Upgrade to 3.32 as provided in perl-5.37.12
This commit is contained in:
parent
495a2c78ff
commit
942dbc03df
|
@ -1,62 +0,0 @@
|
|||
From f987887d23adbbc950435921d0585c005cb03258 Mon Sep 17 00:00:00 2001
|
||||
From: Jitka Plesnikova <jplesnik@redhat.com>
|
||||
Date: Thu, 12 May 2022 12:34:06 +0200
|
||||
Subject: [PATCH] Upgrade to 3.26
|
||||
|
||||
---
|
||||
Makefile.PL | 2 +-
|
||||
Storable.pm | 2 +-
|
||||
Storable.xs | 4 ++--
|
||||
3 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/Makefile.PL b/Makefile.PL
|
||||
index e03e141..b705654 100644
|
||||
--- a/Makefile.PL
|
||||
+++ b/Makefile.PL
|
||||
@@ -29,7 +29,7 @@ WriteMakefile(
|
||||
'ExtUtils::MakeMaker' => '6.31',
|
||||
},
|
||||
TEST_REQUIRES => {
|
||||
- 'Test::More' => '0.41',
|
||||
+ 'Test::More' => '0.82',
|
||||
},
|
||||
)
|
||||
: () ),
|
||||
diff --git a/Storable.pm b/Storable.pm
|
||||
index 8e6ab25..ef417c6 100644
|
||||
--- a/Storable.pm
|
||||
+++ b/Storable.pm
|
||||
@@ -28,7 +28,7 @@ our @EXPORT_OK = qw(
|
||||
our ($canonical, $forgive_me);
|
||||
|
||||
BEGIN {
|
||||
- our $VERSION = '3.25';
|
||||
+ our $VERSION = '3.26';
|
||||
}
|
||||
|
||||
our $recursion_limit;
|
||||
diff --git a/Storable.xs b/Storable.xs
|
||||
index 6944b76..53c838c 100644
|
||||
--- a/Storable.xs
|
||||
+++ b/Storable.xs
|
||||
@@ -2187,7 +2187,7 @@ static AV *array_call(pTHX_
|
||||
XPUSHs(sv_2mortal(newSViv(cloning))); /* Cloning flag */
|
||||
PUTBACK;
|
||||
|
||||
- count = call_sv(hook, G_ARRAY); /* Go back to Perl code */
|
||||
+ count = call_sv(hook, G_LIST); /* Go back to Perl code */
|
||||
|
||||
SPAGAIN;
|
||||
|
||||
@@ -3318,7 +3318,7 @@ static int get_regexp(pTHX_ stcxt_t *cxt, SV* sv, SV **re, SV **flags) {
|
||||
XPUSHs(rv);
|
||||
PUTBACK;
|
||||
/* optimize to call the XS directly later */
|
||||
- count = call_sv((SV*)cv, G_ARRAY);
|
||||
+ count = call_sv((SV*)cv, G_LIST);
|
||||
SPAGAIN;
|
||||
if (count < 2)
|
||||
CROAK(("re::regexp_pattern returned only %d results", (int)count));
|
||||
--
|
||||
2.34.3
|
||||
|
|
@ -1,32 +1,127 @@
|
|||
From c898c00503adcf74e9d6b96c3c6feb2539a19664 Mon Sep 17 00:00:00 2001
|
||||
From 93b4cf22054a0e3f9f5d4ae8eaec85e8ca28944c Mon Sep 17 00:00:00 2001
|
||||
From: Jitka Plesnikova <jplesnik@redhat.com>
|
||||
Date: Thu, 18 May 2023 17:12:30 +0200
|
||||
Subject: [PATCH] Upgrade to 3.31
|
||||
Date: Mon, 12 Jun 2023 16:00:23 +0200
|
||||
Subject: [PATCH] Upgrade to 3.32
|
||||
|
||||
---
|
||||
Storable.pm | 2 +-
|
||||
Storable.xs | 107 ++++++++++++++++++++++++++++++++++++++++++----------
|
||||
t/blessed.t | 53 +++++++++++++++++++++++++-
|
||||
t/boolean.t | 84 +++++++++++++++++++++++++++++++++++++++++
|
||||
ChangeLog | 29 ++++++++++++++
|
||||
Makefile.PL | 2 +-
|
||||
Storable.pm | 30 ++++++++------
|
||||
Storable.xs | 111 ++++++++++++++++++++++++++++++++++++++++++----------
|
||||
t/blessed.t | 53 ++++++++++++++++++++++++-
|
||||
t/boolean.t | 84 +++++++++++++++++++++++++++++++++++++++
|
||||
t/malice.t | 6 +--
|
||||
5 files changed, 228 insertions(+), 24 deletions(-)
|
||||
7 files changed, 278 insertions(+), 37 deletions(-)
|
||||
create mode 100644 t/boolean.t
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index b1f4790..6619543 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,3 +1,32 @@
|
||||
+2023-05-26 21:36:00 demerphq
|
||||
+ version 3.32
|
||||
+ * Update security advisory to be more clear
|
||||
+
|
||||
+2023-02-26 00:31:32 demerphq
|
||||
+ version 3.31
|
||||
+ * Fixup for ppport fix in 3.30
|
||||
+
|
||||
+2023-02-22 09:56:27 leont
|
||||
+ version 3.30
|
||||
+ * Use ppport for all modules in dist.
