[arch-commits] Commit in perl/trunk (CVE-2012-6329.patch PKGBUILD)

Wed, 10 Apr 2013 11:55:53 -0700 

    Date: Wednesday, April 10, 2013 @ 20:55:46
  Author: bluewind
Revision: 182429

upgpkg: perl 5.16.3-2

fix CVE-2012-6329

Added:
  perl/trunk/CVE-2012-6329.patch
Modified:
  perl/trunk/PKGBUILD

---------------------+
 CVE-2012-6329.patch |   79 ++++++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD            |    5 ++-
 2 files changed, 83 insertions(+), 1 deletion(-)

Added: CVE-2012-6329.patch
===================================================================
--- CVE-2012-6329.patch                         (rev 0)
+++ CVE-2012-6329.patch 2013-04-10 18:55:46 UTC (rev 182429)
@@ -0,0 +1,79 @@
+commit 1735f6f53ca19f99c6e9e39496c486af323ba6a8
+Author: Brian Carlson <[email protected]>
+Date:   Wed Nov 28 08:54:33 2012 -0500
+
+    Fix misparsing of maketext strings.
+    
+    Case 61251: This commit fixes a misparse of maketext strings that could
+    lead to arbitrary code execution.  Basically, maketext was compiling
+    bracket notation into functions, but neglected to escape backslashes
+    inside the content or die on fully-qualified method names when
+    generating the code.  This change escapes all such backslashes and dies
+    when a method name with a colon or apostrophe is specified.
+---
+ AUTHORS                                     |  1 +
+ dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++----------------
+ 2 files changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/AUTHORS b/AUTHORS
+index 70734b0..009dea0 100644
+--- a/AUTHORS
++++ b/AUTHORS
+@@ -154,6 +154,7 @@ Breno G. de Oliveira               <[email protected]>
+ Brent Dax                     <[email protected]>
+ Brooks D Boyd
+ Brian Callaghan                       <[email protected]>
++Brian Carlson                 <[email protected]>
+ Brian Clarke                  <[email protected]>
+ brian d foy                   <[email protected]>
+ Brian Fraser                  <[email protected]>
+diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm 
b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+index 4822027..63e5fba 100644
+--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
++++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+@@ -625,21 +625,9 @@ sub _compile {
+                         # 0-length method name means to just interpolate:
+                         push @code, ' (';
+                     }
+-                    elsif($m =~ /^\w+(?:\:\:\w+)*$/s
+-                            and $m !~ m/(?:^|\:)\d/s
+-                        # exclude starting a (sub)package or symbol with a 
digit
++                    elsif($m =~ /^\w+$/s
++                        # exclude anything fancy, especially fully-qualified 
module names
+                     ) {
+-                        # Yes, it even supports the demented (and 
undocumented?)
+-                        #  $obj->Foo::bar(...) syntax.
+-                        $target->_die_pointing(
+-                            $string_to_compile, q{Can't use "SUPER::" in a 
bracket-group method},
+-                            2 + length($c[-1])
+-                        )
+-                        if $m =~ m/^SUPER::/s;
+-                        # Because for SUPER:: to work, we'd have to compile 
this into
+-                        #  the right package, and that seems just not worth 
the bother,
+-                        #  unless someone convinces me otherwise.
+-
+                         push @code, ' $_[0]->' . $m . '(';
+                     }
+                     else {
+@@ -693,7 +681,9 @@ sub _compile {
+             elsif(substr($1,0,1) ne '~') {
+                 # it's stuff not containing "~" or "[" or "]"
+                 # i.e., a literal blob
+-                $c[-1] .= $1;
++                my $text = $1;
++                $text =~ s/\\/\\\\/g;
++                $c[-1] .= $text;
+ 
+             }
+             elsif($1 eq '~~') { # "~~"
+@@ -731,7 +721,9 @@ sub _compile {
+             else {
+                 # It's a "~X" where X is not a special character.
+                 # Consider it a literal ~ and X.
+-                $c[-1] .= $1;
++                my $text = $1;
++                $text =~ s/\\/\\\\/g;
++                $c[-1] .= $text;
+             }
+         }
+     }

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2013-04-10 15:22:37 UTC (rev 182428)
+++ PKGBUILD    2013-04-10 18:55:46 UTC (rev 182429)
@@ -7,7 +7,7 @@
 
 pkgname=perl
 pkgver=5.16.3
-pkgrel=1
+pkgrel=2
 pkgdesc="A highly capable, feature-rich programming language"
 arch=(i686 x86_64)
 license=('GPL' 'PerlArtistic')
@@ -18,6 +18,7 @@
         cgi-cr-escaping.diff
         perlbin.sh
         perlbin.csh
+               CVE-2012-6329.patch
         provides.pl)
 install=perl.install
 options=('makeflags' '!purge')
@@ -25,6 +26,7 @@
          '0486659c9eefe682364a3e364d814296'
          '5ed2542fdb9a60682f215bd33701e61a'
          '1f0cbbee783e8a6d32f01be5118e0d5e'
+         '5dc374e095d896fb30618e414aeb9017'
          '999c3eea6464860704abbb055a0f0896')
 # workaround to let the integrity check find the correct provides array
 if [[ ${0##*/} = "parse_pkgbuilds.sh" ]]; then
@@ -35,6 +37,7 @@
   cd ${srcdir}/${pkgname}-${pkgver}
 
   patch -i "$srcdir/cgi-cr-escaping.diff" -p1
+  patch -i "$srcdir/CVE-2012-6329.patch" -p1
 
   if [ "${CARCH}" = "x86_64" ]; then
     # for x86_64

Reply via email to