5.24.4 bump

.gitignore

@@ -25,3 +25,5 @@ perl-5.12.1.tar.gz
 /perl-5.24.1.tar.bz2
 /perl-5.24.2.tar.bz2
 /perl-5.24.3.tar.bz2
+/perl-5.24.4-RC1.tar.bz2
+/perl-5.24.4.tar.bz2

gendep.macros

@@ -67,14 +67,14 @@ Provides: perl(B) = 1.62 \
 Provides: perl(B::Concise) = 0.996 \
 Provides: perl(B::Deparse) = 1.37 \
 Provides: perl(B::OBJECT) \
-Provides: perl(B::Op_private) = 5.024000 \
+Provides: perl(B::Op_private) = 5.024004 \
 Provides: perl(B::Showlex) = 1.05 \
 Provides: perl(B::Terse) = 1.06 \
 Provides: perl(B::Xref) = 1.05 \
 Provides: perl(Benchmark) = 1.22 \
 Provides: perl(Class::Struct) = 0.65 \
 Provides: perl(Class::Struct::Tie_ISA) \
-Provides: perl(Config) = 5.024000 \
+Provides: perl(Config) = 5.024004 \
 Provides: perl(Config::Extensions) = 0.01 \
 Provides: perl(DB) = 1.08 \
 Provides: perl(DBM_Filter) = 0.06 \
@@ -140,7 +140,7 @@ Provides: perl(PerlIO) = 1.09 \
 Provides: perl(PerlIO::encoding) = 0.24 \
 Provides: perl(PerlIO::mmap) = 0.016 \
 Provides: perl(PerlIO::scalar) = 0.24 \
-Provides: perl(PerlIO::via) = 0.16 \
+Provides: perl(PerlIO::via) = 0.17 \
 Provides: perl(Pod::Functions) = 1.10 \
 Provides: perl(SDBM_File) = 1.14 \
 Provides: perl(Safe) = 2.39 \
@@ -213,7 +213,7 @@ Provides: perl(subs) = 1.02 \
 Provides: perl(vars) = 1.03 \
 Provides: perl(vmsish) = 1.04 \
 Provides: perl(warnings::register) = 1.04 \
-Provides: perl(x86-64) = 4:5.24.0-364.fc25 \
+Provides: perl(x86-64) = 4:5.24.4-397.RC1.fc26 \
 %{nil}
 %global gendep_perl_Archive_Tar \
 Requires: perl(:VERSION) >= 5.5.0 \
@@ -1167,9 +1167,9 @@ Requires: perl(strict) \
 Requires: perl(vars) \
 Requires: perl(version) \
 Requires: perl(warnings) \
-Provides: perl(Module::CoreList) = 5.20160506 \
-Provides: perl(Module::CoreList::TieHashDelta) = 5.20160506 \
-Provides: perl(Module::CoreList::Utils) = 5.20160506 \
+Provides: perl(Module::CoreList) = 5.20180414 \
+Provides: perl(Module::CoreList::TieHashDelta) = 5.20180414 \
+Provides: perl(Module::CoreList::Utils) = 5.20180414 \
 %{nil}
 %global gendep_perl_Module_CoreList_tools \
 Requires: perl(Getopt::Long) \
@@ -1311,7 +1311,7 @@ Requires: perl(parent) \
 Requires: perl(strict) \
 Requires: perl(vars) \
 Requires: perl(warnings) \
-Provides: perl(Pod::Html) = 1.22 \
+Provides: perl(Pod::Html) = 1.2201 \
 Provides: perl(Pod::Simple::XHTML::LocalPodLinks) \
 %{nil}
 %global gendep_perl_Pod_Parser \
@@ -1699,7 +1699,7 @@ Provides: perl(Thread::Queue) = 3.09 \
 Requires: perl(DynaLoader) \
 Requires: perl(Exporter) \
 Requires: perl(strict) \
-Provides: perl(Time::HiRes) = 1.9733 \
+Provides: perl(Time::HiRes) = 1.9741 \
 %{nil}
 %global gendep_perl_Time_Local \
 Requires: perl(Carp) \
@@ -1885,7 +1885,11 @@ Requires: perl(integer) \
 Requires: perl(strict) \
 Requires: perl(warnings) \
 Provides: perl(:MODULE_COMPAT_5.24.0) \
-Provides: perl(:VERSION) = 5.24.0 \
+Provides: perl(:MODULE_COMPAT_5.24.1) \
+Provides: perl(:MODULE_COMPAT_5.24.2) \
+Provides: perl(:MODULE_COMPAT_5.24.3) \
+Provides: perl(:MODULE_COMPAT_5.24.4) \
+Provides: perl(:VERSION) = 5.24.4 \
 Provides: perl(:WITH_ITHREADS) \
 Provides: perl(:WITH_LARGEFILES) \
 Provides: perl(:WITH_PERLIO) \

