Date: Friday, March 15, 2013 @ 22:24:52 Author: bluewind Revision: 180064
upgpkg: perl 5.16.3-1 upstream update Modified: perl/trunk/PKGBUILD Deleted: perl/trunk/CVE-2013-1667.patch ---------------------+ CVE-2013-1667.patch | 50 -------------------------------------------------- PKGBUILD | 9 +++------ 2 files changed, 3 insertions(+), 56 deletions(-) Deleted: CVE-2013-1667.patch =================================================================== --- CVE-2013-1667.patch 2013-03-15 19:12:01 UTC (rev 180063) +++ CVE-2013-1667.patch 2013-03-15 21:24:52 UTC (rev 180064) @@ -1,50 +0,0 @@ -commit 9ec0b001b87d32f1d39b038b72846a5c20417be3 (refs/remotes/origin/maint-5.16) -Author: Andy Dougherty <[email protected]> -Date: Wed Jan 16 12:30:43 2013 -0500 - - Avoid wraparound when casting unsigned size_t to signed ssize_t. - - Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit - system. In that instance a value of count >= 2**31 would turn negative - when cast to (ssize_t). - -diff --git a/perlio.c b/perlio.c -index 7782728..cccfdcd 100644 ---- a/perlio.c -+++ b/perlio.c -@@ -2164,7 +2164,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count) - SSize_t avail = PerlIO_get_cnt(f); - SSize_t take = 0; - if (avail > 0) -- take = ((SSize_t)count < avail) ? (SSize_t)count : avail; -+ take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail; - if (take > 0) { - STDCHAR *ptr = PerlIO_get_ptr(f); - Copy(ptr, buf, take, STDCHAR); -@@ -4098,7 +4098,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count) - */ - b->posn -= b->bufsiz; - } -- if (avail > (SSize_t) count) { -+ if ((SSize_t) count >= 0 && avail > (SSize_t) count) { - /* - * If we have space for more than count, just move count - */ -@@ -4148,7 +4148,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count) - } - while (count > 0) { - SSize_t avail = b->bufsiz - (b->ptr - b->buf); -- if ((SSize_t) count < avail) -+ if ((SSize_t) count >= 0 && (SSize_t) count < avail) - avail = count; - if (flushptr > buf && flushptr <= buf + avail) - avail = flushptr - buf; -@@ -4423,7 +4423,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count) - { - SSize_t avail = PerlIO_get_cnt(f); - SSize_t got = 0; -- if ((SSize_t)count < avail) -+ if ((SSize_t) count >= 0 && (SSize_t)count < avail) - avail = count; - if (avail > 0) - got = PerlIOBuf_read(aTHX_ f, vbuf, avail); Modified: PKGBUILD =================================================================== --- PKGBUILD 2013-03-15 19:12:01 UTC (rev 180063) +++ PKGBUILD 2013-03-15 21:24:52 UTC (rev 180064) @@ -6,8 +6,8 @@ # Contributor: francois <francois.archlinux.org> pkgname=perl -pkgver=5.16.2 -pkgrel=4 +pkgver=5.16.3 +pkgrel=1 pkgdesc="A highly capable, feature-rich programming language" arch=(i686 x86_64) license=('GPL' 'PerlArtistic') @@ -16,15 +16,13 @@ depends=('gdbm' 'db' 'coreutils' 'glibc' 'sh') source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2 cgi-cr-escaping.diff - CVE-2013-1667.patch perlbin.sh perlbin.csh provides.pl) install=perl.install options=('makeflags' '!purge') -md5sums=('2818ab01672f005a4e552a713aa27b08' +md5sums=('025102de0e4a597cf541e57da80c6aa3' '0486659c9eefe682364a3e364d814296' - '3725d479a42547c6bae33b793b948054' '5ed2542fdb9a60682f215bd33701e61a' '1f0cbbee783e8a6d32f01be5118e0d5e' '999c3eea6464860704abbb055a0f0896') @@ -37,7 +35,6 @@ cd ${srcdir}/${pkgname}-${pkgver} patch -i "$srcdir/cgi-cr-escaping.diff" -p1 - patch -i "$srcdir/CVE-2013-1667.patch" -p1 if [ "${CARCH}" = "x86_64" ]; then # for x86_64
