From c74188fcd2891f571f7bf360dd236d0bd6bbb9d4 Mon Sep 17 00:00:00 2001
From: jvdias <jvdias@fedoraproject.org>
Date: Wed, 14 Dec 2005 18:00:31 +0000
Subject: [PATCH] Updated upstream patches for CVE-2005-3962: 26322 , 26331,
 26333

---
 perl-5.8.7-CVE-2005-3962-bz174684.patch | 92 ++++++++++++++++++++-----
 perl.spec                               |  7 +-
 2 files changed, 78 insertions(+), 21 deletions(-)

diff --git a/perl-5.8.7-CVE-2005-3962-bz174684.patch b/perl-5.8.7-CVE-2005-3962-bz174684.patch
index 70e8ee1..a886c5f 100644
--- a/perl-5.8.7-CVE-2005-3962-bz174684.patch
+++ b/perl-5.8.7-CVE-2005-3962-bz174684.patch
@@ -1,5 +1,5 @@
 --- perl-5.8.7/t/lib/warnings/sv.CVE-2005-3962-bz174684	2004-03-18 07:51:14.000000000 -0500
-+++ perl-5.8.7/t/lib/warnings/sv	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/t/lib/warnings/sv	2005-12-14 12:40:55.000000000 -0500
 @@ -301,12 +301,12 @@
  printf F "%\x02" ;
  $a = sprintf "%\x02" ;
@@ -17,26 +17,28 @@
  # sv.c
  use warnings 'misc' ;
 --- perl-5.8.7/t/op/sprintf.t.CVE-2005-3962-bz174684	2003-09-01 03:41:07.000000000 -0400
-+++ perl-5.8.7/t/op/sprintf.t	2005-12-09 13:57:57.000000000 -0500
-@@ -385,3 +385,6 @@
++++ perl-5.8.7/t/op/sprintf.t	2005-12-14 12:53:09.000000000 -0500
+@@ -385,3 +385,8 @@
  >%4$K %d<	>[45, 67]<	>%4$K 45 INVALID<
  >%d %K %d<	>[23, 45]<	>23 %K 45 INVALID<
  >%*v*999\$d %d %d<	>[11, 22, 33]<	>%*v*999\$d 11 22 INVALID<
 +>%#b<		>0<	>0<
 +>%#o<		>0<	>0<
 +>%#x<		>0<	>0<
++>%2918905856$v2d<	>''<	><
++>%*2918905856$v2d<	>''<	> UNINIT<
 --- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684	2004-02-09 16:37:13.000000000 -0500
-+++ perl-5.8.7/t/op/sprintf2.t	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/t/op/sprintf2.t	2005-12-14 12:50:39.000000000 -0500
 @@ -6,7 +6,7 @@
      require './test.pl';
  }   
  
 -plan tests => 3;
-+plan tests => 7;
++plan tests => 7 + 256;
  
