[arch-commits] CVS update of core/base/perl (PKGBUILD perl-5.8.8-utf-regexes.patch)
Kevin Piche
kevin at archlinux.org
Wed Nov 7 01:43:18 UTC 2007
Date: Tuesday, November 6, 2007 @ 20:43:18
Author: kevin
Path: /home/cvs-core/core/base/perl
Added: perl-5.8.8-utf-regexes.patch (1.1)
Modified: PKGBUILD (1.51 -> 1.52)
upgpkg: perl 5.8.8-9
Fix CVE-2007-5116 perl regular expression UTF parsing errors
------------------------------+
PKGBUILD | 12 ++++----
perl-5.8.8-utf-regexes.patch | 59 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 5 deletions(-)
Index: core/base/perl/PKGBUILD
diff -u core/base/perl/PKGBUILD:1.51 core/base/perl/PKGBUILD:1.52
--- core/base/perl/PKGBUILD:1.51 Mon Oct 22 06:50:47 2007
+++ core/base/perl/PKGBUILD Tue Nov 6 20:43:18 2007
@@ -1,8 +1,8 @@
-# $Id: PKGBUILD,v 1.51 2007/10/22 10:50:47 tpowa Exp $
+# $Id: PKGBUILD,v 1.52 2007/11/07 01:43:18 kevin Exp $
# Maintainer: judd <jvinet at zeroflux.org>
pkgname=perl
pkgver=5.8.8
-pkgrel=8
+pkgrel=9
pkgdesc="Practical Extraction and Report Language"
arch=(i686 x86_64)
license=('GPL' 'PerlArtistic')
@@ -11,17 +11,18 @@
depends=('gdbm' 'db>=4.6' 'bash' 'coreutils' 'glibc')
source=(http://www.perl.com/CPAN/src/perl-$pkgver.tar.gz
http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/DB_File-1.814.tar.gz
- http://search.cpan.org/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.7.patch
http://search.cpan.org/CPAN/authors/id/S/SA/SAPER/Sys-Syslog-0.10.tar.gz
perl-5.8.6-picdl.patch0
- perl-5.8.8-gcc-4.2.0.patch)
+ perl-5.8.8-gcc-4.2.0.patch
+ perl-5.8.8-utf-regexes.patch)
install=perl.install
md5sums=('b8c118d4360846829beb30b02a6b91a7'
'5ae102fe172f2aaf771a8d9cae23ca3a'
'e1ce6f6cf32434db77f78be5938af09c'
'8fc1f24fc7890e4fd8360e7e9f293099'
'319b56a7ce715fb7a494fe4d5cb9474c'
- '546fc05b63b0add38898361c8de0c949')
+ '546fc05b63b0add38898361c8de0c949'
+ 'b0463a38a49da77734014c1f6d25a8d2')
# for site_perl this is needed!
options=('emptydirs')
@@ -38,6 +39,7 @@
cd $startdir/src/$pkgname-$pkgver
patch -Np1 -i ${startdir}/src/perl-5.8.8-gcc-4.2.0.patch || return 1
+ patch -Np0 -i ${startdir}/src/perl-5.8.8-utf-regexes.patch || return 1
if [ "$CARCH" = "x86_64" ]; then
# for x86_64
patch -Np0 -i ../perl-5.8.6-picdl.patch0 || return 1
Index: core/base/perl/perl-5.8.8-utf-regexes.patch
diff -u /dev/null core/base/perl/perl-5.8.8-utf-regexes.patch:1.1
--- /dev/null Tue Nov 6 20:43:18 2007
+++ core/base/perl/perl-5.8.8-utf-regexes.patch Tue Nov 6 20:43:18 2007
@@ -0,0 +1,59 @@
+CVE-2007-5116 perl regular expression UTF parsing errors
+https://bugzilla.redhat.com/show_bug.cgi?id=323571
+
+--- regcomp.c 2006-01-08 12:59:27.000000000 -0800
++++ regcomp.c 2007-10-05 12:07:55.000000000 -0700
+@@ -135,7 +135,8 @@
+ I32 extralen;
+ I32 seen_zerolen;
+ I32 seen_evals;
+- I32 utf8;
++ I32 utf8; /* pattern is utf8 or not */
++ I32 orig_utf8; /* pattern was originally utf8 */
+ #if ADD_TO_REGEXEC
+ char *starttry; /* -Dr: where regtry was called. */
+ #define RExC_starttry (pRExC_state->starttry)
+@@ -161,6 +162,7 @@
+ #define RExC_seen_zerolen (pRExC_state->seen_zerolen)
+ #define RExC_seen_evals (pRExC_state->seen_evals)
+ #define RExC_utf8 (pRExC_state->utf8)
++#define RExC_orig_utf8 (pRExC_state->orig_utf8)
+
+ #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
+ #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
+@@ -1749,15 +1751,17 @@
+ if (exp == NULL)
+ FAIL("NULL regexp argument");
+
+- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
++ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+
+- RExC_precomp = exp;
+ DEBUG_r({
+ if (!PL_colorset) reginitcolors();
+ PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
+ PL_colors[4],PL_colors[5],PL_colors[0],
+- (int)(xend - exp), RExC_precomp, PL_colors[1]);
++ (int)(xend - exp), exp, PL_colors[1]);
+ });
++
++redo_first_pass:
++ RExC_precomp = exp;
+ RExC_flags = pm->op_pmflags;
+ RExC_sawback = 0;
+
+@@ -1783,6 +1787,17 @@
+ RExC_precomp = Nullch;
+ return(NULL);
+ }
++ if (RExC_utf8 && !RExC_orig_utf8) {
++ STRLEN len = xend-exp;
++ DEBUG_r(PerlIO_printf(Perl_debug_log,
++ "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
++ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
++ xend = exp + len;
++ RExC_orig_utf8 = RExC_utf8;
++ SAVEFREEPV(exp);
++ goto redo_first_pass;
++ }
++
More information about the arch-commits
mailing list