perl-5.24.4-perform-system-arg-processing-before-fork.patch

@@ -1,4 +1,4 @@
-From e754ae00fdac24a98d63ad8d8021ef91d5cc7352 Mon Sep 17 00:00:00 2001
+From bee36f5b5aad82c566311cf8785aa67ba3696155 Mon Sep 17 00:00:00 2001
 From: Zefram <zefram@fysh.org>
 Date: Sat, 16 Dec 2017 05:33:20 +0000
 Subject: [PATCH] perform system() arg processing before fork
@@ -14,7 +14,7 @@ $$, and in that case it should also happen in the parent process.
 Therefore reduce the argument scalars to strings first thing in pp_system.
 Fixes [perl #121105].
 
-Petr Písař: Ported to 5.24.3 from
+Petr Písař: Ported to 5.24.4 from
 64def2aeaeb63f92dadc6dfa33486c1d7b311963.
 
 Signed-off-by: Petr Písař <ppisar@redhat.com>
@@ -53,19 +53,19 @@ index 2fcc219..4ce8540 100644
      }
      PERL_FLUSHALL_FOR_CHILD;
 diff --git a/t/op/exec.t b/t/op/exec.t
-index 325ccb2..2060ee7 100644
+index 726f548..e43dd6e 100644
 --- a/t/op/exec.t
 +++ b/t/op/exec.t
 @@ -36,7 +36,7 @@ $ENV{LANGUAGE} = 'C';		# Ditto in GNU.
  my $Is_VMS   = $^O eq 'VMS';
  my $Is_Win32 = $^O eq 'MSWin32';
  
--plan(tests => 24);
-+plan(tests => 27);
+-plan(tests => 33);
++plan(tests => 36);
  
  my $Perl = which_perl();
  
-@@ -152,6 +152,19 @@ TODO: {
+@@ -173,6 +173,19 @@ TODO: {
          "exec failure doesn't terminate process");
  }
  
@@ -86,5 +86,5 @@ index 325ccb2..2060ee7 100644
  exec $Perl, '-le', qq{${quote}print 'ok $test - exec PROG, LIST'${quote}};
  fail("This should never be reached if the exec() worked");
 -- 
-2.13.6
+2.14.3
 

perl-5.24.4-perl-129149-avoid-a-heap-buffer-overflow-with-pack-W.patch

@@ -1,4 +1,4 @@
-From bf4a926a29374161655548b149d1cb37300bcc05 Mon Sep 17 00:00:00 2001
+From cd6b0f4e030d55ff077e9bc8fbcf156ab79dceb1 Mon Sep 17 00:00:00 2001
 From: Tony Cook <tony@develop-help.com>
 Date: Wed, 7 Sep 2016 16:51:39 +1000
 Subject: [PATCH] (perl #129149) avoid a heap buffer overflow with pack "W"...
@@ -6,6 +6,13 @@ MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 
+Petr Písař: Ported to 5.24.4:
+
+From bf4a926a29374161655548b149d1cb37300bcc05 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 7 Sep 2016 16:51:39 +1000
+Subject: [PATCH] (perl #129149) avoid a heap buffer overflow with pack "W"...
+
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
  pp_pack.c   |  2 +-
@@ -13,10 +20,10 @@ Signed-off-by: Petr Písař <ppisar@redhat.com>
  2 files changed, 13 insertions(+), 2 deletions(-)
 
