From b54c21859be3590a319ceade1f58d0b89ac5ef32 Mon Sep 17 00:00:00 2001
From: root <root@rshg054.dnsready.net>
Date: Tue, 19 Mar 2013 00:04:27 -0700
Subject: Tue Mar 19 00:04:27 PDT 2013

---
 core/perl/CVE-2013-1667.patch      |  50 ------------------
 core/perl/PKGBUILD                 |  11 ++--
 core/perl/digest_eval_hole.diff    |  61 ----------------------
 core/perl/fix-h2ph-and-tests.patch | 104 -------------------------------------
 4 files changed, 4 insertions(+), 222 deletions(-)
 delete mode 100644 core/perl/CVE-2013-1667.patch
 delete mode 100644 core/perl/digest_eval_hole.diff
 delete mode 100644 core/perl/fix-h2ph-and-tests.patch

(limited to 'core')

diff --git a/core/perl/CVE-2013-1667.patch b/core/perl/CVE-2013-1667.patch
deleted file mode 100644
index 8a8f98d32..000000000
--- a/core/perl/CVE-2013-1667.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-commit 9ec0b001b87d32f1d39b038b72846a5c20417be3 (refs/remotes/origin/maint-5.16)
-Author: Andy Dougherty <doughera@lafayette.edu>
-Date:   Wed Jan 16 12:30:43 2013 -0500
-
-    Avoid wraparound when casting unsigned size_t to signed ssize_t.
-    
-    Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
-    system.  In that instance a value of count >= 2**31 would turn negative
-    when cast to (ssize_t).
-
-diff --git a/perlio.c b/perlio.c
-index 7782728..cccfdcd 100644
---- a/perlio.c
-+++ b/perlio.c
-@@ -2164,7 +2164,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
- 	    SSize_t avail = PerlIO_get_cnt(f);
- 	    SSize_t take = 0;
- 	    if (avail > 0)
--		take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
-+		take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
- 	    if (take > 0) {
- 		STDCHAR *ptr = PerlIO_get_ptr(f);
- 		Copy(ptr, buf, take, STDCHAR);
-@@ -4098,7 +4098,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
- 	     */
- 	    b->posn -= b->bufsiz;
- 	}
--	if (avail > (SSize_t) count) {
-+	if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
- 	    /*
- 	     * If we have space for more than count, just move count
- 	     */
-@@ -4148,7 +4148,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
-     }
-     while (count > 0) {
- 	SSize_t avail = b->bufsiz - (b->ptr - b->buf);
--	if ((SSize_t) count < avail)
-+	if ((SSize_t) count >= 0 && (SSize_t) count < avail)
- 	    avail = count;
- 	if (flushptr > buf && flushptr <= buf + avail)
- 	    avail = flushptr - buf;
-@@ -4423,7 +4423,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
- {
-     SSize_t avail = PerlIO_get_cnt(f);
-     SSize_t got = 0;
--    if ((SSize_t)count < avail)
-+    if ((SSize_t) count >= 0 && (SSize_t)count < avail)
- 	avail = count;
-     if (avail > 0)
- 	got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
diff --git a/core/perl/PKGBUILD b/core/perl/PKGBUILD
index 31f7520d3..1dd0db9fb 100644
--- a/core/perl/PKGBUILD
+++ b/core/perl/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 179840 2013-03-10 11:43:57Z bluewind $
+# $Id: PKGBUILD 180140 2013-03-18 08:31:17Z bluewind $
 # Maintainer: Florian Pritz <bluewind@xinu.at>
 # Contributor: Angel Velasquez <angvp@archlinux.org>
 # Contributor: kevin <kevin.archlinux.org>
@@ -6,8 +6,8 @@
 # Contributor: francois <francois.archlinux.org>
 