  is(
      sprintf("%.40g ",0.01),
-@@ -26,3 +26,29 @@
+@@ -26,3 +26,43 @@
  		q(width calculation under utf8 upgrade)
  	);
  }
@@ -66,8 +68,22 @@
 +    is($warn, 36, "expected warnings");
 +    is($bad,   0, "unexpected warnings");
 +}
++{
++    foreach my $ord (0 .. 255) {
++	my $bad = 0;
++	local $SIG{__WARN__} = sub {
++	    unless ($_[0] =~ /^Invalid conversion in sprintf/ ||
++		    $_[0] =~ /^Use of uninitialized value in sprintf/) {
++		warn $_[0];
++		$bad++;
++	    }
++	};
++	my $r = eval {sprintf '%v' . chr $ord};
++	is ($bad, 0, "pattern '%v' . chr $ord");
++    }
++}
 --- perl-5.8.7/opcode.h.CVE-2005-3962-bz174684	2005-05-27 12:29:50.000000000 -0400
-+++ perl-5.8.7/opcode.h	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/opcode.h	2005-12-14 12:40:55.000000000 -0500
 @@ -1585,7 +1585,7 @@
  	0x0022281c,	/* vec */
  	0x0122291c,	/* index */
@@ -78,7 +94,7 @@
  	0x0001379e,	/* ord */
  	0x0001378e,	/* chr */
 --- perl-5.8.7/op.c.CVE-2005-3962-bz174684	2005-04-22 10:12:32.000000000 -0400
-+++ perl-5.8.7/op.c	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/op.c	2005-12-14 12:40:55.000000000 -0500
 @@ -2076,7 +2076,9 @@
  	/* XXX might want a ck_negate() for this */
  	cUNOPo->op_first->op_private &= ~OPpCONST_STRICT;
@@ -91,7 +107,7 @@
      case OP_LCFIRST:
      case OP_UC:
 --- perl-5.8.7/makedef.pl.CVE-2005-3962-bz174684	2005-05-09 09:27:41.000000000 -0400
-+++ perl-5.8.7/makedef.pl	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/makedef.pl	2005-12-14 12:40:55.000000000 -0500
 @@ -635,11 +635,13 @@
  		    )];
  }
@@ -112,7 +128,7 @@
  unless ($define{'USE_5005THREADS'} || $define{'USE_ITHREADS'}) {
      skip_symbols [qw(
 --- perl-5.8.7/ext/Sys/Syslog/Syslog.pm.CVE-2005-3962-bz174684	2005-04-22 07:53:56.000000000 -0400
-+++ perl-5.8.7/ext/Sys/Syslog/Syslog.pm	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/ext/Sys/Syslog/Syslog.pm	2005-12-14 12:40:55.000000000 -0500
 @@ -1,14 +1,13 @@
  package Sys::Syslog;
  require 5.006;
@@ -203,7 +219,7 @@
      $sum = $numpri + $numfac;
      my $buf = "<$sum>$whoami: $message\0";
 --- perl-5.8.7/opcode.pl.CVE-2005-3962-bz174684	2004-12-01 08:54:30.000000000 -0500
-+++ perl-5.8.7/opcode.pl	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/opcode.pl	2005-12-14 12:40:55.000000000 -0500
 @@ -606,7 +606,7 @@
  index		index			ck_index	isT@	S S S?
  rindex		rindex			ck_index	isT@	S S S?
@@ -214,7 +230,7 @@
  ord		ord			ck_fun		ifsTu%	S?
  chr		chr			ck_fun		fsTu%	S?
 --- perl-5.8.7/handy.h.CVE-2005-3962-bz174684	2005-04-20 12:33:28.000000000 -0400
-+++ perl-5.8.7/handy.h	2005-12-09 13:57:57.000000000 -0500
++++ perl-5.8.7/handy.h	2005-12-14 12:40:55.000000000 -0500
 @@ -598,91 +598,65 @@
  
  =cut */
@@ -342,8 +358,8 @@
  
  #ifdef USE_STRUCT_COPY
  #define StructCopy(s,d,t) (*((t*)(d)) = *((t*)(s)))
---- perl-5.8.7/perl.h.CVE-2005-3962-bz174684	2005-12-09 13:57:57.000000000 -0500
-+++ perl-5.8.7/perl.h	2005-12-09 13:57:57.000000000 -0500
+--- perl-5.8.7/perl.h.CVE-2005-3962-bz174684	2005-12-14 12:40:55.000000000 -0500
++++ perl-5.8.7/perl.h	2005-12-14 12:40:55.000000000 -0500
 @@ -720,6 +720,13 @@
  
