source:
patches/perl-5.8.8-security_fixes-1.patch@
996c756
Last change on this file since 996c756 was 67300de, checked in by , 16 years ago | |
---|---|
|
|
File size: 10.0 KB |
-
embed.fnc
Submitted By: Ken Moffat <ken at linuxfromscratch dot org> Date: 2008-07-09 Initial Package Version: 5.8.8 Upstream Status: unknown Origin: Extracted from redhat-enterprise. Description: Fixes CVE-2007-5116 and CVE-2008-1927. NB - anyone who thinks we should just upgrade to 5.10.0 needs to find a fix for CVE-2008-2827 : no doubt 5.10.1 will fix that when it is released. Edited to remove the creation of regcomp.c~ which I had overlooked. diff -Naur perl-5.8.8.orig/embed.fnc perl-5.8.8/embed.fnc
old new 1168 1168 Es |regnode*|regclass |NN struct RExC_state_t *state 1169 1169 ERs |I32 |regcurly |NN const char * 1170 1170 Es |regnode*|reg_node |NN struct RExC_state_t *state|U8 op 1171 Es |UV |reg_recode |const char value|NULLOK SV **encp 1171 1172 Es |regnode*|regpiece |NN struct RExC_state_t *state|NN I32 *flagp 1172 1173 Es |void |reginsert |NN struct RExC_state_t *state|U8 op|NN regnode *opnd 1173 1174 Es |void |regoptail |NN struct RExC_state_t *state|NN regnode *p|NN regnode *val -
perl-5.8.8
diff -Naur perl-5.8.8.orig/embed.h perl-5.8.8/embed.h
old new 1234 1234 #define regclass S_regclass 1235 1235 #define regcurly S_regcurly 1236 1236 #define reg_node S_reg_node 1237 #define reg_recode S_reg_recode 1237 1238 #define regpiece S_regpiece 1238 1239 #define reginsert S_reginsert 1239 1240 #define regoptail S_regoptail … … 3277 3278 #define regclass(a) S_regclass(aTHX_ a) 3278 3279 #define regcurly(a) S_regcurly(aTHX_ a) 3279 3280 #define reg_node(a,b) S_reg_node(aTHX_ a,b) 3281 #define reg_recode(a,b) S_reg_recode(aTHX_ a,b) 3280 3282 #define regpiece(a,b) S_regpiece(aTHX_ a,b) 3281 3283 #define reginsert(a,b,c) S_reginsert(aTHX_ a,b,c) 3282 3284 #define regoptail(a,b,c) S_regoptail(aTHX_ a,b,c) -
pod/perldiag.pod
diff -Naur perl-5.8.8.orig/pod/perldiag.pod perl-5.8.8/pod/perldiag.pod
old new 1900 1900 (W printf) Perl does not understand the given format conversion. See 1901 1901 L<perlfunc/sprintf>. 1902 1902 1903 =item Invalid escape in the specified encoding in regex; marked by <-- HERE in m/%s/ 1904 1905 (W regexp) The numeric escape (for example C<\xHH>) of value < 256 1906 didn't correspond to a single character through the conversion 1907 from the encoding specified by the encoding pragma. 1908 The escape was replaced with REPLACEMENT CHARACTER (U+FFFD) instead. 1909 The <-- HERE shows in the regular expression about where the 1910 escape was discovered. 1911 1903 1912 =item Invalid [] range "%s" in regex; marked by <-- HERE in m/%s/ 1904 1913 1905 1914 (F) The range specified in a character class had a minimum character -
perl-5.8.8
diff -Naur perl-5.8.8.orig/proto.h perl-5.8.8/proto.h
old new 1748 1748 __attribute__warn_unused_result__; 1749 1749 1750 1750 STATIC regnode* S_reg_node(pTHX_ struct RExC_state_t *state, U8 op); 1751 STATIC UV S_reg_recode(pTHX_ const char value, SV **encp); 1751 1752 STATIC regnode* S_regpiece(pTHX_ struct RExC_state_t *state, I32 *flagp); 1752 1753 STATIC void S_reginsert(pTHX_ struct RExC_state_t *state, U8 op, regnode *opnd); 1753 1754 STATIC void S_regoptail(pTHX_ struct RExC_state_t *state, regnode *p, regnode *val); -
regcomp.c
diff -Naur perl-5.8.8.orig/regcomp.c perl-5.8.8/regcomp.c
