Mailinglist Archive: opensuse-commit (857 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package perl
checked in at Mon Nov 12 18:41:24 CET 2007.

--------
--- perl/perl.changes   2007-10-31 16:05:01.000000000 +0100
+++ /mounts/work_src_done/STABLE/perl/perl.changes      2007-11-06 
10:46:51.279264000 +0100
@@ -1,0 +2,5 @@
+Tue Nov  6 09:58:35 CET 2007 - mls@xxxxxxx
+
+- fix buffer overflow in regex engine CVE-2007-5116 (#332199)
+
+-------------------------------------------------------------------

New:
----
  perl-regcomp-5.8.8.dif

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl.spec ++++++
--- /var/tmp/diff_new_pack.P21562/_old  2007-11-12 18:40:48.000000000 +0100
+++ /var/tmp/diff_new_pack.P21562/_new  2007-11-12 18:40:48.000000000 +0100
@@ -15,7 +15,7 @@
 Url:            http://www.perl.org/
 BuildRequires:  db-devel gdbm-devel ncurses-devel zlib-devel
 Version:        5.8.8
-Release:        79
+Release:        82
 Summary:        The Perl interpreter
 License:        Artistic License; GPL v2 or later
 Group:          Development/Languages/Perl
@@ -30,6 +30,7 @@
 Patch:          perl-%{version}.dif
 Patch1:         perl-gracefull-net-ftp.diff
 Patch2:         perl-makedepend.diff
+Patch3:         perl-regcomp-5.8.8.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -79,6 +80,7 @@
 %patch
 %patch1 -p1
 %patch2
+%patch3
 
 %build
 options="-Doptimize='$RPM_OPT_FLAGS -Wall -pipe'"
@@ -133,6 +135,8 @@
 test -f "$d/stdarg.h" && (cd $d ; $RPM_BUILD_ROOT/usr/bin/perl -I$cp -I$cpa 
$RPM_BUILD_ROOT/usr/bin/h2ph -d $vpa stdarg.h stddef.h float.h)
 touch $RPM_BUILD_ROOT/usr/share/man/man3/perllocal.3pm
 touch $cpa/perllocal.pod
+# test CVE-2007-5116
+$RPM_BUILD_ROOT/usr/bin/perl -e '$r=chr(128)."\\x{100}";/$r/'
 %if 0
 # remove unrelated target/os manpages
 rm $RPM_BUILD_ROOT/usr/share/man/man1/perlaix.1*
@@ -266,6 +270,8 @@
 %doc /usr/share/man/man3/*
 %ghost %doc /usr/share/man/man3/perllocal.3pm.gz
 %changelog
+* Tue Nov 06 2007 - mls@xxxxxxx
+- fix buffer overflow in regex engine CVE-2007-5116 (#332199)
 * Wed Oct 31 2007 - dmueller@xxxxxxx
 - update rpmlintrc
 * Fri May 25 2007 - ro@xxxxxxx

++++++ perl-regcomp-5.8.8.dif ++++++
--- regcomp.c.orig      2006-01-08 20:59:27.000000000 +0000
+++ regcomp.c   2007-10-19 22:49:41.000000000 +0100
@@ -136,6 +136,7 @@
     I32                seen_zerolen;
     I32                seen_evals;
     I32                utf8;
+    I32                orig_utf8;
 #if ADD_TO_REGEXEC
     char       *starttry;              /* -Dr: where regtry was called. */
 #define RExC_starttry  (pRExC_state->starttry)
@@ -161,6 +162,7 @@
 #define RExC_seen_zerolen      (pRExC_state->seen_zerolen)
 #define RExC_seen_evals        (pRExC_state->seen_evals)
 #define RExC_utf8      (pRExC_state->utf8)
+#define RExC_orig_utf8 (pRExC_state->orig_utf8)
 
 #define        ISMULT1(c)      ((c) == '*' || (c) == '+' || (c) == '?')
 #define        ISMULT2(s)      ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
@@ -1749,15 +1751,17 @@
     if (exp == NULL)
        FAIL("NULL regexp argument");
 
-    RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+    RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
 
-    RExC_precomp = exp;
     DEBUG_r({
         if (!PL_colorset) reginitcolors();
         PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
                       PL_colors[4],PL_colors[5],PL_colors[0],
-                      (int)(xend - exp), RExC_precomp, PL_colors[1]);
+                      (int)(xend - exp), exp, PL_colors[1]);
     });
+
+redo_first_pass:
+    RExC_precomp = exp;
     RExC_flags = pm->op_pmflags;
     RExC_sawback = 0;
 
@@ -1783,6 +1787,17 @@
        RExC_precomp = Nullch;
        return(NULL);
     }
+    if (RExC_utf8 && !RExC_orig_utf8) {
+       STRLEN len = xend-exp;
+       DEBUG_r(PerlIO_printf(Perl_debug_log,
+          "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
+       exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
+       xend = exp + len;
+       RExC_orig_utf8 = RExC_utf8;
+       SAVEFREEPV(exp);
+       goto redo_first_pass;
+    }
+
     DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
 
     /* Small enough for pointer-storage convention?


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx