[meego-commits] 24154: Changes to MeeGo:1.2:oss:Testing/perl

[Han Dai]

Hi,
I have made the following changes to perl in project MeeGo:1.2:oss:Testing. Please review and accept ASAP.

Thank You,
Han Dai

[This message was auto-generated]

---

Request #24154:

  submit:   home:daihan:branches:MeeGo:1.2:oss/perl(r2)(cleanup) -> MeeGo:1.2:oss:Testing/perl


Message:
    Add a patch to fix BMC #15939

State:   new          2011-09-27T23:04:19 daihan
Comment: None



changes files:
--------------
--- perl.changes
+++ perl.changes
@@ -0,0 +1,3 @@
+* Wed Sep 28 2011 Ye Gang <gang.ye at intel.com> - 5.12.1
+- Add a patch to fix CVE-2011-1487 (bmc #15939)
+

new:
----
  perl-5.12.1-CVE-2011-1487-fixed.patch
  pp.c

spec files:
-----------
--- perl.spec
+++ perl.spec
@@ -41,6 +41,9 @@
 # systems.
 Patch7:        perl-5.10.0-x86_64-io-test-failure.patch
 
+# This patch fixes the CVE-2011-1487
+Patch8:        perl-5.12.1-CVE-2011-1487-fixed.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{perl_version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  gdbm-devel, db4-devel, zlib-devel
 BuildRequires:  groff
@@ -682,7 +685,7 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
-
+%patch8 -p1
 
 chmod +x %{SOURCE11}
 #

other changes:
--------------

++++++ perl-5.12.1-CVE-2011-1487-fixed.patch (new)
--- perl-5.12.1-CVE-2011-1487-fixed.patch
+++ perl-5.12.1-CVE-2011-1487-fixed.patch
+diff -Nur perl-5.12.1/pp.c new/pp.c
+--- perl-5.12.1/pp.c	2010-05-14 06:01:07.000000000 +0800
++++ new/pp.c	2011-09-28 13:22:04.000000000 +0800
+@@ -3946,6 +3946,8 @@
+ 	    SvCUR_set(dest, need - 1);
+ 	}
+     }
++    if (dest != source && SvTAINTED(source))
++	SvTAINT(dest);
+     SvSETMAGIC(dest);
+     RETURN;
+ }
+@@ -4219,6 +4221,8 @@
+ 	    SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
+ 	}
+     } /* End of isn't utf8 */
++    if (dest != source && SvTAINTED(source))
++	SvTAINT(dest);
+     SvSETMAGIC(dest);
+     RETURN;
+ }
+@@ -4430,6 +4434,8 @@
+ 	    SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
+ 	}
+     }
++    if (dest != source && SvTAINTED(source))
++	SvTAINT(dest);
+     SvSETMAGIC(dest);
+     RETURN;
+ }
+diff -Nur perl-5.12.1/t/op/taint.t new/t/op/taint.t
+--- perl-5.12.1/t/op/taint.t	2010-05-14 06:01:07.000000000 +0800
++++ new/t/op/taint.t	2011-09-28 13:26:55.000000000 +0800
+@@ -17,7 +17,7 @@
+ use File::Spec::Functions;
+ 
+ BEGIN { require './test.pl'; }
+-plan tests => 302;
++plan tests => 774;
+ 
+ $| = 1;
+ 
+@@ -1318,6 +1318,30 @@
+     unlike($err, qr/^\d+$/, 'tainted $!');
+ }
+ 
++{
++
++	# [perl #87336] lc/uc(first) failing to taint the returned string
++
++	my $source = "foo$TAINT";
++
++	my $dest = lc $source;
++
++	is_tainted $dest, "lc(tainted) taints its return value";
++
++	$dest = lcfirst $source;
++
++	is_tainted $dest, "lcfirst(tainted) taints its return value";
++
++	$dest = uc $source;
++
++	is_tainted $dest, "uc(tainted) taints its return value";
++
++	$dest = ucfirst $source;
++
++	is_tainted $dest, "ucfirst(tainted) taints its return value";
++
++}
++
+ 
+ # This may bomb out with the alarm signal so keep it last
+ SKIP: {

++++++ pp.c (new)
--- pp.c
+++ pp.c