diff options
| author | ghen <ghen@pkgsrc.org> | 2007-11-07 12:44:32 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-11-07 12:44:32 +0000 |
| commit | d7b86d2eecf61f2b422db60e53e9e7e532beef87 (patch) | |
| tree | f3c0856ecd4f0f72089bf67aa916bbb8e2baae6e | |
| parent | 8018510d885333b1fbfe608056db1ca3c5fd2bda (diff) | |
| download | pkgsrc-d7b86d2eecf61f2b422db60e53e9e7e532beef87.tar.gz | |
Pullup ticket 2222 - requested by drochner
security fix for perl
- pkgsrc/lang/perl5/Makefile 1.129
- pkgsrc/lang/perl5/distinfo 1.43
- pkgsrc/lang/perl5/patches/patch-da 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Nov 6 19:54:53 UTC 2007
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
| -rw-r--r-- | lang/perl5/Makefile | 4 | ||||
| -rw-r--r-- | lang/perl5/distinfo | 3 | ||||
| -rw-r--r-- | lang/perl5/patches/patch-da | 61 |
3 files changed, 65 insertions, 3 deletions
diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile index 0f23be5552b..4604188a6e5 100644 --- a/lang/perl5/Makefile +++ b/lang/perl5/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.128 2007/09/06 16:31:38 rillig Exp $ +# $NetBSD: Makefile,v 1.128.2.1 2007/11/07 12:44:32 ghen Exp $ DISTNAME= perl-5.8.8 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= lang devel perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,} EXTRACT_SUFX= .tar.bz2 diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo index 19848912a48..13bd23d209a 100644 --- a/lang/perl5/distinfo +++ b/lang/perl5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42 2007/08/04 10:27:58 tnn Exp $ +$NetBSD: distinfo,v 1.42.2.1 2007/11/07 12:44:33 ghen Exp $ SHA1 (perl-5.8.8.tar.bz2) = 4aab490040727ca4419098720eca2ba4367df539 RMD160 (perl-5.8.8.tar.bz2) = e78f26d9b96e6db35f946ad4ff55e3a69385c71b @@ -22,5 +22,6 @@ SHA1 (patch-ci) = fe943f07044efa457d163eb86974ea10bb356226 SHA1 (patch-cj) = 3f40f1b166a054d55224c3e79d74516ca608b696 SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097 SHA1 (patch-cn) = b5e56787fb9ca10025e9061d7bfd2da549ee3fa3 +SHA1 (patch-da) = b25f30544dd679d95997cafb7e427a41f98884b1 SHA1 (patch-ta) = ca0d1e4bc2dbbc4b86a087fed27cd1e7bbb2873f SHA1 (patch-zc) = 0c61b6028813e0f80bfe0760a1e74e3037d37cdd diff --git a/lang/perl5/patches/patch-da b/lang/perl5/patches/patch-da new file mode 100644 index 00000000000..e5b91b6da5d --- /dev/null +++ b/lang/perl5/patches/patch-da @@ -0,0 +1,61 @@ +$NetBSD: patch-da,v 1.1.2.2 2007/11/07 12:44:34 ghen Exp $ + +--- regcomp.c.orig 2006-01-08 21:59:27.000000000 +0100 ++++ regcomp.c +@@ -135,7 +135,8 @@ typedef struct RExC_state_t { + I32 extralen; + I32 seen_zerolen; + I32 seen_evals; +- I32 utf8; ++ I32 utf8; /* pattern is utf8 or not */ ++ I32 orig_utf8; /* pattern was originally utf8 */ + #if ADD_TO_REGEXEC + char *starttry; /* -Dr: where regtry was called. */ + #define RExC_starttry (pRExC_state->starttry) +@@ -161,6 +162,7 @@ typedef struct RExC_state_t { + #define RExC_seen_zerolen (pRExC_state->seen_zerolen) + #define RExC_seen_evals (pRExC_state->seen_evals) + #define RExC_utf8 (pRExC_state->utf8) ++#define RExC_orig_utf8 (pRExC_state->orig_utf8) + + #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?') + #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \ +@@ -1749,15 +1751,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xen + if (exp == NULL) + FAIL("NULL regexp argument"); + +- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; ++ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; + +- RExC_precomp = exp; + DEBUG_r({ + if (!PL_colorset) reginitcolors(); + PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n", + PL_colors[4],PL_colors[5],PL_colors[0], +- (int)(xend - exp), RExC_precomp, PL_colors[1]); ++ (int)(xend - exp), exp, PL_colors[1]); + }); ++ ++redo_first_pass: ++ RExC_precomp = exp; + RExC_flags = pm->op_pmflags; + RExC_sawback = 0; + +@@ -1783,6 +1787,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xen + RExC_precomp = Nullch; + return(NULL); + } ++ if (RExC_utf8 && !RExC_orig_utf8) { ++ STRLEN len = xend-exp; ++ DEBUG_r(PerlIO_printf(Perl_debug_log, ++ "UTF8 mismatch! Converting to utf8 for resizing and compile\n")); ++ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len); ++ xend = exp + len; ++ RExC_orig_utf8 = RExC_utf8; ++ SAVEFREEPV(exp); ++ goto redo_first_pass; ++ } ++ + DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size)); + + /* Small enough for pointer-storage convention? |