From 95aad47301ea8b47b657b1b19f391ba58a07bf91 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 25 Mar 2013 23:33:46 +0000 Subject: main/perl: security upgrade to 5.12.5 (CVE-2012-5195) fixes #1638 --- main/perl/APKBUILD | 8 ++------ main/perl/CVE-2011-2939.patch | 16 ---------------- main/perl/CVE-2011-3597.patch | 28 ---------------------------- 3 files changed, 2 insertions(+), 50 deletions(-) delete mode 100644 main/perl/CVE-2011-2939.patch delete mode 100644 main/perl/CVE-2011-3597.patch (limited to 'main') diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD index 6b5258243df..1f574214d94 100644 --- a/main/perl/APKBUILD +++ b/main/perl/APKBUILD @@ -1,15 +1,13 @@ # Maintainer: Natanael Copa # Contributor: Leonardo Arena pkgname=perl -pkgver=5.12.4 +pkgver=5.12.5 pkgrel=0 pkgdesc="Larry Wall's Practical Extraction and Report Language" url=http://www.perl.org arch="all" license="Artistic GPL-2" source="http://www.perl.com/CPAN/src/perl-${pkgver}.tar.gz - CVE-2011-2939.patch - CVE-2011-3597.patch " depends= @@ -74,6 +72,4 @@ miniperl() { cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin" } -md5sums="fd22aba88e4e27ab879f142eec6452a0 perl-5.12.4.tar.gz -c0674ead60e89c20e2c8d9bbc2d7683a CVE-2011-2939.patch -0212067da7d533fe3939c0984cad4243 CVE-2011-3597.patch" +md5sums="3a647533aaa060a79aa0b9fa17198576 perl-5.12.5.tar.gz" diff --git a/main/perl/CVE-2011-2939.patch b/main/perl/CVE-2011-2939.patch deleted file mode 100644 index 7b5068d473c..00000000000 --- a/main/perl/CVE-2011-2939.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs -index 16f4cd1..039f155 100644 ---- a/cpan/Encode/Unicode/Unicode.xs -+++ b/cpan/Encode/Unicode/Unicode.xs -@@ -256,7 +256,10 @@ CODE: - This prevents allocating too much in the rogue case of a large - input consisting initially of long sequence uft8-byte unicode - chars followed by single utf8-byte chars. */ -- STRLEN remaining = (e - s)/usize; -+ /* +1 -+ fixes Unicode.xs!decode_xs n-byte heap-overflow -+ */ -+ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ - STRLEN max_alloc = remaining + (8*1024*1024); - STRLEN est_alloc = remaining * UTF8_MAXLEN; - STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ diff --git a/main/perl/CVE-2011-3597.patch b/main/perl/CVE-2011-3597.patch deleted file mode 100644 index dc7cc2d7493..00000000000 --- a/main/perl/CVE-2011-3597.patch +++ /dev/null @@ -1,28 +0,0 @@ -From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= -Date: Tue, 4 Oct 2011 13:46:39 +0200 -Subject: [PATCH] Fix code injection in Digest - -See for more details. ---- - cpan/Digest/Digest.pm | 4 +++- - 1 files changed, 3 insertions(+), 1 deletions(-) - -diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm -index 384dfc8..4b923ae 100644 ---- a/cpan/Digest/Digest.pm -+++ b/cpan/Digest/Digest.pm -@@ -35,7 +35,9 @@ sub new - ($class, @args) = @$class if ref($class); - no strict 'refs'; - unless (exists ${"$class\::"}{"VERSION"}) { -- eval "require $class"; -+ my $pm_file = $class . ".pm"; -+ $pm_file =~ s{::}{/}g; -+ eval { require $pm_file }; - if ($@) { - $err ||= $@; - next; --- -1.7.6.4 - -- cgit v1.2.3