Commit 35e0f300 authored by Natanael Copa's avatar Natanael Copa

main/perl: security upgrade to 5.12.5 (CVE-2012-5195)

fixes #1558
parent 8c814a95
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Leonardo Arena <rnalrd@gmail.com>
pkgname=perl
pkgver=5.12.4
pkgver=5.12.5
pkgrel=0
pkgdesc="Larry Wall's Practical Extraction and Report Language"
url=http://www.perl.org
license="Artistic GPL-2"
source="http://www.perl.com/CPAN/src/perl-${pkgver}.tar.gz
CVE-2011-2939.patch
CVE-2011-3597.patch
"
......@@ -71,6 +70,5 @@ miniperl() {
cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin"
}
md5sums="fd22aba88e4e27ab879f142eec6452a0 perl-5.12.4.tar.gz
c0674ead60e89c20e2c8d9bbc2d7683a CVE-2011-2939.patch
md5sums="3a647533aaa060a79aa0b9fa17198576 perl-5.12.5.tar.gz
0212067da7d533fe3939c0984cad4243 CVE-2011-3597.patch"
diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
index 16f4cd1..039f155 100644
--- a/cpan/Encode/Unicode/Unicode.xs
+++ b/cpan/Encode/Unicode/Unicode.xs
@@ -256,7 +256,10 @@ CODE:
This prevents allocating too much in the rogue case of a large
input consisting initially of long sequence uft8-byte unicode
chars followed by single utf8-byte chars. */
- STRLEN remaining = (e - s)/usize;
+ /* +1
+ fixes Unicode.xs!decode_xs n-byte heap-overflow
+ */
+ STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
STRLEN max_alloc = remaining + (8*1024*1024);
STRLEN est_alloc = remaining * UTF8_MAXLEN;
STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment