[arch-commits] Commit in perl/trunk (PKGBUILD cve-2012-5195.patch)

[Florian Pritz]

    Date: Friday, October 26, 2012 @ 06:19:05
  Author: bluewind
Revision: 169700

upgpkg: perl 5.16.1-2

fix CVE-2012-5195

Added:
  perl/trunk/cve-2012-5195.patch
Modified:
  perl/trunk/PKGBUILD

---------------------+
 PKGBUILD            |    9 +++++++--
 cve-2012-5195.patch |   29 +++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2012-10-26 08:57:54 UTC (rev 169699)
+++ PKGBUILD	2012-10-26 10:19:05 UTC (rev 169700)
@@ -1,11 +1,12 @@
 # $Id$
-# Maintainer: Angel Velasquez <angvp at archlinux.org> 
+# Maintainer: Florian Pritz <bluewind at xinu.at>
+# Contributor: Angel Velasquez <angvp at archlinux.org> 
 # Contributor: kevin <kevin.archlinux.org>
 # Contributor: judd <jvinet.zeroflux.org>
 # Contributor: francois <francois.archlinux.org> 
 pkgname=perl
 pkgver=5.16.1
-pkgrel=1
+pkgrel=2
 pkgdesc="A highly capable, feature-rich programming language"
 arch=(i686 x86_64)
 license=('GPL' 'PerlArtistic')
@@ -16,12 +17,14 @@
 source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2 
 perlbin.sh
 perlbin.csh
+cve-2012-5195.patch
 provides.pl)
 install=perl.install
 options=('makeflags' '!purge')
 md5sums=('b87358e2c461a898cfd7c334e7dd8993'
          '5ed2542fdb9a60682f215bd33701e61a'
          '1f0cbbee783e8a6d32f01be5118e0d5e'
+         'ba61b3b393b763b4f0b9e2f06757815a'
          '999c3eea6464860704abbb055a0f0896')
 
 # workaround to let the integrity check find the correct provides array
@@ -32,6 +35,8 @@
 build() {
   cd ${srcdir}/${pkgname}-${pkgver}
 
+  patch -i "$srcdir/cve-2012-5195.patch" -p1
+
   if [ "${CARCH}" = "x86_64" ]; then
     # for x86_64
     arch_opts="-Dcccdlflags='-fPIC'"

Added: cve-2012-5195.patch
===================================================================
--- cve-2012-5195.patch	                        (rev 0)
+++ cve-2012-5195.patch	2012-10-26 10:19:05 UTC (rev 169700)
@@ -0,0 +1,29 @@
+commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b
+Author: Andy Dougherty <doughera at lafayette.edu>
+Date:   Thu Sep 27 09:52:18 2012 -0400
+
+    avoid calling memset with a negative count
+    
+    Poorly written perl code that allows an attacker to specify the count to
+    perl's 'x' string repeat operator can already cause a memory exhaustion
+    denial-of-service attack. A flaw in versions of perl before 5.15.5 can
+    escalate that into a heap buffer overrun; coupled with versions of glibc
+    before 2.16, it possibly allows the execution of arbitrary code.
+    
+    The flaw addressed to this commit has been assigned identifier
+    CVE-2012-5195.
+
+diff --git a/util.c b/util.c
+index 171456f..34f5fa9 100644
+--- a/util.c
++++ b/util.c
+@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
+ {
+     PERL_ARGS_ASSERT_REPEATCPY;
+ 
++    if (count < 0)
++	Perl_croak_nocontext("%s",PL_memory_wrap);
++
+     if (len == 1)
+ 	memset(to, *from, count);
+     else if (count) {