Compare commits
17 Commits
Author | SHA1 | Date |
---|---|---|
Petr Písař | a9c7e59240 | |
Jitka Plesnikova | 93b6575279 | |
Petr Písař | e4161c3a18 | |
Petr Písař | d3a60aef4e | |
Petr Písař | 9f81b51311 | |
Jaromir Capik | db5670e254 | |
Jitka Plesnikova | fc2e8abf54 | |
Jitka Plesnikova | c4d91390ed | |
Petr Písař | 112bff7665 | |
Jitka Plesnikova | e909e44ec5 | |
Petr Šabata | eef037401e | |
Petr Šabata | c9ba25a121 | |
Lubomir Rintel | 1c66a9d90b | |
Lubomir Rintel | d03d42eb49 | |
Jitka Plesnikova | 76c22b2ce2 | |
Jitka Plesnikova | d903df44e6 | |
Jitka Plesnikova | 1a0d65d740 |
|
@ -1,10 +1,6 @@
|
|||
perl-5.12.1.tar.gz
|
||||
perl-5.8.0-libdir64.patch
|
||||
filter-requires.sh
|
||||
/perl-5.12.2.tar.gz
|
||||
/perl-5.12.3.tar.gz
|
||||
/perl.stp
|
||||
/perl-example.stp
|
||||
/perl-5.14.0-RC2.tar.bz2
|
||||
/perl-5.14.0.tar.bz2
|
||||
/perl-5.14.0.tar.gz
|
||||
|
@ -21,3 +17,5 @@ filter-requires.sh
|
|||
/perl-5.18.2.tar.bz2
|
||||
/perl-5.20.0.tar.bz2
|
||||
/perl-5.20.1.tar.bz2
|
||||
/perl-5.20.2.tar.bz2
|
||||
/perl-5.20.3.tar.bz2
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
Date: Sun, 15 Mar 2015 21:22:10 -0600
|
||||
Subject: Re: Pod::Html license
|
||||
From: Tom Christiansen <tchrist53147@gmail.com>
|
||||
To: Petr Šabata <contyk@redhat.com>
|
||||
Cc: Tom Christiansen <tchrist@perl.com>, marcgreen@cpan.org,
|
||||
jplesnik@redhat.com
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Content-Type: text/plain; charset=utf-8
|
||||
|
||||
Yes, it was supposed to be licensed just like the rest of Perl.
|
||||
|
||||
Sent from my Sprint phone
|
||||
|
||||
Petr Šabata <contyk@redhat.com> wrote:
|
||||
|
||||
>Marc, Tom,
|
||||
>
|
||||
>I'm reviewing licensing of our perl package in Fedora and
|
||||
>noticed Pod::HTML and its pod2html script are licensed under
|
||||
>the Artistic license (only).
|
||||
>
|
||||
>This is an issue for us as this license isn't considered free by
|
||||
>FSF [0]. Unless the license of this core component changes, we
|
||||
>will have to drop it from the tarball and remove support for it
|
||||
>from all the modules we ship that use it, such as Module::Build
|
||||
>or Module::Install.
|
||||
>
|
||||
>What I've seen in the past is authors originally claiming their
|
||||
>module was released under Artistic while what they actually meant
|
||||
>was the common `the same as perl itself', i.e. `GPL+/Aristic' [1],
|
||||
>an FSF free license. Is it possible this is also the case
|
||||
>of Pod::Html?
|
||||
>
|
||||
>Thanks,
|
||||
>Petr
|
||||
>
|
||||
>(also CC'ing Jitka, the primary package maintainer in Fedora)
|
||||
>
|
||||
>[0] https://www.gnu.org/licenses/license-list.html#ArtisticLicense
|
||||
>[1] https://www.gnu.org/licenses/license-list.html#PerlLicense
|
|
@ -0,0 +1,29 @@
|
|||
#requires gdbm
|
||||
|
||||
mcd $BUILDDIR/perl
|
||||
|
||||
GV=$(cd $SRC; echo perl-*)
|
||||
SONAME_VER=`echo $GV | cut -f2- -d'-' | sed 's/^\\([^.]*\\.[^.]*\\).*/\\1/'`
|
||||
PERL_VER=`echo $GV | cut -f2- -d'-'`
|
||||
|
||||
cd $SRC/$GV
|
||||
|
||||
sh $SRC/$GV/Configure -des -Dprefix=/usr -Dlibpth="/usr/local/lib$SUFFIX /lib$SUFFIX /usr/lib$SUFFIX" -Darchlib="/usr/lib$SUFFIX/perl5" -Dsitelib="/usr/local/share/perl5" -DDEBUGGING=-g -Dcc=gcc -Dmyhostname=localhost -Dperladmin=root@localhost -Duseshrplib -Dusethreads -Duseithreads -Uusedtrace -Duselargefiles -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto
|
||||
|
||||
BUILD_BZIP2=0
|
||||
BZIP2_LIB=%{_libdir}
|
||||
export BUILD_BZIP2 BZIP2_LIB
|
||||
|
||||
ln -sf libperl.so libperl.so.${SONAME_VER}
|
||||
|
||||
make
|
||||
|
||||
rm -f /usr/lib${SUFFIX}/perl5/CORE/libperl.so
|
||||
|
||||
make install
|
||||
|
||||
rm -f /usr/lib${SUFFIX}/libperl.so.${PERL_VER}
|
||||
mv /usr/lib${SUFFIX}/perl5/CORE/libperl.so /usr/lib${SUFFIX}/libperl.so.${PERL_VER}
|
||||
ln -sf libperl.so.${PERL_VER} /usr/lib${SUFFIX}/libperl.so.${SONAME_VER}
|
||||
ln -sf libperl.so.${PERL_VER} /usr/lib${SUFFIX}/libperl.so
|
||||
ln -sf libperl.so.${PERL_VER} /usr/lib${SUFFIX}/perl5/CORE/libperl.so
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
|
||||
# The original script name has been passed as the first argument:
|
||||
"$@" |
|
||||
awk '
|
||||
$0 != "perl(FCGI)" &&
|
||||
$0 != "perl(Your::Module::Here)" &&
|
||||
$0 != "perl(Tk)" &&
|
||||
$0 !~ /^perl\(Tk::/ &&
|
||||
$0 !~ /^perl\(Mac::/
|
||||
'
|
||||
|
||||
# We used to filter also these:
|
||||
# NDBM perl(v5.6.0) perl(Tie::RangeHash)
|
||||
# but they don't seem to be present anymore.
|
|
@ -5,8 +5,8 @@ diff -up perl-5.10.0/Configure.didi perl-5.10.0/Configure
|
|||
: set usesocks on the Configure command line to enable socks.
