[arch-commits] Commit in perl/trunk (CVE-2013-1667.patch PKGBUILD)
Florian Pritz
bluewind at nymeria.archlinux.org
Fri Mar 15 21:24:52 UTC 2013
Date: Friday, March 15, 2013 @ 22:24:52
Author: bluewind
Revision: 180064
upgpkg: perl 5.16.3-1
upstream update
Modified:
perl/trunk/PKGBUILD
Deleted:
perl/trunk/CVE-2013-1667.patch
---------------------+
CVE-2013-1667.patch | 50 --------------------------------------------------
PKGBUILD | 9 +++------
2 files changed, 3 insertions(+), 56 deletions(-)
Deleted: CVE-2013-1667.patch
===================================================================
--- CVE-2013-1667.patch 2013-03-15 19:12:01 UTC (rev 180063)
+++ CVE-2013-1667.patch 2013-03-15 21:24:52 UTC (rev 180064)
@@ -1,50 +0,0 @@
-commit 9ec0b001b87d32f1d39b038b72846a5c20417be3 (refs/remotes/origin/maint-5.16)
-Author: Andy Dougherty <doughera at lafayette.edu>
-Date: Wed Jan 16 12:30:43 2013 -0500
-
- Avoid wraparound when casting unsigned size_t to signed ssize_t.
-
- Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
- system. In that instance a value of count >= 2**31 would turn negative
- when cast to (ssize_t).
-
-diff --git a/perlio.c b/perlio.c
-index 7782728..cccfdcd 100644
---- a/perlio.c
-+++ b/perlio.c
-@@ -2164,7 +2164,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
- SSize_t avail = PerlIO_get_cnt(f);
- SSize_t take = 0;
- if (avail > 0)
-- take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
-+ take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
- if (take > 0) {
- STDCHAR *ptr = PerlIO_get_ptr(f);
- Copy(ptr, buf, take, STDCHAR);
-@@ -4098,7 +4098,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
- */
- b->posn -= b->bufsiz;
- }
-- if (avail > (SSize_t) count) {
-+ if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
- /*
- * If we have space for more than count, just move count
- */
-@@ -4148,7 +4148,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
- }
- while (count > 0) {
- SSize_t avail = b->bufsiz - (b->ptr - b->buf);
-- if ((SSize_t) count < avail)
-+ if ((SSize_t) count >= 0 && (SSize_t) count < avail)
- avail = count;
- if (flushptr > buf && flushptr <= buf + avail)
- avail = flushptr - buf;
-@@ -4423,7 +4423,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
- {
- SSize_t avail = PerlIO_get_cnt(f);
- SSize_t got = 0;
-- if ((SSize_t)count < avail)
-+ if ((SSize_t) count >= 0 && (SSize_t)count < avail)
- avail = count;
- if (avail > 0)
- got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-03-15 19:12:01 UTC (rev 180063)
+++ PKGBUILD 2013-03-15 21:24:52 UTC (rev 180064)
@@ -6,8 +6,8 @@
# Contributor: francois <francois.archlinux.org>
pkgname=perl
-pkgver=5.16.2
-pkgrel=4
+pkgver=5.16.3
+pkgrel=1
pkgdesc="A highly capable, feature-rich programming language"
arch=(i686 x86_64)
license=('GPL' 'PerlArtistic')
@@ -16,15 +16,13 @@
depends=('gdbm' 'db' 'coreutils' 'glibc' 'sh')
source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2
cgi-cr-escaping.diff
- CVE-2013-1667.patch
perlbin.sh
perlbin.csh
provides.pl)
install=perl.install
options=('makeflags' '!purge')
-md5sums=('2818ab01672f005a4e552a713aa27b08'
+md5sums=('025102de0e4a597cf541e57da80c6aa3'
'0486659c9eefe682364a3e364d814296'
- '3725d479a42547c6bae33b793b948054'
'5ed2542fdb9a60682f215bd33701e61a'
'1f0cbbee783e8a6d32f01be5118e0d5e'
'999c3eea6464860704abbb055a0f0896')
@@ -37,7 +35,6 @@
cd ${srcdir}/${pkgname}-${pkgver}
patch -i "$srcdir/cgi-cr-escaping.diff" -p1
- patch -i "$srcdir/CVE-2013-1667.patch" -p1
if [ "${CARCH}" = "x86_64" ]; then
# for x86_64
More information about the arch-commits
mailing list