 diff --git a/pp_pack.c b/pp_pack.c
-index ee4c69e..737e019 100644
+index c0de5ab..29fdb01 100644
 --- a/pp_pack.c
 +++ b/pp_pack.c
-@@ -2587,7 +2587,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist )
+@@ -2598,7 +2598,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist )
  		if (in_bytes) auv = auv % 0x100;
  		if (utf8) {
  		  W_utf8:
@@ -26,21 +33,21 @@ index ee4c69e..737e019 100644
  			SvCUR_set(cat, cur - start);
  
 diff --git a/t/op/pack.t b/t/op/pack.t
-index 3fc12e4..47d1216 100644
+index a480c3a..cf5ae78 100644
 --- a/t/op/pack.t
 +++ b/t/op/pack.t
 @@ -12,7 +12,7 @@ my $no_endianness = $] > 5.009 ? '' :
  my $no_signedness = $] > 5.009 ? '' :
    "Signed/unsigned pack modifiers not available on this perl";
  
--plan tests => 14712;
-+plan tests => 14713;
+-plan tests => 14716;
++plan tests => 14717;
  
  use strict;
  use warnings qw(FATAL all);
-@@ -2047,3 +2047,14 @@ ok(1, "argument underflow did not crash");
-     is(pack("H40", $up_nul), $twenty_nuls,
-        "check pack H zero fills (utf8 source)");
+@@ -2066,3 +2066,14 @@ SKIP:
+     fresh_perl_like('pack "c10f1073741824"', qr/Out of memory during pack/, { stderr => 1 },
+ 		    "integer overflow calculating allocation (multiply)");
  }
 +
 +{
@@ -54,5 +61,5 @@ index 3fc12e4..47d1216 100644
 +EOS
 +}
 -- 
-2.7.4
+2.14.3
 

perl-5.24.4-perl-129149-fix-the-test-so-skip-has-a-SKIP-to-work-.patch

@@ -1,4 +1,4 @@
-From 30be69c851a7fa7e29d85c9b6e070273df82f3e7 Mon Sep 17 00:00:00 2001
+From 308112b17f3d093c11cc25408a421c86364de828 Mon Sep 17 00:00:00 2001
 From: Tony Cook <tony@develop-help.com>
 Date: Tue, 17 Jan 2017 15:36:31 +1100
 Subject: [PATCH] (perl #129149) fix the test so skip has a SKIP: to work with
@@ -8,17 +8,24 @@ Content-Transfer-Encoding: 8bit
 
 Thanks to bulk88 for pointing this out.
 
+Petr Písař: Ported to 5.24.4 from:
+
+From 30be69c851a7fa7e29d85c9b6e070273df82f3e7 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 17 Jan 2017 15:36:31 +1100
+Subject: [PATCH] (perl #129149) fix the test so skip has a SKIP: to work with
+
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
  t/op/pack.t | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/t/op/pack.t b/t/op/pack.t
-index 47d1216..919e4c5 100644
+index cf5ae78..e399f7e 100644
 --- a/t/op/pack.t
 +++ b/t/op/pack.t
-@@ -2048,6 +2048,7 @@ ok(1, "argument underflow did not crash");
-        "check pack H zero fills (utf8 source)");
+@@ -2067,6 +2067,7 @@ SKIP:
+ 		    "integer overflow calculating allocation (multiply)");
  }
  
