Upgrade to 3.32 as provided in perl-5.37.12
This commit is contained in:
parent
495a2c78ff
commit
942dbc03df
|
@ -1,62 +0,0 @@
|
||||||
From f987887d23adbbc950435921d0585c005cb03258 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jitka Plesnikova <jplesnik@redhat.com>
|
|
||||||
Date: Thu, 12 May 2022 12:34:06 +0200
|
|
||||||
Subject: [PATCH] Upgrade to 3.26
|
|
||||||
|
|
||||||
---
|
|
||||||
Makefile.PL | 2 +-
|
|
||||||
Storable.pm | 2 +-
|
|
||||||
Storable.xs | 4 ++--
|
|
||||||
3 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Makefile.PL b/Makefile.PL
|
|
||||||
index e03e141..b705654 100644
|
|
||||||
--- a/Makefile.PL
|
|
||||||
+++ b/Makefile.PL
|
|
||||||
@@ -29,7 +29,7 @@ WriteMakefile(
|
|
||||||
'ExtUtils::MakeMaker' => '6.31',
|
|
||||||
},
|
|
||||||
TEST_REQUIRES => {
|
|
||||||
- 'Test::More' => '0.41',
|
|
||||||
+ 'Test::More' => '0.82',
|
|
||||||
},
|
|
||||||
)
|
|
||||||
: () ),
|
|
||||||
diff --git a/Storable.pm b/Storable.pm
|
|
||||||
index 8e6ab25..ef417c6 100644
|
|
||||||
--- a/Storable.pm
|
|
||||||
+++ b/Storable.pm
|
|
||||||
@@ -28,7 +28,7 @@ our @EXPORT_OK = qw(
|
|
||||||
our ($canonical, $forgive_me);
|
|
||||||
|
|
||||||
BEGIN {
|
|
||||||
- our $VERSION = '3.25';
|
|
||||||
+ our $VERSION = '3.26';
|
|
||||||
}
|
|
||||||
|
|
||||||
our $recursion_limit;
|
|
||||||
diff --git a/Storable.xs b/Storable.xs
|
|
||||||
index 6944b76..53c838c 100644
|
|
||||||
--- a/Storable.xs
|
|
||||||
+++ b/Storable.xs
|
|
||||||
@@ -2187,7 +2187,7 @@ static AV *array_call(pTHX_
|
|
||||||
XPUSHs(sv_2mortal(newSViv(cloning))); /* Cloning flag */
|
|
||||||
PUTBACK;
|
|
||||||
|
|
||||||
- count = call_sv(hook, G_ARRAY); /* Go back to Perl code */
|
|
||||||
+ count = call_sv(hook, G_LIST); /* Go back to Perl code */
|
|
||||||
|
|
||||||
SPAGAIN;
|
|
||||||
|
|
||||||
@@ -3318,7 +3318,7 @@ static int get_regexp(pTHX_ stcxt_t *cxt, SV* sv, SV **re, SV **flags) {
|
|
||||||
XPUSHs(rv);
|
|
||||||
PUTBACK;
|
|
||||||
/* optimize to call the XS directly later */
|
|
||||||
- count = call_sv((SV*)cv, G_ARRAY);
|
|
||||||
+ count = call_sv((SV*)cv, G_LIST);
|
|
||||||
SPAGAIN;
|
|
||||||
if (count < 2)
|
|
||||||
CROAK(("re::regexp_pattern returned only %d results", (int)count));
|
|
||||||
--
|
|
||||||
2.34.3
|
|
||||||
|
|
|
@ -1,32 +1,127 @@
|
||||||
From c898c00503adcf74e9d6b96c3c6feb2539a19664 Mon Sep 17 00:00:00 2001
|
From 93b4cf22054a0e3f9f5d4ae8eaec85e8ca28944c Mon Sep 17 00:00:00 2001
|
||||||
From: Jitka Plesnikova <jplesnik@redhat.com>
|
From: Jitka Plesnikova <jplesnik@redhat.com>
|
||||||
Date: Thu, 18 May 2023 17:12:30 +0200
|
Date: Mon, 12 Jun 2023 16:00:23 +0200
|
||||||
Subject: [PATCH] Upgrade to 3.31
|
Subject: [PATCH] Upgrade to 3.32
|
||||||
|
|
||||||
---
|
---
|
||||||
Storable.pm | 2 +-
|
ChangeLog | 29 ++++++++++++++
|
||||||
Storable.xs | 107 ++++++++++++++++++++++++++++++++++++++++++----------
|
Makefile.PL | 2 +-
|
||||||
t/blessed.t | 53 +++++++++++++++++++++++++-
|
Storable.pm | 30 ++++++++------
|
||||||
t/boolean.t | 84 +++++++++++++++++++++++++++++++++++++++++
|
Storable.xs | 111 ++++++++++++++++++++++++++++++++++++++++++----------
|
||||||
|
t/blessed.t | 53 ++++++++++++++++++++++++-
|
||||||
|
t/boolean.t | 84 +++++++++++++++++++++++++++++++++++++++
|
||||||
t/malice.t | 6 +--
|
t/malice.t | 6 +--
|
||||||
5 files changed, 228 insertions(+), 24 deletions(-)
|
7 files changed, 278 insertions(+), 37 deletions(-)
|
||||||
create mode 100644 t/boolean.t
|
create mode 100644 t/boolean.t
|
||||||
|
|
||||||
|
diff --git a/ChangeLog b/ChangeLog
|
||||||
|
index b1f4790..6619543 100644
|
||||||
|
--- a/ChangeLog
|
||||||
|
+++ b/ChangeLog
|
||||||
|
@@ -1,3 +1,32 @@
|
||||||
|
+2023-05-26 21:36:00 demerphq
|
||||||
|
+ version 3.32
|
||||||
|
+ * Update security advisory to be more clear
|
||||||
|
+
|
||||||
|
+2023-02-26 00:31:32 demerphq
|
||||||
|
+ version 3.31
|
||||||
|
+ * Fixup for ppport fix in 3.30
|
||||||
|
+
|
||||||
|
+2023-02-22 09:56:27 leont
|
||||||
|
+ version 3.30
|
||||||
|
+ * Use ppport for all modules in dist.
|
||||||
|
+
|
||||||
|
+2023-01-04 17:33:24 iabyn
|
||||||
|
+ version 3.29
|
||||||
|
+ * Store code fixes identified from refcounted stack patch
|
||||||
|
+
|
||||||
|
+2022-11-08 10:12:46 tony
|
||||||
|
+ version 3.28
|
||||||
|
+ * Store hook error reporting improvements
|
||||||
|
+ * Store hook handles regex objects properly.
|
||||||
|
+
|
||||||
|
+2022-06-20 20:32:29 toddr
|
||||||
|
+ version 3.27
|
||||||
|
+ * Use cBOOL instead of !! in xs code
|
||||||
|
+
|
||||||
|
+2022-04-18 17:36:00 toddr
|
||||||
|
+ version 3.26
|
||||||
|
+ * Conform to ppport.h 3.68 recommendations
|
||||||
|
+
|
||||||
|
2021-08-30 07:46:52 nwclark
|
||||||
|
version 3.25
|
||||||
|
* No changes from previous version
|
||||||
|
diff --git a/Makefile.PL b/Makefile.PL
|
||||||
|
index e03e141..b705654 100644
|
||||||
|
--- a/Makefile.PL
|
||||||
|
+++ b/Makefile.PL
|
||||||
|
@@ -29,7 +29,7 @@ WriteMakefile(
|
||||||
|
'ExtUtils::MakeMaker' => '6.31',
|
||||||
|
},
|
||||||
|
TEST_REQUIRES => {
|
||||||
|
- 'Test::More' => '0.41',
|
||||||
|
+ 'Test::More' => '0.82',
|
||||||
|
},
|
||||||
|
)
|
||||||
|
: () ),
|
||||||
diff --git a/Storable.pm b/Storable.pm
|
diff --git a/Storable.pm b/Storable.pm
|
||||||
index ef417c6..32fd772 100644
|
index 8e6ab25..d531f2b 100644
|
||||||
--- a/Storable.pm
|
--- a/Storable.pm
|
||||||
+++ b/Storable.pm
|
+++ b/Storable.pm
|
||||||
@@ -28,7 +28,7 @@ our @EXPORT_OK = qw(
|
@@ -28,7 +28,7 @@ our @EXPORT_OK = qw(
|
||||||
our ($canonical, $forgive_me);
|
our ($canonical, $forgive_me);
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
- our $VERSION = '3.26';
|
- our $VERSION = '3.25';
|
||||||
+ our $VERSION = '3.31';
|
+ our $VERSION = '3.32';
|
||||||
}
|
}
|
||||||
|
|
||||||
our $recursion_limit;
|
our $recursion_limit;
|
||||||
|
@@ -1197,11 +1197,16 @@ compartment:
|
||||||
|
|
||||||
|
=head1 SECURITY WARNING
|
||||||
|
|
||||||
|
-B<Do not accept Storable documents from untrusted sources!>
|
||||||
|
+B<Do not accept Storable documents from untrusted sources!> There is
|
||||||
|
+B<no> way to configure Storable so that it can be used safely to process
|
||||||
|
+untrusted data. While there I<are> various options that can be used to
|
||||||
|
+mitigate specific security issues these options do I<not> comprise a
|
||||||
|
+complete safety net for the user, and processing untrusted data may
|
||||||
|
+result in segmentation faults, remote code execution, or privilege
|
||||||
|
+escalation. The following lists some known features which represent
|
||||||
|
+security issues that should be considered by users of this module.