|
||||
: List of libraries we want.
|
||||
: If anyone needs extra -lxxx, put those in a hint file.
|
||||
-libswanted="socket bind inet nsl nm ndbm gdbm dbm db malloc dl ld sun"
|
||||
+libswanted="socket resolv inet nsl nm ndbm gdbm dbm db malloc dl ld sun"
|
||||
libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD"
|
||||
-libswanted="cl pthread socket bind inet nsl nm ndbm gdbm dbm db malloc dl ld"
|
||||
+libswanted="cl pthread socket resolv inet nsl nm ndbm gdbm dbm db malloc dl ld"
|
||||
libswanted="$libswanted sun m crypt sec util c cposix posix ucb bsd BSD"
|
||||
: We probably want to search /usr/shlib before most other libraries.
|
||||
: This is only used by the lib/ExtUtils/MakeMaker.pm routine extliblist.
|
||||
|
|
|
@ -29,15 +29,6 @@ diff --git a/ext/Errno/Errno_pm.PL b/ext/Errno/Errno_pm.PL
|
|||
index 55ad01a..63b5916 100644
|
||||
--- a/ext/Errno/Errno_pm.PL
|
||||
+++ b/ext/Errno/Errno_pm.PL
|
||||
@@ -2,7 +2,7 @@ use ExtUtils::MakeMaker;
|
||||
use Config;
|
||||
use strict;
|
||||
|
||||
-our $VERSION = "1.20_03";
|
||||
+our $VERSION = "1.20_04";
|
||||
|
||||
my %err = ();
|
||||
|
||||
@@ -225,20 +225,31 @@ sub write_errno_pm {
|
||||
{ # BeOS (support now removed) did not enter this block
|
||||
# invoke CPP and read the output
|
|
@ -38,7 +38,7 @@ index 2f30261..825496e 100755
|
|||
@@ -8294,7 +8295,7 @@ if "$useshrplib"; then
|
||||
xxx="-Wl,-R$shrpdir"
|
||||
;;
|
||||
bsdos|linux|irix*|dec_osf|gnu*)
|
||||
bsdos|linux|irix*|dec_osf|gnu*|haiku)
|
||||
- xxx="-Wl,-rpath,$shrpdir"
|
||||
+ # We want standard path
|
||||
;;
|
|
@ -0,0 +1,107 @@
|
|||
From b39ae59113865155c41edd6781a4901d5171cf0c Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Wed, 16 Sep 2015 14:34:31 -0600
|
||||
Subject: [PATCH] PATCH [perl #123562] Regexp-matching "hangs"
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The regex engine got into an infinite loop because of the malformation.
|
||||
It is trying to back-up over a sequence of UTF-8 continuation bytes.
|
||||
But the character just before the sequence should be a start byte. If
|
||||
not, there is a malformation. I added a test to croak if that isn't the
|
||||
case so that it doesn't just infinitely loop. I did this also in the
|
||||
similar areas of regexec.c.
|
||||
|
||||
Comments long ago added to the code suggested that we check for
|
||||
malformations in the vicinity of the new tests. But that was never
|
||||
done. These new tests should be good enough to prevent looping, anyway.
|
||||
|
||||
Petr Písař: Ported to 5.20.3.
|
||||
|
||||
CVE-2015-8853
|
||||
<https://bugzilla.redhat.com/show_bug.cgi?id=1329107>
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
regexec.c | 12 ++++++++++++
|
||||
t/re/pat.t | 19 ++++++++++++++++++-
|
||||
2 files changed, 30 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/regexec.c b/regexec.c
|
||||
index 66f6e04..ee6705a 100644
|
||||
--- a/regexec.c
|
||||
+++ b/regexec.c
|
||||
@@ -7830,6 +7830,10 @@ S_reghop3(U8 *s, SSize_t off, const U8* lim)
|
||||
if (UTF8_IS_CONTINUED(*s)) {
|
||||
while (s > lim && UTF8_IS_CONTINUATION(*s))
|
||||
s--;
|
||||
+ if (! UTF8_IS_START(*s)) {
|
||||
+ dTHX;
|
||||
+ Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
|
||||
+ }
|
||||
}
|
||||
/* XXX could check well-formedness here */
|
||||
}
|
||||
@@ -7856,6 +7860,10 @@ S_reghop4(U8 *s, SSize_t off, const U8* llim, const U8* rlim)
|
||||
if (UTF8_IS_CONTINUED(*s)) {
|
||||
while (s > llim && UTF8_IS_CONTINUATION(*s))
|
||||
s--;
|
||||
+ if (! UTF8_IS_START(*s)) {
|
||||
+ dTHX;
|
||||
+ Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
|
||||
+ }
|
||||
}
|
||||
/* XXX could check well-formedness here */
|
||||
}
|
||||
@@ -7887,6 +7895,10 @@ S_reghopmaybe3(U8* s, SSize_t off, const U8* lim)
|
||||
if (UTF8_IS_CONTINUED(*s)) {
|
||||
while (s > lim && UTF8_IS_CONTINUATION(*s))
|
||||
s--;
|
||||
+ if (! UTF8_IS_START(*s)) {
|
||||
+ dTHX;
|
||||
+ Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
|
||||
+ }
|
||||
}
|
||||
/* XXX could check well-formedness here */
|
||||
}
|
||||
diff --git a/t/re/pat.t b/t/re/pat.t
|
||||
index 7965f4e..2fa6206 100644
|
||||
--- a/t/re/pat.t
|
||||
+++ b/t/re/pat.t
|
||||
@@ -20,7 +20,7 @@ BEGIN {
|
||||
require './test.pl';
|
||||
}
|
||||
|
||||
-plan tests => 726; # Update this when adding/deleting tests.
