diff options
| author | Chris 'BinGOs' Williams <chris@bingosnet.co.uk> | 2011-08-09 10:02:28 +0100 |
|---|---|---|
| committer | Chris 'BinGOs' Williams <chris@bingosnet.co.uk> | 2011-08-09 11:25:57 +0100 |
| commit | e46d973584785af1f445c4dedbee4243419cb860 (patch) | |
| tree | 3993978bd4a3291fb92d9d3633d030cf74c557b1 | |
| parent | 1bfdb6af4f349a4b4de3ed9a093dab259c05c37e (diff) | |
| download | perl-e46d973584785af1f445c4dedbee4243419cb860.tar.gz | |
Update Encode to CPAN version 2.44
[DELTA]
$Revision: 2.44 $ $Date: 2011/08/09 07:49:44 $
! Unicode/Unicode.xs
Addressed the following:
Date: Fri, 22 Jul 2011 13:58:43 +0200
From: Robert Zacek <zacek@avast.com>
To: perl5-security-report@perl.org
Subject: Unicode.xs!decode_xs n-byte heap-overflow
! Encode.pm encoding.pm
! lib/Encode/Alias.pm lib/Encode/Encoder.pm lib/Encode/Guess.pm
Applied: RT#69735: patch for use constant DEBUG =>
https://rt.cpan.org/Ticket/Update.html?id=69735
| -rwxr-xr-x | Porting/Maintainers.pl | 2 | ||||
| -rw-r--r-- | cpan/Encode/Changes | 16 | ||||
| -rw-r--r-- | cpan/Encode/Encode.pm | 6 | ||||
| -rw-r--r-- | cpan/Encode/META.yml | 4 | ||||
| -rw-r--r-- | cpan/Encode/Unicode/Unicode.xs | 7 | ||||
| -rw-r--r-- | cpan/Encode/encoding.pm | 4 | ||||
| -rw-r--r-- | cpan/Encode/lib/Encode/Alias.pm | 4 | ||||
| -rw-r--r-- | cpan/Encode/lib/Encode/Encoder.pm | 6 | ||||
| -rw-r--r-- | cpan/Encode/lib/Encode/Guess.pm | 4 | ||||
| -rw-r--r-- | pod/perldelta.pod | 6 |
10 files changed, 40 insertions, 19 deletions
diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index 41a73d386d..8bd9af9e14 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -625,7 +625,7 @@ use File::Glob qw(:case); 'Encode' => { 'MAINTAINER' => 'dankogai', - 'DISTRIBUTION' => 'DANKOGAI/Encode-2.43.tar.gz', + 'DISTRIBUTION' => 'DANKOGAI/Encode-2.44.tar.gz', 'FILES' => q[cpan/Encode], 'UPSTREAM' => 'cpan', }, diff --git a/cpan/Encode/Changes b/cpan/Encode/Changes index 7df93305c1..54234214ca 100644 --- a/cpan/Encode/Changes +++ b/cpan/Encode/Changes @@ -1,8 +1,20 @@ # Revision history for Perl extension Encode. # -# $Id: Changes,v 2.43 2011/05/21 23:14:43 dankogai Exp dankogai $ +# $Id: Changes,v 2.44 2011/08/09 07:49:44 dankogai Exp dankogai $ # -$Revision: 2.43 $ $Date: 2011/05/21 23:14:43 $ +$Revision: 2.44 $ $Date: 2011/08/09 07:49:44 $ +! Unicode/Unicode.xs + Addressed the following: + Date: Fri, 22 Jul 2011 13:58:43 +0200 + From: Robert Zacek <zacek@avast.com> + To: perl5-security-report@perl.org + Subject: Unicode.xs!decode_xs n-byte heap-overflow +! Encode.pm encoding.pm +! lib/Encode/Alias.pm lib/Encode/Encoder.pm lib/Encode/Guess.pm + Applied: RT#69735: patch for use constant DEBUG => + https://rt.cpan.org/Ticket/Update.html?id=69735 + +2.43 2011/05/21 23:14:43 ! lib/Encode/Alias.pm Addressed RT#68361: Encode::Bytes x-mac-... aliases missing https://rt.cpan.org/Ticket/Display.html?id=68361 diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm index b6bace911e..171b2da056 100644 --- a/cpan/Encode/Encode.pm +++ b/cpan/Encode/Encode.pm @@ -1,11 +1,11 @@ # -# $Id: Encode.pm,v 2.43 2011/05/21 23:14:43 dankogai Exp dankogai $ +# $Id: Encode.pm,v 2.44 2011/08/09 07:49:44 dankogai Exp dankogai $ # package Encode; use strict; use warnings; -our $VERSION = sprintf "%d.%02d", q$Revision: 2.43 $ =~ /(\d+)/g; -sub DEBUG () { 0 } +our $VERSION = sprintf "%d.%02d", q$Revision: 2.44 $ =~ /(\d+)/g; +use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; use XSLoader (); XSLoader::load( __PACKAGE__, $VERSION ); diff --git a/cpan/Encode/META.yml b/cpan/Encode/META.yml index 33861c70d9..d73458f7bd 100644 --- a/cpan/Encode/META.yml +++ b/cpan/Encode/META.yml @@ -1,6 +1,6 @@ --- #YAML:1.0 name: Encode -version: 2.43 +version: 2.44 abstract: ~ author: [] license: unknown @@ -14,7 +14,7 @@ no_index: directory: - t - inc -generated_by: ExtUtils::MakeMaker version 6.56 +generated_by: ExtUtils::MakeMaker version 6.57_05 meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: 1.4 diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs index 16f4cd1ff2..039f1559a3 100644 --- a/cpan/Encode/Unicode/Unicode.xs +++ b/cpan/Encode/Unicode/Unicode.xs @@ -1,5 +1,5 @@ /* - $Id: Unicode.xs,v 2.7 2010/12/31 22:48:48 dankogai Exp $ + $Id: Unicode.xs,v 2.8 2011/08/09 07:49:44 dankogai Exp dankogai $ */ #define PERL_NO_GET_CONTEXT @@ -256,7 +256,10 @@ CODE: This prevents allocating too much in the rogue case of a large input consisting initially of long sequence uft8-byte unicode chars followed by single utf8-byte chars. */ - STRLEN remaining = (e - s)/usize; + /* +1 + fixes Unicode.xs!decode_xs n-byte heap-overflow + */ + STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ STRLEN max_alloc = remaining + (8*1024*1024); STRLEN est_alloc = remaining * UTF8_MAXLEN; STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ diff --git a/cpan/Encode/encoding.pm b/cpan/Encode/encoding.pm index be20a49448..24d6e5b66c 100644 --- a/cpan/Encode/encoding.pm +++ b/cpan/Encode/encoding.pm @@ -1,4 +1,4 @@ -# $Id: encoding.pm,v 2.8 2009/02/15 17:44:13 dankogai Exp $ +# $Id: encoding.pm,v 2.9 2011/08/09 07:49:44 dankogai Exp dankogai $ package encoding; our $VERSION = '2.6_01'; @@ -6,7 +6,7 @@ use Encode; use strict; use warnings; -sub DEBUG () { 0 } +use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; BEGIN { if ( ord("A") == 193 ) { diff --git a/cpan/Encode/lib/Encode/Alias.pm b/cpan/Encode/lib/Encode/Alias.pm index 604d39e41d..d744cc5e93 100644 --- a/cpan/Encode/lib/Encode/Alias.pm +++ b/cpan/Encode/lib/Encode/Alias.pm @@ -2,8 +2,8 @@ package Encode::Alias; use strict; use warnings; no warnings 'redefine'; -our $VERSION = do { my @r = ( q$Revision: 2.14 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; -sub DEBUG () { 0 } +our $VERSION = do { my @r = ( q$Revision: 2.15 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; +use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; use base qw(Exporter); diff --git a/cpan/Encode/lib/Encode/Encoder.pm b/cpan/Encode/lib/Encode/Encoder.pm index f7194f81ac..9a46d36743 100644 --- a/cpan/Encode/lib/Encode/Encoder.pm +++ b/cpan/Encode/lib/Encode/Encoder.pm @@ -1,17 +1,17 @@ # -# $Id: Encoder.pm,v 2.1 2006/05/03 18:24:10 dankogai Exp $ +# $Id: Encoder.pm,v 2.2 2011/08/09 07:49:44 dankogai Exp dankogai $ # package Encode::Encoder; use strict; use warnings; -our $VERSION = do { my @r = ( q$Revision: 2.1 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; +our $VERSION = do { my @r = ( q$Revision: 2.2 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; require Exporter; our @ISA = qw(Exporter); our @EXPORT_OK = qw ( encoder ); our $AUTOLOAD; -sub DEBUG () { 0 } +use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; use Encode qw(encode decode find_encoding from_to); use Carp; diff --git a/cpan/Encode/lib/Encode/Guess.pm b/cpan/Encode/lib/Encode/Guess.pm index 9636a8ad8a..31ec58f4fc 100644 --- a/cpan/Encode/lib/Encode/Guess.pm +++ b/cpan/Encode/lib/Encode/Guess.pm @@ -2,10 +2,10 @@ package Encode::Guess; use strict; use warnings; use Encode qw(:fallbacks find_encoding); -our $VERSION = do { my @r = ( q$Revision: 2.4 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; +our $VERSION = do { my @r = ( q$Revision: 2.5 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r }; my $Canon = 'Guess'; -sub DEBUG () { 0 } +use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG}; our %DEF_SUSPECTS = map { $_ => find_encoding($_) } qw(ascii utf8); $Encode::Encoding{$Canon} = bless { Name => $Canon, diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 4082704d7e..1e5380e4f1 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -130,6 +130,12 @@ Will now croak if attempt to freeze/thaw DB_File object [RT #69985] =item * +L<Encode> has been upgraded from version 2.43 to version 2.44 + +Addressed 'decode_xs n-byte heap-overflow' security bug in Unicode.xs + +=item * + L<ExtUtils::Install> has been upgraded from version 1.56 to version 1.57. There is no change to ExtUtils::Install other than the version number |