Hello community, here is the log from the commit of package perl for openSUSE:11.3 checked in at Fri May 6 15:22:25 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/perl/perl.changes 2011-01-12 13:02:12.000000000 +0100 +++ 11.3/perl/perl.changes 2011-05-03 18:16:30.000000000 +0200 @@ -1,0 +2,10 @@ +Tue May 3 14:30:03 CEST 2011 - [email protected] + +- fix regexp crash in reg_numbered_buff_fetch [bnc#676086] + [CVE-2010-4777] +- fix lc() uc() tainting [bnc#684799] [CVE-2011-1487] +- move unicode files from perl-doc to perl again [bnc#678877] +- remove [email protected] mail address, it no longer exists + [bnc#657625] + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- perl-lcuctaint.diff perl-saverecontext.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl.spec ++++++ --- /var/tmp/diff_new_pack.CdTcfA/_old 2011-05-06 15:21:59.000000000 +0200 +++ /var/tmp/diff_new_pack.CdTcfA/_new 2011-05-06 15:21:59.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package perl (Version 5.12.1) +# spec file for package perl # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -21,7 +21,7 @@ Name: perl Summary: The Perl interpreter Version: 5.12.1 -Release: 2.<RELEASE3> +Release: 2.<RELEASE5> %define pversion 5.12.1 License: Artistic License .. ; GPLv2+ Group: Development/Languages/Perl @@ -43,6 +43,8 @@ Patch8: perl-constprint.diff Patch9: perl-h2ph.diff Patch10: perl-cgi-injection.diff +Patch11: perl-lcuctaint.diff +Patch12: perl-saverecontext.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: perl-base = %version #PreReq: %fillup_prereq @@ -160,6 +162,8 @@ %patch8 %patch9 %patch10 +%patch11 +%patch12 %build cp -a lib savelib @@ -376,8 +380,6 @@ %defattr(-,root,root) %exclude /usr/bin/perl %exclude /usr/bin/perl%pversion -%exclude /usr/lib/perl5/*/Unicode/*/*.txt -%exclude /usr/lib/perl5/*/unicore/*.txt /usr/bin/* /usr/lib/perl5/* %config %{_sysconfdir}/rpm/macros.perl @@ -394,7 +396,5 @@ %doc /usr/share/man/man1/* %doc /usr/share/man/man3/* %doc /usr/lib/perl5/*/pod -%doc /usr/lib/perl5/*/Unicode/*/*.txt -%doc /usr/lib/perl5/*/unicore/*.txt %changelog ++++++ perl-5.12.1.dif ++++++ --- /var/tmp/diff_new_pack.CdTcfA/_old 2011-05-06 15:21:59.000000000 +0200 +++ /var/tmp/diff_new_pack.CdTcfA/_new 2011-05-06 15:21:59.000000000 +0200 @@ -503,7 +503,7 @@ +sparc64-linux) glibpth="/lib64 /usr/lib64";; +esac + -+cf_email='[email protected]' ++cf_email='none' +#libs='-lgdbm -ldb -ldl -lm -lc' +#libs='-ldl -lm -lc' + ++++++ perl-lcuctaint.diff ++++++ --- ./pp.c.orig 2010-05-13 22:01:07.000000000 +0000 +++ ./pp.c 2011-04-26 14:45:59.000000000 +0000 @@ -3946,6 +3946,8 @@ PP(pp_ucfirst) SvCUR_set(dest, need - 1); } } + if (dest != source && SvTAINTED(source)) + SvTAINT(dest); SvSETMAGIC(dest); RETURN; } @@ -4219,6 +4221,8 @@ PP(pp_uc) SvCUR_set(dest, d - (U8*)SvPVX_const(dest)); } } /* End of isn't utf8 */ + if (dest != source && SvTAINTED(source)) + SvTAINT(dest); SvSETMAGIC(dest); RETURN; } @@ -4430,6 +4434,8 @@ PP(pp_lc) SvCUR_set(dest, d - (U8*)SvPVX_const(dest)); } } + if (dest != source && SvTAINTED(source)) + SvTAINT(dest); SvSETMAGIC(dest); RETURN; } ++++++ perl-saverecontext.diff ++++++ --- ./regcomp.c.orig 2011-04-27 14:19:37.000000000 +0000 +++ ./regcomp.c 2011-04-27 14:21:58.000000000 +0000 @@ -9912,8 +9912,23 @@ Perl_save_re_context(pTHX) if (gvp) { GV * const gv = *gvp; - if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) - save_scalar(gv); + if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) { + /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */ + SV ** const sptr = &GvSVn(gv); + SV * osv = *sptr; + SV * nsv = newSV(0); + save_pushptrptr(SvREFCNT_inc_simple(gv), SvREFCNT_inc(osv), SAVEt_SV); + if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) && SvTYPE(osv) != SVt_PVGV) { + if (SvGMAGICAL(osv)) { + const bool oldtainted = PL_tainted; + SvFLAGS(osv) |= (SvFLAGS(osv) & + (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT; + PL_tainted = oldtainted; + } + mg_localize(osv, nsv, 1); + } + *sptr = nsv; + } } } } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
