Resolve CVE-2007-5116 for F-7, F-8, devel.
This commit is contained in:
parent
ff74b82de1
commit
85327d2588
57
perl-5.8.8-bz323571.patch
Normal file
57
perl-5.8.8-bz323571.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
--- perl-5.8.8.orig/regcomp.c 2006-01-08 20:59:27.000000000 +0000
|
||||||
|
+++ perl-5.8.8/regcomp.c 2007-10-19 22:49:41.000000000 +0100
|
||||||
|
@@ -136,6 +136,7 @@
|
||||||
|
I32 seen_zerolen;
|
||||||
|
I32 seen_evals;
|
||||||
|
I32 utf8;
|
||||||
|
+ I32 orig_utf8;
|
||||||
|
#if ADD_TO_REGEXEC
|
||||||
|
char *starttry; /* -Dr: where regtry was called. */
|
||||||
|
#define RExC_starttry (pRExC_state->starttry)
|
||||||
|
@@ -161,6 +162,7 @@
|
||||||
|
#define RExC_seen_zerolen (pRExC_state->seen_zerolen)
|
||||||
|
#define RExC_seen_evals (pRExC_state->seen_evals)
|
||||||
|
#define RExC_utf8 (pRExC_state->utf8)
|
||||||
|
+#define RExC_orig_utf8 (pRExC_state->orig_utf8)
|
||||||
|
|
||||||
|
#define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
|
||||||
|
#define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
|
||||||
|
@@ -1749,15 +1751,17 @@
|
||||||
|
if (exp == NULL)
|
||||||
|
FAIL("NULL regexp argument");
|
||||||
|
|
||||||
|
- RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
|
||||||
|
+ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
|
||||||
|
|
||||||
|
- RExC_precomp = exp;
|
||||||
|
DEBUG_r({
|
||||||
|
if (!PL_colorset) reginitcolors();
|
||||||
|
PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
|
||||||
|
PL_colors[4],PL_colors[5],PL_colors[0],
|
||||||
|
- (int)(xend - exp), RExC_precomp, PL_colors[1]);
|
||||||
|
+ (int)(xend - exp), exp, PL_colors[1]);
|
||||||
|
});
|
||||||
|
+
|
||||||
|
+redo_first_pass:
|
||||||
|
+ RExC_precomp = exp;
|
||||||
|
RExC_flags = pm->op_pmflags;
|
||||||
|
RExC_sawback = 0;
|
||||||
|
|
||||||
|
@@ -1783,6 +1787,17 @@
|
||||||
|
RExC_precomp = Nullch;
|
||||||
|
return(NULL);
|
||||||
|
}
|
||||||
|
+ if (RExC_utf8 && !RExC_orig_utf8) {
|
||||||
|
+ STRLEN len = xend-exp;
|
||||||
|
+ DEBUG_r(PerlIO_printf(Perl_debug_log,
|
||||||
|
+ "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
|
||||||
|
+ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
|
||||||
|
+ xend = exp + len;
|
||||||
|
+ RExC_orig_utf8 = RExC_utf8;
|
||||||
|
+ SAVEFREEPV(exp);
|
||||||
|
+ goto redo_first_pass;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
|
||||||
|
|
||||||
|
/* Small enough for pointer-storage convention?
|
@ -24,7 +24,7 @@
|
|||||||
|
|
||||||
Name: perl
|
Name: perl
|
||||||
Version: %{perl_version}
|
Version: %{perl_version}
|
||||||
Release: 30%{?dist}
|
Release: 31%{?dist}
|
||||||
Epoch: %{perl_epoch}
|
Epoch: %{perl_epoch}
|
||||||
Summary: The Perl programming language
|
Summary: The Perl programming language
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
@ -127,6 +127,9 @@ Patch41: perl-5.8.8-bz247386-file-spec-cwd.patch
|
|||||||
Patch42: perl-5.8.8-DB_File-1.815.patch
|
Patch42: perl-5.8.8-DB_File-1.815.patch
|
||||||
# Fix from perl bug #24254
|
# Fix from perl bug #24254
|
||||||
Patch43: perl-5.8.8-bug24254.patch
|
Patch43: perl-5.8.8-bug24254.patch
|
||||||
|
# Fix Bugzilla 378121 378131 378141 378151 (all the same bug, just one for each Fedora
|
||||||
|
# release), CVE-2007-5116
|
||||||
|
Patch44: perl-5.8.8-bz323571.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: tcsh, dos2unix, man, groff
|
BuildRequires: tcsh, dos2unix, man, groff
|
||||||
@ -390,6 +393,7 @@ upstream tarball from perl.org.
|
|||||||
%patch41 -p1
|
%patch41 -p1
|
||||||
%patch42 -p1
|
%patch42 -p1
|
||||||
%patch43 -p1
|
%patch43 -p1
|
||||||
|
%patch44 -p1
|
||||||
#
|
#
|
||||||
# Candidates for doc recoding (need case by case review):
|
# Candidates for doc recoding (need case by case review):
|
||||||
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
|
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
|
||||||
@ -789,6 +793,9 @@ make test
|
|||||||
# Nothing. Nada. Zilch. Zarro. Uh uh. Nope. Sorry.
|
# Nothing. Nada. Zilch. Zarro. Uh uh. Nope. Sorry.
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 12 2007 Tom "spot" Callaway <tcallawa@redhat.com> - 4:5.8.8-31
|
||||||
|
- fix for CVE-2007-5116
|
||||||
|
|
||||||
* Thu Oct 18 2007 Tom "spot" Callaway <tcallawa@redhat.com> - 4:5.8.8-30
|
* Thu Oct 18 2007 Tom "spot" Callaway <tcallawa@redhat.com> - 4:5.8.8-30
|
||||||
- patch from perl bug 24254, fix for RH bz 114271
|
- patch from perl bug 24254, fix for RH bz 114271
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user