|
||||
+plan tests => 727; # Update this when adding/deleting tests.
|
||||
|
||||
run_tests() unless caller;
|
||||
|
||||
@@ -1602,6 +1602,23 @@ EOP
|
||||
ok(1, "did not crash");
|
||||
ok($match, "[bbb...] resolved as character class, not subscript");
|
||||
}
|
||||
+
|
||||
+ { # Test that we handle some malformed UTF-8 without looping [perl
|
||||
+ # #123562]
|
||||
+
|
||||
+ my $code='
|
||||
+ BEGIN{require q(test.pl);}
|
||||
+ use Encode qw(_utf8_on);
|
||||
+ my $malformed = "a\x80\n";
|
||||
+ _utf8_on($malformed);
|
||||
+ watchdog(3);
|
||||
+ $malformed =~ /(\n\r|\r)$/;
|
||||
+ print q(No infinite loop here!);
|
||||
+ ';
|
||||
+ fresh_perl_like($code, qr/Malformed UTF-8 character/, {},
|
||||
+ "test that we handle some UTF-8 malformations without looping" );
|
||||
+ }
|
||||
+
|
||||
} # End of sub run_tests
|
||||
|
||||
1;
|
||||
--
|
||||
2.5.5
|
||||
|
|
@ -0,0 +1,154 @@
|
|||
From f358580268a0098209b72f7fbaa15e92df801b34 Mon Sep 17 00:00:00 2001
|
||||
From: Vincent Pit <perl@profvince.com>
|
||||
Date: Fri, 28 Aug 2015 14:17:00 -0300
|
||||
Subject: [PATCH] Properly duplicate PerlIO::encoding objects
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Upstream commit ported to 5.20.3:
|
||||
|
||||
commit 0ee3fa26f660ac426e3e082f77d806c9d1471f93
|
||||
Author: Vincent Pit <perl@profvince.com>
|
||||
Date: Fri Aug 28 14:17:00 2015 -0300
|
||||
|
||||
Properly duplicate PerlIO::encoding objects
|
||||
|
||||
PerlIO::encoding objects are usually initialized by calling Perl methods,
|
||||
essentially from the pushed() and getarg() callbacks. During cloning, the
|
||||
PerlIO API will by default call these methods to initialize the duplicate
|
||||
struct when the PerlIOBase parent struct is itself duplicated. This does
|
||||
not behave so well because the perl interpreter is not ready to call
|
||||
methods at this point, for the stacks are not set up yet.
|
||||
|
||||
The proper way to duplicate the PerlIO::encoding object is to call sv_dup()
|
||||
on its members from the dup() PerlIO callback. So the only catch is to make
|
||||
the getarg() and pushed() calls implied by the duplication of the underlying
|
||||
PerlIOBase object aware that they are called during cloning, and make them
|
||||
wait that the control flow returns to the dup() callback. Fortunately,
|
||||
getarg() knows since its param argument is then non-null, and its return
|
||||
value is passed immediately to pushed(), so it is enough to tag this
|
||||
returned value with a custom magic so that pushed() can see it is being
|
||||
called during cloning.
|
||||
|
||||
This fixes [RT #31923].
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
MANIFEST | 1 +
|
||||
ext/PerlIO-encoding/encoding.xs | 25 +++++++++++++++++++++++--
|
||||
ext/PerlIO-encoding/t/threads.t | 35 +++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 59 insertions(+), 2 deletions(-)
|
||||
create mode 100644 ext/PerlIO-encoding/t/threads.t
|
||||
|
||||
diff --git a/MANIFEST b/MANIFEST
|
||||
index af12626..f707105 100644
|
||||
--- a/MANIFEST
|
||||
+++ b/MANIFEST
|
||||
@@ -3758,6 +3758,7 @@ ext/PerlIO-encoding/encoding.xs PerlIO::encoding
|
||||
ext/PerlIO-encoding/t/encoding.t See if PerlIO encoding conversion works
|
||||
ext/PerlIO-encoding/t/fallback.t See if PerlIO fallbacks work
|
||||
ext/PerlIO-encoding/t/nolooping.t Tests for PerlIO::encoding
|
||||
+ext/PerlIO-encoding/t/threads.t Tests PerlIO::encoding and threads
|
||||
ext/PerlIO-mmap/mmap.pm PerlIO layer for memory maps
|
||||
ext/PerlIO-mmap/mmap.xs PerlIO layer for memory maps
|
||||
ext/PerlIO-scalar/scalar.pm PerlIO layer for scalars
|
||||
diff --git a/ext/PerlIO-encoding/encoding.xs b/ext/PerlIO-encoding/encoding.xs
|
||||
index fababd1..2332615 100644
|
||||
--- a/ext/PerlIO-encoding/encoding.xs
|
||||
+++ b/ext/PerlIO-encoding/encoding.xs
|
||||
@@ -49,13 +49,23 @@ typedef struct {
|
||||
|
||||
#define NEEDS_LINES 1
|
||||
|
||||
+static const MGVTBL PerlIOEncode_tag = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
||||
+
|
||||
SV *
|
||||
PerlIOEncode_getarg(pTHX_ PerlIO * f, CLONE_PARAMS * param, int flags)
|
||||
{
|
||||
PerlIOEncode *e = PerlIOSelf(f, PerlIOEncode);
|
||||
- SV *sv = &PL_sv_undef;
|
||||
- PERL_UNUSED_ARG(param);
|
||||
+ SV *sv;
|
||||
PERL_UNUSED_ARG(flags);
|
||||
+ /* During cloning, return an undef token object so that _pushed() knows
|
||||
+ * that it should not call methods and wait for _dup() to actually dup the
