pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/perl5
Module Name: pkgsrc
Committed By: wiz
Date: Wed May 27 22:28:20 UTC 2026
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-regcomp__study.c
Log Message:
perl: apply upstream security fix for regex on 32-bit systems.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.291 -r1.292 pkgsrc/lang/perl5/Makefile
cvs rdiff -u -r1.196 -r1.197 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/perl5/patches/patch-regcomp__study.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/perl5/Makefile
diff -u pkgsrc/lang/perl5/Makefile:1.291 pkgsrc/lang/perl5/Makefile:1.292
--- pkgsrc/lang/perl5/Makefile:1.291 Mon Mar 30 08:57:15 2026
+++ pkgsrc/lang/perl5/Makefile Wed May 27 22:28:20 2026
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.291 2026/03/30 08:57:15 wiz Exp $
+# $NetBSD: Makefile,v 1.292 2026/05/27 22:28:20 wiz Exp $
.include "license.mk"
.include "Makefile.common"
COMMENT= Practical Extraction and Report Language
+PKGREVISION= 1
CONFLICTS+= perl-base-[0-9]* perl-thread-[0-9]*
Index: pkgsrc/lang/perl5/distinfo
diff -u pkgsrc/lang/perl5/distinfo:1.196 pkgsrc/lang/perl5/distinfo:1.197
--- pkgsrc/lang/perl5/distinfo:1.196 Mon Mar 30 08:57:15 2026
+++ pkgsrc/lang/perl5/distinfo Wed May 27 22:28:20 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.196 2026/03/30 08:57:15 wiz Exp $
+$NetBSD: distinfo,v 1.197 2026/05/27 22:28:20 wiz Exp $
BLAKE2s (perl-5.42.2.tar.gz) = a2e271ef18aa3cadeed75cf6bf48cfc30b8a9f6675053194f285cd13d97e0791
SHA512 (perl-5.42.2.tar.gz) = c17925b1146270310fbefd82a98bd94532b499a547f5be005ece204918bfc0034e473a97df643925625a940209f81a65acdd99857b3b18911461571230262c0f
@@ -13,3 +13,4 @@ SHA1 (patch-hints_linux.sh) = 4baa8f8069
SHA1 (patch-hints_netbsd.sh) = cb498170c18f1f429eed9be245cd1df24c7ad628
SHA1 (patch-hints_solaris__2.sh) = 83b20650435ea3b62314af6059f3d82c3dd6b0a2
SHA1 (patch-installperl) = b129d64cc17b898b44fe6282b8b1df36e342d0ef
+SHA1 (patch-regcomp__study.c) = 385a4441d7c4513b196b57676d635214f8232c3b
Added files:
Index: pkgsrc/lang/perl5/patches/patch-regcomp__study.c
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.1
--- /dev/null Wed May 27 22:28:20 2026
+++ pkgsrc/lang/perl5/patches/patch-regcomp__study.c Wed May 27 22:28:20 2026
@@ -0,0 +1,21 @@
+$NetBSD: patch-regcomp__study.c,v 1.1 2026/05/27 22:28:20 wiz Exp $
+
+Perl/perl-security#147: test against the actual character lengths
+https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c
+
+--- regcomp_study.c.orig 2026-01-18 17:50:04.000000000 +0000
++++ regcomp_study.c
+@@ -2770,6 +2770,13 @@ Perl_study_chunk(pTHX_
+ (U8 *) SvEND(data->last_found))
+ - (U8*)s;
+ l -= old;
++
++ if (l > 0 &&
++ (mincount >= SSize_t_MAX / (SSize_t)l
++ || old > SSize_t_MAX - mincount * (SSize_t)l)) {
++ FAIL("Regexp out of space");
++ }
++
+ /* Get the added string: */
+ last_str = newSVpvn_utf8(s + old, l, UTF);
+ last_chrs = UTF ? utf8_length((U8*)(s + old),
Home |
Main Index |
Thread Index |
Old Index