commit perl for openSUSE:11.3

2011-11-22 Thread h_root 

Hello community,

here is the log from the commit of package perl for openSUSE:11.3
checked in at Tue Nov 22 15:48:30 CET 2011.




--- old-versions/11.3/UPDATES/all/perl/perl.changes 2011-05-03 
18:16:30.0 +0200
+++ 11.3/perl/perl.changes  2011-11-21 18:28:45.0 +0100
@@ -1,0 +2,5 @@
+Mon Nov 21 18:25:02 CET 2011 - m...@suse.de
+
+- fix heap overflow bug in Unicode.xs [bnc#728662] [CVE-2011-2939]
+
+---

calling whatdependson for 11.3-i586


New:

  perl-decode_xs.diff



Other differences:
--
++ perl.spec ++
--- /var/tmp/diff_new_pack.VtXLkj/_old  2011-11-22 15:32:01.0 +0100
+++ /var/tmp/diff_new_pack.VtXLkj/_new  2011-11-22 15:32:01.0 +0100
@@ -21,7 +21,7 @@
 Name:   perl
 Summary:The Perl interpreter
 Version:5.12.1
-Release:2.RELEASE5
+Release:2.RELEASE7
 %define pversion 5.12.1
 License:Artistic License .. ; GPLv2+
 Group:  Development/Languages/Perl
@@ -45,6 +45,7 @@
 Patch10:perl-cgi-injection.diff
 Patch11:perl-lcuctaint.diff
 Patch12:perl-saverecontext.diff
+Patch13:perl-decode_xs.diff
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 PreReq: perl-base = %version
 #PreReq: %fillup_prereq
@@ -164,6 +165,7 @@
 %patch10
 %patch11
 %patch12
+%patch13
 
 %build
 cp -a lib savelib

++ perl-decode_xs.diff ++
--- ./cpan/Encode/Unicode/Unicode.xs.orig   2011-11-21 17:10:28.0 
+
+++ ./cpan/Encode/Unicode/Unicode.xs2011-11-21 17:11:35.0 +
@@ -246,7 +246,8 @@ CODE:
   This prevents allocating too much in the rogue case of a large
   input consisting initially of long sequence uft8-byte unicode
   chars followed by single utf8-byte chars. */
-   STRLEN remaining = (e - s)/usize;
+   /* +1 fixes Unicode.xs!decode_xs n-byte heap-overflow */
+   STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
STRLEN max_alloc = remaining + (8*1024*1024);
STRLEN est_alloc = remaining * UTF8_MAXLEN;
STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
continue with q...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit perl for openSUSE:11.3

2011-05-06 Thread h_root 

Hello community,

here is the log from the commit of package perl for openSUSE:11.3
checked in at Fri May 6 15:22:25 CEST 2011.




--- old-versions/11.3/UPDATES/all/perl/perl.changes 2011-01-12 
13:02:12.0 +0100
+++ 11.3/perl/perl.changes  2011-05-03 18:16:30.0 +0200
@@ -1,0 +2,10 @@
+Tue May  3 14:30:03 CEST 2011 - m...@suse.de
+
+- fix regexp crash in reg_numbered_buff_fetch [bnc#676086]
+  [CVE-2010-4777]
+- fix lc() uc() tainting [bnc#684799] [CVE-2011-1487]
+- move unicode files from perl-doc to perl again [bnc#678877]
+- remove feedb...@suse.de mail address, it no longer exists
+  [bnc#657625]
+
+---

calling whatdependson for 11.3-i586


New:

  perl-lcuctaint.diff
  perl-saverecontext.diff



Other differences:
--
++ perl.spec ++
--- /var/tmp/diff_new_pack.CdTcfA/_old  2011-05-06 15:21:59.0 +0200
+++ /var/tmp/diff_new_pack.CdTcfA/_new  2011-05-06 15:21:59.0 +0200
@@ -1,5 +1,5 @@
 #
-# spec file for package perl (Version 5.12.1)
+# spec file for package perl
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -21,7 +21,7 @@
 Name:   perl
 Summary:The Perl interpreter
 Version:5.12.1
-Release:2.RELEASE3
+Release:2.RELEASE5
 %define pversion 5.12.1
 License:Artistic License .. ; GPLv2+
 Group:  Development/Languages/Perl
@@ -43,6 +43,8 @@
 Patch8: perl-constprint.diff
 Patch9: perl-h2ph.diff
 Patch10:perl-cgi-injection.diff
+Patch11:perl-lcuctaint.diff
+Patch12:perl-saverecontext.diff
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 PreReq: perl-base = %version
 #PreReq: %fillup_prereq
@@ -160,6 +162,8 @@
 %patch8
 %patch9
 %patch10
+%patch11
+%patch12
 