 +SKIP:
@@ -26,5 +33,5 @@ index 47d1216..919e4c5 100644
      # [perl #129149] the code below would write one past the end of the output
      # buffer, only detected by ASAN, not by valgrind
 -- 
-2.7.4
+2.14.3
 

perl-5.24.4-perl-129350-anchored-floating-substrings-must-be-utf.patch

@@ -1,4 +1,4 @@
-From 62130748594f803da49b6abf3e352e51148a3886 Mon Sep 17 00:00:00 2001
+From f34cc5af94622240abbf730ac82c4f91cc4ffb83 Mon Sep 17 00:00:00 2001
 From: Hugo van der Sanden <hv@crypt.org>
 Date: Tue, 4 Oct 2016 14:40:11 +0100
 Subject: [PATCH] anchored/floating substrings must be utf8 if target is
@@ -6,7 +6,7 @@ MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 
-Ported to 5.24.0:
+Ported to 5.24.4:
 
 commit 2814f4b3549f665a6f9203ac9e890ae1e415e0dc
 Author: Hugo van der Sanden <hv@crypt.org>
@@ -26,7 +26,7 @@ Signed-off-by: Petr Písař <ppisar@redhat.com>
  2 files changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/regexec.c b/regexec.c
-index cdaa95c..38ff44a 100644
+index ff8e89c..6904546 100644
 --- a/regexec.c
 +++ b/regexec.c
 @@ -703,7 +703,8 @@ Perl_re_intuit_start(pTHX_
@@ -40,17 +40,17 @@ index cdaa95c..38ff44a 100644
  	check = prog->check_utf8;
      } else {
 diff --git a/t/re/re_tests b/t/re/re_tests
-index 7e8522d..2f4d00c 100644
+index ab7ddbb..8b0feaa 100644
 --- a/t/re/re_tests
 +++ b/t/re/re_tests
-@@ -1968,6 +1968,7 @@ ab(?#Comment){2}c	abbc	y	$&	abbc
- (?:.||)(?|)000000000@	000000000@	y	$&	000000000@		#  [perl #126405]
+@@ -1969,6 +1969,7 @@ ab(?#Comment){2}c	abbc	y	$&	abbc
  aa$|a(?R)a|a	aaa	y	$&	aaa		# [perl 128420] recursive matches
  (?:\1|a)([bcd])\1(?:(?R)|e)\1	abbaccaddedcb	y	$&	abbaccaddedcb		# [perl 128420] recursive match with backreferences
+ (?il)\x{100}|\x{100}|\x{FF}	\xFF	y	$&	\xFF
 +\b\z0*\x{100}	.\x{100}	n	-	-	# [perl #129350] crashed in intuit_start
  
  # Keep these lines at the end of the file
  # vim: softtabstop=0 noexpandtab
 -- 
-2.7.4
+2.14.3
 

perl-5.24.4-perl-130307-Correctly-unwind-on-cache-hit.patch

@@ -1,4 +1,4 @@
-From 95ec90ac7c7c5fb158401eb65721bbeaae1949ab Mon Sep 17 00:00:00 2001
+From 7ec44a7b6adbc0221150969fc61134322fd5ed85 Mon Sep 17 00:00:00 2001
 From: Hugo van der Sanden <hv@crypt.org>
 Date: Mon, 12 Dec 2016 15:15:06 +0000
 Subject: [PATCH] Correctly unwind on cache hit
@@ -6,7 +6,7 @@ MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 
-Petr Pisar: Ported to 5.24.0:
+Petr Pisar: Ported to 5.24.4:
 
 commit d3c48e81594c1d64ba9833495e45d8951b42027c
 Author: Hugo van der Sanden <hv@crypt.org>
@@ -25,10 +25,10 @@ Signed-off-by: Petr Písař <ppisar@redhat.com>
  2 files changed, 2 insertions(+)
 