|
||||||
|
|
||||||
|
-Some features of Storable can lead to security vulnerabilities if you
|
||||||
|
-accept Storable documents from untrusted sources with the default
|
||||||
|
-flags. Most obviously, the optional (off by default) CODE reference
|
||||||
|
+Most obviously, the optional (off by default) CODE reference
|
||||||
|
serialization feature allows transfer of code to the deserializing
|
||||||
|
process. Furthermore, any serialized object will cause Storable to
|
||||||
|
helpfully load the module corresponding to the class of the object in
|
||||||
|
@@ -1224,12 +1229,15 @@ With the default setting of C<$Storable::flags> = 6, creating or destroying
|
||||||
|
random objects, even renamed objects can be controlled by an attacker.
|
||||||
|
See CVE-2015-1592 and its metasploit module.
|
||||||
|
|
||||||
|
-If your application requires accepting data from untrusted sources,
|
||||||
|
-you are best off with a less powerful and more-likely safe
|
||||||
|
-serialization format and implementation. If your data is sufficiently
|
||||||
|
-simple, L<Cpanel::JSON::XS>, L<Data::MessagePack> or L<Sereal> are the best
|
||||||
|
-choices and offer maximum interoperability, but note that Sereal is
|
||||||
|
-L<unsafe by default|Sereal::Decoder/ROBUSTNESS>.
|
||||||
|
+If your application requires accepting data from untrusted sources, you
|
||||||
|
+are best off with a less powerful and more-likely safe serialization
|
||||||
|
+format and implementation. If your data is sufficiently simple,
|
||||||
|
+L<Cpanel::JSON::XS> or L<Data::MessagePack> are fine alternatives. For
|
||||||
|
+more complex data structures containing various Perl specific data types
|
||||||
|
+like regular expressions or aliased data L<Sereal> is the best
|
||||||
|
+alternative and offers maximum interoperability. Note that Sereal is
|
||||||
|
+L<unsafe by default|Sereal::Decoder/ROBUSTNESS>, but you can configure
|
||||||
|
+the encoder and decoder to mitigate any security issues.
|
||||||
|
|
||||||
|
=head1 WARNING
|
||||||
|
|
||||||
diff --git a/Storable.xs b/Storable.xs
|
diff --git a/Storable.xs b/Storable.xs
|
||||||
index 53c838c..a558dd7 100644
|
index 6944b76..a558dd7 100644
|
||||||
--- a/Storable.xs
|
--- a/Storable.xs
|
||||||
+++ b/Storable.xs
|
+++ b/Storable.xs
|
||||||
@@ -16,18 +16,13 @@
|
@@ -16,18 +16,13 @@
|
||||||
|
@ -101,6 +196,15 @@ index 53c838c..a558dd7 100644
|
||||||
(sv_retrieve_t)retrieve_other, /* SX_LAST */
|
(sv_retrieve_t)retrieve_other, /* SX_LAST */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@@ -2187,7 +2190,7 @@ static AV *array_call(pTHX_
|
||||||
|
XPUSHs(sv_2mortal(newSViv(cloning))); /* Cloning flag */
|
||||||
|
PUTBACK;
|
||||||
|
|
||||||
|
- count = call_sv(hook, G_ARRAY); /* Go back to Perl code */
|
||||||
|
+ count = call_sv(hook, G_LIST); /* Go back to Perl code */
|
||||||
|
|
||||||
|
SPAGAIN;
|
||||||
|
|
||||||
@@ -2454,6 +2457,16 @@ static int store_scalar(pTHX_ stcxt_t *cxt, SV *sv)
|
@@ -2454,6 +2457,16 @@ static int store_scalar(pTHX_ stcxt_t *cxt, SV *sv)
|
||||||
pv = SvPV(sv, len); /* We know it's SvPOK */
|
pv = SvPV(sv, len); /* We know it's SvPOK */
|
||||||
