0d18627cd2
Stephane Chazelas discovered a bug in the environment handling in Perl.
Perl provides a Perl-space hash variable, %ENV, in which environment
variables can be looked up. If a variable appears twice in envp, only
the last value would appear in %ENV, but getenv would return the first.
Perl's taint security mechanism would be applied to the value in %ENV,
but not to the other rest of the environment. This could result in an
ambiguous environment causing environment variables to be propagated to
subprocesses, despite the protections supposedly offered by taint
checking.
With this update Perl changes the behavior to match the following:
a) %ENV is populated with the first environment variable, as getenv
would return.
b) Duplicate environment entries are removed.
References:
* http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
||
|---|---|---|
| admin | ||
| devel | ||
| ipv6 | ||
| kernel/exfat-nofuse | ||
| lang | ||
| libs | ||
| multimedia | ||
| net | ||
| sound | ||
| utils | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
README.md
OpenWrt packages feed
Description
This is the OpenWrt "packages"-feed containing community-maintained build scripts, options and patches for applications, modules and libraries used within OpenWrt.
Installation of pre-built packages is handled directly by the opkg utility within your running OpenWrt system or by using the OpenWrt SDK on a build system.
Usage
This repository is intended to be layered on-top of an OpenWrt buildroot. If you do not have an OpenWrt buildroot installed, see the documentation at: OpenWrt Buildroot – Installation on the OpenWrt support site.
This feed is enabled by default. To install all its package definitions, run:
./scripts/feeds update packages
./scripts/feeds install -a -p packages
License
See LICENSE file.
Package Guidelines
See CONTRIBUTING.md file.