pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/perl5
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 13 18:44:25 UTC 2026
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
pkgsrc/lang/perl5/patches: patch-regcomp__study.c
Added Files:
pkgsrc/lang/perl5/patches: patch-dist_Storable_Storable.xs
patch-pp__pack.c
Log Message:
perl: fix CVE-2026-13221, CVE-2026-57432, CVE-2026-57433.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.294 -r1.295 pkgsrc/lang/perl5/Makefile
cvs rdiff -u -r1.199 -r1.200 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs \
pkgsrc/lang/perl5/patches/patch-pp__pack.c
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/perl5/patches/patch-regcomp__study.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/perl5/Makefile
diff -u pkgsrc/lang/perl5/Makefile:1.294 pkgsrc/lang/perl5/Makefile:1.295
--- pkgsrc/lang/perl5/Makefile:1.294 Tue Jun 16 07:12:10 2026
+++ pkgsrc/lang/perl5/Makefile Mon Jul 13 18:44:24 2026
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.294 2026/06/16 07:12:10 wiz Exp $
+# $NetBSD: Makefile,v 1.295 2026/07/13 18:44:24 wiz Exp $
.include "license.mk"
.include "Makefile.common"
COMMENT= Practical Extraction and Report Language
-PKGREVISION= 3
+PKGREVISION= 4
CONFLICTS+= perl-base-[0-9]* perl-thread-[0-9]*
Index: pkgsrc/lang/perl5/distinfo
diff -u pkgsrc/lang/perl5/distinfo:1.199 pkgsrc/lang/perl5/distinfo:1.200
--- pkgsrc/lang/perl5/distinfo:1.199 Tue Jun 16 07:12:10 2026
+++ pkgsrc/lang/perl5/distinfo Mon Jul 13 18:44:24 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.199 2026/06/16 07:12:10 wiz Exp $
+$NetBSD: distinfo,v 1.200 2026/07/13 18:44:24 wiz Exp $
BLAKE2s (perl-5.42.2.tar.gz) = a2e271ef18aa3cadeed75cf6bf48cfc30b8a9f6675053194f285cd13d97e0791
SHA512 (perl-5.42.2.tar.gz) = c17925b1146270310fbefd82a98bd94532b499a547f5be005ece204918bfc0034e473a97df643925625a940209f81a65acdd99857b3b18911461571230262c0f
@@ -10,9 +10,11 @@ SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_
SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 996556f221eb0c75c316315462bf6cea6746e030
SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc
SHA1 (patch-cpan_Socket_Socket.xs) = 50613ed2966eb389a6816504d339a2a26276b90f
+SHA1 (patch-dist_Storable_Storable.xs) = 0bc5f182965fe58b91e085119a89ec8ca7b45994
SHA1 (patch-hints_cygwin.sh) = 5e2e7179336c9bc085bd2e83d22755a235ea1a4a
SHA1 (patch-hints_linux.sh) = 4baa8f80695687abb53d4f4e1830cf86db5b2bf7
SHA1 (patch-hints_netbsd.sh) = cb498170c18f1f429eed9be245cd1df24c7ad628
SHA1 (patch-hints_solaris__2.sh) = 83b20650435ea3b62314af6059f3d82c3dd6b0a2
SHA1 (patch-installperl) = b129d64cc17b898b44fe6282b8b1df36e342d0ef
-SHA1 (patch-regcomp__study.c) = 385a4441d7c4513b196b57676d635214f8232c3b
+SHA1 (patch-pp__pack.c) = 7217920ed766b126ee3db7f928bdbb889c83d363
+SHA1 (patch-regcomp__study.c) = d9705946924b1f941c6e25c095f54824cee01155
Index: pkgsrc/lang/perl5/patches/patch-regcomp__study.c
diff -u pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.1 pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.2
--- pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.1 Wed May 27 22:28:20 2026
+++ pkgsrc/lang/perl5/patches/patch-regcomp__study.c Mon Jul 13 18:44:25 2026
@@ -1,11 +1,33 @@
-$NetBSD: patch-regcomp__study.c,v 1.1 2026/05/27 22:28:20 wiz Exp $
+$NetBSD: patch-regcomp__study.c,v 1.2 2026/07/13 18:44:25 wiz Exp $
+
+Perl versions through 5.43.9 produce silently incorrect regular
