[arch-commits] Commit in perl/trunk (PKGBUILD cve-2012-5195.patch)
Florian Pritz
bluewind at archlinux.org
Sat Nov 3 10:30:23 UTC 2012
Date: Saturday, November 3, 2012 @ 06:30:22
Author: bluewind
Revision: 170125
upgpkg: perl 5.16.2-1
upstream update
Modified:
perl/trunk/PKGBUILD
Deleted:
perl/trunk/cve-2012-5195.patch
---------------------+
PKGBUILD | 10 +++-------
cve-2012-5195.patch | 29 -----------------------------
2 files changed, 3 insertions(+), 36 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2012-11-03 07:24:35 UTC (rev 170124)
+++ PKGBUILD 2012-11-03 10:30:22 UTC (rev 170125)
@@ -5,8 +5,8 @@
# Contributor: judd <jvinet.zeroflux.org>
# Contributor: francois <francois.archlinux.org>
pkgname=perl
-pkgver=5.16.1
-pkgrel=2
+pkgver=5.16.2
+pkgrel=1
pkgdesc="A highly capable, feature-rich programming language"
arch=(i686 x86_64)
license=('GPL' 'PerlArtistic')
@@ -17,14 +17,12 @@
source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2
perlbin.sh
perlbin.csh
-cve-2012-5195.patch
provides.pl)
install=perl.install
options=('makeflags' '!purge')
-md5sums=('b87358e2c461a898cfd7c334e7dd8993'
+md5sums=('2818ab01672f005a4e552a713aa27b08'
'5ed2542fdb9a60682f215bd33701e61a'
'1f0cbbee783e8a6d32f01be5118e0d5e'
- 'ba61b3b393b763b4f0b9e2f06757815a'
'999c3eea6464860704abbb055a0f0896')
# workaround to let the integrity check find the correct provides array
@@ -35,8 +33,6 @@
build() {
cd ${srcdir}/${pkgname}-${pkgver}
- patch -i "$srcdir/cve-2012-5195.patch" -p1
-
if [ "${CARCH}" = "x86_64" ]; then
# for x86_64
arch_opts="-Dcccdlflags='-fPIC'"
Deleted: cve-2012-5195.patch
===================================================================
--- cve-2012-5195.patch 2012-11-03 07:24:35 UTC (rev 170124)
+++ cve-2012-5195.patch 2012-11-03 10:30:22 UTC (rev 170125)
@@ -1,29 +0,0 @@
-commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b
-Author: Andy Dougherty <doughera at lafayette.edu>
-Date: Thu Sep 27 09:52:18 2012 -0400
-
- avoid calling memset with a negative count
-
- Poorly written perl code that allows an attacker to specify the count to
- perl's 'x' string repeat operator can already cause a memory exhaustion
- denial-of-service attack. A flaw in versions of perl before 5.15.5 can
- escalate that into a heap buffer overrun; coupled with versions of glibc
- before 2.16, it possibly allows the execution of arbitrary code.
-
- The flaw addressed to this commit has been assigned identifier
- CVE-2012-5195.
-
-diff --git a/util.c b/util.c
-index 171456f..34f5fa9 100644
---- a/util.c
-+++ b/util.c
-@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
- {
- PERL_ARGS_ASSERT_REPEATCPY;
-
-+ if (count < 0)
-+ Perl_croak_nocontext("%s",PL_memory_wrap);
-+
- if (len == 1)
- memset(to, *from, count);
- else if (count) {
More information about the arch-commits
mailing list