pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2007Q3]: pkgsrc/lang/perl5 Pullup ticket 2222 - requested by d...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b5ef4996a229
branches: pkgsrc-2007Q3
changeset: 534032:b5ef4996a229
user: ghen <ghen%pkgsrc.org@localhost>
date: Wed Nov 07 12:44:32 2007 +0000
description:
Pullup ticket 2222 - requested by drochner
security fix for perl
- pkgsrc/lang/perl5/Makefile 1.129
- pkgsrc/lang/perl5/distinfo 1.43
- pkgsrc/lang/perl5/patches/patch-da 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Nov 6 19:54:53 UTC 2007
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
diffstat:
lang/perl5/Makefile | 4 +-
lang/perl5/distinfo | 3 +-
lang/perl5/patches/patch-da | 61 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 65 insertions(+), 3 deletions(-)
diffs (94 lines):
diff -r bee81d494582 -r b5ef4996a229 lang/perl5/Makefile
--- a/lang/perl5/Makefile Sun Nov 04 14:26:10 2007 +0000
+++ b/lang/perl5/Makefile Wed Nov 07 12:44:32 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.128 2007/09/06 16:31:38 rillig Exp $
+# $NetBSD: Makefile,v 1.128.2.1 2007/11/07 12:44:32 ghen Exp $
DISTNAME= perl-5.8.8
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= lang devel perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
EXTRACT_SUFX= .tar.bz2
diff -r bee81d494582 -r b5ef4996a229 lang/perl5/distinfo
--- a/lang/perl5/distinfo Sun Nov 04 14:26:10 2007 +0000
+++ b/lang/perl5/distinfo Wed Nov 07 12:44:32 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2007/08/04 10:27:58 tnn Exp $
+$NetBSD: distinfo,v 1.42.2.1 2007/11/07 12:44:33 ghen Exp $
SHA1 (perl-5.8.8.tar.bz2) = 4aab490040727ca4419098720eca2ba4367df539
RMD160 (perl-5.8.8.tar.bz2) = e78f26d9b96e6db35f946ad4ff55e3a69385c71b
@@ -22,5 +22,6 @@
SHA1 (patch-cj) = 3f40f1b166a054d55224c3e79d74516ca608b696
SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097
SHA1 (patch-cn) = b5e56787fb9ca10025e9061d7bfd2da549ee3fa3
+SHA1 (patch-da) = b25f30544dd679d95997cafb7e427a41f98884b1
SHA1 (patch-ta) = ca0d1e4bc2dbbc4b86a087fed27cd1e7bbb2873f
SHA1 (patch-zc) = 0c61b6028813e0f80bfe0760a1e74e3037d37cdd
diff -r bee81d494582 -r b5ef4996a229 lang/perl5/patches/patch-da
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-da Wed Nov 07 12:44:32 2007 +0000
@@ -0,0 +1,61 @@
+$NetBSD: patch-da,v 1.1.2.2 2007/11/07 12:44:34 ghen Exp $
+
+--- regcomp.c.orig 2006-01-08 21:59:27.000000000 +0100
++++ regcomp.c
+@@ -135,7 +135,8 @@ typedef struct RExC_state_t {
+ I32 extralen;
+ I32 seen_zerolen;
+ I32 seen_evals;
+- I32 utf8;
++ I32 utf8; /* pattern is utf8 or not */
++ I32 orig_utf8; /* pattern was originally utf8 */
+ #if ADD_TO_REGEXEC
+ char *starttry; /* -Dr: where regtry was called. */
+ #define RExC_starttry (pRExC_state->starttry)
+@@ -161,6 +162,7 @@ typedef struct RExC_state_t {
+ #define RExC_seen_zerolen (pRExC_state->seen_zerolen)
+ #define RExC_seen_evals (pRExC_state->seen_evals)
+ #define RExC_utf8 (pRExC_state->utf8)
++#define RExC_orig_utf8 (pRExC_state->orig_utf8)
+
+ #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
+ #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
+@@ -1749,15 +1751,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xen
+ if (exp == NULL)
+ FAIL("NULL regexp argument");
+
+- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
++ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+
+- RExC_precomp = exp;
+ DEBUG_r({
+ if (!PL_colorset) reginitcolors();
+ PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
+ PL_colors[4],PL_colors[5],PL_colors[0],
+- (int)(xend - exp), RExC_precomp, PL_colors[1]);
++ (int)(xend - exp), exp, PL_colors[1]);
+ });
++
++redo_first_pass:
++ RExC_precomp = exp;
+ RExC_flags = pm->op_pmflags;
+ RExC_sawback = 0;
+
+@@ -1783,6 +1787,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xen
+ RExC_precomp = Nullch;
+ return(NULL);
+ }
++ if (RExC_utf8 && !RExC_orig_utf8) {
++ STRLEN len = xend-exp;
++ DEBUG_r(PerlIO_printf(Perl_debug_log,
++ "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
++ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
++ xend = exp + len;
++ RExC_orig_utf8 = RExC_utf8;
++ SAVEFREEPV(exp);
++ goto redo_first_pass;
++ }
++
+ DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
+
+ /* Small enough for pointer-storage convention?
Home |
Main Index |
Thread Index |
Old Index