[arch-commits] Commit in perl/trunk (PKGBUILD cve-2012-5195.patch)

[Florian Pritz]

    Date: Saturday, November 3, 2012 @ 06:30:22
  Author: bluewind
Revision: 170125

upgpkg: perl 5.16.2-1

upstream update

Modified:
  perl/trunk/PKGBUILD
Deleted:
  perl/trunk/cve-2012-5195.patch

---------------------+
 PKGBUILD            |   10 +++-------
 cve-2012-5195.patch |   29 -----------------------------
 2 files changed, 3 insertions(+), 36 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2012-11-03 07:24:35 UTC (rev 170124)
+++ PKGBUILD	2012-11-03 10:30:22 UTC (rev 170125)
@@ -5,8 +5,8 @@
 # Contributor: judd <jvinet.zeroflux.org>
 # Contributor: francois <francois.archlinux.org> 
 pkgname=perl
-pkgver=5.16.1
-pkgrel=2
+pkgver=5.16.2
+pkgrel=1
 pkgdesc="A highly capable, feature-rich programming language"
 arch=(i686 x86_64)
 license=('GPL' 'PerlArtistic')
@@ -17,14 +17,12 @@
 source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2 
 perlbin.sh
 perlbin.csh
-cve-2012-5195.patch
 provides.pl)
 install=perl.install
 options=('makeflags' '!purge')
-md5sums=('b87358e2c461a898cfd7c334e7dd8993'
+md5sums=('2818ab01672f005a4e552a713aa27b08'
          '5ed2542fdb9a60682f215bd33701e61a'
          '1f0cbbee783e8a6d32f01be5118e0d5e'
-         'ba61b3b393b763b4f0b9e2f06757815a'
          '999c3eea6464860704abbb055a0f0896')
 
 # workaround to let the integrity check find the correct provides array
@@ -35,8 +33,6 @@
 build() {
   cd ${srcdir}/${pkgname}-${pkgver}
 
-  patch -i "$srcdir/cve-2012-5195.patch" -p1
-
   if [ "${CARCH}" = "x86_64" ]; then
     # for x86_64
     arch_opts="-Dcccdlflags='-fPIC'"

Deleted: cve-2012-5195.patch
===================================================================
--- cve-2012-5195.patch	2012-11-03 07:24:35 UTC (rev 170124)
+++ cve-2012-5195.patch	2012-11-03 10:30:22 UTC (rev 170125)
@@ -1,29 +0,0 @@
-commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b
-Author: Andy Dougherty <doughera at lafayette.edu>
-Date:   Thu Sep 27 09:52:18 2012 -0400
-
-    avoid calling memset with a negative count
-    
-    Poorly written perl code that allows an attacker to specify the count to
-    perl's 'x' string repeat operator can already cause a memory exhaustion
-    denial-of-service attack. A flaw in versions of perl before 5.15.5 can
-    escalate that into a heap buffer overrun; coupled with versions of glibc
-    before 2.16, it possibly allows the execution of arbitrary code.
-    
-    The flaw addressed to this commit has been assigned identifier
-    CVE-2012-5195.
-
-diff --git a/util.c b/util.c
-index 171456f..34f5fa9 100644
---- a/util.c
-+++ b/util.c
-@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
- {
-     PERL_ARGS_ASSERT_REPEATCPY;
- 
-+    if (count < 0)
-+	Perl_croak_nocontext("%s",PL_memory_wrap);
-+
-     if (len == 1)
- 	memset(to, *from, count);
-     else if (count) {