From bcc016af5d9658c7344b9f28bc744409b47e627983231d19f54e8b06b175b7ad Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Sat, 23 Sep 2017 12:12:52 +0000 Subject: [PATCH] - update to perl-5.26.1 * [CVE-2017-12837] Heap buffer overflow in regular expression compiler * [CVE-2017-12883] Buffer over-read in regular expression parser * tons of bug fixes - update list of obsoletes OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=152 --- perl-5.26.0.tar.xz | 3 -- perl-5.26.1.tar.xz | 3 ++ perl-incfix.diff | 4 +-- perl-regexp-refoverflow.diff | 2 +- perl-saverecontext.diff | 2 +- perl.changes | 9 +++++ perl.spec | 68 ++++++++++++++++++------------------ 7 files changed, 50 insertions(+), 41 deletions(-) delete mode 100644 perl-5.26.0.tar.xz create mode 100644 perl-5.26.1.tar.xz diff --git a/perl-5.26.0.tar.xz b/perl-5.26.0.tar.xz deleted file mode 100644 index ae11858..0000000 --- a/perl-5.26.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9bf2e3d0d72aad77865c3bdbc20d3b576d769c5c255c4ceb30fdb9335266bf55 -size 11961692 diff --git a/perl-5.26.1.tar.xz b/perl-5.26.1.tar.xz new file mode 100644 index 0000000..ffce986 --- /dev/null +++ b/perl-5.26.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe8208133e73e47afc3251c08d2c21c5a60160165a8ab8b669c43a420e4ec680 +size 11922848 diff --git a/perl-incfix.diff b/perl-incfix.diff index 42cbfd3..307a74d 100644 --- a/perl-incfix.diff +++ b/perl-incfix.diff @@ -2,7 +2,7 @@ Index: perl.c =================================================================== --- perl.c.orig +++ perl.c -@@ -4544,11 +4544,13 @@ S_init_perllib(pTHX) +@@ -4579,11 +4579,13 @@ S_init_perllib(pTHX) # endif #endif @@ -16,7 +16,7 @@ Index: perl.c if (!TAINTING_get) { #ifndef VMS -@@ -4590,20 +4592,19 @@ S_init_perllib(pTHX) +@@ -4625,20 +4627,19 @@ S_init_perllib(pTHX) #if defined(SITELIB_STEM) && defined(PERL_INC_VERSION_LIST) /* Search for version-specific dirs below here */ S_incpush_use_sep(aTHX_ STR_WITH_LEN(SITELIB_STEM), diff --git a/perl-regexp-refoverflow.diff b/perl-regexp-refoverflow.diff index fc7111a..29f727f 100644 --- a/perl-regexp-refoverflow.diff +++ b/perl-regexp-refoverflow.diff @@ -2,7 +2,7 @@ Index: regcomp.c =================================================================== --- regcomp.c.orig +++ regcomp.c -@@ -10742,7 +10742,7 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I +@@ -10988,7 +10988,7 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I ret = reg2Lanode(pRExC_state, GOSUB, num, RExC_recurse_count); if (!SIZE_ONLY) { diff --git a/perl-saverecontext.diff b/perl-saverecontext.diff index 35e2a46..07b9712 100644 --- a/perl-saverecontext.diff +++ b/perl-saverecontext.diff @@ -2,7 +2,7 @@ Index: regcomp.c =================================================================== --- regcomp.c.orig +++ regcomp.c -@@ -19613,8 +19613,21 @@ Perl_save_re_context(pTHX) +@@ -19959,8 +19959,21 @@ Perl_save_re_context(pTHX) if (gvp) { GV * const gv = *gvp; diff --git a/perl.changes b/perl.changes index cfa606e..126b032 100644 --- a/perl.changes +++ b/perl.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Sat Sep 23 10:40:59 UTC 2017 - coolo@suse.com + +- update to perl-5.26.1 + * [CVE-2017-12837] Heap buffer overflow in regular expression compiler + * [CVE-2017-12883] Buffer over-read in regular expression parser + * tons of bug fixes +- update list of obsoletes + ------------------------------------------------------------------- Wed Aug 30 14:44:49 CEST 2017 - mls@suse.de diff --git a/perl.spec b/perl.spec index de1b34e..4477505 100644 --- a/perl.spec +++ b/perl.spec @@ -21,9 +21,9 @@ Name: perl Summary: The Perl interpreter License: Artistic-1.0 or GPL-2.0+ Group: Development/Languages/Perl -Version: 5.26.0 +Version: 5.26.1 Release: 0 -%define pversion 5.26.0 +%define pversion 5.26.1 Url: http://www.perl.org/ Source: http://www.cpan.org/src/5.0/perl-%{version}.tar.xz Source1: %name-rpmlintrc @@ -59,60 +59,60 @@ Provides: perl = %pversion-%release Provides: perl-500 Provides: perl(:MODULE_COMPAT_%pversion) %global versionlist %nil -Provides: perl-Filter-Simple = 0.92 -Obsoletes: perl-Filter-Simple <= 0.92 -Provides: perl-I18N-LangTags = 0.40 -Obsoletes: perl-I18N-LangTags <= 0.40 +Provides: perl-Filter-Simple = 0.93 +Obsoletes: perl-Filter-Simple <= 0.93 +Provides: perl-I18N-LangTags = 0.42 +Obsoletes: perl-I18N-LangTags <= 0.42 Provides: perl-MIME-Base64 = 3.15 Obsoletes: perl-MIME-Base64 <= 3.15 -Provides: perl-Storable = 2.56 -Obsoletes: perl-Storable <= 2.56 -Provides: perl-Test-Simple = 1.001014 -Obsoletes: perl-Test-Simple <= 1.001014 +Provides: perl-Storable = 2.62 +Obsoletes: perl-Storable <= 2.62 +Provides: perl-Test-Simple = 1.302073 +Obsoletes: perl-Test-Simple <= 1.302073 Provides: perl-Text-Balanced = 2.03 Obsoletes: perl-Text-Balanced <= 2.03 -Provides: perl-Time-HiRes = 1.9733 -Obsoletes: perl-Time-HiRes <= 1.9733 +Provides: perl-Time-HiRes = 1.9741 +Obsoletes: perl-Time-HiRes <= 1.9741 Provides: perl-libnet = 3.08 Obsoletes: perl-libnet <= 3.08 -Provides: perl-Compress-Raw-Zlib = 2.069 -Obsoletes: perl-Compress-Raw-Zlib <= 2.069 -Provides: perl-Compress-Zlib = 2.069 -Obsoletes: perl-Compress-Zlib <= 2.069 -Provides: perl-IO-Compress-Base = 2.069 -Obsoletes: perl-IO-Compress-Base <= 2.069 -Provides: perl-IO-Compress-Zlib = 2.069 -Obsoletes: perl-IO-Compress-Zlib <= 2.069 +Provides: perl-Compress-Raw-Zlib = 2.074 +Obsoletes: perl-Compress-Raw-Zlib <= 2.074 +Provides: perl-Compress-Zlib = 2.074 +Obsoletes: perl-Compress-Zlib <= 2.074 +Provides: perl-IO-Compress-Base = 2.074 +Obsoletes: perl-IO-Compress-Base <= 2.074 +Provides: perl-IO-Compress-Zlib = 2.074 +Obsoletes: perl-IO-Compress-Zlib <= 2.074 Provides: perl-IO-Zlib = 1.10 Obsoletes: perl-IO-Zlib <= 1.10 -Provides: perl-Archive-Tar = 2.04 -Obsoletes: perl-Archive-Tar <= 2.04 +Provides: perl-Archive-Tar = 2.24 +Obsoletes: perl-Archive-Tar <= 2.24 Provides: perl-Locale-Maketext-Simple = 0.21 Obsoletes: perl-Locale-Maketext-Simple <= 0.21 Provides: perl-Pod-Escapes = 1.07 Obsoletes: perl-Pod-Escapes <= 1.07 -Provides: perl-Pod-Simple = 3.32 -Obsoletes: perl-Pod-Simple <= 3.32 -Provides: perl-ExtUtils-ParseXS = 3.31 -Obsoletes: perl-ExtUtils-ParseXS <= 3.31 -Provides: perl-CPAN-Meta = 2.150005 -Obsoletes: perl-CPAN-Meta <= 2.150005 +Provides: perl-Pod-Simple = 3.35 +Obsoletes: perl-Pod-Simple <= 3.35 +Provides: perl-ExtUtils-ParseXS = 3.34 +Obsoletes: perl-ExtUtils-ParseXS <= 3.34 +Provides: perl-CPAN-Meta = 2.150010 +Obsoletes: perl-CPAN-Meta <= 2.150010 Provides: perl-CPAN-Meta-YAML = 0.018 Obsoletes: perl-CPAN-Meta-YAML <= 0.018 Provides: perl-ExtUtils-CBuilder = 0.280225 Obsoletes: perl-ExtUtils-CBuilder <= 0.280225 -Provides: perl-IO-Socket-IP = 0.37 -Obsoletes: perl-IO-Socket-IP <= 0.37 +Provides: perl-IO-Socket-IP = 0.38 +Obsoletes: perl-IO-Socket-IP <= 0.38 Provides: perl-Parse-CPAN-Meta = 1.4417 Obsoletes: perl-Parse-CPAN-Meta <= 1.4417 Provides: perl-PathTools = 3.63 Obsoletes: perl-PathTools <= 3.63 Provides: perl-autodie = 2.29 Obsoletes: perl-autodie <= 2.29 -Provides: perl-Test-Harness = 3.36 -Obsoletes: perl-Test-Harness <= 3.36 -Provides: perl-version = 0.9916 -Obsoletes: perl-version <= 0.9916 +Provides: perl-Test-Harness = 3.38 +Obsoletes: perl-Test-Harness <= 3.38 +Provides: perl-version = 0.9917 +Obsoletes: perl-version <= 0.9917 %description perl - Practical Extraction and Report Language