 diff --git a/regexec.c b/regexec.c
-index 38ff44a..a5d5db4 100644
+index 6904546..25ea3a3 100644
 --- a/regexec.c
 +++ b/regexec.c
-@@ -7322,6 +7322,7 @@ NULL
+@@ -7334,6 +7334,7 @@ NULL
                          DEBUG_EXECUTE_r( Perl_re_exec_indentf( aTHX_  "whilem: (cache) already tried at this position...\n",
                              depth)
  			);
@@ -37,17 +37,17 @@ index 38ff44a..a5d5db4 100644
  		    }
  		    ST.cache_offset = offset;
 diff --git a/t/re/re_tests b/t/re/re_tests
-index 2f4d00c..c81f67f 100644
+index 8b0feaa..6717b85 100644
 --- a/t/re/re_tests
 +++ b/t/re/re_tests
-@@ -1969,6 +1969,7 @@ ab(?#Comment){2}c	abbc	y	$&	abbc
- aa$|a(?R)a|a	aaa	y	$&	aaa		# [perl 128420] recursive matches
+@@ -1970,6 +1970,7 @@ aa$|a(?R)a|a	aaa	y	$&	aaa		# [perl 128420] recursive matches
  (?:\1|a)([bcd])\1(?:(?R)|e)\1	abbaccaddedcb	y	$&	abbaccaddedcb		# [perl 128420] recursive match with backreferences
+ (?il)\x{100}|\x{100}|\x{FF}	\xFF	y	$&	\xFF
  \b\z0*\x{100}	.\x{100}	n	-	-	# [perl #129350] crashed in intuit_start
 +(X{2,}[-X]{1,4}){3,}X{2,}	XXX-XXX-XXX--	n	-	-	# [perl #130307]
  
  # Keep these lines at the end of the file
  # vim: softtabstop=0 noexpandtab
 -- 
-2.7.4
+2.14.3
 

perl.spec

@@ -1,4 +1,4 @@
-%global perl_version    5.24.3
+%global perl_version    5.24.4
 %global perl_epoch      4
 %global perl_arch_stem -thread-multi
 %global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
@@ -37,7 +37,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        396%{?dist}
+Release:        397%{?dist}
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 # These are all found licenses. They are distributed among various
@@ -171,7 +171,7 @@ Patch53:        perl-5.25.4-perl-129267-Test-for-gv_fetchmethod-buffer-overrun.p
 
 # Fix crash when matching UTF-8 string with non-UTF-8 substrings, RT#129350,
 # in upstream after 5.25.5
-Patch54:        perl-5.24.0-perl-129350-anchored-floating-substrings-must-be-utf.patch
+Patch54:        perl-5.24.4-perl-129350-anchored-floating-substrings-must-be-utf.patch
 
 # Fix parsing perl options in shell bang line, RT#129336,
 # in upstream after 5.25.5
@@ -212,15 +212,15 @@ Patch63:        perl-5.24.0-assertion-failure-in-.-or-0-x-0.patch
 Patch64:        perl-5.24.0-perl-129788-IO-Poll-fix-memory-leak.patch
 
 # Fix regular expression matching, RT#130307, in upstream after 5.25.7
-Patch65:        perl-5.25.7-perl-130307-Correctly-unwind-on-cache-hit.patch
+Patch65:        perl-5.24.4-perl-130307-Correctly-unwind-on-cache-hit.patch
 
 # Fix a buffer overflow in split in scalar context, RT#130262,
 # in upstream after 5.25.8
 Patch66:        perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch
 
 # Fix a heap overflow with pack "W", RT129149, in upstream after 5.25.8
-Patch67:        perl-5.25.8-perl-129149-avoid-a-heap-buffer-overflow-with-pack-W.patch
-Patch68:        perl-5.25.8-perl-129149-fix-the-test-so-skip-has-a-SKIP-to-work-.patch
+Patch67:        perl-5.24.4-perl-129149-avoid-a-heap-buffer-overflow-with-pack-W.patch
+Patch68:        perl-5.24.4-perl-129149-fix-the-test-so-skip-has-a-SKIP-to-work-.patch
 
 # Fix a use-after-free when processing scalar variables in forms, RT#129125,
 # in upstream after 5.25.8
@@ -386,7 +386,7 @@ Patch119:       perl-5.24.3-fix-tainting-of-s-with-overloaded-replacement.patch
 
 # Expand system() arguments before a fork, RT#121105,
 # in upstream after 5.27.6
-Patch120:       perl-5.24.3-perform-system-arg-processing-before-fork.patch
+Patch120:       perl-5.24.4-perform-system-arg-processing-before-fork.patch
 # in upstream after 5.27.7
 Patch121:       perl-5.27.7-preserve-numericness-of-system-args-on-Win32.patch
 Patch122:       perl-5.27.7-Reenable-numeric-first-argument-of-system-on-VMS.patch
@@ -459,7 +459,7 @@ BuildRequires:  rsyslog
 
 
 # compat macro needed for rebuild
-%global perl_compat perl(:MODULE_COMPAT_5.24.3)
+%global perl_compat perl(:MODULE_COMPAT_5.24.4)
 
 # perl-interpreter denotes a package with the perl executable.
 # Full EVR is for compatibility with systems that swapped perl and perl-core
@@ -519,6 +519,7 @@ Summary:        The libraries for the perl run-time
 License:        (GPL+ or Artistic) and HSLR and MIT and UCD
 # Compat provides
 Provides:       %perl_compat
+Provides:       perl(:MODULE_COMPAT_5.24.3)
 Provides:       perl(:MODULE_COMPAT_5.24.2)
 Provides:       perl(:MODULE_COMPAT_5.24.1)
 Provides:       perl(:MODULE_COMPAT_5.24.0)
@@ -2069,7 +2070,7 @@ encoder/decoder. These encoding methods are specified in RFC 2045 - MIME
 Summary:        What modules are shipped with versions of perl
 License:        GPL+ or Artistic
 Epoch:          1
-Version:        5.20170922
+Version:        5.20180414
 Requires:       %perl_compat
 Requires:       perl(List::Util)
 Requires:       perl(version) >= 0.88
@@ -2087,7 +2088,7 @@ are shipped with each version of perl.
 Summary:        Tool for listing modules shipped with perl
 License:        GPL+ or Artistic
 Epoch:          1
-Version:        5.20170922
+Version:        5.20180414
 Requires:       %perl_compat
 Requires:       perl(feature)
 Requires:       perl(version) >= 0.88
@@ -5437,6 +5438,12 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Mon Apr 16 2018 Petr Pisar <ppisar@redhat.com> - 4:5.24.4-397
+- 5.24.4 bump
+- Fix CVE-2018-6913 (heap buffer overflow in pp_pack.c) (bug #1567776)
+- Fix CVE-2018-6798 (heap read overflow in regexec.c) (bug #1567777)
+- Fix CVE-2018-6797 (heap write overflow in regcomp.c) (bug #1567778)
+
 * Tue Feb 06 2018 Petr Pisar <ppisar@redhat.com> - 4:5.24.3-396
 - Fix handling attribute specification on our variables (RT#131597)
 - Remove invalid macro definitions from macros.perl (bug #1532539)

sources

@@ -1 +1 @@
-SHA512 (perl-5.24.3.tar.bz2) = 03c578383e0bd2a65b145b3904a88f2bc4f526d1009c8b4769c56c7b9ae002463c8f287cef748513543b0f6dd30674db1fc257deb982513858758cc949e501d2
+SHA512 (perl-5.24.4.tar.bz2) = 3bae714aaa3ac81f4be09c24cf708f339253b2cd3f6195cf60bf91e0e8a025a226ba527c11dfabdba33a642ce885c4c1979b9602367a6915a32a2b4c2c64bb38