|
||||
+ * encoding object. */
|
||||
+ if (param) {
|
||||
+ sv = newSV(0);
|
||||
+ sv_magicext(sv, NULL, PERL_MAGIC_ext, &PerlIOEncode_tag, 0, 0);
|
||||
+ return sv;
|
||||
+ }
|
||||
+ sv = &PL_sv_undef;
|
||||
if (e->enc) {
|
||||
dSP;
|
||||
/* Not 100% sure stack swap is right thing to do during dup ... */
|
||||
@@ -85,6 +95,14 @@ PerlIOEncode_pushed(pTHX_ PerlIO * f, const char *mode, SV * arg, PerlIO_funcs *
|
||||
IV code = PerlIOBuf_pushed(aTHX_ f, mode, Nullsv,tab);
|
||||
SV *result = Nullsv;
|
||||
|
||||
+ if (SvTYPE(arg) >= SVt_PVMG
|
||||
+ && mg_findext(arg, PERL_MAGIC_ext, &PerlIOEncode_tag)) {
|
||||
+ e->enc = NULL;
|
||||
+ e->chk = NULL;
|
||||
+ e->inEncodeCall = 0;
|
||||
+ return code;
|
||||
+ }
|
||||
+
|
||||
PUSHSTACKi(PERLSI_MAGIC);
|
||||
ENTER;
|
||||
SAVETMPS;
|
||||
@@ -563,6 +581,9 @@ PerlIOEncode_dup(pTHX_ PerlIO * f, PerlIO * o,
|
||||
if (oe->enc) {
|
||||
fe->enc = PerlIO_sv_dup(aTHX_ oe->enc, params);
|
||||
}
|
||||
+ if (oe->chk) {
|
||||
+ fe->chk = PerlIO_sv_dup(aTHX_ oe->chk, params);
|
||||
+ }
|
||||
}
|
||||
return f;
|
||||
}
|
||||
diff --git a/ext/PerlIO-encoding/t/threads.t b/ext/PerlIO-encoding/t/threads.t
|
||||
new file mode 100644
|
||||
index 0000000..64f0e55
|
||||
--- /dev/null
|
||||
+++ b/ext/PerlIO-encoding/t/threads.t
|
||||
@@ -0,0 +1,35 @@
|
||||
+#!perl
|
||||
+
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+
|
||||
+BEGIN {
|
||||
+ use Config;
|
||||
+ if ($Config{extensions} !~ /\bEncode\b/) {
|
||||
+ print "1..0 # Skip: no Encode\n";
|
||||
+ exit 0;
|
||||
+ }
|
||||
+ unless ($Config{useithreads}) {
|
||||
+ print "1..0 # Skip: no threads\n";
|
||||
+ exit 0;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+use threads;
|
||||
+
|
||||
+use Test::More tests => 3 + 1;
|
||||
+
|
||||
+binmode *STDOUT, ':encoding(UTF-8)';
|
||||
+
|
||||
+SKIP: {
|
||||
+ local $@;
|
||||
+ my $ret = eval {
|
||||
+ my $thread = threads->create(sub { pass 'in thread'; return 1 });
|
||||
+ skip 'test thread could not be spawned' => 3 unless $thread;
|
||||
+ $thread->join;
|
||||
+ };
|
||||
+ is $@, '', 'thread did not croak';
|
||||
+ is $ret, 1, 'thread returned the right value';
|
||||
+}
|
||||
+
|
||||
+pass 'passes at least one test';
|
||||
--
|
||||
2.5.5
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
From 496f5ba57a43840a3c8ee61b21dc60d0c8bb5d52 Mon Sep 17 00:00:00 2001
|
||||
From: Tony Cook <tony@develop-help.com>
|
||||
Date: Fri, 15 Aug 2014 10:45:57 +1000
|
||||
Subject: [PATCH] fix debugger y command scope level
|
||||
|
||||
5c2b78e73d3 moved handling of the y command into its own function,
|
||||
but did not adjust the provided scope level to account for the extra
|
||||
scope.
|
||||
---
|
||||
lib/perl5db.pl | 2 +-
|
||||
1 file changed, 1 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/lib/perl5db.pl b/lib/perl5db.pl
|
||||
index e3f63b3..e8d7751 100644
|
||||
--- a/lib/perl5db.pl
|
||||
+++ b/lib/perl5db.pl
|
||||
@@ -1957,7 +1957,7 @@ sub _DB__handle_y_command {
|
||||
my @vars = split( ' ', $match_vars || '' );
|
||||
|
||||
# Find the pad.
|
||||
- my $h = eval { PadWalker::peek_my( ( $match_level || 0 ) + 1 ) };
|
||||
+ my $h = eval { PadWalker::peek_my( ( $match_level || 0 ) + 2 ) };
|
||||
|
||||
# Oops. Can't find it.
|
||||
if (my $Err = $@) {
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
From ae37b791a73a9e78dedb89fb2429d2628cf58076 Mon Sep 17 00:00:00 2001
|
||||
From: Tony Cook <tony@develop-help.com>
|
||||
Date: Wed, 27 Jan 2016 11:52:15 +1100
|
||||
Subject: [PATCH] remove duplicate environment variables from environ
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
If we see duplicate environment variables while iterating over
|
||||
environ[]:
|
||||
|
||||
a) make sure we use the same value in %ENV that getenv() returns.
|
||||
|
||||
Previously on a duplicate, %ENV would have the last entry for the name
|
||||
from environ[], but a typical getenv() would return the first entry.
|
||||
|
||||
Rather than assuming all getenv() implementations return the first entry
|
||||
explicitly call getenv() to ensure they agree.
|
||||
|
||||
b) remove duplicate entries from environ
|
||||
|
||||
Previously if there was a duplicate definition for a name in environ[]
|
||||
setting that name in %ENV could result in an unsafe value being passed
|
||||
to a child process, so ensure environ[] has no duplicates.
|
||||
|
||||
CVE-2016-2381
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
perl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 49 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/perl.c b/perl.c
|
||||
index 4a324c6..5c71fd0 100644
|
||||
--- a/perl.c
|
||||
+++ b/perl.c
|
||||
@@ -4329,23 +4329,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env)
|
||||
}
|
||||
if (env) {
|
||||
char *s, *old_var;
|
||||
+ STRLEN nlen;
|
||||
SV *sv;
|
||||
+ HV *dups = newHV();
|
||||
+
|
||||
for (; *env; env++) {
|
||||
old_var = *env;
|
||||
|
||||
if (!(s = strchr(old_var,'=')) || s == old_var)
|
||||
continue;
|
||||
+ nlen = s - old_var;
|
||||
|
||||
#if defined(MSDOS) && !defined(DJGPP)
|
||||
*s = '\0';
|
||||
(void)strupr(old_var);
|
||||
*s = '=';
|
||||
#endif
|
||||
- sv = newSVpv(s+1, 0);
|
||||
- (void)hv_store(hv, old_var, s - old_var, sv, 0);
|
||||
+ if (hv_exists(hv, old_var, nlen)) {
|
||||
+ const char *name = savepvn(old_var, nlen);
|
||||
+
|
||||
+ /* make sure we use the same value as getenv(), otherwise code that
|
||||
+ uses getenv() (like setlocale()) might see a different value to %ENV
|
||||
+ */
|
||||
+ sv = newSVpv(PerlEnv_getenv(name), 0);
|
||||
+
|
||||
+ /* keep a count of the dups of this name so we can de-dup environ later */
|
||||
+ if (hv_exists(dups, name, nlen))
|
||||
+ ++SvIVX(*hv_fetch(dups, name, nlen, 0));
|
||||
+ else
|
||||
+ (void)hv_store(dups, name, nlen, newSViv(1), 0);
|
||||
+
|
||||
+ Safefree(name);
|
||||
+ }
|
||||
+ else {
|
||||
+ sv = newSVpv(s+1, 0);
|
||||
+ }
|
||||
+ (void)hv_store(hv, old_var, nlen, sv, 0);
|
||||
if (env_is_not_environ)
|
||||
mg_set(sv);
|
||||
}
|
||||
+ if (HvKEYS(dups)) {
|
||||
+ /* environ has some duplicate definitions, remove them */
|
||||
+ HE *entry;
|
||||
+ hv_iterinit(dups);
|
||||
+ while ((entry = hv_iternext_flags(dups, 0))) {
|
||||
+ STRLEN nlen;
|
||||
+ const char *name = HePV(entry, nlen);
|
||||
+ IV count = SvIV(HeVAL(entry));
|
||||
+ IV i;
|
||||
+ SV **valp = hv_fetch(hv, name, nlen, 0);
|
||||
+
|
||||
+ assert(valp);
|
||||
+
|
||||
+ /* try to remove any duplicate names, depending on the
|
||||
+ * implementation used in my_setenv() the iteration might
|
||||
+ * not be necessary, but let's be safe.
|
||||
+ */
|
||||
+ for (i = 0; i < count; ++i)
|
||||
+ my_setenv(name, 0);
|
||||
+
|
||||
+ /* and set it back to the value we set $ENV{name} to */
|
||||
+ my_setenv(name, SvPV_nolen(*valp));
|
||||
+ }
|
||||
+ }
|
||||
+ SvREFCNT_dec_NN(dups);
|
||||
}
|
||||
#endif /* USE_ENVIRON_ARRAY */
|
||||
#endif /* !PERL_MICRO */
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -0,0 +1,106 @@
|
|||
diff -up perl-5.20.3/dist/XSLoader/XSLoader_pm.PL.load perl-5.20.3/dist/XSLoader/XSLoader_pm.PL
|
||||
--- perl-5.20.3/dist/XSLoader/XSLoader_pm.PL.load 2014-12-27 12:49:23.000000000 +0100
|
||||
+++ perl-5.20.3/dist/XSLoader/XSLoader_pm.PL 2016-07-07 15:39:57.682175264 +0200
|
||||
@@ -10,7 +10,7 @@ print OUT <<'EOT';
|
||||
|
||||
package XSLoader;
|
||||
|
||||
-$VERSION = "0.17";
|
||||
+$VERSION = "0.22";
|
||||
|
||||
#use strict;
|
||||
|
||||
@@ -88,6 +88,43 @@ print OUT <<'EOT';
|
||||
$modlibname =~ s,[\\/][^\\/]+$,, while $c--; # Q&D basename
|
||||
EOT
|
||||
|
||||
+my $to_print = <<'EOT';
|
||||
+ # Does this look like a relative path?
|
||||
+ if ($modlibname !~ m{regexp}) {
|
||||
+EOT
|
||||
+
|
||||
+$to_print =~ s~regexp~
|
||||
+ $^O eq 'MSWin32' || $^O eq 'os2' || $^O eq 'cygwin' || $^O eq 'amigaos'
|
||||
+ ? '^(?:[A-Za-z]:)?[\\\/]' # Optional drive letter
|
||||
+ : '^/'
|
||||
+~e;
|
||||
+
|
||||
+print OUT $to_print, <<'EOT';
|
||||
+ # Someone may have a #line directive that changes the file name, or
|
||||
+ # may be calling XSLoader::load from inside a string eval. We cer-
|
||||
+ # tainly do not want to go loading some code that is not in @INC,
|
||||
+ # as it could be untrusted.
|
||||
+ #
|
||||
+ # We could just fall back to DynaLoader here, but then the rest of
|
||||
+ # this function would go untested in the perl core, since all @INC
|
||||
+ # paths are relative during testing. That would be a time bomb
|
||||
+ # waiting to happen, since bugs could be introduced into the code.
|
||||
+ #
|
||||
+ # So look through @INC to see if $modlibname is in it. A rela-
|
||||
+ # tive $modlibname is not a common occurrence, so this block is
|
||||
+ # not hot code.
|
||||
+ FOUND: {
|
||||
+ for (@INC) {
|
||||
+ if ($_ eq $modlibname) {
|
||||
+ last FOUND;
|
||||
+ }
|
||||
+ }
|
||||
+ # Not found. Fall back to DynaLoader.
|
||||
+ goto \&XSLoader::bootstrap_inherit;
|
||||
+ }
|
||||
+ }
|
||||
+EOT
|
||||
+
|
||||
my $dl_dlext = quotemeta($Config::Config{'dlext'});
|
||||
|
||||
print OUT <<"EOT";
|
||||
@@ -203,7 +240,7 @@ XSLoader - Dynamically load C libraries
|
||||
|
||||
=head1 VERSION
|
||||
|
||||
-Version 0.17
|
||||
+Version 0.22
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
diff -up perl-5.20.3/dist/XSLoader/t/XSLoader.t.load perl-5.20.3/dist/XSLoader/t/XSLoader.t
|
||||
--- perl-5.20.3/dist/XSLoader/t/XSLoader.t.load 2014-12-27 12:49:23.000000000 +0100
|
||||
+++ perl-5.20.3/dist/XSLoader/t/XSLoader.t 2016-07-07 15:39:57.682175264 +0200
|
||||
@@ -33,7 +33,7 @@ my %modules = (
|
||||
'Time::HiRes'=> q| ::can_ok( 'Time::HiRes' => 'usleep' ) |, # 5.7.3
|
||||
);
|
||||
|
||||
-plan tests => keys(%modules) * 3 + 8;
|
||||
+plan tests => keys(%modules) * 3 + 9;
|
||||
|
||||
# Try to load the module
|
||||
use_ok( 'XSLoader' );
|
||||
@@ -96,3 +96,28 @@ SKIP: {
|
||||
like $@, "/^Invalid version format/",
|
||||
'correct error msg for invalid versions';
|
||||
}
|
||||
+
|
||||
+SKIP: {
|
||||
+ skip "File::Path not available", 1
|
||||
+ unless eval { require File::Path };
|
||||
+ my $name = "phooo$$";
|
||||
+ File::Path::mkpath("$name/auto/Foo/Bar");
|
||||
+ open my $fh,
|
||||
+ ">$name/auto/Foo/Bar/Bar.$Config::Config{'dlext'}";
|
||||
+ close $fh;
|
||||
+ my $fell_back;
|
||||
+ local *XSLoader::bootstrap_inherit = sub {
|
||||
+ $fell_back++;
|
||||
+ # Break out of the calling subs
|
||||
+ goto the_test;
|
||||
+ };
|
||||
+ eval <<END;
|
||||
+#line 1 $name
|
||||
+package Foo::Bar;
|
||||
+XSLoader::load("Foo::Bar");
|
||||
+END
|
||||
+ the_test:
|
||||
+ ok $fell_back,
|
||||
+ 'XSLoader will not load relative paths based on (caller)[1]';
|
||||
+ File::Path::rmtree($name);
|
||||
+}
|
|
@ -0,0 +1,21 @@
|
|||
/*
|
||||
Example of the perl systemtap tapset shows a nested view of perl subroutine
|
||||
calls and returns across the whole system.
|
||||
|
||||
To run:
|
||||
stap perl-example.stp (for all perl processes)
|
||||
For specific perl process:
|
||||
stap perl-example.stp -c COMMAND
|
||||
*/
|
||||
|
||||
probe perl.sub.call
|
||||
{
|
||||
printf("%s => sub: %s, filename: %s, line: %d, package: %s\n",
|
||||
thread_indent(1), sub, filename, lineno, package)
|
||||
}
|
||||
|
||||
probe perl.sub.return
|
||||
{
|
||||
printf("%s <= sub: %s, filename: %s, line: %d, package: %s\n",
|
||||
thread_indent(-1), sub, filename, lineno, package)
|
||||
}
|
261
perl.spec
261
perl.spec
|
@ -1,4 +1,4 @@
|
|||
%global perl_version 5.20.1
|
||||
%global perl_version 5.20.3
|
||||
%global perl_epoch 4
|
||||
%global perl_arch_stem -thread-multi
|
||||
%global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
|
||||
|
@ -30,7 +30,7 @@
|
|||
Name: perl
|
||||
Version: %{perl_version}
|
||||
# release number must be even higher, because dual-lived modules will be broken otherwise
|
||||
Release: 319%{?dist}
|
||||
Release: 332%{?dist}
|
||||
Epoch: %{perl_epoch}
|
||||
Summary: Practical Extraction and Report Language
|
||||
Group: Development/Languages
|
||||
|
@ -39,8 +39,10 @@ Group: Development/Languages
|
|||
# under UCD are unicode tables
|
||||
# Public domain: ext/SDBM_File/sdbm/*, ext/Compress-Raw-Bzip2/bzip2-src/dlltest.c
|
||||
# MIT: ext/MIME-Base64/Base64.xs
|
||||
# Copyright Only: for example ext/Text-Soundex/Soundex.xs
|
||||
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and Copyright Only and MIT and Public Domain and UCD
|
||||
# Copyright Only: for example ext/Text-Soundex/Soundex.xs
|
||||
# HSRL; regexec.c
|
||||
# TTWL: Text-Tabs+Wrap
|
||||
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and Copyright Only and HSRL and MIT and Public Domain and TTWL and UCD
