# HG changeset patch # User Vladimir Marek # Date 1321547000 28800 # Node ID 5828c439789b0b5208701763600c8bca07822ffd # Parent 3493d2848bde738908a62011b9d6534c6012a51f 7111771 Problem with utility/perl diff -r 3493d2848bde -r 5828c439789b components/perl512/Makefile --- a/components/perl512/Makefile Mon Nov 28 02:12:26 2011 -0800 +++ b/components/perl512/Makefile Thu Nov 17 08:23:20 2011 -0800 @@ -117,6 +117,10 @@ # 2 expected failures because of the use of cloney in this build. # Without cloney all tests pass. # + # Failed 2 tests out of 1697, 99.88% okay. + # ../cpan/Archive-Tar/t/02_methods.t + # ../lib/File/stat.t + # BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS) diff -r 3493d2848bde -r 5828c439789b components/perl512/patches/CVE-2011-2728.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/perl512/patches/CVE-2011-2728.patch Thu Nov 17 08:23:20 2011 -0800 @@ -0,0 +1,57 @@ +# +# CVE-2011-2728 +# http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77 +# https://bugzilla.redhat.com/show_bug.cgi?id=742236 +# +diff -urN perl-5.12.3/ext/File-Glob/Glob.xs p/ext/File-Glob/Glob.xs +--- perl-5.12.3/ext/File-Glob/Glob.xs 2011-01-09 12:20:55.000000000 -0800 ++++ perl-5.12.3/ext/File-Glob/Glob.xs 2011-11-28 00:46:10.593556922 -0800 +@@ -1,6 +1,7 @@ + #include "EXTERN.h" + #include "perl.h" + #include "XSUB.h" ++#include "strings.h" + + #include "bsd_glob.h" + +@@ -49,9 +50,12 @@ + /* allow for optional flags argument */ + if (items > 1) { + flags = (int) SvIV(ST(1)); ++ /* remove unsupported flags */ ++ flags &= ~(GLOB_APPEND | GLOB_DOOFFS | GLOB_ALTDIRFUNC | GLOB_MAGCHAR); + } + + /* call glob */ ++ bzero(&pglob, sizeof(glob_t)); + retval = bsd_glob(pattern, flags, errfunc, &pglob); + GLOB_ERROR = retval; + +--- perl-5.12.3/ext/File-Glob/t/basic.t.orig út lis 15 13:22:27 2011 ++++ perl-5.12.3/ext/File-Glob/t/basic.t út lis 15 13:22:54 2011 +@@ -15,7 +15,7 @@ + } + } + use strict; +-use Test::More tests => 14; ++use Test::More tests => 15; + BEGIN {use_ok('File::Glob', ':glob')}; + use Cwd (); + +@@ -195,3 +195,7 @@ + local $TODO = "home-made glob doesn't do regexes" if $^O eq 'VMS'; + is_deeply(\@glob_files, ['a_dej']); + } ++ ++# This used to segfault. ++my $i = bsd_glob('*', GLOB_ALTDIRFUNC); ++is(&File::Glob::GLOB_ERROR, 0, "Successfuly ignored unsupported flag"); +--- perl-5.12.3/patchlevel.h.orig út lis 15 13:26:11 2011 ++++ perl-5.12.3/patchlevel.h út lis 15 13:26:17 2011 +@@ -131,6 +131,7 @@ + ,"uncommitted-changes" + #endif + PERL_GIT_UNPUSHED_COMMITS /* do not remove this line */ ++ ,"7111771 Problem with utility/perl" + ,NULL + }; diff -r 3493d2848bde -r 5828c439789b components/perl512/patches/CVE-2011-2939.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/perl512/patches/CVE-2011-2939.patch Thu Nov 17 08:23:20 2011 -0800 @@ -0,0 +1,19 @@ +# +# CVE-2011-2939 +# http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 +# https://bugzilla.redhat.com/show_bug.cgi?id=731246 +# +--- perl-5.12.3/cpan/Encode/Unicode/Unicode.xs.old 2011-11-15 22:37:18.836023493 -0800 ++++ perl-5.12.3/cpan/Encode/Unicode/Unicode.xs 2011-11-15 22:40:56.191609987 -0800 +@@ -246,7 +246,10 @@ + This prevents allocating too much in the rogue case of a large + input consisting initially of long sequence uft8-byte unicode + chars followed by single utf8-byte chars. */ +- STRLEN remaining = (e - s)/usize; ++ /* +1 ++ fixes Unicode.xs!decode_xs n-byte heap-overflow ++ */ ++ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ + STRLEN max_alloc = remaining + (8*1024*1024); + STRLEN est_alloc = remaining * UTF8_MAXLEN; + STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */