Hello community,
here is the log from the commit of package perl for openSUSE:11.3
checked in at Fri May 6 15:22:25 CEST 2011.
--- old-versions/11.3/UPDATES/all/perl/perl.changes 2011-01-12
13:02:12.0 +0100
+++ 11.3/perl/perl.changes 2011-05-03 18:16:30.0 +0200
@@ -1,0 +2,10 @@
+Tue May 3 14:30:03 CEST 2011 - m...@suse.de
+
+- fix regexp crash in reg_numbered_buff_fetch [bnc#676086]
+ [CVE-2010-4777]
+- fix lc() uc() tainting [bnc#684799] [CVE-2011-1487]
+- move unicode files from perl-doc to perl again [bnc#678877]
+- remove feedb...@suse.de mail address, it no longer exists
+ [bnc#657625]
+
+---
calling whatdependson for 11.3-i586
New:
perl-lcuctaint.diff
perl-saverecontext.diff
Other differences:
--
++ perl.spec ++
--- /var/tmp/diff_new_pack.CdTcfA/_old 2011-05-06 15:21:59.0 +0200
+++ /var/tmp/diff_new_pack.CdTcfA/_new 2011-05-06 15:21:59.0 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package perl (Version 5.12.1)
+# spec file for package perl
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -21,7 +21,7 @@
Name: perl
Summary:The Perl interpreter
Version:5.12.1
-Release:2.RELEASE3
+Release:2.RELEASE5
%define pversion 5.12.1
License:Artistic License .. ; GPLv2+
Group: Development/Languages/Perl
@@ -43,6 +43,8 @@
Patch8: perl-constprint.diff
Patch9: perl-h2ph.diff
Patch10:perl-cgi-injection.diff
+Patch11:perl-lcuctaint.diff
+Patch12:perl-saverecontext.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: perl-base = %version
#PreReq: %fillup_prereq
@@ -160,6 +162,8 @@
%patch8
%patch9
%patch10
+%patch11
+%patch12
%build
cp -a lib savelib
@@ -376,8 +380,6 @@
%defattr(-,root,root)
%exclude /usr/bin/perl
%exclude /usr/bin/perl%pversion
-%exclude /usr/lib/perl5/*/Unicode/*/*.txt
-%exclude /usr/lib/perl5/*/unicore/*.txt
/usr/bin/*
/usr/lib/perl5/*
%config %{_sysconfdir}/rpm/macros.perl
@@ -394,7 +396,5 @@
%doc /usr/share/man/man1/*
%doc /usr/share/man/man3/*
%doc /usr/lib/perl5/*/pod
-%doc /usr/lib/perl5/*/Unicode/*/*.txt
-%doc /usr/lib/perl5/*/unicore/*.txt
%changelog
++ perl-5.12.1.dif ++
--- /var/tmp/diff_new_pack.CdTcfA/_old 2011-05-06 15:21:59.0 +0200
+++ /var/tmp/diff_new_pack.CdTcfA/_new 2011-05-06 15:21:59.0 +0200
@@ -503,7 +503,7 @@
+sparc64-linux) glibpth=/lib64 /usr/lib64;;
+esac
+
-+cf_email='feedb...@suse.de'
++cf_email='none'
+#libs='-lgdbm -ldb -ldl -lm -lc'
+#libs='-ldl -lm -lc'
+
++ perl-lcuctaint.diff ++
--- ./pp.c.orig 2010-05-13 22:01:07.0 +
+++ ./pp.c 2011-04-26 14:45:59.0 +
@@ -3946,6 +3946,8 @@ PP(pp_ucfirst)
SvCUR_set(dest, need - 1);
}
}
+if (dest != source SvTAINTED(source))
+ SvTAINT(dest);
SvSETMAGIC(dest);
RETURN;
}
@@ -4219,6 +4221,8 @@ PP(pp_uc)
SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
}
} /* End of isn't utf8 */
+if (dest != source SvTAINTED(source))
+ SvTAINT(dest);
SvSETMAGIC(dest);
RETURN;
}
@@ -4430,6 +4434,8 @@ PP(pp_lc)
SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
}
}
+if (dest != source SvTAINTED(source))
+ SvTAINT(dest);
SvSETMAGIC(dest);
RETURN;
}
++ perl-saverecontext.diff ++
--- ./regcomp.c.orig2011-04-27 14:19:37.0 +
+++ ./regcomp.c 2011-04-27 14:21:58.0 +
@@ -9912,8 +9912,23 @@ Perl_save_re_context(pTHX)
if (gvp) {
GV * const gv = *gvp;
- if (SvTYPE(gv) == SVt_PVGV GvSV(gv))
- save_scalar(gv);
+ if (SvTYPE(gv) == SVt_PVGV GvSV(gv)) {
+ /* this is a copy of save_scalar() without the GETMAGIC
call, RT#76538 */
+ SV ** const sptr = GvSVn(gv);
+ SV * osv = *sptr;
+ SV * nsv = newSV(0);
+ save_pushptrptr(SvREFCNT_inc_simple(gv),
SvREFCNT_inc(osv), SAVEt_SV);
+ if (SvTYPE(osv) = SVt_PVMG SvMAGIC(osv)
SvTYPE(osv) != SVt_PVGV) {
+ if (SvGMAGICAL(osv)) {
+ const bool oldtainted = PL_tainted;
+ SvFLAGS(osv) |= (SvFLAGS(osv)
+ (SVp_IOK|SVp_NOK|SVp_POK)) PRIVSHIFT;
+ PL_tainted = oldtainted;
+ }
+ mg_localize(osv, nsv, 1);
+ }
+ *sptr = nsv;
+ }
}
}
}