Commit 25055c93 authored by Niko Tyni's avatar Niko Tyni

Merge commit 'debian/5.8.8-12' into debian

parents f599457f d54b536c
......@@ -34,7 +34,7 @@ following perl-specific options:
architectures other than i386 (where the relocations incur a
measurable performance penalty).
x-perl-notest
x-perl-notest (or nocheck)
The regression test suite is normally run after each of the static
and shared build phases. It is occaisionally useful to supress
these tests (when debugging the build process for example, or to
......
perl (5.8.8-12) unstable; urgency=high
* SECURITY [CVE-2007-5116] (closes: #450456): Apply patch from
Will Drewry and Tavis Ormandy of the Google Security Team to fix a
UTF-8 related heap overflow in Perl's regular expression compiler,
probably allowing attackers to execute arbitrary code by compiling
specially crafted regular expressions.
* Support "nocheck" option in DEB_BUILD_OPTIONS (closes: #449549).
* Suppress Configure test for ualarm() so that setitimer() emulation
is used (closes: #448965).
-- Brendan O'Dea <bod@debian.org> Thu, 08 Nov 2007 08:42:01 +1100
perl (5.8.8-11.1) unstable; urgency=high
* Non-maintainer upload.
......
......@@ -35,6 +35,13 @@ case "$1" in
*) exec echo yes;;
esac;;
--test-target)
case ",$DEB_BUILD_OPTIONS," in
*[,\ ]nocheck[,\ ]*) exit;;
*[,\ ]x-perl-notest[,\ ]*) exit;;
*) exec echo test;;
esac;;
--install-type)
# The default installation type for /usr/bin/perl of shared or
# static may be changed by including x-perl-static or x-perl-shared
......@@ -49,12 +56,6 @@ case "$1" in
*) exec echo shared;;
esac;;
--test-target)
case ",$DEB_BUILD_OPTIONS," in
*[,\ ]x-perl-notest[,\ ]*) exit;;
*) exec echo test;;
esac;;
*) echo "$0: need --shared, --static, or --debug option"
exit 2;;
esac
......@@ -99,6 +100,7 @@ eval /bin/bash Configure \
-Dpager=/usr/bin/sensible-pager \
-Uafs \
-Ud_csh \
-Ud_ualarm \
-Uusesfio \
-Uusenm \
$opts -des
CVE-2007-5116:
"Will Drewry and Tavis Ormandy of the Google Security Team have
discovered a UTF-8 related heap overflow in Perl's regular
expression compiler, probably allowing attackers to execute
arbitrary code by compiling specially crafted regular expressions."
diff -Naur --exclude=debian perl-5.8.8.orig/regcomp.c perl-5.8.8/regcomp.c
--- perl-5.8.8.orig/regcomp.c 2006-01-09 07:59:27.000000000 +1100
+++ perl-5.8.8/regcomp.c 2007-11-08 01:34:32.000000000 +1100
@@ -136,6 +136,7 @@
I32 seen_zerolen;
I32 seen_evals;
I32 utf8;
+ I32 orig_utf8;
#if ADD_TO_REGEXEC
char *starttry; /* -Dr: where regtry was called. */
#define RExC_starttry (pRExC_state->starttry)
@@ -161,6 +162,7 @@
#define RExC_seen_zerolen (pRExC_state->seen_zerolen)
#define RExC_seen_evals (pRExC_state->seen_evals)
#define RExC_utf8 (pRExC_state->utf8)
+#define RExC_orig_utf8 (pRExC_state->orig_utf8)
#define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
#define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
@@ -1750,6 +1752,7 @@
FAIL("NULL regexp argument");
RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+ RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
RExC_precomp = exp;
DEBUG_r({
@@ -1758,6 +1761,8 @@
PL_colors[4],PL_colors[5],PL_colors[0],
(int)(xend - exp), RExC_precomp, PL_colors[1]);
});
+redo_first_pass:
+ RExC_precomp = exp;
RExC_flags = pm->op_pmflags;
RExC_sawback = 0;
@@ -1783,6 +1788,17 @@
RExC_precomp = Nullch;
return(NULL);
}
+ if (RExC_utf8 && !RExC_orig_utf8) {
+ STRLEN len = xend-exp;
+ DEBUG_r(PerlIO_printf(Perl_debug_log,
+ "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
+ exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
+ xend = exp + len;
+ RExC_orig_utf8 = RExC_utf8;
+ SAVEFREEPV(exp);
+ goto redo_first_pass;
+ }
+
DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
/* Small enough for pointer-storage convention?
......@@ -25,6 +25,7 @@ debian/patches/22_fix_pod2html_dl
debian/patches/23_fix_tpj13_typo
debian/patches/24_fix_perlcc_nv_save
debian/patches/25_fix_defined_x86_64
debian/patches/26_fix_regcomp_overflow
debian/patches/50_debian_use_gdbm
debian/patches/51_debian_ld_run_path
debian/patches/52_debian_extutils_hacks
......
......@@ -136,6 +136,7 @@ typedef struct RExC_state_t {
I32 seen_zerolen;
I32 seen_evals;
I32 utf8;
I32 orig_utf8;
#if ADD_TO_REGEXEC
char *starttry; /* -Dr: where regtry was called. */
#define RExC_starttry (pRExC_state->starttry)
......@@ -161,6 +162,7 @@ typedef struct RExC_state_t {
#define RExC_seen_zerolen (pRExC_state->seen_zerolen)
#define RExC_seen_evals (pRExC_state->seen_evals)
#define RExC_utf8 (pRExC_state->utf8)
#define RExC_orig_utf8 (pRExC_state->orig_utf8)
#define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?')
#define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
......@@ -1750,6 +1752,7 @@ Perl_pregcomp(pTHX_ char *exp, char *xend, PMOP *pm)
FAIL("NULL regexp argument");
RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
RExC_precomp = exp;
DEBUG_r({
......@@ -1758,6 +1761,8 @@ Perl_pregcomp(pTHX_ char *exp, char *xend, PMOP *pm)
PL_colors[4],PL_colors[5],PL_colors[0],
(int)(xend - exp), RExC_precomp, PL_colors[1]);
});
redo_first_pass:
RExC_precomp = exp;
RExC_flags = pm->op_pmflags;
RExC_sawback = 0;
......@@ -1783,6 +1788,17 @@ Perl_pregcomp(pTHX_ char *exp, char *xend, PMOP *pm)
RExC_precomp = Nullch;
return(NULL);
}
if (RExC_utf8 && !RExC_orig_utf8) {
STRLEN len = xend-exp;
DEBUG_r(PerlIO_printf(Perl_debug_log,
"UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
xend = exp + len;
RExC_orig_utf8 = RExC_utf8;
SAVEFREEPV(exp);
goto redo_first_pass;
}
DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
/* Small enough for pointer-storage convention?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment