Browse code
Fix for CVE-2017-12837 and CVE-2017-12883 in perl
Change-Id: I9460f2d5bbab5c69451f402cb859f141f8f9d5f4
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3951
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
DheerajSShetty authored on 2017/10/04 09:32:34Showing 3 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,11 @@ |
| 0 |
+diff -dupr a/regcomp.c b/regcomp.c |
|
| 1 |
+--- a/regcomp.c 2015-12-07 09:47:45.000000000 -0800 |
|
| 2 |
+@@ -12380,6 +12380,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_stat |
|
| 3 |
+ goto loopdone; |
|
| 4 |
+ } |
|
| 5 |
+ p = RExC_parse; |
|
| 6 |
++ RExC_parse = parse_start; |
|
| 7 |
+ if (ender > 0xff) {
|
|
| 8 |
+ REQUIRE_UTF8; |
|
| 9 |
+ } |
| 0 | 10 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,28 @@ |
| 0 |
+--- a/regcomp.c |
|
| 1 |
+Fixes CVE-2017-12883 for Perl 5.22 |
|
| 2 |
+Upstream commit 2be4edede4ae226e2eebd4eff28cedd2041f300f |
|
| 3 |
+ |
|
| 4 |
+Note we had to change this patch slightly to get it to work with Perl 5.22. |
|
| 5 |
+We did this by taking their official patch URL (https://perl5.git.perl.org/perl.git/blobdiff/f7e5417e7bffba03947b66e4d8622d7c220f2876..40b3cdad3649334585cee8f4630ec9a025e62be6:/regcomp.c) |
|
| 6 |
+and changing the first commit to be the Perl 5.22.4 commit (a26666a1317770d8a2228ac3657ba58020c3511f), |
|
| 7 |
+which resulted in a URL of https://perl5.git.perl.org/perl.git/blobdiff/a26666a1317770d8a2228ac3657ba58020c3511f..40b3cdad3649334585cee8f4630ec9a025e62be6:/regcomp.c. |
|
| 8 |
+We then cherry picked this one change from that diff. |
|
| 9 |
+@@ -11303,13 +11303,15 @@ |
|
| 10 |
+ } |
|
| 11 |
+ sv_catpv(substitute_parse, ")"); |
|
| 12 |
+ |
|
| 13 |
+- RExC_parse = SvPV(substitute_parse, len); |
|
| 14 |
++ len = SvCUR(substitute_parse); |
|
| 15 |
+ |
|
| 16 |
+ /* Don't allow empty number */ |
|
| 17 |
+ if (len < (STRLEN) 8) {
|
|
| 18 |
+ RExC_parse = endbrace; |
|
| 19 |
+ vFAIL("Invalid hexadecimal number in \\N{U+...}");
|
|
| 20 |
+ } |
|
| 21 |
++ |
|
| 22 |
++ RExC_parse = SvPV_nolen(substitute_parse); |
|
| 23 |
+ RExC_end = RExC_parse + len; |
|
| 24 |
+ |
|
| 25 |
+ /* The values are Unicode, and therefore not subject to recoding, but |
|
| 26 |
+ |
| ... | ... |
@@ -9,7 +9,7 @@ |
| 9 | 9 |
Summary: Practical Extraction and Report Language |
| 10 | 10 |
Name: perl |
| 11 | 11 |
Version: 5.22.1 |
| 12 |
-Release: 4%{?dist}
|
|
| 12 |
+Release: 5%{?dist}
|
|
| 13 | 13 |
License: GPLv1+ |
| 14 | 14 |
URL: http://www.perl.org/ |
| 15 | 15 |
Group: Development/Languages |
| ... | ... |
@@ -18,6 +18,8 @@ Distribution: Photon |
| 18 | 18 |
Source0: http://www.cpan.org/src/5.0/%{name}-%{version}.tar.bz2
|
| 19 | 19 |
%define sha1 perl=29f9b320b0299577a3e1d02e9e8ef8f26f160332 |
| 20 | 20 |
Patch0: perl-CVE-2016-1238.patch |
| 21 |
+Patch1: CVE-2017-12837.patch |
|
| 22 |
+Patch2: CVE-2017-12883.patch |
|
| 21 | 23 |
Provides: perl >= 0:5.003000 |
| 22 | 24 |
Provides: perl(getopts.pl) |
| 23 | 25 |
Provides: /bin/perl |
| ... | ... |
@@ -32,6 +34,8 @@ Report Language. |
| 32 | 32 |
%prep |
| 33 | 33 |
%setup -q |
| 34 | 34 |
%patch0 -p1 |
| 35 |
+%patch1 -p1 |
|
| 36 |
+%patch2 -p1 |
|
| 35 | 37 |
|
| 36 | 38 |
sed -i 's/-fstack-protector/&-all/' Configure |
| 37 | 39 |
|
| ... | ... |
@@ -64,6 +68,8 @@ unset BUILD_ZLIB BUILD_BZIP2 |
| 64 | 64 |
%{_libdir}/perl5/%{version}/*
|
| 65 | 65 |
%{_mandir}/*/*
|
| 66 | 66 |
%changelog |
| 67 |
+* Tue Oct 03 2017 Dheeraj Shetty <dheerajs@vmware.com> 5.22.1-5 |
|
| 68 |
+- Fix for CVE-2017-12837 and CVE-2017-12883 |
|
| 67 | 69 |
* Thu Oct 20 2016 Xiaolin Li <xiaolinl@vmware.com> 5.22.1-4 |
| 68 | 70 |
- CVE-2016-1238 patch from http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab. |
| 69 | 71 |
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 5.22.1-3 |