  #define MEM_SIZE Size_t
@@ -370,8 +386,39 @@
  EXTCONST char PL_uuemap[65]
    INIT("`!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_");
 --- perl-5.8.7/sv.c.CVE-2005-3962-bz174684	2005-05-27 06:38:11.000000000 -0400
-+++ perl-5.8.7/sv.c	2005-12-09 13:58:10.000000000 -0500
-@@ -8707,9 +8707,15 @@
++++ perl-5.8.7/sv.c	2005-12-14 12:48:45.000000000 -0500
+@@ -8589,9 +8589,12 @@
+ 	    if (vectorarg) {
+ 		if (args)
+ 		    vecsv = va_arg(*args, SV*);
+-		else
+-		    vecsv = (evix ? evix <= svmax : svix < svmax) ?
+-			svargs[evix ? evix-1 : svix++] : &PL_sv_undef;
++		else if (evix) {
++		    vecsv = (evix > 0 && evix <= svmax)
++			? svargs[evix-1] : &PL_sv_undef;
++		} else {
++		    vecsv = svix < svmax ? svargs[svix++] : &PL_sv_undef;
++		}
+ 		dotstr = SvPVx(vecsv, dotstrlen);
+ 		if (DO_UTF8(vecsv))
+ 		    is_utf8 = TRUE;
+@@ -8601,12 +8604,13 @@
+ 		vecstr = (U8*)SvPVx(vecsv,veclen);
+ 		vec_utf8 = DO_UTF8(vecsv);
+ 	    }
+-	    else if (efix ? efix <= svmax : svix < svmax) {
++	    else if (efix ? (efix > 0 && efix <= svmax) : svix < svmax) {
+ 		vecsv = svargs[efix ? efix-1 : svix++];
+ 		vecstr = (U8*)SvPVx(vecsv,veclen);
+ 		vec_utf8 = DO_UTF8(vecsv);
+ 	    }
+ 	    else {
++		vecsv = &PL_sv_undef;
+ 		vecstr = (U8*)"";
+ 		veclen = 0;
+ 	    }
+@@ -8707,9 +8711,15 @@
  
  	if (vectorize)
  	    argsv = vecsv;
@@ -390,7 +437,7 @@
  
  	switch (c = *q++) {
  
-@@ -8972,6 +8978,8 @@
+@@ -8972,6 +8982,8 @@
  		    *--eptr = '0';
  		break;
  	    case 2:
@@ -399,7 +446,7 @@
  		do {
  		    dig = uv & 1;
  		    *--eptr = '0' + dig;
-@@ -9274,6 +9282,8 @@
+@@ -9274,6 +9286,8 @@
  
  	/* calculate width before utf8_upgrade changes it */
  	have = esignlen + zeros + elen;
@@ -408,7 +455,7 @@
  
  	if (is_utf8 != has_utf8) {
  	     if (is_utf8) {
-@@ -9301,6 +9311,9 @@
+@@ -9301,6 +9315,9 @@
  	need = (have > width ? have : width);
  	gap = need - have;
  
@@ -418,3 +465,10 @@
  	SvGROW(sv, SvCUR(sv) + need + dotstrlen + 1);
  	p = SvEND(sv);
  	if (esignlen && fill == '0') {
+--- perl-5.8.7/globvar.sym.CVE-2005-3962-bz174684	2000-08-14 11:22:14.000000000 -0400
++++ perl-5.8.7/globvar.sym	2005-12-14 12:51:12.000000000 -0500
+@@ -66,3 +66,4 @@
+ vtbl_collxfrm
+ vtbl_amagic
+ vtbl_amagicelem
++memory_wrap
diff --git a/perl.spec b/perl.spec
index d972108..80e01c2 100644
--- a/perl.spec
+++ b/perl.spec
@@ -5,7 +5,7 @@
 %define multilib_64_archs x86_64 s390x ppc64 sparc64
 
 %define perlver 5.8.7
-%define perlrel 8
+%define perlrel 8.1
 %define perlepoch 3
 
 %{?!perl_debugging:    %define perl_debugging 0}
@@ -511,7 +511,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
-* Thu Dec 08 2005 Jason Vas Dias <jvdias@redhat.com> - 3.5.8.7-8
+* Wed Dec 14 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.6.7-8.1
+- Updated upstream patches for CVE-2005-3962: 26322 , 26331, 26333
+
+* Thu Dec 08 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-8
 - Apply upstream patches 26283 and 26284 : complete, revised fixes
   for CVE-2005-3962 and CVE-2005-3912 and 
   "Sys::Syslog security vulnerabilities" issues.