aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-03-25 23:33:46 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-03-25 23:33:46 +0000
commit95aad47301ea8b47b657b1b19f391ba58a07bf91 (patch)
treeed67206788df799441183d8622e0891160ace994 /main
parentc9ad03fbe8eeea5ffbc8ff81d4a0131a8fd15171 (diff)
downloadaports-95aad47301ea8b47b657b1b19f391ba58a07bf91.tar.bz2
aports-95aad47301ea8b47b657b1b19f391ba58a07bf91.tar.xz
main/perl: security upgrade to 5.12.5 (CVE-2012-5195)
fixes #1638
Diffstat (limited to 'main')
-rw-r--r--main/perl/APKBUILD8
-rw-r--r--main/perl/CVE-2011-2939.patch16
-rw-r--r--main/perl/CVE-2011-3597.patch28
3 files changed, 2 insertions, 50 deletions
diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD
index 6b5258243d..1f574214d9 100644
--- a/main/perl/APKBUILD
+++ b/main/perl/APKBUILD
@@ -1,15 +1,13 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Leonardo Arena <rnalrd@gmail.com>
pkgname=perl
-pkgver=5.12.4
+pkgver=5.12.5
pkgrel=0
pkgdesc="Larry Wall's Practical Extraction and Report Language"
url=http://www.perl.org
arch="all"
license="Artistic GPL-2"
source="http://www.perl.com/CPAN/src/perl-${pkgver}.tar.gz
- CVE-2011-2939.patch
- CVE-2011-3597.patch
"
depends=
@@ -74,6 +72,4 @@ miniperl() {
cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin"
}
-md5sums="fd22aba88e4e27ab879f142eec6452a0 perl-5.12.4.tar.gz
-c0674ead60e89c20e2c8d9bbc2d7683a CVE-2011-2939.patch
-0212067da7d533fe3939c0984cad4243 CVE-2011-3597.patch"
+md5sums="3a647533aaa060a79aa0b9fa17198576 perl-5.12.5.tar.gz"
diff --git a/main/perl/CVE-2011-2939.patch b/main/perl/CVE-2011-2939.patch
deleted file mode 100644
index 7b5068d473..0000000000
--- a/main/perl/CVE-2011-2939.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
-index 16f4cd1..039f155 100644
---- a/cpan/Encode/Unicode/Unicode.xs
-+++ b/cpan/Encode/Unicode/Unicode.xs
-@@ -256,7 +256,10 @@ CODE:
- This prevents allocating too much in the rogue case of a large
- input consisting initially of long sequence uft8-byte unicode
- chars followed by single utf8-byte chars. */
-- STRLEN remaining = (e - s)/usize;
-+ /* +1
-+ fixes Unicode.xs!decode_xs n-byte heap-overflow
-+ */
-+ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
- STRLEN max_alloc = remaining + (8*1024*1024);
- STRLEN est_alloc = remaining * UTF8_MAXLEN;
- STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
diff --git a/main/perl/CVE-2011-3597.patch b/main/perl/CVE-2011-3597.patch
deleted file mode 100644
index dc7cc2d749..0000000000
--- a/main/perl/CVE-2011-3597.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Tue, 4 Oct 2011 13:46:39 +0200
-Subject: [PATCH] Fix code injection in Digest
-
-See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
----
- cpan/Digest/Digest.pm | 4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
-index 384dfc8..4b923ae 100644
---- a/cpan/Digest/Digest.pm
-+++ b/cpan/Digest/Digest.pm
-@@ -35,7 +35,9 @@ sub new
- ($class, @args) = @$class if ref($class);
- no strict 'refs';
- unless (exists ${"$class\::"}{"VERSION"}) {
-- eval "require $class";
-+ my $pm_file = $class . ".pm";
-+ $pm_file =~ s{::}{/}g;
-+ eval { require $pm_file };
- if ($@) {
- $err ||= $@;
- next;
---
-1.7.6.4
-