From 1bb2648cde916ac27d3dd75d7b64a4ddc89787b7 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 10 Feb 2013 01:12:52 -0800 Subject: Sun Feb 10 01:12:35 PST 2013 --- core/perl/ChangeLog | 66 ------------------------------------------- core/perl/cve-2012-5195.patch | 29 ------------------- 2 files changed, 95 deletions(-) delete mode 100644 core/perl/ChangeLog delete mode 100644 core/perl/cve-2012-5195.patch (limited to 'core/perl') diff --git a/core/perl/ChangeLog b/core/perl/ChangeLog deleted file mode 100644 index 9add39e20..000000000 --- a/core/perl/ChangeLog +++ /dev/null @@ -1,66 +0,0 @@ -2011-06-22 Angel Velasquez - * Added a patch for ExtUtils doesnt overwrite CFLAGS and LDFLAGS - * Fixed #FS22197, FS#22441, FS#24767 - * Rebuilt perl 5.14.1-2 against db 5.2.28 - -2011-06-16 Angel Velasquez - * Fixed #FS24660 - * Rebuilt against db 5.2.28 - -2011-05-16 Angel Velasquez - * perl 5.14.0 - * Removed patch for h2ph warning from 5.12.3 - * Removed provides array, you can use corelist -v 5.14.0 to know the - modules included with the perl core, through Module::CoreList (thx j3nnn1 - for the tip) - -2010-11-07 kevin - - * perl 5.12.2-1 - - Using /usr/bin/*_perl for script directories - -2010-11-06 kevin - - - Removed otherlibdirs directive from Configure - - Removed /usr/*/perl5/site_perl/5.10.1 from INC - - Finally removed legacy dirs /usr/lib/perl5/current and - /usr/lib/perl5/site_perl/current from @INC - -2010-05-23 kevin - - * perl 5.12.1-2 - - Francois updated the provides array. - -2010-05-23 kevin - - * perl 5.12.1-1 - -2010-05-16 kevin - - * perl 5.12.0-2 - -2010-05-12 kevin - - - FS#19411. Removed the for loop in perlbin.sh which didn't work on zsh. - This makes the loop variables unnecessary so the script no longer - pollutes the user's environment. - - FS#19427. Added /usr/*/perl5/site_perl/5.10.1 to otherlibdirs to support - user built modules. - -2010-05-09 kevin - - * perl 5.12.0-1 - - Modified perlbin.sh to only add existing dirs to PATH. Fixes FS#17402, - path points to non-existant directories - -2010-05-07 kevin - - - Added this changelog. - - Added -Dinc_version_list=none to fix FS#19136, double entry in @INC. - This removes the duplicates and versioned directory entries. - - Change scriptdirs to /usr/lib/perl5/{core,vendor,site}_perl/bin to fix - Fix FS#13808, binaries don't follow FHS. - - Stopped using versioned directories in sitelib and sitearch. - - -# vim: set ft=changelog ts=4 sw=4 et: diff --git a/core/perl/cve-2012-5195.patch b/core/perl/cve-2012-5195.patch deleted file mode 100644 index a995194c6..000000000 --- a/core/perl/cve-2012-5195.patch +++ /dev/null @@ -1,29 +0,0 @@ -commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b -Author: Andy Dougherty -Date: Thu Sep 27 09:52:18 2012 -0400 - - avoid calling memset with a negative count - - Poorly written perl code that allows an attacker to specify the count to - perl's 'x' string repeat operator can already cause a memory exhaustion - denial-of-service attack. A flaw in versions of perl before 5.15.5 can - escalate that into a heap buffer overrun; coupled with versions of glibc - before 2.16, it possibly allows the execution of arbitrary code. - - The flaw addressed to this commit has been assigned identifier - CVE-2012-5195. - -diff --git a/util.c b/util.c -index 171456f..34f5fa9 100644 ---- a/util.c -+++ b/util.c -@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I - { - PERL_ARGS_ASSERT_REPEATCPY; - -+ if (count < 0) -+ Perl_croak_nocontext("%s",PL_memory_wrap); -+ - if (len == 1) - memset(to, *from, count); - else if (count) { -- cgit v1.2.3-54-g00ecf