old new 136 136 I32 seen_zerolen; 137 137 I32 seen_evals; 138 138 I32 utf8; 139 I32 orig_utf8; 139 140 #if ADD_TO_REGEXEC 140 141 char *starttry; /* -Dr: where regtry was called. */ 141 142 #define RExC_starttry (pRExC_state->starttry) … … 161 162 #define RExC_seen_zerolen (pRExC_state->seen_zerolen) 162 163 #define RExC_seen_evals (pRExC_state->seen_evals) 163 164 #define RExC_utf8 (pRExC_state->utf8) 165 #define RExC_orig_utf8 (pRExC_state->orig_utf8) 164 166 165 167 #define ISMULT1(c) ((c) == '*' || (c) == '+' || (c) == '?') 166 168 #define ISMULT2(s) ((*s) == '*' || (*s) == '+' || (*s) == '?' || \ … … 1749 1751 if (exp == NULL) 1750 1752 FAIL("NULL regexp argument"); 1751 1753 1752 RExC_ utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;1754 RExC_orig_utf8 = RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8; 1753 1755 1754 RExC_precomp = exp;1755 1756 DEBUG_r({ 1756 1757 if (!PL_colorset) reginitcolors(); 1757 1758 PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n", 1758 1759 PL_colors[4],PL_colors[5],PL_colors[0], 1759 (int)(xend - exp), RExC_precomp, PL_colors[1]);1760 (int)(xend - exp), exp, PL_colors[1]); 1760 1761 }); 1762 1763 redo_first_pass: 1764 RExC_precomp = exp; 1761 1765 RExC_flags = pm->op_pmflags; 1762 1766 RExC_sawback = 0; 1763 1767 … … 1783 1787 RExC_precomp = Nullch; 1784 1788 return(NULL); 1785 1789 } 1790 if (RExC_utf8 && !RExC_orig_utf8) { 1791 STRLEN len = xend-exp; 1792 DEBUG_r(PerlIO_printf(Perl_debug_log, 1793 "UTF8 mismatch! Converting to utf8 for resizing and compile\n")); 1794 exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len); 1795 xend = exp + len; 1796 RExC_orig_utf8 = RExC_utf8; 1797 SAVEFREEPV(exp); 1798 goto redo_first_pass; 1799 } 1800 1786 1801 DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size)); 1787 1802 1788 1803 /* Small enough for pointer-storage convention? … … 2775 2790 } 2776 2791 2777 2792 /* 2793 * reg_recode 2794 * 2795 * It returns the code point in utf8 for the value in *encp. 2796 * value: a code value in the source encoding 2797 * encp: a pointer to an Encode object 2798 * 2799 * If the result from Encode is not a single character, 2800 * it returns U+FFFD (Replacement character) and sets *encp to NULL. 2801 */ 2802 STATIC UV 2803 S_reg_recode(pTHX_ const char value, SV **encp) 2804 { 2805 STRLEN numlen = 1; 2806 SV * const sv = sv_2mortal(newSVpvn(&value, numlen)); 2807 const char * const s = encp && *encp ? sv_recode_to_utf8(sv, *encp) 2808 : SvPVX(sv); 2809 const STRLEN newlen = SvCUR(sv); 2810 UV uv = UNICODE_REPLACEMENT; 2811 2812 if (newlen) 2813 uv = SvUTF8(sv) 2814 ? utf8n_to_uvchr((U8*)s, newlen, &numlen, UTF8_ALLOW_DEFAULT) 2815 : *(U8*)s; 2816 2817 if (!newlen || numlen != newlen) { 2818 uv = UNICODE_REPLACEMENT; 2819 if (encp) 2820 *encp = NULL; 2821 } 2822 return uv; 2823 } 2824 2825 /* 2778 2826 - regatom - the lowest level 2779 2827 * 2780 2828 * Optimization: gobbles an entire sequence of ordinary characters so that … … 3166 3214 ender = grok_hex(p, &numlen, &flags, NULL); 3167 3215 p += numlen; 3168 3216 } 3217 if (PL_encoding && ender < 0x100) 3218 goto recode_encoding; 3169 3219 break; 3170 3220 case 'c': 3171 3221 p++; … … 3185 3235 --p; 3186 3236 goto loopdone; 3187 3237 } 3238 if (PL_encoding && ender < 0x100) 3239 goto recode_encoding; 3240 break; 3241 recode_encoding: 3242 { 3243 SV* enc = PL_encoding; 