 %build
 cp -a lib savelib
@@ -376,8 +380,6 @@
 %defattr(-,root,root)
 %exclude /usr/bin/perl
 %exclude /usr/bin/perl%pversion
-%exclude /usr/lib/perl5/*/Unicode/*/*.txt
-%exclude /usr/lib/perl5/*/unicore/*.txt
 /usr/bin/*
 /usr/lib/perl5/*
 %config %{_sysconfdir}/rpm/macros.perl
@@ -394,7 +396,5 @@
 %doc /usr/share/man/man1/*
 %doc /usr/share/man/man3/*
 %doc /usr/lib/perl5/*/pod
-%doc /usr/lib/perl5/*/Unicode/*/*.txt
-%doc /usr/lib/perl5/*/unicore/*.txt
 
 %changelog

++ perl-5.12.1.dif ++
--- /var/tmp/diff_new_pack.CdTcfA/_old  2011-05-06 15:21:59.0 +0200
+++ /var/tmp/diff_new_pack.CdTcfA/_new  2011-05-06 15:21:59.0 +0200
@@ -503,7 +503,7 @@
 +sparc64-linux) glibpth=/lib64 /usr/lib64;;
 +esac
 +
-+cf_email='feedb...@suse.de'
++cf_email='none'
 +#libs='-lgdbm -ldb -ldl -lm -lc'
 +#libs='-ldl -lm -lc'
 +

++ perl-lcuctaint.diff ++
--- ./pp.c.orig 2010-05-13 22:01:07.0 +
+++ ./pp.c  2011-04-26 14:45:59.0 +
@@ -3946,6 +3946,8 @@ PP(pp_ucfirst)
SvCUR_set(dest, need - 1);
}
 }
+if (dest != source  SvTAINTED(source))
+   SvTAINT(dest);
 SvSETMAGIC(dest);
 RETURN;
 }
@@ -4219,6 +4221,8 @@ PP(pp_uc)
SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
}
 } /* End of isn't utf8 */
+if (dest != source  SvTAINTED(source))
+   SvTAINT(dest);
 SvSETMAGIC(dest);
 RETURN;
 }
@@ -4430,6 +4434,8 @@ PP(pp_lc)
SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
}
 }
+if (dest != source  SvTAINTED(source))
+   SvTAINT(dest);
 SvSETMAGIC(dest);
 RETURN;
 }
++ perl-saverecontext.diff ++
--- ./regcomp.c.orig2011-04-27 14:19:37.0 +
+++ ./regcomp.c 2011-04-27 14:21:58.0 +
@@ -9912,8 +9912,23 @@ Perl_save_re_context(pTHX)
 
if (gvp) {
GV * const gv = *gvp;
-   if (SvTYPE(gv) == SVt_PVGV  GvSV(gv))
-   save_scalar(gv);
+   if (SvTYPE(gv) == SVt_PVGV  GvSV(gv)) {
+   /* this is a copy of save_scalar() without the GETMAGIC 
call, RT#76538 */
+   SV ** const sptr = GvSVn(gv);
+   SV * osv = *sptr;
+   SV * nsv = newSV(0);
+   save_pushptrptr(SvREFCNT_inc_simple(gv), 
SvREFCNT_inc(osv), SAVEt_SV);
+   if (SvTYPE(osv) = SVt_PVMG  SvMAGIC(osv)  
SvTYPE(osv) != SVt_PVGV) {
+   if (SvGMAGICAL(osv)) {
+   const bool oldtainted = PL_tainted;
+   SvFLAGS(osv) |= (SvFLAGS(osv) 
+   (SVp_IOK|SVp_NOK|SVp_POK))  PRIVSHIFT;
+   PL_tainted = oldtainted;
+   }
+   mg_localize(osv, nsv, 1);
+   }
+   *sptr = nsv;
+   }
}
}
}