Sat Sep 23 05:29:07 2017 UTC ()

perl5: patch for CVE-2017-12837, CVE-2017-12883

CVE-2017-12837: heap buffer overflow in regular expression compiler
CVE-2017-12883: buffer over-read in regular expression parser

From upstream commits:
https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5

bump PKGREVISION


(maya)

diff -r1.240 -r1.241 pkgsrc/lang/perl5/Makefile
diff -r1.144 -r1.145 pkgsrc/lang/perl5/distinfo
diff -r0 -r1.1 pkgsrc/lang/perl5/patches/patch-regcomp.c

--- pkgsrc/lang/perl5/Makefile 2017/07/07 05:54:24 1.240
+++ pkgsrc/lang/perl5/Makefile 2017/09/23 05:29:07 1.241

 @@ -1,20 +1,20 @@
-# $NetBSD: Makefile,v 1.240 2017/07/07 05:54:24 wiz Exp $
+# $NetBSD: Makefile,v 1.241 2017/09/23 05:29:07 maya Exp $
 .include "license.mk"
 .include "Makefile.common"
 COMMENT=	Practical Extraction and Report Language
-PKGREVISION=	2
+PKGREVISION=	3
 CONFLICTS+=	perl-base-[0-9]* perl-thread-[0-9]*
 # CONFLICTS packages older than CORE modules version.
 # based on 'corelist -v ${PKGVERSION}'
 # update based on 'corelist -diff ${PREV_PKGVERSION} ${PKGVERSION}'
 CONFLICTS+=	p5-Archive-Tar<1.96
 CONFLICTS+=	p5-Attribute-Handlers<0.96
 CONFLICTS+=	p5-AutoLoader<5.74
 CONFLICTS+=	p5-CGI<3.65
 #		older for www/p5-CGI-Fast
 CONFLICTS+=	p5-CPAN<2.0500			# 2.05
 CONFLICTS+=	p5-CPAN-Meta<2.140640

--- pkgsrc/lang/perl5/distinfo 2017/07/07 05:54:24 1.144
+++ pkgsrc/lang/perl5/distinfo 2017/09/23 05:29:07 1.145

 @@ -1,28 +1,29 @@
-$NetBSD: distinfo,v 1.144 2017/07/07 05:54:24 wiz Exp $
+$NetBSD: distinfo,v 1.145 2017/09/23 05:29:07 maya Exp $
 SHA1 (perl-5.26.0.tar.bz2) = 2ca1b28f2c3ed4cc3b74be89d150ed0377f0336a
 RMD160 (perl-5.26.0.tar.bz2) = a853a1ec299d7c6ba8239e8ed444ee6d922b8938
 SHA512 (perl-5.26.0.tar.bz2) = 1e3849c0fbf3a1903f83f86470d44f55f0f22136a1bdeb829af9c47351b6c817d7d8961a2db4c9172285f5abc087ea105ccfd4c93025acbd73569e628669aab3
 Size (perl-5.26.0.tar.bz2) = 14708010 bytes
 SHA1 (patch-Configure) = d65082b236c81c310eb683a07c8ab60fc2a3e2f0
 SHA1 (patch-MANIFEST) = b27b0e1754fe2c4484931219fa17c562db88d41a
 SHA1 (patch-Makefile.SH) = e9353181a286f52303d09cb4ce0b2c04ec104217
 SHA1 (patch-aa) = 3a2b39c9eb903e68ef7d03ae448c51c147c19aa1
 SHA1 (patch-ab) = 0ad5988b7cadfb13d9646a59a57f6cf884a6238a
 SHA1 (patch-ac) = 4baa8f80695687abb53d4f4e1830cf86db5b2bf7
 SHA1 (patch-aq) = 4bf5a76f0277b0939b2ca7720f4bb045a788b5cc
 SHA1 (patch-caretx.c) = 9f53a9133f8dd2f962b448d7288b5b20454c86fb
 SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099
 SHA1 (patch-ck) = 483e93a782e5627d3c7334d930ee11010fe7f7d8
 SHA1 (patch-cn) = d1877383e213a414562b5bb4c1e8aa785926fab7
 SHA1 (patch-cpan_File-Path_lib_File_Path.pm) = e8a08e7e7fdbebabbeef7eaa651147353eedbfd7
 SHA1 (patch-dist_Carp_lib_Carp.pm) = fb628ee983462cec9303ceea09852378ec654ecf
 SHA1 (patch-ext_Errno_Errno__pm.PL) = 4f135e267da17de38f8f1e7e03d5209bfd09a323
 SHA1 (patch-ext_File-Glob_bsd_glob.c) = e43252b55f04bb1cd69d48e8155aa110532c9fbe
 SHA1 (patch-ext_File-Glob_t_rt131211.t) = 9aeddad078cdc920e64ed2e73f952be341745d7e
 SHA1 (patch-hints_cygwin.sh) = 1b21d927d6b7379754c4cd64a2b05d3632c35470
 SHA1 (patch-hints_netbsd.sh) = 0d549a48800372d75fe34b783529a78cba90f646
 SHA1 (patch-hints_sco.sh) = 8d43cdc0632799e1cdb5dc6fdb968052a9ae4216
 SHA1 (patch-hints_solaris__2.sh) = 0e54889648a6f0f2a0232c5e01bef89d245c213d
 SHA1 (patch-regcomp.c) = e217518eda87c806962fe9dd7ef1010353919d90
 SHA1 (patch-ta) = a9d13eeec22733e4087942f217a0d47a19498a6f
 SHA1 (patch-ze) = d6fb718a1417e37a7d6bee1ae89fe2beec51c81b

$NetBSD: patch-regcomp.c,v 1.1 2017/09/23 05:29:07 maya Exp $

Fixes for CVE-2017-12837: heap buffer overflow in regular expression compiler
CVE-2017-12883 Buffer over-read in regular expression parser

From 2be4edede4ae226e2eebd4eff28cedd2041f300f Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Fri, 25 Aug 2017 11:33:58 -0600
Subject: [PATCH] PATCH: [perl #131598]

The cause of this is that the vFAIL macro uses RExC_parse, and that
variable has just been changed in preparation for code after the vFAIL.
The solution is to not change RExC_parse until after the vFAIL.

This is a case where the macro hides stuff that can bite you.

From 96c83ed78aeea1a0496dd2b2d935869a822dc8a5 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Wed, 21 Jun 2017 11:33:37 -0600
Subject: [PATCH] regcomp [perl #131582]


--- regcomp.c.orig	2017-04-19 13:37:08.000000000 +0000
+++ regcomp.c
@@ -12159,14 +12159,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
 	}
         sv_catpv(substitute_parse, ")");
 
-        RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse,
-                                                             len);
+        len = SvCUR(substitute_parse);
 
 	/* Don't allow empty number */
 	if (len < (STRLEN) 8) {
             RExC_parse = endbrace;
 	    vFAIL("Invalid hexadecimal number in \\N{U+...}");
 	}
+
+        RExC_parse = RExC_start = RExC_adjusted_start
+                                              = SvPV_nolen(substitute_parse);
 	RExC_end = RExC_parse + len;
 
         /* The values are Unicode, and therefore not subject to recoding, but
@@ -13229,6 +13231,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_stat
                             goto loopdone;
                         }
                         p = RExC_parse;
+                        RExC_parse = parse_start;
                         if (ender > 0xff) {
                             REQUIRE_UTF8(flagp);
                         }