pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/perl5 Apply a patch from Debian to fix the securi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/39043997e0b5
branches: trunk
changeset: 543048:39043997e0b5
user: he <he%pkgsrc.org@localhost>
date: Sun Jun 01 22:04:07 2008 +0000
description:
Apply a patch from Debian to fix the security vulnerability identified
by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927.
Patch fetched from
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
which, according to comments, is from upstream change 27688.
Revision bumped to nb8.
diffstat:
lang/perl5/Makefile | 4 +-
lang/perl5/distinfo | 10 +-
lang/perl5/patches/patch-ad | 17 +++
lang/perl5/patches/patch-af | 25 +++++
lang/perl5/patches/patch-ag | 25 +++++
lang/perl5/patches/patch-ai | 17 +++
lang/perl5/patches/patch-aj | 31 ++++++
lang/perl5/patches/patch-ak | 18 +++
lang/perl5/patches/patch-da | 199 +++++++++++++++++++++++++++++++------------
9 files changed, 287 insertions(+), 59 deletions(-)
diffs (truncated from 411 to 300 lines):
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/Makefile
--- a/lang/perl5/Makefile Sun Jun 01 21:46:37 2008 +0000
+++ b/lang/perl5/Makefile Sun Jun 01 22:04:07 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.136 2008/02/19 19:28:39 tnn Exp $
+# $NetBSD: Makefile,v 1.137 2008/06/01 22:04:07 he Exp $
DISTNAME= perl-5.8.8
-PKGREVISION= 7
+PKGREVISION= 8
CATEGORIES= lang devel perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
EXTRACT_SUFX= .tar.bz2
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/distinfo
--- a/lang/perl5/distinfo Sun Jun 01 21:46:37 2008 +0000
+++ b/lang/perl5/distinfo Sun Jun 01 22:04:07 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.47 2008/04/28 22:24:22 wiz Exp $
+$NetBSD: distinfo,v 1.48 2008/06/01 22:04:07 he Exp $
SHA1 (perl-5.8.8.tar.bz2) = 4aab490040727ca4419098720eca2ba4367df539
RMD160 (perl-5.8.8.tar.bz2) = e78f26d9b96e6db35f946ad4ff55e3a69385c71b
@@ -6,8 +6,14 @@
SHA1 (patch-aa) = 9b6844635086206dc7740103747a2b54bf987941
SHA1 (patch-ab) = e32427327192f023477b16f29bc55fdf4f057410
SHA1 (patch-ac) = 428e0757495b82a47ec092a71333fb3ec366f14f
+SHA1 (patch-ad) = 914e1c74555a9b6a0256992a694b2ba609f29786
SHA1 (patch-ae) = 287ac0d97a5372c8b45457129f3e70fe42cf69e2
+SHA1 (patch-af) = b11574297e46b910f206f09702effc6cc272b0fd
+SHA1 (patch-ag) = 0122ec30b8fcd17198e068d07e95974bee0945b6
SHA1 (patch-ah) = 25443063c26287b1b8130c53d5c9d92248d4c0d1
+SHA1 (patch-ai) = 4a07c6268a1e27b73f2f6fcde86f788fce77fcbd
+SHA1 (patch-aj) = a2fc32766ed8556455c60780fe242a034ce491a9
+SHA1 (patch-ak) = 8899f8b6d1d038b950979073cb0527c8e7afca1e
SHA1 (patch-am) = cf1687063d0c0542e811545aaaad291bad12d75e
SHA1 (patch-an) = 987763c3098bf4356993dd6d8741962a1ff8190d
SHA1 (patch-ap) = 178d6909a8aa6544b849c2b63530fcf1893b77ea
@@ -23,6 +29,6 @@
SHA1 (patch-cj) = 3f40f1b166a054d55224c3e79d74516ca608b696
SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097
SHA1 (patch-cn) = b5e56787fb9ca10025e9061d7bfd2da549ee3fa3
-SHA1 (patch-da) = b25f30544dd679d95997cafb7e427a41f98884b1
+SHA1 (patch-da) = 24c8783fcdbead35de20bc3cecf1627a64717853
SHA1 (patch-ta) = ca0d1e4bc2dbbc4b86a087fed27cd1e7bbb2873f
SHA1 (patch-zc) = 0c61b6028813e0f80bfe0760a1e74e3037d37cdd
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-ad Sun Jun 01 22:04:07 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ad,v 1.11 2008/06/01 22:04:07 he Exp $
+
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- embed.fnc.orig 2006-01-31 15:40:27.000000000 +0100
++++ embed.fnc
+@@ -1168,6 +1168,7 @@ Es |void |reguni |NN const struct RExC_
+ Es |regnode*|regclass |NN struct RExC_state_t *state
+ ERs |I32 |regcurly |NN const char *
+ Es |regnode*|reg_node |NN struct RExC_state_t *state|U8 op
++Es |UV |reg_recode |const char value|NULLOK SV **encp
+ Es |regnode*|regpiece |NN struct RExC_state_t *state|NN I32 *flagp
+ Es |void |reginsert |NN struct RExC_state_t *state|U8 op|NN regnode *opnd
+ Es |void |regoptail |NN struct RExC_state_t *state|NN regnode *p|NN regnode *val