goto string; /* Share code below */
|
goto string; /* Share code below */
|
||||||
|
@ -126,6 +230,15 @@ index 53c838c..a558dd7 100644
|
||||||
len = SvCUR(text);
|
len = SvCUR(text);
|
||||||
reallen = strlen(SvPV_nolen(text));
|
reallen = strlen(SvPV_nolen(text));
|
||||||
|
|
||||||
|
@@ -3318,7 +3332,7 @@ static int get_regexp(pTHX_ stcxt_t *cxt, SV* sv, SV **re, SV **flags) {
|
||||||
|
XPUSHs(rv);
|
||||||
|
PUTBACK;
|
||||||
|
/* optimize to call the XS directly later */
|
||||||
|
- count = call_sv((SV*)cv, G_ARRAY);
|
||||||
|
+ count = call_sv((SV*)cv, G_LIST);
|
||||||
|
SPAGAIN;
|
||||||
|
if (count < 2)
|
||||||
|
CROAK(("re::regexp_pattern returned only %d results", (int)count));
|
||||||
@@ -3567,7 +3581,10 @@ static int store_hook(
|
@@ -3567,7 +3581,10 @@ static int store_hook(
|
||||||
int need_large_oids = 0;
|
int need_large_oids = 0;
|
||||||
#endif
|
#endif
|
|
@ -1,17 +1,15 @@
|
||||||
%global base_version 3.25
|
%global base_version 3.25
|
||||||
Name: perl-Storable
|
Name: perl-Storable
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 3.31
|
Version: 3.32
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Persistence for Perl data structures
|
Summary: Persistence for Perl data structures
|
||||||
# Storable.pm: GPL+ or Artistic
|
# Storable.pm: GPL+ or Artistic
|
||||||
License: GPL-1.0-or-later OR Artistic-1.0-Perl
|
License: GPL-1.0-or-later OR Artistic-1.0-Perl
|
||||||
URL: https://metacpan.org/release/Storable
|
URL: https://metacpan.org/release/Storable
|
||||||
Source0: https://cpan.metacpan.org/authors/id/N/NW/NWCLARK/Storable-%{base_version}.tar.gz
|
Source0: https://cpan.metacpan.org/authors/id/N/NW/NWCLARK/Storable-%{base_version}.tar.gz
|
||||||
# Unbundled from perl 5.35.11
|
# Unbundled from perl 5.37.12
|
||||||
Patch0: Storable-3.25-Upgrade-to-3.26.patch
|
Patch0: Storable-3.25-Upgrade-to-3.32.patch
|
||||||
# Unbundled from perl 5.37.11
|
|
||||||
Patch1: Storable-3.26-Upgrade-to-3.31.patch
|
|
||||||
BuildRequires: coreutils
|
BuildRequires: coreutils
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
|
@ -88,9 +86,7 @@ Tests from %{name}. Execute them
|
||||||
with "%{_libexecdir}/%{name}/test".
|
with "%{_libexecdir}/%{name}/test".
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n Storable-%{base_version}
|
%autosetup -p1 -n Storable-%{base_version}
|
||||||
%patch -P0 -p1
|
|
||||||
%patch -P1 -p1
|
|
||||||
|
|
||||||
# Help generators to recognize Perl scripts
|
# Help generators to recognize Perl scripts
|
||||||
for F in t/*.t t/*.pl; do
|
for F in t/*.t t/*.pl; do
|
||||||
|
@ -140,6 +136,9 @@ make test
|
||||||
%{_libexecdir}/%{name}
|
%{_libexecdir}/%{name}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 12 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.32-1
|
||||||
|
- Upgrade to 3.32 as provided in perl-5.37.12
|
||||||
|
|
||||||
* Thu May 18 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.31-1
|
* Thu May 18 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.31-1
|
||||||
- Upgrade to 3.31 as provided in perl-5.37.11
|
- Upgrade to 3.31 as provided in perl-5.37.11
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue