r2329 - trunk/perl

ken at linuxfromscratch.org ken at linuxfromscratch.org
Tue Nov 15 19:54:27 PST 2011


Author: ken
Date: 2011-11-15 20:54:23 -0700 (Tue, 15 Nov 2011)
New Revision: 2329

Added:
   trunk/perl/perl-5.10.x-security_fixes-1.patch
   trunk/perl/perl-5.12.x-security_fixes-1.patch
   trunk/perl/perl-5.14.2-security_fixes.patch
Log:
Fixes for CVE-2011-3597 (and CVE-2011-2939 with older versions of perl) : patching the version originally used avoids having to recompile any perl modules added in BLFS

Added: trunk/perl/perl-5.10.x-security_fixes-1.patch
===================================================================
--- trunk/perl/perl-5.10.x-security_fixes-1.patch	                        (rev 0)
+++ trunk/perl/perl-5.10.x-security_fixes-1.patch	2011-11-16 03:54:23 UTC (rev 2329)
@@ -0,0 +1,72 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2011-11-16
+Initial Package Version: 5.10-series
+Upstream Status: Applied
+Origin: found at debian
+Description:
+
+ Fixes for CVE-2011-2939 and CVE-2011-3597, backported to perl-5.10.
+These probably also apply to perl-5.8 >= 5.8.5 if anyone is still using that.
+
+ For 5.10.1 these should be applied with the utf8-1.patch.
+
+1. From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Tue, 4 Oct 2011 13:46:39 +0200
+Subject: [PATCH] Fix code injection in Digest
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
+---
+ lib/Digest/Digest.pm |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+ Backported to 5.10 by Ken Moffat (file is in lib/ not cpan/Digest/)
+
+2. From 2e6e1e81494d349380e13ca735d1774bf124bd60 Mon Sep 17 00:00:00 2001
+From: Chris 'BinGOs' Williams <chris at bingosnet.co.uk>
+Date: Wed, 10 Aug 2011 19:09:32 +0100
+Subject: Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
+
+Bug-Debian: http://bugs.debian.org/637376
+Origin: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
+
+ Backported to 5.10 (file is in ext/ not cpan/) by Ken Moffat
+
+---
+ ext/Encode/Unicode/Unicode.xs |    5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/lib/Digest.pm b/lib/Digest.pm
+index 384dfc8..4b923ae 100644
+--- a/lib/Digest.pm
++++ b/lib/Digest.pm
+@@ -35,7 +35,9 @@ sub new
+ 	($class, @args) = @$class if ref($class);
+ 	no strict 'refs';
+ 	unless (exists ${"$class\::"}{"VERSION"}) {
+-	    eval "require $class";
++	    my $pm_file = $class . ".pm";
++	    $pm_file =~ s{::}{/}g;
++	    eval { require $pm_file };
+ 	    if ($@) {
+ 		$err ||= $@;
+ 		next;
+-- 
+
+diff --git a/ext/Encode/Unicode/Unicode.xs b/ext/Encode/Unicode/Unicode.xs
+index 9741626..70ae001 100644
+--- a/ext/Encode/Unicode/Unicode.xs
++++ b/ext/Encode/Unicode/Unicode.xs
+@@ -246,7 +246,10 @@ CODE:
+ 	       This prevents allocating too much in the rogue case of a large
+ 	       input consisting initially of long sequence uft8-byte unicode
+ 	       chars followed by single utf8-byte chars. */
+-	    STRLEN remaining = (e - s)/usize;
++            /* +1 
++               fixes  Unicode.xs!decode_xs n-byte heap-overflow
++              */
++	    STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
+ 	    STRLEN max_alloc = remaining + (8*1024*1024);
+ 	    STRLEN est_alloc = remaining * UTF8_MAXLEN;
+ 	    STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
+1.7.6.4

