Hello community, here is the log from the commit of package perl for openSUSE:11.4 checked in at Fri May 6 15:23:06 CEST 2011. -------- --- old-versions/11.4/all/perl/perl.changes 2011-02-23 13:54:36.000000000 +0100 +++ 11.4/perl/perl.changes 2011-05-03 18:18:17.000000000 +0200 @@ -1,0 +2,10 @@ +Tue May 3 14:30:03 CEST 2011 - mls@suse.de + +- fix regexp crash in reg_numbered_buff_fetch [bnc#676086] + [CVE-2010-4777] +- fix lc() uc() tainting [bnc#684799] [CVE-2011-1487] +- move unicode files from perl-doc to perl again [bnc#678877] +- remove feedback@suse.de mail address, it no longer exists + [bnc#657625] + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/perl Destination is old-versions/11.4/UPDATES/all/perl calling whatdependson for 11.4-i586 New: ---- perl-lcuctaint.diff perl-saverecontext.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl.spec ++++++ --- /var/tmp/diff_new_pack.Wwb6NH/_old 2011-05-06 15:22:43.000000000 +0200 +++ /var/tmp/diff_new_pack.Wwb6NH/_new 2011-05-06 15:22:43.000000000 +0200 @@ -21,7 +21,7 @@ Name: perl Summary: The Perl interpreter Version: 5.12.3 -Release: 11.<RELEASE2> +Release: 11.<RELEASE16> %define pversion 5.12.3 License: Artistic License .. ; GPLv2+ Group: Development/Languages/Perl @@ -41,6 +41,8 @@ Patch7: perl-Fatal.diff Patch8: perl-h2ph.diff Patch9: perl-HiRes.t-timeout.diff +Patch10: perl-lcuctaint.diff +Patch11: perl-saverecontext.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: perl-base = %version #PreReq: %fillup_prereq @@ -140,6 +142,8 @@ %endif %patch8 %patch9 -p1 +%patch10 +%patch11 %build cp -a lib savelib @@ -356,8 +360,6 @@ %defattr(-,root,root) %exclude /usr/bin/perl %exclude /usr/bin/perl%pversion -%exclude /usr/lib/perl5/*/Unicode/*/*.txt -%exclude /usr/lib/perl5/*/unicore/*.txt /usr/bin/* /usr/lib/perl5/* %config %{_sysconfdir}/rpm/macros.perl @@ -374,7 +376,5 @@ %doc /usr/share/man/man1/* %doc /usr/share/man/man3/* %doc /usr/lib/perl5/*/pod -%doc /usr/lib/perl5/*/Unicode/*/*.txt -%doc /usr/lib/perl5/*/unicore/*.txt %changelog ++++++ perl-5.12.3.dif ++++++ --- /var/tmp/diff_new_pack.Wwb6NH/_old 2011-05-06 15:22:43.000000000 +0200 +++ /var/tmp/diff_new_pack.Wwb6NH/_new 2011-05-06 15:22:43.000000000 +0200 @@ -503,7 +503,7 @@ +sparc64-linux) glibpth="/lib64 /usr/lib64";; +esac + -+cf_email='feedback@suse.de' ++cf_email='none' +#libs='-lgdbm -ldb -ldl -lm -lc' +#libs='-ldl -lm -lc' + ++++++ perl-lcuctaint.diff ++++++ --- ./pp.c.orig 2011-01-09 20:20:58.000000000 +0000 +++ ./pp.c 2011-04-26 14:46:50.000000000 +0000 @@ -3949,6 +3949,8 @@ PP(pp_ucfirst) SvCUR_set(dest, need - 1); } } + if (dest != source && SvTAINTED(source)) + SvTAINT(dest); SvSETMAGIC(dest); RETURN; } @@ -4222,6 +4224,8 @@ PP(pp_uc) SvCUR_set(dest, d - (U8*)SvPVX_const(dest)); } } /* End of isn't utf8 */ + if (dest != source && SvTAINTED(source)) + SvTAINT(dest); SvSETMAGIC(dest); RETURN; } @@ -4433,6 +4437,8 @@ PP(pp_lc) SvCUR_set(dest, d - (U8*)SvPVX_const(dest)); } } + if (dest != source && SvTAINTED(source)) + SvTAINT(dest); SvSETMAGIC(dest); RETURN; } ++++++ perl-saverecontext.diff ++++++ --- ./regcomp.c.orig 2011-04-27 14:19:37.000000000 +0000 +++ ./regcomp.c 2011-04-27 14:21:58.000000000 +0000 @@ -9912,8 +9912,23 @@ Perl_save_re_context(pTHX) if (gvp) { GV * const gv = *gvp; - if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) - save_scalar(gv); + if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) { + /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */ + SV ** const sptr = &GvSVn(gv); + SV * osv = *sptr; + SV * nsv = newSV(0); + save_pushptrptr(SvREFCNT_inc_simple(gv), SvREFCNT_inc(osv), SAVEt_SV); + if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) && SvTYPE(osv) != SVt_PVGV) { + if (SvGMAGICAL(osv)) { + const bool oldtainted = PL_tainted; + SvFLAGS(osv) |= (SvFLAGS(osv) & + (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT; + PL_tainted = oldtainted; + } + mg_localize(osv, nsv, 1); + } + *sptr = nsv; + } } } } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org