summaryrefslogtreecommitdiff
path: root/core/perl
diff options
context:
space:
mode:
Diffstat (limited to 'core/perl')
-rw-r--r--core/perl/CVE-2013-1667.patch50
-rw-r--r--core/perl/PKGBUILD11
-rw-r--r--core/perl/digest_eval_hole.diff61
-rw-r--r--core/perl/fix-h2ph-and-tests.patch104
4 files changed, 4 insertions, 222 deletions
diff --git a/core/perl/CVE-2013-1667.patch b/core/perl/CVE-2013-1667.patch
deleted file mode 100644
index 8a8f98d32..000000000
--- a/core/perl/CVE-2013-1667.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-commit 9ec0b001b87d32f1d39b038b72846a5c20417be3 (refs/remotes/origin/maint-5.16)
-Author: Andy Dougherty <doughera@lafayette.edu>
-Date: Wed Jan 16 12:30:43 2013 -0500
-
- Avoid wraparound when casting unsigned size_t to signed ssize_t.
-
- Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
- system. In that instance a value of count >= 2**31 would turn negative
- when cast to (ssize_t).
-
-diff --git a/perlio.c b/perlio.c
-index 7782728..cccfdcd 100644
---- a/perlio.c
-+++ b/perlio.c
-@@ -2164,7 +2164,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
- SSize_t avail = PerlIO_get_cnt(f);
- SSize_t take = 0;
- if (avail > 0)
-- take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
-+ take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
- if (take > 0) {
- STDCHAR *ptr = PerlIO_get_ptr(f);
- Copy(ptr, buf, take, STDCHAR);
-@@ -4098,7 +4098,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
- */
- b->posn -= b->bufsiz;
- }
-- if (avail > (SSize_t) count) {
-+ if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
- /*
- * If we have space for more than count, just move count
- */
-@@ -4148,7 +4148,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
- }
- while (count > 0) {
- SSize_t avail = b->bufsiz - (b->ptr - b->buf);
-- if ((SSize_t) count < avail)
-+ if ((SSize_t) count >= 0 && (SSize_t) count < avail)
- avail = count;
- if (flushptr > buf && flushptr <= buf + avail)
- avail = flushptr - buf;
-@@ -4423,7 +4423,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
- {
- SSize_t avail = PerlIO_get_cnt(f);
- SSize_t got = 0;
-- if ((SSize_t)count < avail)
-+ if ((SSize_t) count >= 0 && (SSize_t)count < avail)
- avail = count;
- if (avail > 0)
- got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
diff --git a/core/perl/PKGBUILD b/core/perl/PKGBUILD
index 31f7520d3..1dd0db9fb 100644
--- a/core/perl/PKGBUILD
+++ b/core/perl/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 179840 2013-03-10 11:43:57Z bluewind $
+# $Id: PKGBUILD 180140 2013-03-18 08:31:17Z bluewind $
# Maintainer: Florian Pritz <bluewind@xinu.at>
# Contributor: Angel Velasquez <angvp@archlinux.org>
# Contributor: kevin <kevin.archlinux.org>
@@ -6,8 +6,8 @@
# Contributor: francois <francois.archlinux.org>
pkgname=perl
-pkgver=5.16.2
-pkgrel=4
+pkgver=5.16.3
+pkgrel=1
pkgdesc="A highly capable, feature-rich programming language"
arch=(i686 x86_64)
