diff --git a/App-a2p-1.009-Capture-stderr-in-tests.patch b/App-a2p-1.009-Capture-stderr-in-tests.patch new file mode 100644 index 0000000..9f529f9 --- /dev/null +++ b/App-a2p-1.009-Capture-stderr-in-tests.patch @@ -0,0 +1,63 @@ +From b8bdc6e201a203e3e340c8c277904e030bba0288 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 29 Feb 2016 10:40:39 +0100 +Subject: [PATCH 1/2] Capture stderr in tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + t/10-basics.t | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/t/10-basics.t b/t/10-basics.t +index d0c59dd..d1f2026 100644 +--- a/t/10-basics.t ++++ b/t/10-basics.t +@@ -7,7 +7,8 @@ use Test::More 0.89; + + use Config; + use Devel::FindPerl 'find_perl_interpreter'; +-use IPC::Open2; ++use IPC::Open3; ++use Symbol; + use File::Spec::Functions 'catfile'; + use File::Temp 'tempdir'; + +@@ -24,11 +25,11 @@ my $input_perl = catfile($tempdir, 'input.perl'); + + #mkdir $tempdir or die "Couldn't mkdir $tempdir: $!"; + spew($input_awk, "/awk2perl/\n"); +-my $program = runa2p(progfile => $input_awk); ++my ($program, undef) = runa2p(progfile => $input_awk); + like($program, qr{print \$_ if /awk2perl/;}, 'Output looks like expected output'); + + spew($input_perl, $program); +-my $output = runperl(progfile => $input_perl, args => [ $0 ]); ++my ($output, $undef) = runperl(progfile => $input_perl, args => [ $0 ]); + open my $self, '<', $0; + chomp(my @expected = grep { /awk2perl/ } <$self>); + is_deeply([ split /\n/, $output ], \@expected, 'Output is identical to … code'); +@@ -38,11 +39,15 @@ done_testing; + sub run_command { + my %args = @_; + my @command = @{ $args{command} }; +- my $pid = open2(my ($in, $out), @command) or die "Couldn't open2($?): $!"; ++ my ($in, $out, $err); ++ $err = Symbol::gensym; ++ my $pid = open3($in, $out, $err, @command) or die "Couldn't open2($?): $!"; + binmode $in, ':crlf' if $^O eq 'MSWin32'; +- my $ret = do { local $/; <$in> }; ++ my @ret; ++ $ret[0] = do { local $/; <$out> }; ++ $ret[1] = do { local $/; <$err> }; + waitpid $pid, 0; +- return $ret; ++ return @ret; + } + + sub runa2p { +-- +2.5.0 + diff --git a/App-a2p-1.009-Check-for-n-argument-length.patch b/App-a2p-1.009-Check-for-n-argument-length.patch new file mode 100644 index 0000000..26470a0 --- /dev/null +++ b/App-a2p-1.009-Check-for-n-argument-length.patch @@ -0,0 +1,59 @@ +From 6f0604e0a4e20d0f25dfb9881fa6216b93964352 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 29 Feb 2016 11:04:04 +0100 +Subject: [PATCH 2/2] Check for -n argument length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If a2p's -n argument is long enough, a static 2-KB array overflows in +the parser: + +$ a2p -n"$(perl -e 'print q{a}x25000')" < /dev/null + + provided the fix, I wrote the test. + +https://rt.cpan.org/Public/Bug/Display.html?id=100361 +https://bugs.debian.org/769606 +Signed-off-by: Petr Písař +--- + t/10-basics.t | 5 +++++ + walk.c | 5 ++++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/t/10-basics.t b/t/10-basics.t +index d1f2026..8f45ec2 100644 +--- a/t/10-basics.t ++++ b/t/10-basics.t +@@ -34,6 +34,11 @@ open my $self, '<', $0; + chomp(my @expected = grep { /awk2perl/ } <$self>); + is_deeply([ split /\n/, $output ], \@expected, 'Output is identical to … code'); + ++spew($input_awk, ''); ++my (undef, $error) = runa2p(progfile => $input_awk, ++ args => [ '-n' . q{a} x 25000 ] ); ++like($error, qr{Internal error:}, 'Too long -n argument raises an error'); ++ + done_testing; + + sub run_command { +diff --git a/walk.c b/walk.c +index 82d5346..26b378f 100644 +--- a/walk.c ++++ b/walk.c +@@ -72,8 +72,11 @@ walk(int useval, int level, int node, int *numericptr, int minprec) + if (namelist) { + while (isALPHA(*namelist)) { + for (d = tokenbuf,s=namelist; +- isWORDCHAR(*s); ++ d - tokenbuf < sizeof(tokenbuf) && isWORDCHAR(*s); + *d++ = *s++) ; ++ if (d - tokenbuf == sizeof(tokenbuf)) ++ fatal("Internal error: argument longer than %d: %s", ++ sizeof(tokenbuf) - 1, namelist); + *d = '\0'; + while (*s && !isALPHA(*s)) s++; + namelist = s; +-- +2.5.0 + diff --git a/perl-App-a2p.spec b/perl-App-a2p.spec index 82a7dd2..747582e 100644 --- a/perl-App-a2p.spec +++ b/perl-App-a2p.spec @@ -1,6 +1,6 @@ Name: perl-App-a2p Version: 1.009 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Awk to Perl translator License: GPL+ or Artistic Group: Development/Tools @@ -14,6 +14,12 @@ Patch0: App-a2p-1.007-Remove-alarm-call-from-test.patch # - Add a2p.y from https://github.com/Leont/app-a2p/a2p.y Patch1: App-a2p-1.007-a2p-y.patch +# Required for App-a2p-1.009-Check-for-n-argument-length.patch +Patch2: App-a2p-1.009-Capture-stderr-in-tests.patch + +# Fix a buffer overflow when parsing long enough -n argument, CPAN RT#100361 +Patch3: App-a2p-1.009-Check-for-n-argument-length.patch + BuildRequires: byacc BuildRequires: coreutils BuildRequires: findutils @@ -43,6 +49,8 @@ command line and produces a comparable Perl script. %setup -q -n App-a2p-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 # Regenerate a2p.c from a2p.y byacc -o a2p.c a2p.y @@ -69,6 +77,9 @@ make test %{_mandir}/man1/* %changelog +* Mon Feb 29 2016 Petr Pisar - 1.009-3 +- Fix a buffer overflow when parsing long enough -n argument (CPAN RT#100361) + * Thu Feb 04 2016 Fedora Release Engineering - 1.009-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild