perl: update to 5.16.2.
This commit is contained in:
Juan RP
parent
782899bec8
commit
14699b3e53
2 changed files with 17 additions and 35 deletions
|
|
@ -1,29 +0,0 @@
|
|||
commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b
|
||||
Author: Andy Dougherty <doughera@lafayette.edu>
|
||||
Date: Thu Sep 27 09:52:18 2012 -0400
|
||||
|
||||
avoid calling memset with a negative count
|
||||
|
||||
Poorly written perl code that allows an attacker to specify the count to
|
||||
perl's 'x' string repeat operator can already cause a memory exhaustion
|
||||
denial-of-service attack. A flaw in versions of perl before 5.15.5 can
|
||||
escalate that into a heap buffer overrun; coupled with versions of glibc
|
||||
before 2.16, it possibly allows the execution of arbitrary code.
|
||||
|
||||
The flaw addressed to this commit has been assigned identifier
|
||||
CVE-2012-5195.
|
||||
|
||||
diff --git a/util.c b/util.c
|
||||
index 171456f..34f5fa9 100644
|
||||
--- util.c
|
||||
+++ util.c
|
||||
@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
|
||||
{
|
||||
PERL_ARGS_ASSERT_REPEATCPY;
|
||||
|
||||
+ if (count < 0)
|
||||
+ Perl_croak_nocontext("%s",PL_memory_wrap);
|
||||
+
|
||||
if (len == 1)
|
||||
memset(to, *from, count);
|
||||
else if (count) {
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
# Template build file for 'perl'.
|
||||
pkgname=perl
|
||||
version=5.16.1
|
||||
revision=3
|
||||
version=5.16.2
|
||||
revision=1
|
||||
makedepends="gdbm-devel db-devel less groff"
|
||||
short_desc="Practical Extraction and Report Language"
|
||||
maintainer="Juan RP <xtraeme@gmail.com>"
|
||||
homepage="http://www.perl.org"
|
||||
license="GPL-2"
|
||||
distfiles="http://www.cpan.org/src/5.0/$pkgname-$version.tar.bz2"
|
||||
checksum=0704b1421fe50015becd32c8b7ed05843e8b6c188a8c16cb0c11d76986375fd0
|
||||
distfiles="http://www.cpan.org/src/5.0/perl-${version}.tar.bz2"
|
||||
checksum=5ba91d9aa40220c615b644bb48fa5df7fbca4afb1c9e911bdc0ce2a93f072d7d
|
||||
long_desc="
|
||||
Perl is a general-purpose programming language originally developed
|
||||
for text manipulation and now used for a wide range of tasks including
|
||||
|
|
@ -28,7 +28,7 @@ perl-Archive-Tar-1.82_1
|
|||
perl-Attribute-Handlers-0.93_1
|
||||
perl-AutoLoader-5.72_1
|
||||
perl-B-Debug-1.17_1
|
||||
perl-B-Deparse-1.14_1
|
||||
perl-B-Deparse-1.14_01_1
|
||||
perl-B-Lint-1.14_1
|
||||
perl-CGI-3.59_1
|
||||
perl-CPAN-1.9800_1
|
||||
|
|
@ -81,6 +81,17 @@ perl-Log-Message-Simple-0.08_1
|
|||
perl-MIME-Base64-3.13_1
|
||||
perl-Math-BigInt-1.998_1
|
||||
perl-Math-BigInt-FastCalc-0.30_1
|
||||
perl-Math-BigRat-0.2603_1
|
||||
perl-Math-Complex-1.59_1
|
||||
perl-Memoize-1.02_1
|
||||
perl-Module-Build-0.39_01_1
|
||||
perl-Module-CoreList-2.76_1
|
||||
perl-Module-Load-0.22_1
|
||||
perl-Module-Load-Conditional-0.46_1
|
||||
perl-Module-Loaded-0.08_1
|
||||
perl-Module-Metadata-1.000009_1
|
||||
perl-Module-Pluggable-4.0_1
|
||||
perl-NEXT-0.65_1
|
||||
perl-Net-Ping-2.38_1
|
||||
perl-Object-Accessor-0.42_1
|
||||
perl-Package-Constants-0.02_1
|
||||
|
|
@ -95,7 +106,7 @@ perl-Pod-Parser-1.51_1
|
|||
perl-Pod-Perldoc-3.17_1
|
||||
perl-Pod-Simple-3.20_1
|
||||
perl-Safe-2.31_01_1
|
||||
perl-Scalar-List-Utils-1.23_1
|
||||
perl-Scalar-List-Utils-1.25_1
|
||||
perl-Search-Dict-1.04_1
|
||||
perl-SelfLoader-1.20_1
|
||||
perl-Socket-2.001_1
|
||||
|
|
|
|||
Loading…
Reference in a new issue