MacのSecurity Update 2009-001でperlが動かんくなった

Nobuo Danjou
2009-02-12T16:50:49+0000

You should update (sometimes force install) AT LEAST:

  • IO (getting tar.gz from search.cpan.org or anywhere; because your CPAN shell doesn't work!)
  • Storable
  • Scalar::Util
  • Cwd (your Cwd is now pure perl!!)
  • Encode (reload index and install it again if the test fails)

This post may help you.

details are below ( written in LANG=ja_JP, but you will understand it!)

[danjou@sylvia] $ perl -MIO
IO object version 1.22 does not match bootstrap parameter 1.23 at /System/Library/Perl/5.8.8/darwin-thread-multi-2level/XSLoader.pm line 94.
Compilation failed in require.
BEGIN failed--compilation aborted.
[danjou@sylvia] $ find . -mtime 0d                              [/System/Library/Perl]
./5.8.8/darwin-thread-multi-2level
./5.8.8/darwin-thread-multi-2level/auto/attrs
./5.8.8/darwin-thread-multi-2level/auto/B
./5.8.8/darwin-thread-multi-2level/auto/B/C
./5.8.8/darwin-thread-multi-2level/auto/ByteLoader
./5.8.8/darwin-thread-multi-2level/auto/Cwd
./5.8.8/darwin-thread-multi-2level/auto/Data/Dumper
./5.8.8/darwin-thread-multi-2level/auto/DB_File
./5.8.8/darwin-thread-multi-2level/auto/Devel/DProf
./5.8.8/darwin-thread-multi-2level/auto/Devel/Peek
./5.8.8/darwin-thread-multi-2level/auto/Devel/PPPort
./5.8.8/darwin-thread-multi-2level/auto/Digest/MD5
./5.8.8/darwin-thread-multi-2level/auto/DynaLoader
./5.8.8/darwin-thread-multi-2level/auto/Encode
./5.8.8/darwin-thread-multi-2level/auto/Encode/Byte
./5.8.8/darwin-thread-multi-2level/auto/Encode/CN
./5.8.8/darwin-thread-multi-2level/auto/Encode/EBCDIC
./5.8.8/darwin-thread-multi-2level/auto/Encode/JP
./5.8.8/darwin-thread-multi-2level/auto/Encode/KR
./5.8.8/darwin-thread-multi-2level/auto/Encode/Symbol
./5.8.8/darwin-thread-multi-2level/auto/Encode/TW
./5.8.8/darwin-thread-multi-2level/auto/Encode/Unicode
./5.8.8/darwin-thread-multi-2level/auto/Fcntl
./5.8.8/darwin-thread-multi-2level/auto/File/Glob
./5.8.8/darwin-thread-multi-2level/auto/Filter/Util/Call
./5.8.8/darwin-thread-multi-2level/auto/I18N/Langinfo
./5.8.8/darwin-thread-multi-2level/auto/IO
./5.8.8/darwin-thread-multi-2level/auto/IPC/SysV
./5.8.8/darwin-thread-multi-2level/auto/List/Util
./5.8.8/darwin-thread-multi-2level/auto/MIME/Base64
./5.8.8/darwin-thread-multi-2level/auto/NDBM_File
./5.8.8/darwin-thread-multi-2level/auto/Opcode
./5.8.8/darwin-thread-multi-2level/auto/PerlIO/encoding
./5.8.8/darwin-thread-multi-2level/auto/PerlIO/scalar
./5.8.8/darwin-thread-multi-2level/auto/PerlIO/via
./5.8.8/darwin-thread-multi-2level/auto/POSIX
./5.8.8/darwin-thread-multi-2level/auto/re
./5.8.8/darwin-thread-multi-2level/auto/SDBM_File
./5.8.8/darwin-thread-multi-2level/auto/Socket
./5.8.8/darwin-thread-multi-2level/auto/Storable
./5.8.8/darwin-thread-multi-2level/auto/Sys/Hostname
./5.8.8/darwin-thread-multi-2level/auto/Sys/Syslog
./5.8.8/darwin-thread-multi-2level/auto/threads
./5.8.8/darwin-thread-multi-2level/auto/threads/shared
./5.8.8/darwin-thread-multi-2level/auto/Time/HiRes
./5.8.8/darwin-thread-multi-2level/auto/Unicode/Normalize
./5.8.8/darwin-thread-multi-2level/auto/XS/APItest
./5.8.8/darwin-thread-multi-2level/auto/XS/Typemap
./5.8.8/darwin-thread-multi-2level/CORE
./5.8.8/pods

perl

CVE-ID: CVE-2008-1927

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6

Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of certain UTF-8 characters in regular expressions. Parsing maliciously crafted regular expressions may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of regular expressions.

http://support.apple.com/kb/HT3438

→ cpanから落としてきて手動インストールで復旧した

→まだ治ってなかった><

→ Scalar::Utilも手動インストールでmyapp_server.plが動いた。ふぅ。

→Storableも入れ直しが必要。とのこと。( typester++ )

wget http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/IO-1.2301.tar.gz
tar xzvf IO*.tar.gz
cd IO*
perl Makerfile.PL
make
make install
wget http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.19.tar.gz
tar xzvf Scalar*.tar.gz
cd Scalar*
perl Makerfile.PL -xs
make
make install

だいたいこんな感じで。

IRCでアドバイスをくれたmiyagawa++, 人柱してくれた typester++

→ 10.5はひどいけど10.4は平気だったそうです。( miyagawa++ )

see also: http://bulknews.typepad.com/blog/2009/02/mac-os-x-security-update-2009001-breaks-perl-cpan.html

→追記。Encode.pmもバージョンダウンしてるのであげ直しましょう。( kazuho++, yappo++ )

→さらに追記。Cwdはバージョンが一緒のようで実はppになってるのでforce installでxsにもどしましょう。( yappo++ )