|
||||
Url: http://www.perl.org/
|
||||
Source0: http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.bz2
|
||||
Source2: perl-5.8.0-libnet.cfg
|
||||
|
@ -49,6 +51,8 @@ Source3: macros.perl
|
|||
# build requirement. Written by lberk; Not yet upstream.
|
||||
Source4: perl.stp
|
||||
Source5: perl-example.stp
|
||||
# Tom Christiansen confirms Pod::Html uses the same license as perl
|
||||
Source6: Pod-Html-license-clarification
|
||||
|
||||
# Removes date check, Fedora/RHEL specific
|
||||
Patch1: perl-perlbug-tag.patch
|
||||
|
@ -80,7 +84,7 @@ Patch8: perl-5.14.1-offtest.patch
|
|||
Patch15: perl-5.16.3-create_libperl_soname.patch
|
||||
|
||||
# Install libperl.so to -Dshrpdir value
|
||||
Patch16: perl-5.16.3-Install-libperl.so-to-shrpdir-on-Linux.patch
|
||||
Patch16: perl-5.20.2-Install-libperl.so-to-shrpdir-on-Linux.patch
|
||||
|
||||
# Document Math::BigInt::CalcEmu requires Math::BigInt, rhbz#959096,
|
||||
# CPAN RT#85015
|
||||
|
@ -101,14 +105,25 @@ Patch27: perl-5.21.6-Report-inaccesible-file-on-failed-require.patch
|
|||
# RT#123338, in upstream after 5.21.6
|
||||
Patch28: perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch
|
||||
|
||||
# Fix Errno.pm generation for GCC 5.0, RT#123784, in upstream after 5.21.8
|
||||
Patch29: perl-5.20.1-Fix-Errno.pm-generation-for-gcc-5.0.patch
|
||||
# Fix debugger y command scope level, bug #1129850,
|
||||
# riIn upstream after 5.21.3
|
||||
Patch29: perl-5.21.3-fix-debugger-y-command-scope-level.patch
|
||||
|
||||
# Handle hexadecimal constants by h2ph, RT#123784, in upstream after 5.21.8
|
||||
Patch30: perl-5.21.8-h2ph-correct-handling-of-hex-constants-for-the-pream.patch
|
||||
# Fix CVE-2016-2381 (ambiguous environment variables handling), bug #1313702,
|
||||
# in upstream after 5.23.8
|
||||
Patch30: perl-5.23.8-remove-duplicate-environment-variables-from-environ.patch
|
||||
|
||||
# Do not use -_h2ph_pre.ph from system at tests, RT#123784
|
||||
Patch31: perl-5.21.8-lib-h2ph.t-to-test-generated-t-_h2ph_pre.ph-instead-.patch
|
||||
# Fix CVE-2015-8853 (regexp matching hangs indefinitely on illegal UTF-8
|
||||
# input), bug #1329107, RT#123562, in upstream after 5.23.2
|
||||
Patch31: perl-5.20.3-PATCH-perl-123562-Regexp-matching-hangs.patch
|
||||
|
||||
# Fix duplicating PerlIO::encoding when spawning threads, bug #1345788,
|
||||
# RT#31923, in upstream after 5.23.3
|
||||
Patch32: perl-5.20.3-Properly-duplicate-PerlIO-encoding-objects.patch
|
||||
|
||||
# Do not let XSLoader load relative paths, CVE-2016-6185, RT#115808,
|
||||
# in upstream after 5.25.2
|
||||
Patch33: perl-5.25.2-Don-t-let-XSLoader-load-relative-paths.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
|
@ -124,9 +139,12 @@ BuildRequires: groff-base
|
|||
BuildRequires: libdb-devel, tcsh, zlib-devel, bzip2-devel
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
%if %{with gdbm}
|
||||
BuildRequires: gdbm-devel
|
||||
BuildRequires: gdbm-devel
|
||||
%endif
|
||||
|
||||
# Regenerate a2p.c bug #1177672
|
||||
BuildRequires: byacc
|
||||
|
||||
# For tests
|
||||
BuildRequires: procps, rsyslog
|
||||
|
||||
|
@ -134,10 +152,12 @@ BuildRequires: procps, rsyslog
|
|||
|
||||
|
||||
# compat macro needed for rebuild
|
||||
%global perl_compat perl(:MODULE_COMPAT_5.20.1)
|
||||
%global perl_compat perl(:MODULE_COMPAT_5.20.3)
|
||||
|
||||
# Compat provides
|
||||
Provides: %perl_compat
|
||||
Provides: perl(:MODULE_COMPAT_5.20.2)
|
||||
Provides: perl(:MODULE_COMPAT_5.20.1)
|
||||
Provides: perl(:MODULE_COMPAT_5.20.0)
|
||||
|
||||
# Threading provides
|
||||
|
@ -148,42 +168,10 @@ Provides: perl(:WITH_LARGEFILES)
|
|||
# PerlIO provides
|
||||
Provides: perl(:WITH_PERLIO)
|
||||
# File provides
|
||||
Provides: perl(abbrev.pl)
|
||||
Provides: perl(assert.pl)
|
||||
Provides: perl(bigfloat.pl)
|
||||
Provides: perl(bigint.pl)
|
||||
Provides: perl(bigrat.pl)
|
||||
Provides: perl(bytes_heavy.pl)
|
||||
Provides: perl(cacheout.pl)
|
||||
Provides: perl(complete.pl)
|
||||
Provides: perl(ctime.pl)
|
||||
Provides: perl(dotsh.pl)
|
||||
Provides: perl(dumpvar.pl)
|
||||
Provides: perl(exceptions.pl)
|
||||
Provides: perl(fastcwd.pl)
|
||||
Provides: perl(find.pl)
|
||||
Provides: perl(finddepth.pl)
|
||||
Provides: perl(flush.pl)
|
||||
Provides: perl(ftp.pl)
|
||||
Provides: perl(getcwd.pl)
|
||||
Provides: perl(getopt.pl)
|
||||
Provides: perl(getopts.pl)
|
||||
Provides: perl(hostname.pl)
|
||||
Provides: perl(importenv.pl)
|
||||
Provides: perl(look.pl)
|
||||
Provides: perl(newgetopt.pl)
|
||||
Provides: perl(open2.pl)
|
||||
Provides: perl(open3.pl)
|
||||
Provides: perl(perl5db.pl)
|
||||
Provides: perl(pwd.pl)
|
||||
Provides: perl(shellwords.pl)
|
||||
Provides: perl(stat.pl)
|
||||
Provides: perl(syslog.pl)
|
||||
Provides: perl(tainted.pl)
|
||||
Provides: perl(termcap.pl)
|
||||
Provides: perl(timelocal.pl)
|
||||
Provides: perl(utf8_heavy.pl)
|
||||
Provides: perl(validate.pl)
|
||||
|
||||
# suidperl isn't created by upstream since 5.12.0
|
||||
Obsoletes: perl-suidperl <= 4:5.12.2
|
||||
|
@ -414,7 +402,7 @@ but it is a good educated guess.