|
||||
+
|
||||
+2023-01-04 17:33:24 iabyn
|
||||
+ version 3.29
|
||||
+ * Store code fixes identified from refcounted stack patch
|
||||
+
|
||||
+2022-11-08 10:12:46 tony
|
||||
+ version 3.28
|
||||
+ * Store hook error reporting improvements
|
||||
+ * Store hook handles regex objects properly.
|
||||
+
|
||||
+2022-06-20 20:32:29 toddr
|
||||
+ version 3.27
|
||||
+ * Use cBOOL instead of !! in xs code
|
||||
+
|
||||
+2022-04-18 17:36:00 toddr
|
||||
+ version 3.26
|
||||
+ * Conform to ppport.h 3.68 recommendations
|
||||
+
|
||||
2021-08-30 07:46:52 nwclark
|
||||
version 3.25
|
||||
* No changes from previous version
|
||||
diff --git a/Makefile.PL b/Makefile.PL
|
||||
index e03e141..b705654 100644
|
||||
--- a/Makefile.PL
|
||||
+++ b/Makefile.PL
|
||||
@@ -29,7 +29,7 @@ WriteMakefile(
|
||||
'ExtUtils::MakeMaker' => '6.31',
|
||||
},
|
||||
TEST_REQUIRES => {
|
||||
- 'Test::More' => '0.41',
|
||||
+ 'Test::More' => '0.82',
|
||||
},
|
||||
)
|
||||
: () ),
|
||||
diff --git a/Storable.pm b/Storable.pm
|
||||
index ef417c6..32fd772 100644
|
||||
index 8e6ab25..d531f2b 100644
|
||||
--- a/Storable.pm
|
||||
+++ b/Storable.pm
|
||||
@@ -28,7 +28,7 @@ our @EXPORT_OK = qw(
|
||||
our ($canonical, $forgive_me);
|
||||
|
||||
BEGIN {
|
||||
- our $VERSION = '3.26';
|
||||
+ our $VERSION = '3.31';
|
||||
- our $VERSION = '3.25';
|
||||
+ our $VERSION = '3.32';
|
||||
}
|
||||
|
||||
our $recursion_limit;
|
||||
@@ -1197,11 +1197,16 @@ compartment:
|
||||
|
||||
=head1 SECURITY WARNING
|
||||
|
||||
-B<Do not accept Storable documents from untrusted sources!>
|
||||
+B<Do not accept Storable documents from untrusted sources!> There is
|
||||
+B<no> way to configure Storable so that it can be used safely to process
|
||||
+untrusted data. While there I<are> various options that can be used to
|
||||
+mitigate specific security issues these options do I<not> comprise a
|
||||
+complete safety net for the user, and processing untrusted data may
|
||||
+result in segmentation faults, remote code execution, or privilege
|
||||
+escalation. The following lists some known features which represent
|
||||
+security issues that should be considered by users of this module.
|
||||
|
||||
-Some features of Storable can lead to security vulnerabilities if you
|
||||
-accept Storable documents from untrusted sources with the default
|
||||
-flags. Most obviously, the optional (off by default) CODE reference
|
||||
+Most obviously, the optional (off by default) CODE reference
|
||||
serialization feature allows transfer of code to the deserializing
|
||||
process. Furthermore, any serialized object will cause Storable to
|
||||
helpfully load the module corresponding to the class of the object in
|
||||
@@ -1224,12 +1229,15 @@ With the default setting of C<$Storable::flags> = 6, creating or destroying
|
||||
random objects, even renamed objects can be controlled by an attacker.
|
||||
See CVE-2015-1592 and its metasploit module.
|
||||
|
||||
-If your application requires accepting data from untrusted sources,
|
||||
-you are best off with a less powerful and more-likely safe
|
||||
-serialization format and implementation. If your data is sufficiently
|
||||
-simple, L<Cpanel::JSON::XS>, L<Data::MessagePack> or L<Sereal> are the best
|
||||
-choices and offer maximum interoperability, but note that Sereal is
|
||||
-L<unsafe by default|Sereal::Decoder/ROBUSTNESS>.
