perl: update to 5.16.2.

This commit is contained in:
Juan RP 2012-11-06 07:29:34 +01:00
parent 782899bec8
commit 14699b3e53
2 changed files with 17 additions and 35 deletions

View file

@ -1,29 +0,0 @@
commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b
Author: Andy Dougherty <doughera@lafayette.edu>
Date: Thu Sep 27 09:52:18 2012 -0400
avoid calling memset with a negative count
Poorly written perl code that allows an attacker to specify the count to
perl's 'x' string repeat operator can already cause a memory exhaustion
denial-of-service attack. A flaw in versions of perl before 5.15.5 can
escalate that into a heap buffer overrun; coupled with versions of glibc
before 2.16, it possibly allows the execution of arbitrary code.
The flaw addressed to this commit has been assigned identifier
CVE-2012-5195.
diff --git a/util.c b/util.c
index 171456f..34f5fa9 100644
--- util.c
+++ util.c
@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
{
PERL_ARGS_ASSERT_REPEATCPY;
+ if (count < 0)
+ Perl_croak_nocontext("%s",PL_memory_wrap);
+
if (len == 1)
memset(to, *from, count);
else if (count) {

View file

@ -1,14 +1,14 @@
# Template build file for 'perl'. # Template build file for 'perl'.
pkgname=perl pkgname=perl
version=5.16.1 version=5.16.2
revision=3 revision=1
makedepends="gdbm-devel db-devel less groff" makedepends="gdbm-devel db-devel less groff"
short_desc="Practical Extraction and Report Language" short_desc="Practical Extraction and Report Language"
maintainer="Juan RP <xtraeme@gmail.com>" maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://www.perl.org" homepage="http://www.perl.org"
license="GPL-2" license="GPL-2"
distfiles="http://www.cpan.org/src/5.0/$pkgname-$version.tar.bz2" distfiles="http://www.cpan.org/src/5.0/perl-${version}.tar.bz2"
checksum=0704b1421fe50015becd32c8b7ed05843e8b6c188a8c16cb0c11d76986375fd0 checksum=5ba91d9aa40220c615b644bb48fa5df7fbca4afb1c9e911bdc0ce2a93f072d7d
long_desc=" long_desc="
Perl is a general-purpose programming language originally developed Perl is a general-purpose programming language originally developed
for text manipulation and now used for a wide range of tasks including for text manipulation and now used for a wide range of tasks including
@ -28,7 +28,7 @@ perl-Archive-Tar-1.82_1
perl-Attribute-Handlers-0.93_1 perl-Attribute-Handlers-0.93_1
perl-AutoLoader-5.72_1 perl-AutoLoader-5.72_1
perl-B-Debug-1.17_1 perl-B-Debug-1.17_1
perl-B-Deparse-1.14_1 perl-B-Deparse-1.14_01_1
perl-B-Lint-1.14_1 perl-B-Lint-1.14_1
perl-CGI-3.59_1 perl-CGI-3.59_1
perl-CPAN-1.9800_1 perl-CPAN-1.9800_1
@ -81,6 +81,17 @@ perl-Log-Message-Simple-0.08_1
perl-MIME-Base64-3.13_1 perl-MIME-Base64-3.13_1
perl-Math-BigInt-1.998_1 perl-Math-BigInt-1.998_1
perl-Math-BigInt-FastCalc-0.30_1 perl-Math-BigInt-FastCalc-0.30_1
perl-Math-BigRat-0.2603_1
perl-Math-Complex-1.59_1
perl-Memoize-1.02_1
perl-Module-Build-0.39_01_1
perl-Module-CoreList-2.76_1
perl-Module-Load-0.22_1
perl-Module-Load-Conditional-0.46_1
perl-Module-Loaded-0.08_1
perl-Module-Metadata-1.000009_1
perl-Module-Pluggable-4.0_1
perl-NEXT-0.65_1
perl-Net-Ping-2.38_1 perl-Net-Ping-2.38_1
perl-Object-Accessor-0.42_1 perl-Object-Accessor-0.42_1
perl-Package-Constants-0.02_1 perl-Package-Constants-0.02_1
@ -95,7 +106,7 @@ perl-Pod-Parser-1.51_1
perl-Pod-Perldoc-3.17_1 perl-Pod-Perldoc-3.17_1
perl-Pod-Simple-3.20_1 perl-Pod-Simple-3.20_1
perl-Safe-2.31_01_1 perl-Safe-2.31_01_1
perl-Scalar-List-Utils-1.23_1 perl-Scalar-List-Utils-1.25_1
perl-Search-Dict-1.04_1 perl-Search-Dict-1.04_1
perl-SelfLoader-1.20_1 perl-SelfLoader-1.20_1
perl-Socket-2.001_1 perl-Socket-2.001_1