- from ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/regexp-5.8.8.patch

Changed files:
    perl-regexp-CVE-2007-5116.patch -> 1.1

diff --git a/perl-regexp-CVE-2007-5116.patch b/perl-regexp-CVE-2007-5116.patch
new file mode 100644 (file)
index 0000000..4a19415
--- /dev/null
+++ b/perl-regexp-CVE-2007-5116.patch
@@ -0,0 +1,143 @@
+diff -rc perl-5.8.8/patchlevel.h perl-5.8.8.patched/patchlevel.h
+*** perl-5.8.8/patchlevel.h    Tue Jan 31 16:12:10 2006
+--- perl-5.8.8.patched/patchlevel.h    Thu Nov 15 16:49:41 2007
+***************
+*** 124 ****
+!      ,NULL
+--- 124,125 ----
+!      ,"REGEXP0 - fix for UTF-8 recoding in regexps - CVE-2007-5116"
+!      ,NULL
+diff -rc perl-5.8.8/regcomp.c perl-5.8.8.patched/regcomp.c
+*** perl-5.8.8/regcomp.c       Sun Jan  8 20:59:27 2006
+--- perl-5.8.8.patched/regcomp.c       Thu Nov 15 16:38:53 2007
+***************
+*** 135,141 ****
+      I32              extralen;
+      I32              seen_zerolen;
+      I32              seen_evals;
+!     I32              utf8;
+  #if ADD_TO_REGEXEC
+      char     *starttry;              /* -Dr: where regtry was called. */
+  #define RExC_starttry        (pRExC_state->starttry)
+--- 135,144 ----
+      I32              extralen;
+      I32              seen_zerolen;
+      I32              seen_evals;
+!     I32              utf8;           /* whether the pattern is utf8 or not */
+!     I32              orig_utf8;      /* whether the pattern was originally in utf8 */
+!                              /* XXX use this for future optimisation of case
+!                               * where pattern must be upgraded to utf8. */
+  #if ADD_TO_REGEXEC
+      char     *starttry;              /* -Dr: where regtry was called. */
+  #define RExC_starttry        (pRExC_state->starttry)
+***************
+*** 161,166 ****
+--- 164,170 ----
+  #define RExC_seen_zerolen    (pRExC_state->seen_zerolen)
+  #define RExC_seen_evals      (pRExC_state->seen_evals)
+  #define RExC_utf8    (pRExC_state->utf8)
++ #define RExC_orig_utf8       (pRExC_state->orig_utf8)
+  
+  #define      ISMULT1(c)      ((c) == '*' || (c) == '+' || (c) == '?')
+  #define      ISMULT2(s)      ((*s) == '*' || (*s) == '+' || (*s) == '?' || \
+***************
+*** 1749,1763 ****
+      if (exp == NULL)
+       FAIL("NULL regexp argument");
+  
+!     RExC_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+  
+-     RExC_precomp = exp;
+      DEBUG_r({
+        if (!PL_colorset) reginitcolors();
+        PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
+                      PL_colors[4],PL_colors[5],PL_colors[0],
+!                     (int)(xend - exp), RExC_precomp, PL_colors[1]);
+      });
+      RExC_flags = pm->op_pmflags;
+      RExC_sawback = 0;
+  
+--- 1753,1769 ----
+      if (exp == NULL)
+       FAIL("NULL regexp argument");
+  
+!     RExC_utf8 = RExC_orig_utf8 = pm->op_pmdynflags & PMdf_CMP_UTF8;
+  
+      DEBUG_r({
+        if (!PL_colorset) reginitcolors();
+        PerlIO_printf(Perl_debug_log, "%sCompiling REx%s `%s%*s%s'\n",
+                      PL_colors[4],PL_colors[5],PL_colors[0],
+!                     (int)(xend - exp), exp, PL_colors[1]);
+      });
++ 
++ redo_first_pass:
++     RExC_precomp = exp;
+      RExC_flags = pm->op_pmflags;
+      RExC_sawback = 0;
+  
+***************
+*** 1782,1787 ****
+--- 1788,1812 ----
+      if (reg(pRExC_state, 0, &flags) == NULL) {
+       RExC_precomp = Nullch;
+       return(NULL);
++     }
++     if (RExC_utf8 && !RExC_orig_utf8) {
++         /* It's possible to write a regexp in ascii that represents unicode
++         codepoints outside of the byte range, such as via \x{100}. If we
++         detect such a sequence we have to convert the entire pattern to utf8
++         and then recompile, as our sizing calculation will have been based
++         on 1 byte == 1 character, but we will need to use utf8 to encode
++         at least some part of the pattern, and therefore must convert the whole
++         thing.
++         XXX: somehow figure out how to make this less expensive...
++         -- dmq */
++         STRLEN len = xend-exp;
++         DEBUG_r(PerlIO_printf(Perl_debug_log,
++          "UTF8 mismatch! Converting to utf8 for resizing and compile\n"));
++         exp = (char*)Perl_bytes_to_utf8(aTHX_ (U8*)exp, &len);
++         xend = exp + len;
++         RExC_orig_utf8 = RExC_utf8;
++         SAVEFREEPV(exp);
++         goto redo_first_pass;
+      }
+      DEBUG_r(PerlIO_printf(Perl_debug_log, "size %"IVdf" ", (IV)RExC_size));
+  
+diff -rc perl-5.8.8/t/op/pat.t perl-5.8.8.patched/t/op/pat.t
+*** perl-5.8.8/t/op/pat.t      Sat Jan  7 12:53:32 2006
+--- perl-5.8.8.patched/t/op/pat.t      Thu Nov 15 16:45:18 2007
+***************
+*** 6,12 ****
+  
+  $| = 1;
+  
+! print "1..1187\n";
+  
+  BEGIN {
+      chdir 't' if -d 't';
+--- 6,12 ----
+  
+  $| = 1;
+  
+! print "1..1189\n";
+  
+  BEGIN {
+      chdir 't' if -d 't';
+***************
+*** 3394,3399 ****
+--- 3394,3408 ----
+      ok($s eq 'cd',
+         "# assigning to original string should not corrupt match vars");
+  }
++  
++ {
++     use warnings;
++     my @w;
++     local $SIG{__WARN__}=sub{push @w,"@_"};
++     my $c=qq(\x{DF}); 
++     ok($c=~/${c}|\x{100}/, "ASCII pattern that really is utf8");
++     ok(@w==0, "No warnings");
++ }    
+  
+  # last test 1187
+