 plus local changes
|
#
1.1 |
|
24-Sep-2010 |
millert |
branches: 1.1.1; Initial revision
|
#
1.18 |
|
13-Feb-2019 |
afresh1 |
Apply local patches, remove excess files - perl-5.28.1
looking good sthen@, Great! bluhm@
|
#
1.17 |
|
13-Feb-2019 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.28.1 dist
looking good sthen@, Great! bluhm@
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.16 |
|
29-Oct-2017 |
afresh1 |
Apply local patches, remove excess files - perl-5.24.3
OK bluhm@
|
#
1.15 |
|
29-Oct-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.3 dist
ok bluhm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
14-Aug-2017 |
afresh1 |
Apply local patches - perl-5.24.2
OK bluhm@, Reads ok sthen@
|
#
1.13 |
|
14-Aug-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.2 dist
OK bluhm@, Reads ok sthen@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.12 |
|
05-Feb-2017 |
afresh1 |
Apply local patches - perl-5.24.1
|
#
1.11 |
|
05-Feb-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.1 dist
|
#
1.10 |
|
11-Dec-2016 |
afresh1 |
Create perl directories 0775 in OBJDIR
Allows user to clean up after a noperm build
requested and makes sense to tb@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.9 |
|
25-Jul-2016 |
afresh1 |
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts a user at risk whenever they execute any Perl scripts from a directory that is writable by other accounts on the system. For instance, if a user is logged in as root and changes directory into /tmp or an account's home directory, it is possible to now run any shell commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl, since a significant proportion of Perl scripts will execute code in the current working directory whenever they are run. For example, if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm, and then I log in as root, change directory to /tmp, and run "perldoc perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.8 |
|
25-Apr-2015 |
afresh1 |
branches: 1.8.2; 1.8.4; Apply local patches, remove excess files - perl-5.20.2
|
#
1.7 |
|
25-Apr-2015 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.20.2 dist
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.6 |
|
03-Jan-2015 |
afresh1 |
Fix race condition in perl's ExtUtils::MakeMaker
Many thanks to Nathanael Rensen <nathanael at polymorpheus dot com> for tracking it down and supplying the patch.
Has been reported upstream and the fix incorporated into a larger change https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/192
|
#
1.5 |
|
17-Nov-2014 |
afresh1 |
Fix merge conflicts, remove extra files, match upstream perl-5.20.1
ok deraadt@ sthen@ espie@ miod@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.4 |
|
24-Mar-2014 |
afresh1 |
Merge perl-5.18.2 plus local patches, remove old files
OK espie@ sthen@ deraadt@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.3 |
|
25-Mar-2013 |
sthen |
merge/resolve conflicts (some more to do after this one)
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.2 |
|
24-Sep-2010 |
millert |
merge in perl 5.12.2 plus local changes
|
#
1.1 |
|
24-Sep-2010 |
millert |
branches: 1.1.1; Initial revision
|
#
1.16 |
|
29-Oct-2017 |
afresh1 |
Apply local patches, remove excess files - perl-5.24.3
OK bluhm@
|
#
1.15 |
|
29-Oct-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.3 dist
ok bluhm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
14-Aug-2017 |
afresh1 |
Apply local patches - perl-5.24.2
OK bluhm@, Reads ok sthen@
|
#
1.13 |
|
14-Aug-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.2 dist
OK bluhm@, Reads ok sthen@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.12 |
|
05-Feb-2017 |
afresh1 |
Apply local patches - perl-5.24.1
|
#
1.11 |
|
05-Feb-2017 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.24.1 dist
|
#
1.10 |
|
11-Dec-2016 |
afresh1 |
Create perl directories 0775 in OBJDIR
Allows user to clean up after a noperm build
requested and makes sense to tb@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.9 |
|
25-Jul-2016 |
afresh1 |
Patch perl CVE-2016-1238
The problem relates to Perl 5 ("perl") loading modules from the includes directory array ("@INC") in which the last element is the current directory ("."). That means that, when "perl" wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in "." but are not otherwise installed.
The major problem with this behavior is that it unexpectedly puts a user at risk whenever they execute any Perl scripts from a directory that is writable by other accounts on the system. For instance, if a user is logged in as root and changes directory into /tmp or an account's home directory, it is possible to now run any shell commands that are written in C, Python or Ruby without fear.
The same isn't true for any shell commands that are written in Perl, since a significant proportion of Perl scripts will execute code in the current working directory whenever they are run. For example, if a user on a shared system creates the file /tmp/Pod/Perldoc/Toterm.pm, and then I log in as root, change directory to /tmp, and run "perldoc perlrun", it will execute the code they have placed in the file.
ok deraadt@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.8 |
|
25-Apr-2015 |
afresh1 |
branches: 1.8.2; 1.8.4; Apply local patches, remove excess files - perl-5.20.2
|
#
1.7 |
|
25-Apr-2015 |
afresh1 |
Fix merge issues, remove excess files - match perl-5.20.2 dist
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.6 |
|
03-Jan-2015 |
afresh1 |
Fix race condition in perl's ExtUtils::MakeMaker
Many thanks to Nathanael Rensen <nathanael at polymorpheus dot com> for tracking it down and supplying the patch.
Has been reported upstream and the fix incorporated into a larger change https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/issues/192
|
#
1.5 |
|
17-Nov-2014 |
afresh1 |
Fix merge conflicts, remove extra files, match upstream perl-5.20.1
ok deraadt@ sthen@ espie@ miod@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.4 |
|
24-Mar-2014 |
afresh1 |
Merge perl-5.18.2 plus local patches, remove old files
OK espie@ sthen@ deraadt@
|
Revision tags: OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.3 |
|
25-Mar-2013 |
sthen |
merge/resolve conflicts (some more to do after this one)
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.2 |
|
24-Sep-2010 |
millert |
merge in perl 5.12.2 plus local changes
|
#
1.1 |
|
24-Sep-2010 |
millert |
branches: 1.1.1; Initial revision
|