rpms/perl/devel perl-5.8.8-bz323571.patch, NONE, 1.1 perl.spec, 1.141, 1.142
Tom Callaway (spot)
fedora-extras-commits at redhat.com
Mon Nov 12 19:39:08 UTC 2007
- Previous message (by thread): rpms/perl/F-8 perl-5.8.8-bz323571.patch, NONE, 1.1 perl.spec, 1.141, 1.142
- Next message (by thread): rpms/R-DynDoc/F-8 .cvsignore, 1.2, 1.3 R-DynDoc.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: spot
Update of /cvs/pkgs/rpms/perl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6523/devel
Modified Files:
perl.spec
Added Files:
perl-5.8.8-bz323571.patch
Log Message:
Resolve CVE-2007-5116 for F-7, F-8, devel.
perl-5.8.8-bz323571.patch:
--- NEW FILE perl-5.8.8-bz323571.patch ---
--- perl-5.8.8.orig/regcomp.c 2006-01-08 20:59:27.000000000 +0000
+++ perl-5.8.8/regcomp.c 2007-10-19 22:49:41.000000000 +0100
@@ -136,6 +136,7 @@
I32 seen_zerolen;
I32 seen_evals;
I32 utf8;
+ I32 orig_utf8;
#if ADD_TO_REGEXEC
char *starttry; /* -Dr: where regtry was called. */
#define RExC_starttry (pRExC_state->starttry)
@@ -161,6 +162,7 @@
#define RExC_seen_zerolen (pRExC_state->seen_zerolen)
#define RExC_seen_evals (pRExC_state->seen_evals)
#define RExC_utf8 (pRExC_state->utf8)
+#define RExC_orig_utf8 (pRExC_state->orig_utf8)
#define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
#define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
@@ -1749,15 +1751,17 @@
if (exp == NULL)
FAIL("NULL regexp argument");
- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
- RExC_precomp = exp;
DEBUG_r({
if (!PL_colorset) reginitcolors();
PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
PL_colors[4],PL_colors[5],PL_colors[0],
- (int)(xend - exp), RExC_precomp, PL_colors[1]);
+ (int)(xend - exp), exp, PL_colors[1]);
});
+
+redo_first_pass:
+ RExC_precomp = exp;
RExC_flags = pm->op_pmflags;
RExC_sawback = 0;
@@ -1783,6 +1787,17 @@
RExC_precomp = Nullch;
return(NULL);
}
+ if (RExC_utf8 && !RExC_orig_utf8) {
+ STRLEN len = xend-exp;
+ DEBUG_r(PerlIO_printf(Perl_debug_log,
+ "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
+ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
+ xend = exp + len;
+ RExC_orig_utf8 = RExC_utf8;
+ SAVEFREEPV(exp);
+ goto redo_first_pass;
+ }
+
DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
/* Small enough for pointer-storage convention?
Index: perl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl/devel/perl.spec,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -r1.141 -r1.142
--- perl.spec 18 Oct 2007 17:18:38 -0000 1.141
+++ perl.spec 12 Nov 2007 19:38:34 -0000 1.142
@@ -24,7 +24,7 @@
Name: perl
Version: %{perl_version}
-Release: 30%{?dist}
+Release: 31%{?dist}
Epoch: %{perl_epoch}
Summary: The Perl programming language
Group: Development/Languages
@@ -127,6 +127,9 @@
Patch42: perl-5.8.8-DB_File-1.815.patch
# Fix from perl bug #24254
Patch43: perl-5.8.8-bug24254.patch
+# Fix Bugzilla 378121 378131 378141 378151 (all the same bug, just one for each Fedora
+# release), CVE-2007-5116
+Patch44: perl-5.8.8-bz323571.patch
BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcsh, dos2unix, man, groff
@@ -390,6 +393,7 @@
%patch41 -p1
%patch42 -p1
%patch43 -p1
+%patch44 -p1
#
# Candidates for doc recoding (need case by case review):
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
@@ -789,6 +793,9 @@
# Nothing. Nada. Zilch. Zarro. Uh uh. Nope. Sorry.
%changelog
+* Mon Nov 12 2007 Tom "spot" Callaway <tcallawa at redhat.com> - 4:5.8.8-31
+- fix for CVE-2007-5116
+
* Thu Oct 18 2007 Tom "spot" Callaway <tcallawa at redhat.com> - 4:5.8.8-30
- patch from perl bug 24254, fix for RH bz 114271
- Previous message (by thread): rpms/perl/F-8 perl-5.8.8-bz323571.patch, NONE, 1.1 perl.spec, 1.141, 1.142
- Next message (by thread): rpms/R-DynDoc/F-8 .cvsignore, 1.2, 1.3 R-DynDoc.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list