From 1fe1fbd1d2f3f0cf30d7ead0567ad8f882cf76e1 Mon Sep 17 00:00:00 2001 From: Juan RP Date: Fri, 26 Oct 2012 14:26:20 +0200 Subject: [PATCH] perl: add patch for cve-2012-5195 (via Arch). --- srcpkgs/perl/patches/cve-2012-5195.patch | 29 ++++++++++++++++++++++++ srcpkgs/perl/template | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/perl/patches/cve-2012-5195.patch diff --git a/srcpkgs/perl/patches/cve-2012-5195.patch b/srcpkgs/perl/patches/cve-2012-5195.patch new file mode 100644 index 00000000000..9fc4963ab28 --- /dev/null +++ b/srcpkgs/perl/patches/cve-2012-5195.patch @@ -0,0 +1,29 @@ +commit b11b0d3ef18a35595a07a06c91fa4f27c9cacf5b +Author: Andy Dougherty +Date: Thu Sep 27 09:52:18 2012 -0400 + + avoid calling memset with a negative count + + Poorly written perl code that allows an attacker to specify the count to + perl's 'x' string repeat operator can already cause a memory exhaustion + denial-of-service attack. A flaw in versions of perl before 5.15.5 can + escalate that into a heap buffer overrun; coupled with versions of glibc + before 2.16, it possibly allows the execution of arbitrary code. + + The flaw addressed to this commit has been assigned identifier + CVE-2012-5195. + +diff --git a/util.c b/util.c +index 171456f..34f5fa9 100644 +--- util.c ++++ util.c +@@ -3416,6 +3416,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I + { + PERL_ARGS_ASSERT_REPEATCPY; + ++ if (count < 0) ++ Perl_croak_nocontext("%s",PL_memory_wrap); ++ + if (len == 1) + memset(to, *from, count); + else if (count) { diff --git a/srcpkgs/perl/template b/srcpkgs/perl/template index 6fc0a800e3d..4bdce15a473 100644 --- a/srcpkgs/perl/template +++ b/srcpkgs/perl/template @@ -1,7 +1,7 @@ # Template build file for 'perl'. pkgname=perl version=5.16.1 -revision=1 +revision=2 makedepends="gdbm-devel db-devel less groff" short_desc="Practical Extraction and Report Language" maintainer="Juan RP "