3244 ender = reg_recode((const char)(U8)ender, &enc); 3245 if (!enc && SIZE_ONLY && ckWARN(WARN_REGEXP)) 3246 vWARN(p, "Invalid escape in the specified encoding"); 3247 RExC_utf8 = 1; 3248 } 3188 3249 break; 3189 3250 case '\0': 3190 3251 if (p >= RExC_end) … … 3315 3376 break; 3316 3377 } 3317 3378 3318 /* If the encoding pragma is in effect recode the text of3319 * any EXACT-kind nodes. */3320 if (PL_encoding && PL_regkind[(U8)OP(ret)] == EXACT) {3321 STRLEN oldlen = STR_LEN(ret);3322 SV *sv = sv_2mortal(newSVpvn(STRING(ret), oldlen));3323 3324 if (RExC_utf8)3325 SvUTF8_on(sv);3326 if (sv_utf8_downgrade(sv, TRUE)) {3327 const char * const s = sv_recode_to_utf8(sv, PL_encoding);3328 const STRLEN newlen = SvCUR(sv);3329 3330 if (SvUTF8(sv))3331 RExC_utf8 = 1;3332 if (!SIZE_ONLY) {3333 DEBUG_r(PerlIO_printf(Perl_debug_log, "recode %*s to %*s\n",3334 (int)oldlen, STRING(ret),3335 (int)newlen, s));3336 Copy(s, STRING(ret), newlen, char);3337 STR_LEN(ret) += newlen - oldlen;3338 RExC_emit += STR_SZ(newlen) - STR_SZ(oldlen);3339 } else3340 RExC_size += STR_SZ(newlen) - STR_SZ(oldlen);3341 }3342 }3343 3344 3379 return(ret); 3345 3380 } 3346 3381 … … 3718 3753 value = grok_hex(RExC_parse, &numlen, &flags, NULL); 3719 3754 RExC_parse += numlen; 3720 3755 } 3756 if (PL_encoding && value < 0x100) 3757 goto recode_encoding; 3721 3758 break; 3722 3759 case 'c': 3723 3760 value = UCHARAT(RExC_parse++); … … 3725 3762 break; 3726 3763 case '0': case '1': case '2': case '3': case '4': 3727 3764 case '5': case '6': case '7': case '8': case '9': 3728 { 3729 I32 flags = 0; 3730 numlen = 3; 3731 value = grok_oct(--RExC_parse, &numlen, &flags, NULL); 3732 RExC_parse += numlen; 3733 break; 3734 } 3765 { 3766 I32 flags = 0; 3767 numlen = 3; 3768 value = grok_oct(--RExC_parse, &numlen, &flags, NULL); 3769 RExC_parse += numlen; 3770 if (PL_encoding && value < 0x100) 3771 goto recode_encoding; 3772 break; 3773 } 3774 recode_encoding: 3775 { 3776 SV* enc = PL_encoding; 3777 value = reg_recode((const char)(U8)value, &enc); 3778 if (!enc && SIZE_ONLY && ckWARN(WARN_REGEXP)) 3779 vWARN(RExC_parse, 3780 "Invalid escape in the specified encoding"); 3781 break; 3782 } 3735 3783 default: 3736 3784 if (!SIZE_ONLY && isALPHA(value) && ckWARN(WARN_REGEXP)) 3737 3785 vWARN2(RExC_parse, -
t/uni/tr_utf8.t
diff -Naur perl-5.8.8.orig/t/uni/tr_utf8.t perl-5.8.8/t/uni/tr_utf8.t
old new 31 31 } 32 32 33 33 use strict; 34 use Test::More tests => 7;34 use Test::More tests => 8; 35 35 36 36 use encoding 'utf8'; 37 37 … … 67 67 $line =~ tr/bcdeghijklmnprstvwxyz$02578/×׊××¢×××ײק××× ×€ÖŒ×š×¡×װש×××שױתײ××/; 68 68 is($line, "a×׊××¢f×××ײק××× o×€q֌ךסu×װש×××ש1×±34ת6ײ×9", "[perl #16843]"); 69 69 } 70 71 { 72 # [perl #40641] 73 my $str = qq/GebÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀude/; 74 my $reg = qr/GebÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀÀude/; 75 ok($str =~ /$reg/, "[perl #40641]"); 76 } 77 70 78 __END__ -
perl-5.8.8
diff -Naur perl-5.8.8.orig/utf8.h perl-5.8.8/utf8.h
old new 198 198 UTF8_ALLOW_SURROGATE|UTF8_ALLOW_FFFF) 199 199 #define UTF8_ALLOW_ANY 0x00FF 200 200 #define UTF8_CHECK_ONLY 0x0200 201 #define UTF8_ALLOW_DEFAULT (ckWARN(WARN_UTF8) ? 0 : \ 202 UTF8_ALLOW_ANYUV) 201 203 202 204 #define UNICODE_SURROGATE_FIRST 0xD800 203 205 #define UNICODE_SURROGATE_LAST 0xDFFF
Note:
See TracBrowser
for help on using the repository browser.