rpms/perl/devel perl-5.8.7-CVE-2005-3962-bz174684.patch, NONE, 1.1 perl.spec, 1.76, 1.77
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Dec 1 18:30:58 UTC 2005
Author: jvdias
Update of /cvs/dist/rpms/perl/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv18404
Modified Files:
perl.spec
Added Files:
perl-5.8.7-CVE-2005-3962-bz174684.patch
Log Message:
fix bug 174684 / CVE-2005-3962
perl-5.8.7-CVE-2005-3962-bz174684.patch:
sv.c | 7 ++++---
t/op/sprintf2.t | 19 ++++++++++++++++++-
2 files changed, 22 insertions(+), 4 deletions(-)
--- NEW FILE perl-5.8.7-CVE-2005-3962-bz174684.patch ---
--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684 2004-02-09 16:37:13.000000000 -0500
+++ perl-5.8.7/t/op/sprintf2.t 2005-12-01 13:11:34.000000000 -0500
@@ -6,7 +6,7 @@
require './test.pl';
}
-plan tests => 3;
+plan tests => 6;
is(
sprintf("%.40g ",0.01),
@@ -26,3 +26,20 @@
q(width calculation under utf8 upgrade)
);
}
+# check %NNN$ for range bounds, especially negative 2's complement
+{
+ my ($warn, $bad) = (0,0);
+ local $SIG{__WARN__} = sub {
+ if ($_[0] =~ /uninitialized/) {
+ $warn++
+ }
+ else {
+ $bad++
+ }
+ };
+ my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
+ qw(a b c d);
+ is($result, "abcd", "only four valid values");
+ is($warn, 36, "expected warnings");
+ is($bad, 0, "unexpected warnings");
+}
--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684 2005-05-27 06:38:11.000000000 -0400
+++ perl-5.8.7/sv.c 2005-12-01 13:11:14.000000000 -0500
@@ -8707,9 +8707,10 @@
if (vectorize)
argsv = vecsv;
- else if (!args)
- argsv = (efix ? efix <= svmax : svix < svmax) ?
- svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
+ else if (!args) {
+ I32 i = efix ? efix-1 : svix++;
+ argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
+ }
switch (c = *q++) {
Index: perl.spec
===================================================================
RCS file: /cvs/dist/rpms/perl/devel/perl.spec,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- perl.spec 11 Nov 2005 21:25:05 -0000 1.76
+++ perl.spec 1 Dec 2005 18:30:53 -0000 1.77
@@ -5,7 +5,7 @@
%define multilib_64_archs x86_64 s390x ppc64 sparc64
%define perlver 5.8.7
-%define perlrel 0.7.fc5
+%define perlrel 0.8.fc5
%define perlepoch 3
%{?!perl_debugging: %define perl_debugging 0}
@@ -130,6 +130,8 @@
Patch136009: perl-5.8.7-MM_Unix-rpath-136009.patch
+Patch174684: perl-5.8.7-CVE-2005-3962-bz174684.patch
+
# module updatesd
# Patch202: perl-5.8.0-Safe2.09.patch
@@ -294,6 +296,8 @@
%patch136009 -p1
+%patch174684 -p1
+
# Candidates for doc recoding (need case by case review):
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
recode()
@@ -503,6 +507,10 @@
%changelog
+* Thu Dec 01 2005 Jason Vas Dias <jvdias at redhat.com> - 3:5.8.7-0.8
+- fix bug 174684 / CVE-2005-3962: sprintf integer overflow vulnerability
+ backport upstream patch #26240
+
* Wed Nov 09 2005 Jason Vas Dias <jvdias at redhat.com> - 3:5.8.7-0.7
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
while removing empty LD_RUN_PATH
More information about the fedora-cvs-commits
mailing list