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-af Sun Jun 01 22:04:07 2008 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-af,v 1.13 2008/06/01 22:04:07 he Exp $
+
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- embed.h.orig 2006-01-31 16:50:34.000000000 +0100
++++ embed.h
+@@ -1234,6 +1234,7 @@
+ #define regclass S_regclass
+ #define regcurly S_regcurly
+ #define reg_node S_reg_node
++#define reg_recode S_reg_recode
+ #define regpiece S_regpiece
+ #define reginsert S_reginsert
+ #define regoptail S_regoptail
+@@ -3277,6 +3278,7 @@
+ #define regclass(a) S_regclass(aTHX_ a)
+ #define regcurly(a) S_regcurly(aTHX_ a)
+ #define reg_node(a,b) S_reg_node(aTHX_ a,b)
++#define reg_recode(a,b) S_reg_recode(aTHX_ a,b)
+ #define regpiece(a,b) S_regpiece(aTHX_ a,b)
+ #define reginsert(a,b,c) S_reginsert(aTHX_ a,b,c)
+ #define regoptail(a,b,c) S_regoptail(aTHX_ a,b,c)
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-ag Sun Jun 01 22:04:07 2008 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ag,v 1.11 2008/06/01 22:04:07 he Exp $
+
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- pod/perldiag.pod.orig 2006-01-07 00:16:08.000000000 +0100
++++ pod/perldiag.pod
+@@ -1900,6 +1900,15 @@ recognized by Perl or by a user-supplied
+ (W printf) Perl does not understand the given format conversion. See
+ L<perlfunc/sprintf>.
+
++=item Invalid escape in the specified encoding in regex; marked by <-- HERE in m/%s/
++
++(W regexp) The numeric escape (for example C<\xHH>) of value < 256
++didn't correspond to a single character through the conversion
++from the encoding specified by the encoding pragma.
++The escape was replaced with REPLACEMENT CHARACTER (U+FFFD) instead.
++The <-- HERE shows in the regular expression about where the
++escape was discovered.
++
+ =item Invalid [] range "%s" in regex; marked by <-- HERE in m/%s/
+
+ (F) The range specified in a character class had a minimum character
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-ai Sun Jun 01 22:04:07 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ai,v 1.5 2008/06/01 22:04:07 he Exp $
+
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- proto.h.orig 2006-01-31 16:50:34.000000000 +0100
++++ proto.h
+@@ -1748,6 +1748,7 @@ STATIC I32 S_regcurly(pTHX_ const char *
+ __attribute__warn_unused_result__;
+
+ STATIC regnode* S_reg_node(pTHX_ struct RExC_state_t *state, U8 op);
++STATIC UV S_reg_recode(pTHX_ const char value, SV **encp);
+ STATIC regnode* S_regpiece(pTHX_ struct RExC_state_t *state, I32 *flagp);
+ STATIC void S_reginsert(pTHX_ struct RExC_state_t *state, U8 op, regnode *opnd);
+ STATIC void S_regoptail(pTHX_ struct RExC_state_t *state, regnode *p, regnode *val);
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-aj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-aj Sun Jun 01 22:04:07 2008 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-aj,v 1.9 2008/06/01 22:04:07 he Exp $
+
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- t/uni/tr_utf8.t.orig 2004-06-25 10:53:16.000000000 +0200
++++ t/uni/tr_utf8.t
+@@ -31,7 +31,7 @@ BEGIN {
+ }
+
+ use strict;
+-use Test::More tests => 7;
++use Test::More tests => 8;
+
+ use encoding 'utf8';
+
+@@ -67,4 +67,12 @@ is($str, $hiragana, "s/// # hiragana ->
+ $line =~ tr/bcdeghijklmnprstvwxyz$02578/בצדעגהיײקלמנפּרסטװשכיזשױתײחא/;
+ is($line, "aבצדעfגהיײקלמנoפqּרסuטװשכיזש1ױ34ת6ײח9", "[perl #16843]");
+ }
++
++{
++ # [perl #40641]
++ my $str = qq/Gebääääääääääääääääääääude/;
++ my $reg = qr/Gebääääääääääääääääääääude/;
++ ok($str =~ /$reg/, "[perl #40641]");
++}
++
+ __END__
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-ak
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-ak Sun Jun 01 22:04:07 2008 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ak,v 1.3 2008/06/01 22:04:07 he Exp $
+
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- utf8.h.orig 2006-01-08 22:11:27.000000000 +0100
++++ utf8.h
+@@ -198,6 +198,8 @@ encoded character.
