From 8cddc1dce0295af2a20f888498f45ebd1665829cfad836600cd4cf420d9f45ce Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Tue, 30 Nov 2010 14:36:38 +0000
Subject: [PATCH 1/2] Updating link to change in openSUSE:Factory/perl revision
 54.0

OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=d8e849ce501a7e0b89028fcb64c0aa16
---
 perl.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/perl.spec b/perl.spec
index 4b7fe77..895c5e4 100644
--- a/perl.spec
+++ b/perl.spec
@@ -21,7 +21,7 @@
 Name:           perl
 Summary:        The Perl interpreter
 Version:        5.12.2
-Release:        3
+Release:        4
 %define pversion 5.12.2
 License:        Artistic License .. ; GPLv2+
 Group:          Development/Languages/Perl

From 0d08f6dda35c34334da1b100601dbe33a0a03ec1c554fedbbf056c1e2a696a3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Schr=C3=B6der?= <mls@suse.com>
Date: Fri, 14 Jan 2011 17:32:01 +0000
Subject: [PATCH 2/2] update to perl-5.12.3-RC1, fix CGI injection bugs

OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=53
---
 perl-5.12.2.tar.bz2                |  3 ---
 perl-5.12.3-RC1.tar.bz2            |  3 +++
 perl-5.12.2.dif => perl-5.12.3.dif |  0
 perl-cgi-injection.diff            | 39 ++++++++++++++++++++++++++++++
 perl.changes                       |  9 +++++++
 perl.spec                          | 10 +++++---
 6 files changed, 57 insertions(+), 7 deletions(-)
 delete mode 100644 perl-5.12.2.tar.bz2
 create mode 100644 perl-5.12.3-RC1.tar.bz2
 rename perl-5.12.2.dif => perl-5.12.3.dif (100%)
 create mode 100644 perl-cgi-injection.diff

diff --git a/perl-5.12.2.tar.bz2 b/perl-5.12.2.tar.bz2
deleted file mode 100644
index 23e5578..0000000
--- a/perl-5.12.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a999e0a0312fe20410a62d52fe5a290bb92e1c9bebf35f0d29c3293ded9628da
-size 12349312
diff --git a/perl-5.12.3-RC1.tar.bz2 b/perl-5.12.3-RC1.tar.bz2
new file mode 100644
index 0000000..f8d2f3e
--- /dev/null
+++ b/perl-5.12.3-RC1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a82268951b0957a823f9104e3077e64aae5b856b0bba76ea7becfdbc2d9fe20
+size 12045720
diff --git a/perl-5.12.2.dif b/perl-5.12.3.dif
similarity index 100%
rename from perl-5.12.2.dif
rename to perl-5.12.3.dif
diff --git a/perl-cgi-injection.diff b/perl-cgi-injection.diff
new file mode 100644
index 0000000..1f3136f
--- /dev/null
+++ b/perl-cgi-injection.diff
@@ -0,0 +1,39 @@
+--- ./cpan/CGI/lib/CGI.pm.orig	2010-05-07 13:34:10.000000000 +0000
++++ ./cpan/CGI/lib/CGI.pm	2011-01-12 11:35:33.000000000 +0000
+@@ -1457,7 +1457,13 @@ END_OF_FUNC
+ sub multipart_init {
+     my($self,@p) = self_or_default(@_);
+     my($boundary,@other) = rearrange_header([BOUNDARY],@p);
+-    $boundary = $boundary || '------- =_aaaaaaaaaa0';
++    if (!$boundary) {
++       $boundary = '------- =_';
++       my @chrs = ('0'..'9', 'A'..'Z', 'a'..'z');
++       for (1..17) {
++	   $boundary .= $chrs[rand(scalar @chrs)];
++       }
++    }
+     $self->{'separator'} = "$CRLF--$boundary$CRLF";
+     $self->{'final_separator'} = "$CRLF--$boundary--$CRLF";
+     $type = SERVER_PUSH($boundary);
+@@ -1545,10 +1551,17 @@ sub header {
+     # CR escaping for values, per RFC 822
+     for my $header ($type,$status,$cookie,$target,$expires,$nph,$charset,$attachment,$p3p,@other) {
+         if (defined $header) {
+-            $header =~ s/
+-                (?<=\n)    # For any character proceeded by a newline
+-                (?=\S)     # ... that is not whitespace
+-            / /xg;         # ... inject a leading space in the new line
++            # From RFC 822:
++            # Unfolding  is  accomplished  by regarding   CRLF   immediately
++            # followed  by  a  LWSP-char  as equivalent to the LWSP-char.
++            $header =~ s/$CRLF(\s)/$1/g;
++
++            # All other uses of newlines are invalid input. 
++            if ($header =~ m/$CRLF|\015|\012/) {
++                # shorten very long values in the diagnostic
++                $header = substr($header,0,72).'...' if (length $header > 72);
++                die "Invalid header value contains a newline not followed by whitespace: $header";
++            }
+         }
+     }
+ 
diff --git a/perl.changes b/perl.changes
index 9dd602f..48db2d1 100644
--- a/perl.changes
+++ b/perl.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Jan 14 18:04:16 CET 2011 - mls@suse.de
+
+- update to perl-5.12.3-RC1
+  * bug fix only release
+  * lvalue sub return values are now COW
+- fix CGI injection bugs, CVE-2010-2761, CVE-2010-4410,
+  CVE-2010-4411 [bnc#657343]
+
 -------------------------------------------------------------------
 Tue Nov 30 10:23:06 UTC 2010 - coolo@novell.com
 
diff --git a/perl.spec b/perl.spec
index 895c5e4..529c2b3 100644
--- a/perl.spec
+++ b/perl.spec
@@ -20,14 +20,14 @@
 
 Name:           perl
 Summary:        The Perl interpreter
-Version:        5.12.2
+Version:        5.12.3
 Release:        4
-%define pversion 5.12.2
+%define pversion 5.12.3
 License:        Artistic License .. ; GPLv2+
 Group:          Development/Languages/Perl
 AutoReqProv:    on
 Url:            http://www.perl.org/
-Source:         perl-5.12.2.tar.bz2
+Source:         perl-5.12.3-RC1.tar.bz2
 Source1:        %name-rpmlintrc
 Source2:        macros.perl
 Source3:        README.macros
@@ -42,6 +42,7 @@ Patch7:         perl-Fatal.diff
 Patch8:         perl-constprint.diff
 Patch9:         perl-h2ph.diff
 Patch10:        perl-HiRes.t-timeout.diff
+Patch11:        perl-cgi-injection.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         perl-base = %version
 #PreReq:         %fillup_prereq
@@ -126,7 +127,7 @@ BuildArch:      noarch
 Perl man pages and pod files.
 
 %prep
-%setup -q -n perl-5.12.2
+%setup -q -n perl-5.12.3-RC1
 cp -p %{S:3} .
 %patch0
 %patch1
@@ -140,6 +141,7 @@ cp -p %{S:3} .
 %patch8
 %patch9
 %patch10 -p1
+%patch11
 
 %build
 cp -a lib savelib