[arch-commits] Commit in perl/trunk (3 files)

Florian Pritz bluewind at nymeria.archlinux.org
Sat Mar 9 21:02:48 UTC 2013


    Date: Saturday, March 9, 2013 @ 22:02:48
  Author: bluewind
Revision: 179821

fix cve-2013-1667

Added:
  perl/trunk/CVE-2013-1667.patch
Modified:
  perl/trunk/PKGBUILD
Deleted:
  perl/trunk/0001-Append-CFLAGS-and-LDFLAGS-to-their-Config.pm-counter.patch

-----------------------------------------------------------------+
 0001-Append-CFLAGS-and-LDFLAGS-to-their-Config.pm-counter.patch |   83 ----------
 CVE-2013-1667.patch                                             |   50 ++++++
 PKGBUILD                                                        |    6 
 3 files changed, 54 insertions(+), 85 deletions(-)

Deleted: 0001-Append-CFLAGS-and-LDFLAGS-to-their-Config.pm-counter.patch
===================================================================
--- 0001-Append-CFLAGS-and-LDFLAGS-to-their-Config.pm-counter.patch	2013-03-09 20:32:09 UTC (rev 179820)
+++ 0001-Append-CFLAGS-and-LDFLAGS-to-their-Config.pm-counter.patch	2013-03-09 21:02:48 UTC (rev 179821)
@@ -1,83 +0,0 @@
-From bb249b0b26c2e79a6f55355ef94889070f07fd21 Mon Sep 17 00:00:00 2001
-From: Niko Tyni <ntyni at debian.org>
-Date: Thu, 28 Apr 2011 09:18:54 +0300
-Subject: [PATCH] Append CFLAGS and LDFLAGS to their Config.pm counterparts in
- EU::CBuilder
-
-Since ExtUtils::CBuilder 0.27_04 (bleadperl commit 06e8058f27e4),
-CFLAGS and LDFLAGS from the environment have overridden the Config.pm
-ccflags and ldflags settings. This can cause binary incompatibilities
-between the core Perl and extensions built with EU::CBuilder.
-
-Append to the Config.pm values rather than overriding them.
----
- .../lib/ExtUtils/CBuilder/Base.pm                  |    6 +++-
- dist/ExtUtils-CBuilder/t/04-base.t                 |   25 +++++++++++++++++++-
- 2 files changed, 28 insertions(+), 3 deletions(-)
-
-diff --git a/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Base.pm b/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Base.pm
-index b572312..2255c51 100644
---- a/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Base.pm
-+++ b/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Base.pm
-@@ -40,11 +40,13 @@ sub new {
-     $self->{config}{$k} = $v unless exists $self->{config}{$k};
-   }
-   $self->{config}{cc} = $ENV{CC} if defined $ENV{CC};
--  $self->{config}{ccflags} = $ENV{CFLAGS} if defined $ENV{CFLAGS};
-+  $self->{config}{ccflags} = join(" ", $self->{config}{ccflags}, $ENV{CFLAGS})
-+     if defined $ENV{CFLAGS};
-   $self->{config}{cxx} = $ENV{CXX} if defined $ENV{CXX};
-   $self->{config}{cxxflags} = $ENV{CXXFLAGS} if defined $ENV{CXXFLAGS};
-   $self->{config}{ld} = $ENV{LD} if defined $ENV{LD};
--  $self->{config}{ldflags} = $ENV{LDFLAGS} if defined $ENV{LDFLAGS};
-+  $self->{config}{ldflags} = join(" ", $self->{config}{ldflags}, $ENV{LDFLAGS})
-+     if defined $ENV{LDFLAGS};
- 
-   unless ( exists $self->{config}{cxx} ) {
-     my ($ccpath, $ccbase, $ccsfx ) = fileparse($self->{config}{cc}, qr/\.[^.]*/);
-diff --git a/dist/ExtUtils-CBuilder/t/04-base.t b/dist/ExtUtils-CBuilder/t/04-base.t
-index c3bf6b5..1bb15aa 100644
---- a/dist/ExtUtils-CBuilder/t/04-base.t
-+++ b/dist/ExtUtils-CBuilder/t/04-base.t
-@@ -1,7 +1,7 @@
- #! perl -w
- 
- use strict;
--use Test::More tests => 50;
-+use Test::More tests => 64;
- use Config;
- use Cwd;
- use File::Path qw( mkpath );
-@@ -326,6 +326,29 @@ is_deeply( $mksymlists_args,
-     "_prepare_mksymlists_args(): got expected arguments for Mksymlists",
- );
- 
-+my %testvars = (
-+    CFLAGS  => 'ccflags',
-+    LDFLAGS => 'ldflags',
-+);
-+
-+while (my ($VAR, $var) = each %testvars) {
-+    local $ENV{$VAR};
-+    $base = ExtUtils::CBuilder::Base->new( quiet => 1 );
-+    ok( $base, "ExtUtils::CBuilder::Base->new() returned true value" );
-+    isa_ok( $base, 'ExtUtils::CBuilder::Base' );
-+    like($base->{config}{$var}, qr/\Q$Config{$var}/,
-+        "honours $var from Config.pm");
-+
-+    $ENV{$VAR} = "-foo -bar";
-+    $base = ExtUtils::CBuilder::Base->new( quiet => 1 );
-+    ok( $base, "ExtUtils::CBuilder::Base->new() returned true value" );
-+    isa_ok( $base, 'ExtUtils::CBuilder::Base' );
-+    like($base->{config}{$var}, qr/\Q$ENV{$VAR}/,
-+        "honours $VAR from the environment");
-+    like($base->{config}{$var}, qr/\Q$Config{$var}/,
-+        "doesn't override $var from Config.pm with $VAR from the environment");
-+}
-+
- #####
- 
- for ($source_file, $object_file, $lib_file) {
--- 
-1.7.4.4
-

Added: CVE-2013-1667.patch
===================================================================
--- CVE-2013-1667.patch	                        (rev 0)
+++ CVE-2013-1667.patch	2013-03-09 21:02:48 UTC (rev 179821)
@@ -0,0 +1,50 @@
+commit 9ec0b001b87d32f1d39b038b72846a5c20417be3 (refs/remotes/origin/maint-5.16)
+Author: Andy Dougherty <doughera at lafayette.edu>
+Date:   Wed Jan 16 12:30:43 2013 -0500
+
+    Avoid wraparound when casting unsigned size_t to signed ssize_t.
+    
+    Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
+    system.  In that instance a value of count >= 2**31 would turn negative
+    when cast to (ssize_t).
+
+diff --git a/perlio.c b/perlio.c
+index 7782728..cccfdcd 100644
+--- a/perlio.c
++++ b/perlio.c
+@@ -2164,7 +2164,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ 	    SSize_t avail = PerlIO_get_cnt(f);
+ 	    SSize_t take = 0;
+ 	    if (avail > 0)
+-		take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
++		take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
+ 	    if (take > 0) {
+ 		STDCHAR *ptr = PerlIO_get_ptr(f);
+ 		Copy(ptr, buf, take, STDCHAR);
+@@ -4098,7 +4098,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ 	     */
+ 	    b->posn -= b->bufsiz;
+ 	}
+-	if (avail > (SSize_t) count) {
++	if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
+ 	    /*
+ 	     * If we have space for more than count, just move count
+ 	     */
+@@ -4148,7 +4148,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+     }
+     while (count > 0) {
+ 	SSize_t avail = b->bufsiz - (b->ptr - b->buf);
+-	if ((SSize_t) count < avail)
++	if ((SSize_t) count >= 0 && (SSize_t) count < avail)
+ 	    avail = count;
+ 	if (flushptr > buf && flushptr <= buf + avail)
+ 	    avail = flushptr - buf;
+@@ -4423,7 +4423,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ {
+     SSize_t avail = PerlIO_get_cnt(f);
+     SSize_t got = 0;
+-    if ((SSize_t)count < avail)
++    if ((SSize_t) count >= 0 && (SSize_t)count < avail)
+ 	avail = count;
+     if (avail > 0)
+ 	got = PerlIOBuf_read(aTHX_ f, vbuf, avail);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-03-09 20:32:09 UTC (rev 179820)
+++ PKGBUILD	2013-03-09 21:02:48 UTC (rev 179821)
@@ -7,7 +7,7 @@
 
 pkgname=perl
 pkgver=5.16.2
-pkgrel=3
+pkgrel=4
 pkgdesc="A highly capable, feature-rich programming language"
 arch=(i686 x86_64)
 license=('GPL' 'PerlArtistic')
@@ -16,6 +16,7 @@
 depends=('gdbm' 'db' 'coreutils' 'glibc' 'sh')
 source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2
         cgi-cr-escaping.diff
+		CVE-2013-1667.patch
         perlbin.sh
         perlbin.csh
         provides.pl)
@@ -23,10 +24,10 @@
 options=('makeflags' '!purge')
 md5sums=('2818ab01672f005a4e552a713aa27b08'
          '0486659c9eefe682364a3e364d814296'
+         '3725d479a42547c6bae33b793b948054'
          '5ed2542fdb9a60682f215bd33701e61a'
          '1f0cbbee783e8a6d32f01be5118e0d5e'
          '999c3eea6464860704abbb055a0f0896')
-
 # workaround to let the integrity check find the correct provides array
 if [[ ${0##*/} = "parse_pkgbuilds.sh" ]]; then
 	true && provides=($(bsdtar -q -O -xf "/srv/ftp/pool/packages/$pkgname-$pkgver-$pkgrel-$CARCH.pkg.tar.xz" .PKGINFO | sed -rn 's#^provides = (.*)#\1#p'))
@@ -36,6 +37,7 @@
   cd ${srcdir}/${pkgname}-${pkgver}
 
   patch -i "$srcdir/cgi-cr-escaping.diff" -p1
+  patch -i "$srcdir/CVE-2013-1667.patch" -p1
 
   if [ "${CARCH}" = "x86_64" ]; then
     # for x86_64




More information about the arch-commits mailing list