Pullup ticket #4100 - requested by tez

lang/perl5: security patch

Revisions pulled up:
- lang/perl5/Makefile                                           1.198
- lang/perl5/distinfo                                           1.95
- lang/perl5/patches/patch-CVE-2013-1667                        1.1

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Fri Mar  8 21:28:18 UTC 2013

   Modified Files:
           pkgsrc/lang/perl5: Makefile distinfo
   Added Files:
           pkgsrc/lang/perl5/patches: patch-CVE-2013-1667

   Log Message:
   add patch for CVE-2013-1667 from:
    https://bugzilla.redhat.com/show_bug.cgi?id=912276
   bump PKGREVISION

3 files changed, 151 insertions, 3 deletions

diff --git a/lang/perl5/Makefile b/lang/perl5/Makefile
index ec419cb0dfc..fce05de1b51 100644
--- a/lang/perl5/Makefile
+++ b/lang/perl5/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.192.2.1 2013/01/13 17:54:01 tron Exp $
+# $NetBSD: Makefile,v 1.192.2.2 2013/03/17 11:41:21 tron Exp $
 
 .include "license.mk"
 .include "Makefile.common"
 
 COMMENT=	Practical Extraction and Report Language
-PKGREVISION=	2
+PKGREVISION=	4
 
 CONFLICTS=	perl-base-[0-9]* perl-thread-[0-9]*			\
 		p5-CGI-2.66{,nb*} p5-CGI-2.75{,nb*} p5-CGI-2.75.[0-2]	\
diff --git a/lang/perl5/distinfo b/lang/perl5/distinfo
index 05df01a6a3e..3aa456c615c 100644
--- a/lang/perl5/distinfo
+++ b/lang/perl5/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.89.2.1 2013/01/13 17:54:01 tron Exp $
+$NetBSD: distinfo,v 1.89.2.2 2013/03/17 11:41:22 tron Exp $
 
 SHA1 (perl-5.16.2.tar.gz) = 9e20e38e3460ebbac895341fd70a02189d03a490
 RMD160 (perl-5.16.2.tar.gz) = 84f0233ac48059b4636661b023dd8a3389f9ae64
 Size (perl-5.16.2.tar.gz) = 16933974 bytes
+SHA1 (patch-CVE-2013-1667) = cabd5bf87301567266715c09483a13745116c6e0
 SHA1 (patch-aa) = 9066746c6e6ed0d58962f52de1ae773e210cfcb5
 SHA1 (patch-ab) = a9c674c5b09700d13fa885f11a3525d6d54899b5
 SHA1 (patch-ac) = cd918ae7aedddfcd3d555a1d1388c4c8719ccd12
diff --git a/lang/perl5/patches/patch-CVE-2013-1667 b/lang/perl5/patches/patch-CVE-2013-1667
new file mode 100644
index 00000000000..02560dea4a7
--- /dev/null
+++ b/lang/perl5/patches/patch-CVE-2013-1667
@@ -0,0 +1,147 @@
+$NetBSD: patch-CVE-2013-1667,v 1.1.2.2 2013/03/17 11:41:23 tron Exp $
+
+Patch for CVE-2013-1667 from
+https://bugzilla.redhat.com/show_bug.cgi?id=912276
+
+--- ext/Hash-Util-FieldHash/t/10_hash.t	
++++ ext/Hash-Util-FieldHash/t/10_hash.t	
+@@ -38,15 +38,29 @@ use constant START     => "a";
+ 
+ # some initial hash data
+ fieldhash my %h2;
+-%h2 = map {$_ => 1} 'a'..'cc';
++my $counter= "a";
++$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
++my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
++$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
++    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
++
++# returns the number of buckets in a hash
++sub buckets {
++    my $hr = shift;
++    my $keys_buckets= scalar(%$hr);
++    if ($keys_buckets=~m!/([0-9]+)\z!) {
++        return 0+$1;
++    } else {
++        return 8;
++    }
++}
+ 
+ sub get_keys {
+     my $hr = shift;
+--- hv.c	
++++ hv.c	
+@@ -35,7 +35,8 @@ holds the key and hash value.
+ #define PERL_HASH_INTERNAL_ACCESS
+ #include "perl.h"
+ 
+-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
++#define HV_MAX_LENGTH_BEFORE_REHASH 14
++#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
+ 
+ static const char S_strtab_error[]
+     = "Cannot modify shared string table in hv_%s";
+@@ -798,29 +799,9 @@ Perl_hv_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
+     if (masked_flags & HVhek_ENABLEHVKFLAGS)
+ 	HvHASKFLAGS_on(hv);
+ 
+-    {
+-	const HE *counter = HeNEXT(entry);
+-
+-	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+-	if (!counter) {				/* initial entry? */
+-	} else if (xhv->xhv_keys > xhv->xhv_max) {
+-		/* Use only the old HvUSEDKEYS(hv) > HvMAX(hv) condition to limit
+-		   bucket splits on a rehashed hash, as we're not going to
+-		   split it again, and if someone is lucky (evil) enough to
+-		   get all the keys in one list they could exhaust our memory
+-		   as we repeatedly double the number of buckets on every
+-		   entry. Linear search feels a less worse thing to do.  */
+-	    hsplit(hv);
+-	} else if(!HvREHASH(hv)) {
+-	    U32 n_links = 1;
+-
+-	    while ((counter = HeNEXT(counter)))
+-		n_links++;
+-
+-	    if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
+-		hsplit(hv);
+-	    }
+-	}
++    xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
++    if ( SHOULD_DO_HSPLIT(xhv) ) {
++        hsplit(hv);
+     }
+ 
+     if (return_svp) {
+@@ -1197,7 +1178,7 @@ S_hsplit(pTHX_ HV *hv)
+ 
+ 
+     /* Pick your policy for "hashing isn't working" here:  */
+-    if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked?  */
++    if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked?  */
+ 	|| HvREHASH(hv)) {
+ 	return;
+     }
+@@ -2782,8 +2763,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
+ 
+ 	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+ 	if (!next) {			/* initial entry? */
+-	} else if (xhv->xhv_keys > xhv->xhv_max /* HvUSEDKEYS(hv) > HvMAX(hv) */) {
+-		hsplit(PL_strtab);
++	} else if ( SHOULD_DO_HSPLIT(xhv) ) {
++            hsplit(PL_strtab);
+ 	}
+     }
+ 
+--- t/op/hash.t	
++++ t/op/hash.t	
+@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
+ use constant START     => "a";
+ 
+ # some initial hash data
+-my %h2 = map {$_ => 1} 'a'..'cc';
++my %h2;
++my $counter= "a";
++$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
++my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
++$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
++    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
++
++# returns the number of buckets in a hash
++sub buckets {
++    my $hr = shift;
++    my $keys_buckets= scalar(%$hr);
++    if ($keys_buckets=~m!/([0-9]+)\z!) {
++        return 0+$1;
++    } else {
++        return 8;
++    }
++}
+ 
+ sub get_keys {
+     my $hr = shift;
+ 
+     # the minimum of bits required to mount the attack on a hash
+     my $min_bits = log(THRESHOLD)/log(2);
+-
+     # if the hash has already been populated with a significant amount
+     # of entries the number of mask bits can be higher
+     my $keys = scalar keys %$hr;
+--