Date: Friday, October 26, 2012 @ 06:19:05 Author: bluewind Revision: 169700
upgpkg: perl 5.16.1-2 fix CVE-2012-5195 Added: perl/trunk/cve-2012-5195.patch Modified: perl/trunk/PKGBUILD ---------------------+ PKGBUILD | 9 +++++++-- cve-2012-5195.patch | 29 +++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2012-10-26 08:57:54 UTC (rev 169699) +++ PKGBUILD 2012-10-26 10:19:05 UTC (rev 169700) @@ -1,11 +1,12 @@ # $Id$ -# Maintainer: Angel Velasquez <an...@archlinux.org> +# Maintainer: Florian Pritz <bluew...@xinu.at> +# Contributor: Angel Velasquez <an...@archlinux.org> # Contributor: kevin <kevin.archlinux.org> # Contributor: judd <jvinet.zeroflux.org> # Contributor: francois <francois.archlinux.org> pkgname=perl pkgver=5.16.1 -pkgrel=1 +pkgrel=2 pkgdesc="A highly capable, feature-rich programming language" arch=(i686 x86_64) license=('GPL' 'PerlArtistic') @@ -16,12 +17,14 @@ source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2 perlbin.sh perlbin.csh +cve-2012-5195.patch provides.pl) install=perl.install options=('makeflags' '!purge') md5sums=('b87358e2c461a898cfd7c334e7dd8993' '5ed2542fdb9a60682f215bd33701e61a' '1f0cbbee783e8a6d32f01be5118e0d5e' + 'ba61b3b393b763b4f0b9e2f06757815a' '999c3eea6464860704abbb055a0f0896') # workaround to let the integrity check find the correct provides array @@ -32,6 +35,8 @@ build() { cd ${srcdir}/${pkgname}-${pkgver} + patch -i "$srcdir/cve-2012-5195.patch" -p1 + if [ "${CARCH}" = "x86_64" ]; then # for x86_64 arch_opts="-Dcccdlflags='-fPIC'" Added: cve-2012-5195.patch =================================================================== --- cve-2012-5195.patch (rev 0) +++ cve-2012-5195.patch 2012-10-26 10:19:05 UTC (rev 169700) @@ -0,0 +1,29 @@ +commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b +Author: Andy Dougherty <dough...@lafayette.edu> +Date: Thu Sep 27 09:52:18 2012 -0400 + + avoid calling memset with a negative count + + Poorly written perl code that allows an attacker to specify the count to + perl's 'x' string repeat operator can already cause a memory exhaustion + denial-of-service attack. A flaw in versions of perl before 5.15.5 can + escalate that into a heap buffer overrun; coupled with versions of glibc + before 2.16, it possibly allows the execution of arbitrary code. + + The flaw addressed to this commit has been assigned identifier + CVE-2012-5195. + +diff --git a/util.c b/util.c +index 171456f..34f5fa9 100644 +--- a/util.c ++++ b/util.c +@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I + { + PERL_ARGS_ASSERT_REPEATCPY; + ++ if (count < 0) ++ Perl_croak_nocontext("%s",PL_memory_wrap); ++ + if (len == 1) + memset(to, *from, count); + else if (count) {