[arch-commits] CVS update of core/base/perl (PKGBUILD perl-5.8.8-utf-regexes.patch)

Kevin Piche kevin at archlinux.org
Wed Nov 7 01:43:18 UTC 2007 

    Date: Tuesday, November 6, 2007 @ 20:43:18
  Author: kevin
    Path: /home/cvs-core/core/base/perl

   Added: perl-5.8.8-utf-regexes.patch (1.1)
Modified: PKGBUILD (1.51 -> 1.52)

upgpkg: perl 5.8.8-9
Fix CVE-2007-5116 perl regular expression UTF parsing errors


------------------------------+
 PKGBUILD                     |   12 ++++----
 perl-5.8.8-utf-regexes.patch |   59 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 5 deletions(-)


Index: core/base/perl/PKGBUILD
diff -u core/base/perl/PKGBUILD:1.51 core/base/perl/PKGBUILD:1.52
--- core/base/perl/PKGBUILD:1.51	Mon Oct 22 06:50:47 2007
+++ core/base/perl/PKGBUILD	Tue Nov  6 20:43:18 2007
@@ -1,8 +1,8 @@
-# $Id: PKGBUILD,v 1.51 2007/10/22 10:50:47 tpowa Exp $
+# $Id: PKGBUILD,v 1.52 2007/11/07 01:43:18 kevin Exp $
 # Maintainer: judd <jvinet at zeroflux.org>
 pkgname=perl
 pkgver=5.8.8
-pkgrel=8
+pkgrel=9
 pkgdesc="Practical Extraction and Report Language"
 arch=(i686 x86_64) 
 license=('GPL' 'PerlArtistic')
@@ -11,17 +11,18 @@
 depends=('gdbm' 'db>=4.6' 'bash' 'coreutils' 'glibc')
 source=(http://www.perl.com/CPAN/src/perl-$pkgver.tar.gz
 	http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/DB_File-1.814.tar.gz
-	http://search.cpan.org/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.7.patch
 	http://search.cpan.org/CPAN/authors/id/S/SA/SAPER/Sys-Syslog-0.10.tar.gz
 	perl-5.8.6-picdl.patch0
-	perl-5.8.8-gcc-4.2.0.patch)
+	perl-5.8.8-gcc-4.2.0.patch
+	perl-5.8.8-utf-regexes.patch)
 install=perl.install
 md5sums=('b8c118d4360846829beb30b02a6b91a7'
          '5ae102fe172f2aaf771a8d9cae23ca3a'
          'e1ce6f6cf32434db77f78be5938af09c'
          '8fc1f24fc7890e4fd8360e7e9f293099'
          '319b56a7ce715fb7a494fe4d5cb9474c'
-         '546fc05b63b0add38898361c8de0c949')
+         '546fc05b63b0add38898361c8de0c949'
+         'b0463a38a49da77734014c1f6d25a8d2')
 # for site_perl this is needed!
 options=('emptydirs')
 
@@ -38,6 +39,7 @@
 
   cd $startdir/src/$pkgname-$pkgver
   patch -Np1 -i ${startdir}/src/perl-5.8.8-gcc-4.2.0.patch || return 1
+  patch -Np0 -i ${startdir}/src/perl-5.8.8-utf-regexes.patch || return 1
   if [ "$CARCH" = "x86_64" ]; then
     # for x86_64
     patch -Np0 -i ../perl-5.8.6-picdl.patch0 || return 1
Index: core/base/perl/perl-5.8.8-utf-regexes.patch
diff -u /dev/null core/base/perl/perl-5.8.8-utf-regexes.patch:1.1
--- /dev/null	Tue Nov  6 20:43:18 2007
+++ core/base/perl/perl-5.8.8-utf-regexes.patch	Tue Nov  6 20:43:18 2007
@@ -0,0 +1,59 @@
+CVE-2007-5116 perl regular expression UTF parsing errors
+https://bugzilla.redhat.com/show_bug.cgi?id=323571
+
+--- regcomp.c	2006-01-08 12:59:27.000000000 -0800
++++ regcomp.c	2007-10-05 12:07:55.000000000 -0700
+@@ -135,7 +135,8 @@
+     I32		extralen;
+     I32		seen_zerolen;
+     I32		seen_evals;
+-    I32		utf8;
++    I32		utf8;			/* pattern is utf8 or not */
++    I32		orig_utf8;		/* pattern was originally utf8 */
+ #if ADD_TO_REGEXEC
+     char 	*starttry;		/* -Dr: where regtry was called. */
+ #define RExC_starttry	(pRExC_state->starttry)
+@@ -161,6 +162,7 @@
+ #define RExC_seen_zerolen	(pRExC_state->seen_zerolen)
+ #define RExC_seen_evals	(pRExC_state->seen_evals)
+ #define RExC_utf8	(pRExC_state->utf8)
++#define RExC_orig_utf8	(pRExC_state->orig_utf8)
+ 
+ #define	ISMULT1(c)	((c) == '*' || (c) == '+' || (c) == '?')
+ #define	ISMULT2(s)	((*s) == '*' || (*s) == '+' || (*s) == '?' || \
+@@ -1749,15 +1751,17 @@
+     if (exp == NULL)
+ 	FAIL("NULL regexp argument");
+ 
+-    RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
++    RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+ 
+-    RExC_precomp = exp;
+     DEBUG_r({
+ 	 if (!PL_colorset) reginitcolors();
+ 	 PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
+ 		       PL_colors[4],PL_colors[5],PL_colors[0],
+-		       (int)(xend - exp), RExC_precomp, PL_colors[1]);
++		       (int)(xend - exp), exp, PL_colors[1]);
+     });
++
++redo_first_pass:
++    RExC_precomp = exp;
+     RExC_flags = pm->op_pmflags;
+     RExC_sawback = 0;
+ 
+@@ -1783,6 +1787,17 @@
+ 	RExC_precomp = Nullch;
+ 	return(NULL);
+     }
++    if (RExC_utf8 && !RExC_orig_utf8) {
++        STRLEN len = xend-exp;
++        DEBUG_r(PerlIO_printf(Perl_debug_log,
++                    "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
++        exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
++        xend = exp + len;
++        RExC_orig_utf8 = RExC_utf8;
++        SAVEFREEPV(exp);
++        goto redo_first_pass;
++    }
++

More information about the arch-commits mailing list