license=('GPL' 'PerlArtistic')
@@ -16,15 +16,13 @@ groups=('base')
depends=('gdbm' 'db' 'coreutils' 'glibc' 'sh')
source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2
cgi-cr-escaping.diff
- CVE-2013-1667.patch
perlbin.sh
perlbin.csh
provides.pl)
install=perl.install
options=('makeflags' '!purge')
-md5sums=('2818ab01672f005a4e552a713aa27b08'
+md5sums=('025102de0e4a597cf541e57da80c6aa3'
'0486659c9eefe682364a3e364d814296'
- '3725d479a42547c6bae33b793b948054'
'5ed2542fdb9a60682f215bd33701e61a'
'1f0cbbee783e8a6d32f01be5118e0d5e'
'999c3eea6464860704abbb055a0f0896')
@@ -37,7 +35,6 @@ build() {
cd ${srcdir}/${pkgname}-${pkgver}
patch -i "$srcdir/cgi-cr-escaping.diff" -p1
- patch -i "$srcdir/CVE-2013-1667.patch" -p1
if [ "${CARCH}" = "x86_64" ]; then
# for x86_64
diff --git a/core/perl/digest_eval_hole.diff b/core/perl/digest_eval_hole.diff
deleted file mode 100644
index 47904137b..000000000
--- a/core/perl/digest_eval_hole.diff
+++ /dev/null
@@ -1,61 +0,0 @@
-From 4b6a7324284e7435a361c58f7ddb32fc0c635bd0 Mon Sep 17 00:00:00 2001
-From: "Michael G. Schwern" <schwern@pobox.com>
-Date: Mon, 3 Oct 2011 19:05:29 +0100
-Subject: Close the eval "require $module" security hole in
- Digest->new($algorithm)
-
-Also the filter was incomplete.
-
-Bug-Debian: http://bugs.debian.org/644108
-
-Patch-Name: fixes/digest_eval_hole.diff
----
- cpan/Digest/Digest.pm | 6 ++++--
- cpan/Digest/t/security.t | 14 ++++++++++++++
- 2 files changed, 18 insertions(+), 2 deletions(-)
- create mode 100644 cpan/Digest/t/security.t
-
-diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
-index 384dfc8..d714434 100644
---- a/cpan/Digest/Digest.pm
-+++ b/cpan/Digest/Digest.pm
-@@ -24,7 +24,7 @@ sub new
- shift; # class ignored
- my $algorithm = shift;
- my $impl = $MMAP{$algorithm} || do {
-- $algorithm =~ s/\W+//;
-+ $algorithm =~ s/\W+//g;
- "Digest::$algorithm";
- };
- $impl = [$impl] unless ref($impl);
-@@ -35,7 +35,9 @@ sub new
- ($class, @args) = @$class if ref($class);
- no strict 'refs';
- unless (exists ${"$class\::"}{"VERSION"}) {
-- eval "require $class";
-+ my $pm_file = $class . ".pm";
-+ $pm_file =~ s{::}{/}g;
-+ eval { require $pm_file };
- if ($@) {
- $err ||= $@;
- next;
-diff --git a/cpan/Digest/t/security.t b/cpan/Digest/t/security.t
-new file mode 100644
-index 0000000..5cba122
---- /dev/null
-+++ b/cpan/Digest/t/security.t
-@@ -0,0 +1,14 @@
-+#!/usr/bin/env perl
-+
-+# Digest->new() had an exploitable eval
-+
-+use strict;
-+use warnings;
-+
-+use Test::More tests => 1;
-+
-+use Digest;
-+
-+$LOL::PWNED = 0;
-+eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
-+is $LOL::PWNED, 0;
diff --git a/core/perl/fix-h2ph-and-tests.patch b/core/perl/fix-h2ph-and-tests.patch
deleted file mode 100644
index a2d176ec6..000000000
--- a/core/perl/fix-h2ph-and-tests.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 8d66b3f930dc6d88b524d103e304308ae73a46e7 Mon Sep 17 00:00:00 2001