+expression matches when an alternation of more than 65535 fixed string
+branches is compiled into a trie in Perl_study_chunk
+https://github.com/Perl/perl5/commit/03f74bbbd3a68350d926ee93d56ee4808c28c4c7.patch
Perl/perl-security#147: test against the actual character lengths
https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c
--- regcomp_study.c.orig 2026-01-18 17:50:04.000000000 +0000
+++ regcomp_study.c
-@@ -2770,6 +2770,13 @@ Perl_study_chunk(pTHX_
+@@ -1841,6 +1841,16 @@ Perl_study_chunk(pTHX_
+ tail = regnext( tail );
+ }
+
++ /* The code below currently saves the difference from
++ * start to finish in a 16-bit field, causing
++ * GH #23388. This defeats the design of batching
++ * tries into chunks that each fit. khw thinks it is
++ * too late in the 5.44 cycle to relook at the design,
++ * so for now anyway, don't make a trie that would
++ * overflow */
++ if (tail - startbranch >= U16_MAX) {
++ continue;
++ }
+
+ DEBUG_TRIE_COMPILE_r({
+ regprop(RExC_rx, RExC_mysv, tail, NULL, pRExC_state);
+@@ -2770,6 +2780,13 @@ Perl_study_chunk(pTHX_
(U8 *) SvEND(data->last_found))
- (U8*)s;
l -= old;
Added files:
Index: pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs:1.1
--- /dev/null Mon Jul 13 18:44:25 2026
+++ pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs Mon Jul 13 18:44:25 2026
@@ -0,0 +1,20 @@
+$NetBSD: patch-dist_Storable_Storable.xs,v 1.1 2026/07/13 18:44:25 wiz Exp $
+
+Storable versions before 3.41 for Perl have a signed integer overflow
+when deserializing a crafted SX_HOOK record
+https://github.com/Perl/perl5/commit/e4f681784bcdeaa91ff02a2fa4cdcae5c46779d7.patch
+
+--- dist/Storable/Storable.xs.orig 2026-01-18 17:50:04.000000000 +0000
++++ dist/Storable/Storable.xs
+@@ -5035,7 +5035,10 @@ static SV *retrieve_hook_common(pTHX_ stcxt_t *cxt, co
+ }
+ else
+ GETMARK(len3);
+- if (len3) {
++ if (len3 == I32_MAX)
++ /* If len3 is exactly I32_MAX it will upset av_extend below */
++ CROAK(("Invalid count of hook data items"));
++ else if (len3) {
+ av = newAV();
+ av_extend(av, len3 + 1); /* Leave room for [0] */
+ AvFILLp(av) = len3; /* About to be filled anyway */
Index: pkgsrc/lang/perl5/patches/patch-pp__pack.c
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-pp__pack.c:1.1
--- /dev/null Mon Jul 13 18:44:25 2026
+++ pkgsrc/lang/perl5/patches/patch-pp__pack.c Mon Jul 13 18:44:25 2026
@@ -0,0 +1,36 @@
+$NetBSD: patch-pp__pack.c,v 1.1 2026/07/13 18:44:25 wiz Exp $
+
+Perl versions through 5.43.10 have an integer overflow in
+S_measure_struct leading to an out-of-bounds heap read in pack and
+unpack
+https://github.com/Perl/perl5/commit/40754edc72dd3e513d758153c0e2f0215897740e.patch
+https://github.com/Perl/perl5/commit/5f7eb6bbbe0510964e3fb1d6bb691e5445913e55.patch
+
+--- pp_pack.c.orig 2026-01-18 17:50:04.000000000 +0000
++++ pp_pack.c
+@@ -513,12 +513,12 @@ S_measure_struct(pTHX_ tempsym_t* symptr)
+ break;
+ case 'B':
+ case 'b':
+- len = (len + 7)/8;
++ len = (len / 8) + !!(len % 8);
+ size = 1;
+ break;
+ case 'H':
+ case 'h':
+- len = (len + 1)/2;
++ len = (len / 2) + !!(len % 2);
+ size = 1;
+ break;
+
+@@ -528,6 +528,10 @@ S_measure_struct(pTHX_ tempsym_t* symptr)
+ break;
+ }
+ }
++ if ((size > 0) &&
++ ((len > SSize_t_MAX / size) || /* detect overflow of len * size */
++ (len * size > SSize_t_MAX - total))) /* detect overflow of total + len * size */
++ croak("Pack template structure size is too large");
+ total += len * size;
+ }
+ return total;
Home |
Main Index |
Thread Index |
Old Index