Added: trunk/perl/perl-5.12.x-security_fixes-1.patch
===================================================================
--- trunk/perl/perl-5.12.x-security_fixes-1.patch	                        (rev 0)
+++ trunk/perl/perl-5.12.x-security_fixes-1.patch	2011-11-16 03:54:23 UTC (rev 2329)
@@ -0,0 +1,79 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2011-11-16
+Initial Package Version: 5.12-series and also 5.14 <= 5.14.1
+Upstream Status: Applied
+Origin: found at debian
+Description:
+
+ Fixes for CVE-2011-2939 and CVE-2011-3597, for perl-5.12 and 5.14
+up to and including 5.14.1.
+
+1. From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Tue, 4 Oct 2011 13:46:39 +0200
+Subject: [PATCH] Fix code injection in Digest
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
+---
+ lib/Digest/Digest.pm |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+2. From 2e6e1e81494d349380e13ca735d1774bf124bd60 Mon Sep 17 00:00:00 2001
+From: Chris 'BinGOs' Williams <chris at bingosnet.co.uk>
+Date: Wed, 10 Aug 2011 19:09:32 +0100
+Subject: Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
+
+Bug-Debian: http://bugs.debian.org/637376
+Origin: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
+
+---
+ ext/Encode/Unicode/Unicode.xs |    5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+From 2e6e1e81494d349380e13ca735d1774bf124bd60 Mon Sep 17 00:00:00 2001
+From: Chris 'BinGOs' Williams <chris at bingosnet.co.uk>
+Date: Wed, 10 Aug 2011 19:09:32 +0100
+Subject: Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
+
+Bug-Debian: http://bugs.debian.org/637376
+Origin: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
+
+---
+ cpan/Encode/Unicode/Unicode.xs |    5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
+index 9741626..70ae001 100644
+--- a/cpan/Encode/Unicode/Unicode.xs
++++ b/cpan/Encode/Unicode/Unicode.xs
+@@ -246,7 +246,10 @@ CODE:
+ 	       This prevents allocating too much in the rogue case of a large
+ 	       input consisting initially of long sequence uft8-byte unicode
+ 	       chars followed by single utf8-byte chars. */
+-	    STRLEN remaining = (e - s)/usize;
++            /* +1 
++               fixes  Unicode.xs!decode_xs n-byte heap-overflow
++              */
++	    STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
+ 	    STRLEN max_alloc = remaining + (8*1024*1024);
+ 	    STRLEN est_alloc = remaining * UTF8_MAXLEN;
+ 	    STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
+
+diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
+index 384dfc8..4b923ae 100644
+--- a/cpan/Digest/Digest.pm
++++ b/cpan/Digest/Digest.pm
+@@ -35,7 +35,9 @@ sub new
+ 	($class, @args) = @$class if ref($class);
+ 	no strict 'refs';
+ 	unless (exists ${"$class\::"}{"VERSION"}) {
+-	    eval "require $class";
++	    my $pm_file = $class . ".pm";
++	    $pm_file =~ s{::}{/}g;
++	    eval { require $pm_file };
+ 	    if ($@) {
+ 		$err ||= $@;
+ 		next;
+-- 
+1.7.6.4
+

Added: trunk/perl/perl-5.14.2-security_fixes.patch
===================================================================
--- trunk/perl/perl-5.14.2-security_fixes.patch	                        (rev 0)
+++ trunk/perl/perl-5.14.2-security_fixes.patch	2011-11-16 03:54:23 UTC (rev 2329)
@@ -0,0 +1,28 @@
+From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Tue, 4 Oct 2011 13:46:39 +0200
+Subject: [PATCH] Fix code injection in Digest
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
+---
+ cpan/Digest/Digest.pm |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
+index 384dfc8..4b923ae 100644
+--- a/cpan/Digest/Digest.pm
++++ b/cpan/Digest/Digest.pm
+@@ -35,7 +35,9 @@ sub new
+ 	($class, @args) = @$class if ref($class);
+ 	no strict 'refs';
+ 	unless (exists ${"$class\::"}{"VERSION"}) {
+-	    eval "require $class";
++	    my $pm_file = $class . ".pm";
++	    $pm_file =~ s{::}{/}g;
++	    eval { require $pm_file };
+ 	    if ($@) {
+ 		$err ||= $@;
+ 		next;
+-- 
+1.7.6.4
+




More information about the patches mailing list