|
||||
+If your application requires accepting data from untrusted sources, you
|
||||
+are best off with a less powerful and more-likely safe serialization
|
||||
+format and implementation. If your data is sufficiently simple,
|
||||
+L<Cpanel::JSON::XS> or L<Data::MessagePack> are fine alternatives. For
|
||||
+more complex data structures containing various Perl specific data types
|
||||
+like regular expressions or aliased data L<Sereal> is the best
|
||||
+alternative and offers maximum interoperability. Note that Sereal is
|
||||
+L<unsafe by default|Sereal::Decoder/ROBUSTNESS>, but you can configure
|
||||
+the encoder and decoder to mitigate any security issues.
|
||||
|
||||
=head1 WARNING
|
||||
|
||||
diff --git a/Storable.xs b/Storable.xs
|
||||
index 53c838c..a558dd7 100644
|
||||
index 6944b76..a558dd7 100644
|
||||
--- a/Storable.xs
|
||||
+++ b/Storable.xs
|
||||
@@ -16,18 +16,13 @@
|
||||
|
@ -101,6 +196,15 @@ index 53c838c..a558dd7 100644
|
|||
(sv_retrieve_t)retrieve_other, /* SX_LAST */
|
||||
};
|
||||
|
||||
@@ -2187,7 +2190,7 @@ static AV *array_call(pTHX_
|
||||
XPUSHs(sv_2mortal(newSViv(cloning))); /* Cloning flag */
|
||||
PUTBACK;
|
||||
|
||||
- count = call_sv(hook, G_ARRAY); /* Go back to Perl code */
|
||||
+ count = call_sv(hook, G_LIST); /* Go back to Perl code */
|
||||
|
||||
SPAGAIN;
|
||||
|
||||
@@ -2454,6 +2457,16 @@ static int store_scalar(pTHX_ stcxt_t *cxt, SV *sv)
|
||||
pv = SvPV(sv, len); /* We know it's SvPOK */
|
||||
goto string; /* Share code below */
|
||||
|
@ -126,6 +230,15 @@ index 53c838c..a558dd7 100644
|
|||
len = SvCUR(text);
|
||||
reallen = strlen(SvPV_nolen(text));
|
||||
|
||||
@@ -3318,7 +3332,7 @@ static int get_regexp(pTHX_ stcxt_t *cxt, SV* sv, SV **re, SV **flags) {
|
||||
XPUSHs(rv);
|
||||
PUTBACK;
|
||||
/* optimize to call the XS directly later */
|
||||
- count = call_sv((SV*)cv, G_ARRAY);
|
||||
+ count = call_sv((SV*)cv, G_LIST);
|
||||
SPAGAIN;
|
||||
if (count < 2)
|
||||
CROAK(("re::regexp_pattern returned only %d results", (int)count));
|
||||
@@ -3567,7 +3581,10 @@ static int store_hook(
|
||||
int need_large_oids = 0;
|
||||
#endif
|
|
@ -1,17 +1,15 @@
|
|||
%global base_version 3.25
|
||||
Name: perl-Storable
|
||||
Epoch: 1
|
||||
Version: 3.31
|
||||
Version: 3.32
|
||||
Release: 1%{?dist}
|
||||
Summary: Persistence for Perl data structures
|
||||
# Storable.pm: GPL+ or Artistic
|
||||
License: GPL-1.0-or-later OR Artistic-1.0-Perl
|
||||
URL: https://metacpan.org/release/Storable
|
||||
Source0: https://cpan.metacpan.org/authors/id/N/NW/NWCLARK/Storable-%{base_version}.tar.gz
|
||||
# Unbundled from perl 5.35.11
|
||||
Patch0: Storable-3.25-Upgrade-to-3.26.patch
|
||||
# Unbundled from perl 5.37.11
|
||||
Patch1: Storable-3.26-Upgrade-to-3.31.patch
|
||||
# Unbundled from perl 5.37.12
|
||||
Patch0: Storable-3.25-Upgrade-to-3.32.patch
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
|
@ -88,9 +86,7 @@ Tests from %{name}. Execute them
|
|||
with "%{_libexecdir}/%{name}/test".
|
||||
|
||||
%prep
|
||||
%setup -q -n Storable-%{base_version}
|
||||
%patch -P0 -p1
|
||||
%patch -P1 -p1
|
||||
%autosetup -p1 -n Storable-%{base_version}
|
||||
|
||||
# Help generators to recognize Perl scripts
|
||||
for F in t/*.t t/*.pl; do
|
||||
|
@ -140,6 +136,9 @@ make test
|
|||
%{_libexecdir}/%{name}
|
||||
|
||||
%changelog
|
||||
* Mon Jun 12 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.32-1
|
||||
- Upgrade to 3.32 as provided in perl-5.37.12
|
||||
|
||||
* Thu May 18 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.31-1
|
||||
- Upgrade to 3.31 as provided in perl-5.37.11
|
||||
|
||||
|
|
Loading…
Reference in New Issue