Date: Fri, 11 Mar 2011 16:13:14 GMT From: Mark Henning <henning.m@emsglobaltracking.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/155476: Patch to ports/math/p5-Math-Geometry-Planar Message-ID: <201103111613.p2BGDEHh040355@red.freebsd.org> Resent-Message-ID: <201103111620.p2BGK992026699@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 155476 >Category: ports >Synopsis: Patch to ports/math/p5-Math-Geometry-Planar >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 11 16:20:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Mark Henning >Release: 8.1 >Organization: EMS Global Tracking >Environment: n/a >Description: There is buffer overrun error in the Math::Geometry::Planar perl module that causes intermittent segfaults when using the GPC library. This is both a stability and a security issue: Passing a cleverly crafted polygon to the library may allow a malicious user to execute arbitrary code. The latest version of Math::Geometry::Planar (1.18) contains a fix for this. Attached is a patch to the p5-Math-Geometry-Planar ports module. >How-To-Repeat: thrash Math::Geometry::Planar::convert2gpc() with numerous polygons of multiple contours. >Fix: Update to latest version of Math::Geometry::Planar (1.18), which contains the fix. Patch to ports module p5-Math-Geometry-Planar attached. Patch attached with submission follows: diff -ruN math/p5-Math-Geometry-Planar.orig/Makefile math/p5-Math-Geometry-Planar/Makefile --- math/p5-Math-Geometry-Planar.orig/Makefile 2009-07-21 00:47:30.000000000 +0000 +++ math/p5-Math-Geometry-Planar/Makefile 2011-03-11 15:20:34.000000000 +0000 @@ -6,10 +6,11 @@ # PORTNAME= Math-Geometry-Planar -PORTVERSION= 1.17 +PORTVERSION= 1.18 CATEGORIES= math perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- +DISTFILES= Math-Geometry-Planar-1.18-withoutworldwriteables.tar.gz MAINTAINER= ports@FreeBSD.org COMMENT= A collection of planar geometry functions diff -ruN math/p5-Math-Geometry-Planar.orig/distinfo math/p5-Math-Geometry-Planar/distinfo --- math/p5-Math-Geometry-Planar.orig/distinfo 2009-07-21 00:47:30.000000000 +0000 +++ math/p5-Math-Geometry-Planar/distinfo 2011-03-11 15:20:34.000000000 +0000 @@ -1,3 +1,2 @@ -MD5 (Math-Geometry-Planar-1.17.tar.gz) = 9b5c6bbe59e578ac14c975f6d3758666 -SHA256 (Math-Geometry-Planar-1.17.tar.gz) = a00f3b171c7c0c5401817eb275ceffe0d4107852208c547de33404196f234104 -SIZE (Math-Geometry-Planar-1.17.tar.gz) = 32694 +SHA256 (Math-Geometry-Planar-1.18-withoutworldwriteables.tar.gz) = bf993ac4c0ce7ed108c625d06c48f456f78a9aa22af975baa687d1bc798d01ff +SIZE (Math-Geometry-Planar-1.18-withoutworldwriteables.tar.gz) = 32663 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103111613.p2BGDEHh040355>