pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang/perl5



Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Jul 13 18:44:25 UTC 2026

Modified Files:
        pkgsrc/lang/perl5: Makefile distinfo
        pkgsrc/lang/perl5/patches: patch-regcomp__study.c
Added Files:
        pkgsrc/lang/perl5/patches: patch-dist_Storable_Storable.xs
            patch-pp__pack.c

Log Message:
perl: fix CVE-2026-13221, CVE-2026-57432, CVE-2026-57433.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.294 -r1.295 pkgsrc/lang/perl5/Makefile
cvs rdiff -u -r1.199 -r1.200 pkgsrc/lang/perl5/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs \
    pkgsrc/lang/perl5/patches/patch-pp__pack.c
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/perl5/patches/patch-regcomp__study.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/perl5/Makefile
diff -u pkgsrc/lang/perl5/Makefile:1.294 pkgsrc/lang/perl5/Makefile:1.295
--- pkgsrc/lang/perl5/Makefile:1.294    Tue Jun 16 07:12:10 2026
+++ pkgsrc/lang/perl5/Makefile  Mon Jul 13 18:44:24 2026
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.294 2026/06/16 07:12:10 wiz Exp $
+# $NetBSD: Makefile,v 1.295 2026/07/13 18:44:24 wiz Exp $
 
 .include "license.mk"
 .include "Makefile.common"
 
 COMMENT=       Practical Extraction and Report Language
-PKGREVISION=   3
+PKGREVISION=   4
 
 CONFLICTS+=    perl-base-[0-9]* perl-thread-[0-9]*
 

Index: pkgsrc/lang/perl5/distinfo
diff -u pkgsrc/lang/perl5/distinfo:1.199 pkgsrc/lang/perl5/distinfo:1.200
--- pkgsrc/lang/perl5/distinfo:1.199    Tue Jun 16 07:12:10 2026
+++ pkgsrc/lang/perl5/distinfo  Mon Jul 13 18:44:24 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.199 2026/06/16 07:12:10 wiz Exp $
+$NetBSD: distinfo,v 1.200 2026/07/13 18:44:24 wiz Exp $
 
 BLAKE2s (perl-5.42.2.tar.gz) = a2e271ef18aa3cadeed75cf6bf48cfc30b8a9f6675053194f285cd13d97e0791
 SHA512 (perl-5.42.2.tar.gz) = c17925b1146270310fbefd82a98bd94532b499a547f5be005ece204918bfc0034e473a97df643925625a940209f81a65acdd99857b3b18911461571230262c0f
@@ -10,9 +10,11 @@ SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_
 SHA1 (patch-cpan_ExtUtils-MakeMaker_lib_ExtUtils_MM__Unix.pm) = 996556f221eb0c75c316315462bf6cea6746e030
 SHA1 (patch-cpan_ExtUtils-MakeMaker_t_MM__BeOS.t) = 9b0e7ab85fdab4887b1754599a8879bd7d9f36cc
 SHA1 (patch-cpan_Socket_Socket.xs) = 50613ed2966eb389a6816504d339a2a26276b90f
+SHA1 (patch-dist_Storable_Storable.xs) = 0bc5f182965fe58b91e085119a89ec8ca7b45994
 SHA1 (patch-hints_cygwin.sh) = 5e2e7179336c9bc085bd2e83d22755a235ea1a4a
 SHA1 (patch-hints_linux.sh) = 4baa8f80695687abb53d4f4e1830cf86db5b2bf7
 SHA1 (patch-hints_netbsd.sh) = cb498170c18f1f429eed9be245cd1df24c7ad628
 SHA1 (patch-hints_solaris__2.sh) = 83b20650435ea3b62314af6059f3d82c3dd6b0a2
 SHA1 (patch-installperl) = b129d64cc17b898b44fe6282b8b1df36e342d0ef
-SHA1 (patch-regcomp__study.c) = 385a4441d7c4513b196b57676d635214f8232c3b
+SHA1 (patch-pp__pack.c) = 7217920ed766b126ee3db7f928bdbb889c83d363
+SHA1 (patch-regcomp__study.c) = d9705946924b1f941c6e25c095f54824cee01155

Index: pkgsrc/lang/perl5/patches/patch-regcomp__study.c
diff -u pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.1 pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.2
--- pkgsrc/lang/perl5/patches/patch-regcomp__study.c:1.1        Wed May 27 22:28:20 2026
+++ pkgsrc/lang/perl5/patches/patch-regcomp__study.c    Mon Jul 13 18:44:25 2026
@@ -1,11 +1,33 @@
-$NetBSD: patch-regcomp__study.c,v 1.1 2026/05/27 22:28:20 wiz Exp $
+$NetBSD: patch-regcomp__study.c,v 1.2 2026/07/13 18:44:25 wiz Exp $
+
+Perl versions through 5.43.9 produce silently incorrect regular
+expression matches when an alternation of more than 65535 fixed string
+branches is compiled into a trie in Perl_study_chunk
+https://github.com/Perl/perl5/commit/03f74bbbd3a68350d926ee93d56ee4808c28c4c7.patch
 
 Perl/perl-security#147: test against the actual character lengths
 https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c
 
 --- regcomp_study.c.orig       2026-01-18 17:50:04.000000000 +0000
 +++ regcomp_study.c
-@@ -2770,6 +2770,13 @@ Perl_study_chunk(pTHX_
+@@ -1841,6 +1841,16 @@ Perl_study_chunk(pTHX_
+                             tail = regnext( tail );
+                         }
+ 
++                        /* The code below currently saves the difference from
++                         * start to finish in a 16-bit field, causing
++                         * GH #23388.  This defeats the design of batching
++                         * tries into chunks that each fit.  khw thinks it is
++                         * too late in the 5.44 cycle to relook at the design,
++                         * so for now anyway, don't make a trie that would
++                         * overflow */
++                        if (tail - startbranch >= U16_MAX) {
++                            continue;
++                        }
+ 
+                         DEBUG_TRIE_COMPILE_r({
+                             regprop(RExC_rx, RExC_mysv, tail, NULL, pRExC_state);
+@@ -2770,6 +2780,13 @@ Perl_study_chunk(pTHX_
                                                 (U8 *) SvEND(data->last_found))
                                  - (U8*)s;
                          l -= old;

Added files:

Index: pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs:1.1
--- /dev/null   Mon Jul 13 18:44:25 2026
+++ pkgsrc/lang/perl5/patches/patch-dist_Storable_Storable.xs   Mon Jul 13 18:44:25 2026
@@ -0,0 +1,20 @@
+$NetBSD: patch-dist_Storable_Storable.xs,v 1.1 2026/07/13 18:44:25 wiz Exp $
+
+Storable versions before 3.41 for Perl have a signed integer overflow
+when deserializing a crafted SX_HOOK record
+https://github.com/Perl/perl5/commit/e4f681784bcdeaa91ff02a2fa4cdcae5c46779d7.patch
+
+--- dist/Storable/Storable.xs.orig     2026-01-18 17:50:04.000000000 +0000
++++ dist/Storable/Storable.xs
+@@ -5035,7 +5035,10 @@ static SV *retrieve_hook_common(pTHX_ stcxt_t *cxt, co
+         }
+         else
+             GETMARK(len3);
+-        if (len3) {
++        if (len3 == I32_MAX)
++            /* If len3 is exactly I32_MAX it will upset av_extend below */
++            CROAK(("Invalid count of hook data items"));
++        else if (len3) {
+             av = newAV();
+             av_extend(av, len3 + 1);    /* Leave room for [0] */
+             AvFILLp(av) = len3;         /* About to be filled anyway */
Index: pkgsrc/lang/perl5/patches/patch-pp__pack.c
diff -u /dev/null pkgsrc/lang/perl5/patches/patch-pp__pack.c:1.1
--- /dev/null   Mon Jul 13 18:44:25 2026
+++ pkgsrc/lang/perl5/patches/patch-pp__pack.c  Mon Jul 13 18:44:25 2026
@@ -0,0 +1,36 @@
+$NetBSD: patch-pp__pack.c,v 1.1 2026/07/13 18:44:25 wiz Exp $
+
+Perl versions through 5.43.10 have an integer overflow in
+S_measure_struct leading to an out-of-bounds heap read in pack and
+unpack
+https://github.com/Perl/perl5/commit/40754edc72dd3e513d758153c0e2f0215897740e.patch
+https://github.com/Perl/perl5/commit/5f7eb6bbbe0510964e3fb1d6bb691e5445913e55.patch
+
+--- pp_pack.c.orig     2026-01-18 17:50:04.000000000 +0000
++++ pp_pack.c
+@@ -513,12 +513,12 @@ S_measure_struct(pTHX_ tempsym_t* symptr)
+                 break;
+             case 'B':
+             case 'b':
+-                len = (len + 7)/8;
++                len = (len / 8) + !!(len % 8);
+                 size = 1;
+                 break;
+             case 'H':
+             case 'h':
+-                len = (len + 1)/2;
++                len = (len / 2) + !!(len % 2);
+                 size = 1;
+                 break;
+ 
+@@ -528,6 +528,10 @@ S_measure_struct(pTHX_ tempsym_t* symptr)
+                 break;
+             }
+         }
++        if ((size > 0) &&
++                ((len > SSize_t_MAX / size) ||         /* detect overflow of len * size */
++                 (len * size > SSize_t_MAX - total)))  /* detect overflow of total + len * size */
++            croak("Pack template structure size is too large");
+         total += len * size;
+     }
+     return total;



Home | Main Index | Thread Index | Old Index