fix bug 174684 / CVE-2005-3962
This commit is contained in:
parent
bd681d6e5e
commit
59c48485b7
48
perl-5.8.7-CVE-2005-3962-bz174684.patch
Normal file
48
perl-5.8.7-CVE-2005-3962-bz174684.patch
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684 2004-02-09 16:37:13.000000000 -0500
|
||||||
|
+++ perl-5.8.7/t/op/sprintf2.t 2005-12-01 13:11:34.000000000 -0500
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
require './test.pl';
|
||||||
|
}
|
||||||
|
|
||||||
|
-plan tests => 3;
|
||||||
|
+plan tests => 6;
|
||||||
|
|
||||||
|
is(
|
||||||
|
sprintf("%.40g ",0.01),
|
||||||
|
@@ -26,3 +26,20 @@
|
||||||
|
q(width calculation under utf8 upgrade)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
+# check %NNN$ for range bounds, especially negative 2's complement
|
||||||
|
+{
|
||||||
|
+ my ($warn, $bad) = (0,0);
|
||||||
|
+ local $SIG{__WARN__} = sub {
|
||||||
|
+ if ($_[0] =~ /uninitialized/) {
|
||||||
|
+ $warn++
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ $bad++
|
||||||
|
+ }
|
||||||
|
+ };
|
||||||
|
+ my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
|
||||||
|
+ qw(a b c d);
|
||||||
|
+ is($result, "abcd", "only four valid values");
|
||||||
|
+ is($warn, 36, "expected warnings");
|
||||||
|
+ is($bad, 0, "unexpected warnings");
|
||||||
|
+}
|
||||||
|
--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684 2005-05-27 06:38:11.000000000 -0400
|
||||||
|
+++ perl-5.8.7/sv.c 2005-12-01 13:11:14.000000000 -0500
|
||||||
|
@@ -8707,9 +8707,10 @@
|
||||||
|
|
||||||
|
if (vectorize)
|
||||||
|
argsv = vecsv;
|
||||||
|
- else if (!args)
|
||||||
|
- argsv = (efix ? efix <= svmax : svix < svmax) ?
|
||||||
|
- svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
|
||||||
|
+ else if (!args) {
|
||||||
|
+ I32 i = efix ? efix-1 : svix++;
|
||||||
|
+ argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
switch (c = *q++) {
|
||||||
|
|
10
perl.spec
10
perl.spec
@ -5,7 +5,7 @@
|
|||||||
%define multilib_64_archs x86_64 s390x ppc64 sparc64
|
%define multilib_64_archs x86_64 s390x ppc64 sparc64
|
||||||
|
|
||||||
%define perlver 5.8.7
|
%define perlver 5.8.7
|
||||||
%define perlrel 0.7.fc5
|
%define perlrel 0.8.fc5
|
||||||
%define perlepoch 3
|
%define perlepoch 3
|
||||||
|
|
||||||
%{?!perl_debugging: %define perl_debugging 0}
|
%{?!perl_debugging: %define perl_debugging 0}
|
||||||
@ -130,6 +130,8 @@ Patch172739: perl-5.8.7-bz172739_obz36521.patch
|
|||||||
|
|
||||||
Patch136009: perl-5.8.7-MM_Unix-rpath-136009.patch
|
Patch136009: perl-5.8.7-MM_Unix-rpath-136009.patch
|
||||||
|
|
||||||
|
Patch174684: perl-5.8.7-CVE-2005-3962-bz174684.patch
|
||||||
|
|
||||||
# module updatesd
|
# module updatesd
|
||||||
# Patch202: perl-5.8.0-Safe2.09.patch
|
# Patch202: perl-5.8.0-Safe2.09.patch
|
||||||
|
|
||||||
@ -294,6 +296,8 @@ more secure running of setuid perl scripts.
|
|||||||
|
|
||||||
%patch136009 -p1
|
%patch136009 -p1
|
||||||
|
|
||||||
|
%patch174684 -p1
|
||||||
|
|
||||||
# Candidates for doc recoding (need case by case review):
|
# Candidates for doc recoding (need case by case review):
|
||||||
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
|
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
|
||||||
recode()
|
recode()
|
||||||
@ -503,6 +507,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 01 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.8
|
||||||
|
- fix bug 174684 / CVE-2005-3962: sprintf integer overflow vulnerability
|
||||||
|
backport upstream patch #26240
|
||||||
|
|
||||||
* Wed Nov 09 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.7
|
* Wed Nov 09 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.7
|
||||||
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
|
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
|
||||||
while removing empty LD_RUN_PATH
|
while removing empty LD_RUN_PATH
|
||||||
|
Loading…
Reference in New Issue
Block a user