-From: Robin Barker <rmbarker@cpan.org>
-Date: Thu, 22 Apr 2010 11:51:20 +0100
-Subject: [PATCH 1/1] Fix h2ph and test
-
----
- lib/h2ph.t | 12 ++++++++++--
- utils/h2ph.PL | 28 +++++++++++++++++++++++-----
- 2 files changed, 33 insertions(+), 7 deletions(-)
-
-diff --git a/lib/h2ph.t b/lib/h2ph.t
-index 27dd7b9..8d62d46 100644
---- a/lib/h2ph.t
-+++ b/lib/h2ph.t
-@@ -18,7 +18,7 @@ if (!(-e $extracted_program)) {
- exit 0;
- }
-
--plan(4);
-+plan(5);
-
- # quickly compare two text files
- sub txt_compare {
-@@ -41,8 +41,16 @@ $result = runperl( progfile => 'lib/h2ph.pht',
- stderr => 1 );
- like( $result, qr/syntax OK$/, "output compiles");
-
-+$result = runperl( progfile => '_h2ph_pre.ph',
-+ switches => ['-c'],
-+ stderr => 1 );
-+like( $result, qr/syntax OK$/, "preamble compiles");
-+
- $result = runperl( switches => ["-w"],
-- prog => '$SIG{__WARN__} = sub { die $_[0] }; require q(lib/h2ph.pht);');
-+ stderr => 1,
-+ prog => <<'PROG' );
-+$SIG{__WARN__} = sub { die $_[0] }; require q(lib/h2ph.pht);
-+PROG
- is( $result, '', "output free of warnings" );
-
- # cleanup
-diff --git a/utils/h2ph.PL b/utils/h2ph.PL
-index 8f56db4..1255807 100644
---- a/utils/h2ph.PL
-+++ b/utils/h2ph.PL
-@@ -401,7 +401,10 @@ if ($opt_e && (scalar(keys %bad_file) > 0)) {
- exit $Exit;
-
- sub expr {
-- $new = '"(assembly code)"' and return if /\b__asm__\b/; # freak out.
-+ if (/\b__asm__\b/) { # freak out
-+ $new = '"(assembly code)"';
-+ return
-+ }
- my $joined_args;
- if(keys(%curargs)) {
- $joined_args = join('|', keys(%curargs));
-@@ -770,7 +773,7 @@ sub inc_dirs
- sub build_preamble_if_necessary
- {
- # Increment $VERSION every time this function is modified:
-- my $VERSION = 2;
-+ my $VERSION = 3;
- my $preamble = "$Dest_dir/_h2ph_pre.ph";
-
- # Can we skip building the preamble file?
-@@ -798,7 +801,16 @@ sub build_preamble_if_necessary
- # parenthesized value: d=(v)
- $define{$_} = $1;
- }
-- if ($define{$_} =~ /^([+-]?(\d+)?\.\d+([eE][+-]?\d+)?)[FL]?$/) {
-+ if (/^(\w+)\((\w)\)$/) {
-+ my($macro, $arg) = ($1, $2);
-+ my $def = $define{$_};
-+ $def =~ s/$arg/\$\{$arg\}/g;
-+ print PREAMBLE <<DEFINE;
-+unless (defined &$macro) { sub $macro(\$) { my (\$$arg) = \@_; \"$def\" } }
-+
-+DEFINE
-+ } elsif
-+ ($define{$_} =~ /^([+-]?(\d+)?\.\d+([eE][+-]?\d+)?)[FL]?$/) {
- # float:
- print PREAMBLE
- "unless (defined &$_) { sub $_() { $1 } }\n\n";
-@@ -807,8 +819,14 @@ sub build_preamble_if_necessary
- print PREAMBLE
- "unless (defined &$_) { sub $_() { $1 } }\n\n";
- } elsif ($define{$_} =~ /^\w+$/) {
-- print PREAMBLE
-- "unless (defined &$_) { sub $_() { &$define{$_} } }\n\n";
-+ my $def = $define{$_};
-+ if ($isatype{$def}) {
-+ print PREAMBLE
-+ "unless (defined &$_) { sub $_() { \"$def\" } }\n\n";
-+ } else {
-+ print PREAMBLE
-+ "unless (defined &$_) { sub $_() { &$def } }\n\n";
-+ }
- } else {
- print PREAMBLE
- "unless (defined &$_) { sub $_() { \"",
---
-1.6.5.2.74.g610f9.dirty
-