1 files changed, 111 insertions, 0 deletions
diff --git a/recipes/perl/perl-5.10.1/trie-logic-match.diff b/recipes/perl/perl-5.10.1/trie-logic-match.diff
new file mode 100644
index 0000000000..b64457649a
--- /dev/null
+++ b/recipes/perl/perl-5.10.1/trie-logic-match.diff
@@ -0,0 +1,111 @@
+From: Eugene V. Lyubimkin <jackyf@debian.org>
+Subject: Fix a DoS in Unicode processing [CVE-2009-3626]
+Bug-Debian: http://bugs.debian.org/552291
+Bug: http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4.
+
+Resolves segmentation fault in some tricky tainted non-UTF-8 matches.
+
+Signed-off-by: Eugene V. Lyubimkin <jackyf@debian.org>
+
+---
+ ext/re/t/regop.t |   12 ++++++------
+ regcomp.c        |   17 +++++++++++------
+ regexec.c        |    9 ++-------
+ 3 files changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/ext/re/t/regop.t b/ext/re/t/regop.t
+index 7fe7b20..f111b91 100755
+--- a/ext/re/t/regop.t
++++ b/ext/re/t/regop.t
+@@ -233,12 +233,12 @@ anchored "ABC" at 0
+ #Freeing REx: "(\\.COM|\\.EXE|\\.BAT|\\.CMD|\\.VBS|\\.VBE|\\.JS|\\.JSE|\\."......
+ %MATCHED%
+ floating ""$ at 3..4 (checking floating)
+-1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0]
+-stclass EXACTF <.> minlen 3
+-Found floating substr ""$ at offset 30...
+-Does not contradict STCLASS...
+-Guessed: match at offset 26
+-Matching stclass EXACTF <.> against ".exe"
++#1:1[1] 3:2[1] 5:2[64] 45:83[1] 47:84[1] 48:85[0]
++#stclass EXACTF <.> minlen 3
++#Found floating substr ""$ at offset 30...
++#Does not contradict STCLASS...
++#Guessed: match at offset 26
++#Matching stclass EXACTF <.> against ".exe"
+ ---
+ #Compiling REx "[q]"
+ #size 12 nodes Got 100 bytes for offset annotations.
+diff --git a/regcomp.c b/regcomp.c
+index 49e69b2..b7fb032 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -2820,13 +2820,18 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+                                 }
+                             } else {
+ /* 
+-    Currently we assume that the trie can handle unicode and ascii
+-    matches fold cased matches. If this proves true then the following
+-    define will prevent tries in this situation. 
+-    
+-    #define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT)
+-*/
++    Currently we do not believe that the trie logic can
++    handle case insensitive matching properly when the
++    pattern is not unicode (thus forcing unicode semantics).
++
++    If/when this is fixed the following define can be swapped
++    in below to fully enable trie logic.
++
+ #define TRIE_TYPE_IS_SAFE 1
++
++*/
++#define TRIE_TYPE_IS_SAFE (UTF || optype==EXACT)
++
+                                 if ( last && TRIE_TYPE_IS_SAFE ) {
+                                     make_trie( pRExC_state, 
+                                             startbranch, first, cur, tail, count, 
+diff --git a/regexec.c b/regexec.c
+index 7a42c4f..32994de 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -1006,16 +1006,15 @@ Perl_re_intuit_start(pTHX_ REGEXP * const prog, SV *sv, char *strpos,
+ 
+ #define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len,  \
+ uvc, charid, foldlen, foldbuf, uniflags) STMT_START {                       \
+-    UV uvc_unfolded = 0;						    \
+     switch (trie_type) {                                                    \
+     case trie_utf8_fold:                                                    \
+ 	if ( foldlen>0 ) {                                                  \
+-	    uvc_unfolded = uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \
++	    uvc = utf8n_to_uvuni( uscan, UTF8_MAXLEN, &len, uniflags ); \
+ 	    foldlen -= len;                                                 \
+ 	    uscan += len;                                                   \
+ 	    len=0;                                                          \
+ 	} else {                                                            \
+-	    uvc_unfolded = uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \
++	    uvc = utf8n_to_uvuni( (U8*)uc, UTF8_MAXLEN, &len, uniflags ); \
+ 	    uvc = to_uni_fold( uvc, foldbuf, &foldlen );                    \
+ 	    foldlen -= UNISKIP( uvc );                                      \
+ 	    uscan = foldbuf + UNISKIP( uvc );                               \
+@@ -1041,7 +1040,6 @@ uvc, charid, foldlen, foldbuf, uniflags) STMT_START {                       \
+ 	uvc = (UV)*uc;                                                      \
+ 	len = 1;                                                            \
+     }                                                                       \
+-									    \
+     if (uvc < 256) {                                                        \
+ 	charid = trie->charmap[ uvc ];                                      \
+     }                                                                       \
+@@ -1054,9 +1052,6 @@ uvc, charid, foldlen, foldbuf, uniflags) STMT_START {                       \
+ 		charid = (U16)SvIV(*svpp);                                  \
+ 	}                                                                   \
+     }                                                                       \
+-    if (!charid && trie_type == trie_utf8_fold && !UTF) {		    \
+-	charid = trie->charmap[uvc_unfolded];			    	    \
+-    }								    	    \
+ } STMT_END
+ 
+ #define REXEC_FBC_EXACTISH_CHECK(CoNd)                 \
+-- 
+tg: (daf8b46..) fixes/trie-logic-match (depends on: upstream)