main/perl: security upgrade to 5.12.5 (CVE-2012-5195)

fixes #1638

3 files changed, 2 insertions, 50 deletions

diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD
index 6b5258243d..1f574214d9 100644
--- a/main/perl/APKBUILD
+++ b/main/perl/APKBUILD
@@ -1,15 +1,13 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 # Contributor: Leonardo Arena <rnalrd@gmail.com>
 pkgname=perl
-pkgver=5.12.4
+pkgver=5.12.5
 pkgrel=0
 pkgdesc="Larry Wall's Practical Extraction and Report Language"
 url=http://www.perl.org
 arch="all"
 license="Artistic GPL-2"
 source="http://www.perl.com/CPAN/src/perl-${pkgver}.tar.gz
-	CVE-2011-2939.patch
-	CVE-2011-3597.patch
 	"
 
 depends=
@@ -74,6 +72,4 @@ miniperl() {
 	cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin"
 }
 
-md5sums="fd22aba88e4e27ab879f142eec6452a0  perl-5.12.4.tar.gz
-c0674ead60e89c20e2c8d9bbc2d7683a  CVE-2011-2939.patch
-0212067da7d533fe3939c0984cad4243  CVE-2011-3597.patch"
+md5sums="3a647533aaa060a79aa0b9fa17198576  perl-5.12.5.tar.gz"
diff --git a/main/perl/CVE-2011-2939.patch b/main/perl/CVE-2011-2939.patch
deleted file mode 100644
index 7b5068d473..0000000000
--- a/main/perl/CVE-2011-2939.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
-index 16f4cd1..039f155 100644
---- a/cpan/Encode/Unicode/Unicode.xs
-+++ b/cpan/Encode/Unicode/Unicode.xs
-@@ -256,7 +256,10 @@ CODE:
- 	       This prevents allocating too much in the rogue case of a large
- 	       input consisting initially of long sequence uft8-byte unicode
- 	       chars followed by single utf8-byte chars. */
--	    STRLEN remaining = (e - s)/usize;
-+            /* +1 
-+               fixes  Unicode.xs!decode_xs n-byte heap-overflow
-+              */
-+	    STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
- 	    STRLEN max_alloc = remaining + (8*1024*1024);
- 	    STRLEN est_alloc = remaining * UTF8_MAXLEN;
- 	    STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
diff --git a/main/perl/CVE-2011-3597.patch b/main/perl/CVE-2011-3597.patch
deleted file mode 100644
index dc7cc2d749..0000000000
--- a/main/perl/CVE-2011-3597.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From dbcab24bb98b4a243c8330bc7017c2080832b3f9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Tue, 4 Oct 2011 13:46:39 +0200
-Subject: [PATCH] Fix code injection in Digest
-
-See <https://bugzilla.redhat.com/show_bug.cgi?id=743010> for more details.
----
- cpan/Digest/Digest.pm |    4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/cpan/Digest/Digest.pm b/cpan/Digest/Digest.pm
-index 384dfc8..4b923ae 100644
---- a/cpan/Digest/Digest.pm
-+++ b/cpan/Digest/Digest.pm
-@@ -35,7 +35,9 @@ sub new
- 	($class, @args) = @$class if ref($class);
- 	no strict 'refs';
- 	unless (exists ${"$class\::"}{"VERSION"}) {
--	    eval "require $class";
-+	    my $pm_file = $class . ".pm";
-+	    $pm_file =~ s{::}{/}g;
-+	    eval { require $pm_file };
- 	    if ($@) {
- 		$err ||= $@;
- 		next;
--- 
-1.7.6.4
-