+ UTF8_ALLOW_SURROGATE|UTF8_ALLOW_FFFF)
+ #define UTF8_ALLOW_ANY 0x00FF
+ #define UTF8_CHECK_ONLY 0x0200
++#define UTF8_ALLOW_DEFAULT (ckWARN(WARN_UTF8) ? 0 : \
++ UTF8_ALLOW_ANYUV)
+
+ #define UNICODE_SURROGATE_FIRST 0xD800
+ #define UNICODE_SURROGATE_LAST 0xDFFF
diff -r 1d78e5d40cde -r 39043997e0b5 lang/perl5/patches/patch-da
--- a/lang/perl5/patches/patch-da Sun Jun 01 21:46:37 2008 +0000
+++ b/lang/perl5/patches/patch-da Sun Jun 01 22:04:07 2008 +0000
@@ -1,61 +1,150 @@
-$NetBSD: patch-da,v 1.1 2007/11/06 19:54:53 drochner Exp $
+$NetBSD: patch-da,v 1.2 2008/06/01 22:04:07 he Exp $
---- regcomp.c.orig 2006-01-08 21:59:27.000000000 +0100
+Fix for
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927
+from
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
+
+--- regcomp.c.orig 2008-06-01 22:04:17.000000000 +0200
+++ regcomp.c
-@@ -135,7 +135,8 @@ typedef struct RExC_state_t {
- I32 extralen;
- I32 seen_zerolen;
- I32 seen_evals;
-- I32 utf8;
-+ I32 utf8; /* pattern is utf8 or not */
-+ I32 orig_utf8; /* pattern was originally utf8 */
- #if ADD_TO_REGEXEC
- char *starttry; /* -Dr: where regtry was called. */
- #define RExC_starttry (pRExC_state->starttry)
-@@ -161,6 +162,7 @@ typedef struct RExC_state_t {
- #define RExC_seen_zerolen (pRExC_state->seen_zerolen)
- #define RExC_seen_evals (pRExC_state->seen_evals)
- #define RExC_utf8 (pRExC_state->utf8)
-+#define RExC_orig_utf8 (pRExC_state->orig_utf8)
-
- #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
- #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
-@@ -1749,15 +1751,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xen
- if (exp == NULL)
- FAIL("NULL regexp argument");
-
-- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
-+ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+@@ -2790,6 +2790,39 @@ S_regpiece(pTHX_ RExC_state_t *pRExC_sta
+ }
-- RExC_precomp = exp;
- DEBUG_r({
- if (!PL_colorset) reginitcolors();
- PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
- PL_colors[4],PL_colors[5],PL_colors[0],
-- (int)(xend - exp), RExC_precomp, PL_colors[1]);
-+ (int)(xend - exp), exp, PL_colors[1]);
- });
+ /*
++ * reg_recode
++ *
++ * It returns the code point in utf8 for the value in *encp.
++ * value: a code value in the source encoding
++ * encp: a pointer to an Encode object
++ *
++ * If the result from Encode is not a single character,
++ * it returns U+FFFD (Replacement character) and sets *encp to NULL.
++ */
++STATIC UV
++S_reg_recode(pTHX_ const char value, SV **encp)
++{
++ STRLEN numlen = 1;
++ SV * const sv = sv_2mortal(newSVpvn(&value, numlen));
++ const char * const s = encp && *encp ? sv_recode_to_utf8(sv, *encp)
++ : SvPVX(sv);
++ const STRLEN newlen = SvCUR(sv);
++ UV uv = UNICODE_REPLACEMENT;
++
++ if (newlen)
++ uv = SvUTF8(sv)
++ ? utf8n_to_uvchr((U8*)s, newlen, &numlen, UTF8_ALLOW_DEFAULT)
++ : *(U8*)s;
++
++ if (!newlen || numlen != newlen) {
++ uv = UNICODE_REPLACEMENT;
++ if (encp)
++ *encp = NULL;
++ }
++ return uv;
++}
+
-+redo_first_pass:
-+ RExC_precomp = exp;
- RExC_flags = pm->op_pmflags;
- RExC_sawback = 0;
++/*
+ - regatom - the lowest level
+ *
+ * Optimization: gobbles an entire sequence of ordinary characters so that
+@@ -3181,6 +3214,8 @@ tryagain:
+ ender = grok_hex(p, &numlen, &flags, NULL);
+ p += numlen;
+ }
++ if (PL_encoding && ender < 0x100)
++ goto recode_encoding;
+ break;
Home |
Main Index |
Thread Index |
Old Index