ports/155476: Patch to ports/math/p5-Math-Geometry-Planar

Mark Henning henning.m at emsglobaltracking.com
Fri Mar 11 16:20:10 UTC 2011 

>Number:         155476
>Category:       ports
>Synopsis:       Patch to ports/math/p5-Math-Geometry-Planar
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 11 16:20:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Mark Henning
>Release:        8.1
>Organization:
EMS Global Tracking
>Environment:
n/a
>Description:
There is buffer overrun error in the Math::Geometry::Planar perl module that causes intermittent segfaults when using the GPC library. This is both a stability and a security issue: Passing a cleverly crafted polygon to the library may allow a malicious user to execute arbitrary code.

The latest version of Math::Geometry::Planar (1.18) contains a fix for this.

Attached is a patch to the p5-Math-Geometry-Planar ports module.
>How-To-Repeat:
thrash Math::Geometry::Planar::convert2gpc() with numerous polygons of multiple contours. 
>Fix:
Update to latest version of Math::Geometry::Planar (1.18), which contains the fix.

Patch to ports module p5-Math-Geometry-Planar attached. 

Patch attached with submission follows:

diff -ruN math/p5-Math-Geometry-Planar.orig/Makefile math/p5-Math-Geometry-Planar/Makefile
--- math/p5-Math-Geometry-Planar.orig/Makefile	2009-07-21 00:47:30.000000000 +0000
+++ math/p5-Math-Geometry-Planar/Makefile	2011-03-11 15:20:34.000000000 +0000
@@ -6,10 +6,11 @@
 #
 
 PORTNAME=	Math-Geometry-Planar
-PORTVERSION=	1.17
+PORTVERSION=	1.18
 CATEGORIES=	math perl5
 MASTER_SITES=	CPAN
 PKGNAMEPREFIX=	p5-
+DISTFILES=  Math-Geometry-Planar-1.18-withoutworldwriteables.tar.gz
 
 MAINTAINER=	ports at FreeBSD.org
 COMMENT=	A collection of planar geometry functions
diff -ruN math/p5-Math-Geometry-Planar.orig/distinfo math/p5-Math-Geometry-Planar/distinfo
--- math/p5-Math-Geometry-Planar.orig/distinfo	2009-07-21 00:47:30.000000000 +0000
+++ math/p5-Math-Geometry-Planar/distinfo	2011-03-11 15:20:34.000000000 +0000
@@ -1,3 +1,2 @@
-MD5 (Math-Geometry-Planar-1.17.tar.gz) = 9b5c6bbe59e578ac14c975f6d3758666
-SHA256 (Math-Geometry-Planar-1.17.tar.gz) = a00f3b171c7c0c5401817eb275ceffe0d4107852208c547de33404196f234104
-SIZE (Math-Geometry-Planar-1.17.tar.gz) = 32694
+SHA256 (Math-Geometry-Planar-1.18-withoutworldwriteables.tar.gz) = bf993ac4c0ce7ed108c625d06c48f456f78a9aa22af975baa687d1bc798d01ff
+SIZE (Math-Geometry-Planar-1.18-withoutworldwriteables.tar.gz) = 32663


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list