Author: ken Date: 2011-11-15 20:54:23 -0700 (Tue, 15 Nov 2011) New Revision: 2329
Added: trunk/perl/perl-5.10.x-security_fixes-1.patch trunk/perl/perl-5.12.x-security_fixes-1.patch trunk/perl/perl-5.14.2-security_fixes.patch Log: Fixes for CVE-2011-3597 (and CVE-2011-2939 with older versions of perl) : patching the version originally used avoids having to recompile any perl modules added in BLFS Added: trunk/perl/perl-5.10.x-security_fixes-1.patch =================================================================== --- trunk/perl/perl-5.10.x-security_fixes-1.patch (rev 0) +++ trunk/perl/perl-5.10.x-security_fixes-1.patch 2011-11-16 03:54:23 UTC (rev 2329) @@ -0,0 +1,72 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2011-11-16 +Initial Package Version: 5.10-series +Upstream Status: Applied +Origin: found at debian +Description: + + Fixes for CVE-2011-2939 and CVE-2011-3597, backported to perl-5.10. +These probably also apply to perl-5.8 >= 5.8.5 if anyone is still using that. + + For 5.10.1 these should be applied with the utf8-1.patch. + +1. From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <[email protected]> +Date: Tue, 4 Oct 2011 13:46:39 +0200 +Subject: [PATCH] Fix code injection in Digest + +See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details. +--- + lib/Digest/Digest.pm | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + + Backported to 5.10 by Ken Moffat (file is in lib/ not cpan/Digest/) + +2. From 2e6e1e81494d349380e13ca735d1774bf124bd60 Mon Sep 17 00:00:00 2001 +From: Chris 'BinGOs' Williams <[email protected]> +Date: Wed, 10 Aug 2011 19:09:32 +0100 +Subject: Fix decode_xs n-byte heap-overflow security bug in Unicode.xs + +Bug-Debian: http://bugs.debian.org/637376 +Origin: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 + + Backported to 5.10 (file is in ext/ not cpan/) by Ken Moffat + +--- + ext/Encode/Unicode/Unicode.xs | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletions(-) + +diff --git a/lib/Digest.pm b/lib/Digest.pm +index 384dfc8..4b923ae 100644 +--- a/lib/Digest.pm ++++ b/lib/Digest.pm +@@ -35,7 +35,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; +-- + +diff --git a/ext/Encode/Unicode/Unicode.xs b/ext/Encode/Unicode/Unicode.xs +index 9741626..70ae001 100644 +--- a/ext/Encode/Unicode/Unicode.xs ++++ b/ext/Encode/Unicode/Unicode.xs +@@ -246,7 +246,10 @@ CODE: + This prevents allocating too much in the rogue case of a large + input consisting initially of long sequence uft8-byte unicode + chars followed by single utf8-byte chars. */ +- STRLEN remaining = (e - s)/usize; ++ /* +1 ++ fixes Unicode.xs!decode_xs n-byte heap-overflow ++ */ ++ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ + STRLEN max_alloc = remaining + (8*1024*1024); + STRLEN est_alloc = remaining * UTF8_MAXLEN; + STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ +1.7.6.4 Added: trunk/perl/perl-5.12.x-security_fixes-1.patch =================================================================== --- trunk/perl/perl-5.12.x-security_fixes-1.patch (rev 0) +++ trunk/perl/perl-5.12.x-security_fixes-1.patch 2011-11-16 03:54:23 UTC (rev 2329) @@ -0,0 +1,79 @@ +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> +Date: 2011-11-16 +Initial Package Version: 5.12-series and also 5.14 <= 5.14.1 +Upstream Status: Applied +Origin: found at debian +Description: + + Fixes for CVE-2011-2939 and CVE-2011-3597, for perl-5.12 and 5.14 +up to and including 5.14.1. + +1. From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <[email protected]> +Date: Tue, 4 Oct 2011 13:46:39 +0200 +Subject: [PATCH] Fix code injection in Digest + +See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details. +--- + lib/Digest/Digest.pm | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +2. From 2e6e1e81494d349380e13ca735d1774bf124bd60 Mon Sep 17 00:00:00 2001 +From: Chris 'BinGOs' Williams <[email protected]> +Date: Wed, 10 Aug 2011 19:09:32 +0100 +Subject: Fix decode_xs n-byte heap-overflow security bug in Unicode.xs + +Bug-Debian: http://bugs.debian.org/637376 +Origin: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 + +--- + ext/Encode/Unicode/Unicode.xs | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletions(-) + +From 2e6e1e81494d349380e13ca735d1774bf124bd60 Mon Sep 17 00:00:00 2001 +From: Chris 'BinGOs' Williams <[email protected]> +Date: Wed, 10 Aug 2011 19:09:32 +0100 +Subject: Fix decode_xs n-byte heap-overflow security bug in Unicode.xs + +Bug-Debian: http://bugs.debian.org/637376 +Origin: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 + +--- + cpan/Encode/Unicode/Unicode.xs | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletions(-) + +diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs +index 9741626..70ae001 100644 +--- a/cpan/Encode/Unicode/Unicode.xs ++++ b/cpan/Encode/Unicode/Unicode.xs +@@ -246,7 +246,10 @@ CODE: + This prevents allocating too much in the rogue case of a large + input consisting initially of long sequence uft8-byte unicode + chars followed by single utf8-byte chars. */ +- STRLEN remaining = (e - s)/usize; ++ /* +1 ++ fixes Unicode.xs!decode_xs n-byte heap-overflow ++ */ ++ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ + STRLEN max_alloc = remaining + (8*1024*1024); + STRLEN est_alloc = remaining * UTF8_MAXLEN; + STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ + +diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm +index 384dfc8..4b923ae 100644 +--- a/cpan/Digest/Digest.pm ++++ b/cpan/Digest/Digest.pm +@@ -35,7 +35,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; +-- +1.7.6.4 + Added: trunk/perl/perl-5.14.2-security_fixes.patch =================================================================== --- trunk/perl/perl-5.14.2-security_fixes.patch (rev 0) +++ trunk/perl/perl-5.14.2-security_fixes.patch 2011-11-16 03:54:23 UTC (rev 2329) @@ -0,0 +1,28 @@ +From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <[email protected]> +Date: Tue, 4 Oct 2011 13:46:39 +0200 +Subject: [PATCH] Fix code injection in Digest + +See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details. +--- + cpan/Digest/Digest.pm | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm +index 384dfc8..4b923ae 100644 +--- a/cpan/Digest/Digest.pm ++++ b/cpan/Digest/Digest.pm +@@ -35,7 +35,9 @@ sub new + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; +-- +1.7.6.4 + -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
