This commit is contained in:
parent
7c8c1ab494
commit
db3593a33c
57
perl-regcomp-5.8.8.dif
Normal file
57
perl-regcomp-5.8.8.dif
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
--- regcomp.c.orig 2006-01-08 20:59:27.000000000 +0000
|
||||||
|
+++ regcomp.c 2007-10-19 22:49:41.000000000 +0100
|
||||||
|
@@ -136,6 +136,7 @@
|
||||||
|
I32 seen_zerolen;
|
||||||
|
I32 seen_evals;
|
||||||
|
I32 utf8;
|
||||||
|
+ I32 orig_utf8;
|
||||||
|
#if ADD_TO_REGEXEC
|
||||||
|
char *starttry; /* -Dr: where regtry was called. */
|
||||||
|
#define RExC_starttry (pRExC_state->starttry)
|
||||||
|
@@ -161,6 +162,7 @@
|
||||||
|
#define RExC_seen_zerolen (pRExC_state->seen_zerolen)
|
||||||
|
#define RExC_seen_evals (pRExC_state->seen_evals)
|
||||||
|
#define RExC_utf8 (pRExC_state->utf8)
|
||||||
|
+#define RExC_orig_utf8 (pRExC_state->orig_utf8)
|
||||||
|
|
||||||
|
#define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
|
||||||
|
#define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
|
||||||
|
@@ -1749,15 +1751,17 @@
|
||||||
|
if (exp == NULL)
|
||||||
|
FAIL("NULL regexp argument");
|
||||||
|
|
||||||
|
- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
|
||||||
|
+ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
|
||||||
|
|
||||||
|
- RExC_precomp = exp;
|
||||||
|
DEBUG_r({
|
||||||
|
if (!PL_colorset) reginitcolors();
|
||||||
|
PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
|
||||||
|
PL_colors[4],PL_colors[5],PL_colors[0],
|
||||||
|
- (int)(xend - exp), RExC_precomp, PL_colors[1]);
|
||||||
|
+ (int)(xend - exp), exp, PL_colors[1]);
|
||||||
|
});
|
||||||
|
+
|
||||||
|
+redo_first_pass:
|
||||||
|
+ RExC_precomp = exp;
|
||||||
|
RExC_flags = pm->op_pmflags;
|
||||||
|
RExC_sawback = 0;
|
||||||
|
|
||||||
|
@@ -1783,6 +1787,17 @@
|
||||||
|
RExC_precomp = Nullch;
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
+ if (RExC_utf8 && !RExC_orig_utf8) {
|
||||||
|
+ STRLEN len = xend-exp;
|
||||||
|
+ DEBUG_r(PerlIO_printf(Perl_debug_log,
|
||||||
|
+ "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
|
||||||
|
+ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
|
||||||
|
+ xend = exp + len;
|
||||||
|
+ RExC_orig_utf8 = RExC_utf8;
|
||||||
|
+ SAVEFREEPV(exp);
|
||||||
|
+ goto redo_first_pass;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
|
||||||
|
|
||||||
|
/* Small enough for pointer-storage convention?
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 6 09:58:35 CET 2007 - mls@suse.de
|
||||||
|
|
||||||
|
- fix buffer overflow in regex engine CVE-2007-5116 (#332199)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Oct 31 16:04:58 CET 2007 - dmueller@suse.de
|
Wed Oct 31 16:04:58 CET 2007 - dmueller@suse.de
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ Name: perl
|
|||||||
Url: http://www.perl.org/
|
Url: http://www.perl.org/
|
||||||
BuildRequires: db-devel gdbm-devel ncurses-devel zlib-devel
|
BuildRequires: db-devel gdbm-devel ncurses-devel zlib-devel
|
||||||
Version: 5.8.8
|
Version: 5.8.8
|
||||||
Release: 79
|
Release: 82
|
||||||
Summary: The Perl interpreter
|
Summary: The Perl interpreter
|
||||||
License: Artistic License; GPL v2 or later
|
License: Artistic License; GPL v2 or later
|
||||||
Group: Development/Languages/Perl
|
Group: Development/Languages/Perl
|
||||||
@ -30,6 +30,7 @@ Source1: %name-rpmlintrc
|
|||||||
Patch: perl-%{version}.dif
|
Patch: perl-%{version}.dif
|
||||||
Patch1: perl-gracefull-net-ftp.diff
|
Patch1: perl-gracefull-net-ftp.diff
|
||||||
Patch2: perl-makedepend.diff
|
Patch2: perl-makedepend.diff
|
||||||
|
Patch3: perl-regcomp-5.8.8.dif
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -79,6 +80,7 @@ Authors:
|
|||||||
%patch
|
%patch
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2
|
%patch2
|
||||||
|
%patch3
|
||||||
|
|
||||||
%build
|
%build
|
||||||
options="-Doptimize='$RPM_OPT_FLAGS -Wall -pipe'"
|
options="-Doptimize='$RPM_OPT_FLAGS -Wall -pipe'"
|
||||||
@ -133,6 +135,8 @@ d="`gcc -print-file-name=include`"
|
|||||||
test -f "$d/stdarg.h" && (cd $d ; $RPM_BUILD_ROOT/usr/bin/perl -I$cp -I$cpa $RPM_BUILD_ROOT/usr/bin/h2ph -d $vpa stdarg.h stddef.h float.h)
|
test -f "$d/stdarg.h" && (cd $d ; $RPM_BUILD_ROOT/usr/bin/perl -I$cp -I$cpa $RPM_BUILD_ROOT/usr/bin/h2ph -d $vpa stdarg.h stddef.h float.h)
|
||||||
touch $RPM_BUILD_ROOT/usr/share/man/man3/perllocal.3pm
|
touch $RPM_BUILD_ROOT/usr/share/man/man3/perllocal.3pm
|
||||||
touch $cpa/perllocal.pod
|
touch $cpa/perllocal.pod
|
||||||
|
# test CVE-2007-5116
|
||||||
|
$RPM_BUILD_ROOT/usr/bin/perl -e '$r=chr(128)."\\x{100}";/$r/'
|
||||||
%if 0
|
%if 0
|
||||||
# remove unrelated target/os manpages
|
# remove unrelated target/os manpages
|
||||||
rm $RPM_BUILD_ROOT/usr/share/man/man1/perlaix.1*
|
rm $RPM_BUILD_ROOT/usr/share/man/man1/perlaix.1*
|
||||||
@ -266,6 +270,8 @@ cat perl-base-filelist | sed -e 's/^/%exclude /g' > perl-base-excludes
|
|||||||
%doc /usr/share/man/man3/*
|
%doc /usr/share/man/man3/*
|
||||||
%ghost %doc /usr/share/man/man3/perllocal.3pm.gz
|
%ghost %doc /usr/share/man/man3/perllocal.3pm.gz
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 06 2007 - mls@suse.de
|
||||||
|
- fix buffer overflow in regex engine CVE-2007-5116 (#332199)
|
||||||
* Wed Oct 31 2007 - dmueller@suse.de
|
* Wed Oct 31 2007 - dmueller@suse.de
|
||||||
- update rpmlintrc
|
- update rpmlintrc
|
||||||
* Fri May 25 2007 - ro@suse.de
|
* Fri May 25 2007 - ro@suse.de
|
||||||
|
Loading…
Reference in New Issue
Block a user