 pkgname=perl
-pkgver=5.16.2
-pkgrel=4
+pkgver=5.16.3
+pkgrel=1
 pkgdesc="A highly capable, feature-rich programming language"
 arch=(i686 x86_64)
 license=('GPL' 'PerlArtistic')
@@ -16,15 +16,13 @@ groups=('base')
 depends=('gdbm' 'db' 'coreutils' 'glibc' 'sh')
 source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2
         cgi-cr-escaping.diff
-		CVE-2013-1667.patch
         perlbin.sh
         perlbin.csh
         provides.pl)
 install=perl.install
 options=('makeflags' '!purge')
-md5sums=('2818ab01672f005a4e552a713aa27b08'
+md5sums=('025102de0e4a597cf541e57da80c6aa3'
          '0486659c9eefe682364a3e364d814296'
-         '3725d479a42547c6bae33b793b948054'
          '5ed2542fdb9a60682f215bd33701e61a'
          '1f0cbbee783e8a6d32f01be5118e0d5e'
          '999c3eea6464860704abbb055a0f0896')
@@ -37,7 +35,6 @@ build() {
   cd ${srcdir}/${pkgname}-${pkgver}
 
   patch -i "$srcdir/cgi-cr-escaping.diff" -p1
-  patch -i "$srcdir/CVE-2013-1667.patch" -p1
 
   if [ "${CARCH}" = "x86_64" ]; then
     # for x86_64
diff --git a/core/perl/digest_eval_hole.diff b/core/perl/digest_eval_hole.diff
deleted file mode 100644
index 47904137b..000000000
--- a/core/perl/digest_eval_hole.diff
+++ /dev/null
@@ -1,61 +0,0 @@
-From 4b6a7324284e7435a361c58f7ddb32fc0c635bd0 Mon Sep 17 00:00:00 2001
-From: "Michael G. Schwern" <schwern@pobox.com>
-Date: Mon, 3 Oct 2011 19:05:29 +0100
-Subject: Close the eval "require $module" security hole in
- Digest->new($algorithm)
-
-Also the filter was incomplete.
-
-Bug-Debian: http://bugs.debian.org/644108
-
-Patch-Name: fixes/digest_eval_hole.diff
----
- cpan/Digest/Digest.pm    |    6 ++++--
- cpan/Digest/t/security.t |   14 ++++++++++++++
- 2 files changed, 18 insertions(+), 2 deletions(-)
- create mode 100644 cpan/Digest/t/security.t
-
-diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
-index 384dfc8..d714434 100644
---- a/cpan/Digest/Digest.pm
-+++ b/cpan/Digest/Digest.pm
-@@ -24,7 +24,7 @@ sub new
-     shift;  # class ignored
-     my $algorithm = shift;
-     my $impl = $MMAP{$algorithm} || do {
--	$algorithm =~ s/\W+//;
-+	$algorithm =~ s/\W+//g;
- 	"Digest::$algorithm";
-     };
-     $impl = [$impl] unless ref($impl);
-@@ -35,7 +35,9 @@ sub new
- 	($class, @args) = @$class if ref($class);
- 	no strict 'refs';
- 	unless (exists ${"$class\::"}{"VERSION"}) {
--	    eval "require $class";
-+	    my $pm_file = $class . ".pm";
-+	    $pm_file =~ s{::}{/}g;
-+	    eval { require $pm_file };
- 	    if ($@) {
- 		$err ||= $@;
- 		next;
-diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t
-new file mode 100644
-index 0000000..5cba122
---- /dev/null
-+++ b/cpan/Digest/t/security.t
-@@ -0,0 +1,14 @@
-+#!/usr/bin/env perl
-+
-+# Digest->new() had an exploitable eval
-+
-+use strict;
-+use warnings;
-+
-+use Test::More tests => 1;
-+
-+use Digest;
-+
-+$LOL::PWNED = 0;
-+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
-+is $LOL::PWNED, 0;
diff --git a/core/perl/fix-h2ph-and-tests.patch b/core/perl/fix-h2ph-and-tests.patch
deleted file mode 100644
index a2d176ec6..000000000
--- a/core/perl/fix-h2ph-and-tests.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 8d66b3f930dc6d88b524d103e304308ae73a46e7 Mon Sep 17 00:00:00 2001
-From: Robin Barker <rmbarker@cpan.org>
-Date: Thu, 22 Apr 2010 11:51:20 +0100
-Subject: [PATCH 1/1] Fix h2ph and test
-
----
- lib/h2ph.t    |   12 ++++++++++--
- utils/h2ph.PL |   28 +++++++++++++++++++++++-----
- 2 files changed, 33 insertions(+), 7 deletions(-)
-
-diff --git a/lib/h2ph.t b/lib/h2ph.t
-index 27dd7b9..8d62d46 100644
---- a/lib/h2ph.t
-+++ b/lib/h2ph.t
-@@ -18,7 +18,7 @@ if (!(-e $extracted_program)) {
-     exit 0;
- }
- 
--plan(4);
-+plan(5);
- 
- # quickly compare two text files
- sub txt_compare {
-@@ -41,8 +41,16 @@ $result = runperl( progfile => 'lib/h2ph.pht',
-                    stderr => 1 );
- like( $result, qr/syntax OK$/, "output compiles");
- 
-+$result = runperl( progfile => '_h2ph_pre.ph',
-+                   switches => ['-c'],
-+                   stderr => 1 );
-+like( $result, qr/syntax OK$/, "preamble compiles");
-+
- $result = runperl( switches => ["-w"], 
--                   prog => '$SIG{__WARN__} = sub { die $_[0] }; require q(lib/h2ph.pht);');
-+                   stderr => 1,
-+                   prog => <<'PROG' );
-+$SIG{__WARN__} = sub { die $_[0] }; require q(lib/h2ph.pht);
-+PROG
- is( $result, '', "output free of warnings" );
- 
- # cleanup
-diff --git a/utils/h2ph.PL b/utils/h2ph.PL
-index 8f56db4..1255807 100644
---- a/utils/h2ph.PL
-+++ b/utils/h2ph.PL
-@@ -401,7 +401,10 @@ if ($opt_e && (scalar(keys %bad_file) > 0)) {
- exit $Exit;
- 
- sub expr {
--    $new = '"(assembly code)"' and return if /\b__asm__\b/; # freak out.
-+    if (/\b__asm__\b/) {	# freak out
-+	$new = '"(assembly code)"';
-+	return
-+    }
-     my $joined_args;
-     if(keys(%curargs)) {
- 	$joined_args = join('|', keys(%curargs));
-@@ -770,7 +773,7 @@ sub inc_dirs
- sub build_preamble_if_necessary
- {
-     # Increment $VERSION every time this function is modified:
--    my $VERSION     = 2;
-+    my $VERSION     = 3;
-     my $preamble    = "$Dest_dir/_h2ph_pre.ph";
- 
-     # Can we skip building the preamble file?
-@@ -798,7 +801,16 @@ sub build_preamble_if_necessary
- 		# parenthesized value:  d=(v)
- 		$define{$_} = $1;
- 	    }
--	    if ($define{$_} =~ /^([+-]?(\d+)?\.\d+([eE][+-]?\d+)?)[FL]?$/) {
-+	    if (/^(\w+)\((\w)\)$/) {
-+		my($macro, $arg) = ($1, $2);
-+		my $def = $define{$_};
-+		$def =~ s/$arg/\$\{$arg\}/g;
-+		print PREAMBLE <<DEFINE;
-+unless (defined &$macro) { sub $macro(\$) { my (\$$arg) = \@_; \"$def\" } }
-+
-+DEFINE
-+	    } elsif
-+		($define{$_} =~ /^([+-]?(\d+)?\.\d+([eE][+-]?\d+)?)[FL]?$/) {
- 		# float:
- 		print PREAMBLE
- 		    "unless (defined &$_) { sub $_() { $1 } }\n\n";
-@@ -807,8 +819,14 @@ sub build_preamble_if_necessary
- 		print PREAMBLE
- 		    "unless (defined &$_) { sub $_() { $1 } }\n\n";
- 	    } elsif ($define{$_} =~ /^\w+$/) {
--		print PREAMBLE
--		    "unless (defined &$_) { sub $_() { &$define{$_} } }\n\n";
-+		my $def = $define{$_};
-+		if ($isatype{$def}) {
-+		  print PREAMBLE
-+		    "unless (defined &$_) { sub $_() { \"$def\" } }\n\n";
-+		} else {
-+		  print PREAMBLE
-+		    "unless (defined &$_) { sub $_() { &$def } }\n\n";
-+	        }
- 	    } else {
- 		print PREAMBLE
- 		    "unless (defined &$_) { sub $_() { \"",
--- 
-1.6.5.2.74.g610f9.dirty
-
-- 
cgit v1.2.3-54-g00ecf