|
|||
%package CGI
|
||||
Summary: Handle Common Gateway Interface requests and responses
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
License: (GPL+ or Artistic) and Artistic 2.0
|
||||
Epoch: 0
|
||||
Version: 3.63
|
||||
Requires: %perl_compat
|
||||
|
@ -439,11 +427,31 @@ CGI.pm performs very well in in a vanilla CGI.pm environment and also comes
|
|||
with built-in support for mod_perl and mod_perl2 as well as FastCGI.
|
||||
%endif
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
%package CGI-Fast
|
||||
Summary: CGI Interface for Fast CGI
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 0
|
||||
Version: 1.10
|
||||
Requires: %perl_compat
|
||||
BuildArch: noarch
|
||||
|
||||
%description CGI-Fast
|
||||
CGI::Fast is a subclass of the CGI object created by CGI.pm. It is
|
||||
specialized to work well FCGI module, which greatly speeds up CGI scripts
|
||||
by turning them into persistently running server processes. Scripts that
|
||||
perform time-consuming initialization processes, such as loading large
|
||||
modules or opening persistent database connections, will see large
|
||||
performance improvements.
|
||||
%endif
|
||||
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
%package Compress-Raw-Bzip2
|
||||
Summary: Low-Level Interface to bzip2 compression library
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
License: (GPL+ or Artistic) and zlib
|
||||
Epoch: 0
|
||||
Version: 2.064
|
||||
Requires: perl(Exporter), perl(File::Temp)
|
||||
|
@ -691,7 +699,7 @@ bytes or bits.
|
|||
%package Digest-MD5
|
||||
Summary: Perl interface to the MD5 Algorithm
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
License: (GPL+ or Artistic) and BSD
|
||||
# Epoch bump for clean upgrade over old standalone package
|
||||
Epoch: 0
|
||||
Version: 2.53
|
||||
|
@ -1348,6 +1356,22 @@ are included with perl 5.6.0, and it works fine on perl 5.005 if you can
|
|||
install a few additional modules.
|
||||
%endif
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
%package Module-Build-Deprecated
|
||||
Summary: Collection of modules removed from Module-Build
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
Version: 0.4205
|
||||
Requires: %perl_compat
|
||||
Conflicts: perl-Module-Build < 0.42.05
|
||||
|
||||
%description Module-Build-Deprecated
|
||||
This module contains a number of module that have been removed from
|
||||
Module-Build:
|
||||
Module::Build::ModuleInfo - This has been superseded by Module::Metadata
|
||||
Module::Build::Version - This has been replaced by version
|
||||
Module::Build::YAML - This has been replaced by CPAN::Meta::YAML
|
||||
%endif
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
%package Module-CoreList
|
||||
|
@ -1355,7 +1379,7 @@ Summary: What modules are shipped with versions of perl
|
|||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 1
|
||||
Version: 5.020001
|
||||
Version: 5.20150822
|
||||
Requires: %perl_compat
|
||||
Requires: perl(List::Util)
|
||||
Requires: perl(version) >= 0.88
|
||||
|
@ -1371,7 +1395,7 @@ Summary: Tool for listing modules shipped with perl
|
|||
Group: Development/Tools
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 1
|
||||
Version: 5.020001
|
||||
Version: 5.20150822
|
||||
Requires: %perl_compat
|
||||
Requires: perl(feature)
|
||||
Requires: perl(version) >= 0.88
|
||||
|
@ -1452,6 +1476,22 @@ Requires: %perl_compat
|
|||
Gather package and POD information from perl module files
|
||||
%endif
|
||||
|
||||
%package open
|
||||
Summary: Perl pragma to set default PerlIO layers for input and output
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 0
|
||||
Version: 1.10
|
||||
Requires: %perl_compat
|
||||
Requires: perl(Carp)
|
||||
Requires: perl(Encode)
|
||||
Requires: perl(encoding)
|
||||
Conflicts: perl < 4:5.20.2-326
|
||||
BuildArch: noarch
|
||||
|
||||
%description open
|
||||
The "open" pragma serves as one of the interfaces to declare default "layers"
|
||||
(also known as "disciplines") for all I/O.
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
%package Package-Constants
|
||||
|
@ -1757,7 +1797,7 @@ Use TAP::Parser, Test::Harness package was whole rewritten.
|
|||
%package Test-Simple
|
||||
Summary: Basic utilities for writing tests
|
||||
Group: Development/Languages
|
||||
License: GPL+ or Artistic
|
||||
License: (GPL+ or Artistic) and Public Domain
|
||||
Epoch: 0
|
||||
Version: 1.001002
|
||||
Requires: %perl_compat
|
||||
|
@ -1842,7 +1882,7 @@ so dates before the system's epoch may not work on all operating systems.
|
|||
%package Time-Piece
|
||||
Summary: Time objects from localtime and gmtime
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
License: (GPL+ or Artistic) and BSD
|
||||
Epoch: 0
|
||||
Version: 1.27
|
||||
Requires: %perl_compat
|
||||
|
@ -1968,7 +2008,8 @@ Requires: perl-macros
|
|||
Requires: perl-App-a2p, perl-App-find2perl, perl-App-s2p
|
||||
Requires: perl-Archive-Tar, perl-autodie, perl-B-Debug,
|
||||
Requires: perl-Compress-Raw-Bzip2,
|
||||
Requires: perl-Carp, perl-Compress-Raw-Zlib, perl-CGI, perl-constant,
|
||||
Requires: perl-Carp, perl-Compress-Raw-Zlib, perl-CGI,
|
||||
Requires: perl-CGI-Fast, perl-constant,
|
||||
Requires: perl-CPAN, perl-CPAN-Meta, perl-CPAN-Meta-Requirements,
|
||||
Requires: perl-CPAN-Meta-YAML, perl-Encode, perl-encoding
|
||||
Requires: perl-Data-Dumper, perl-DB_File, perl-Devel-PPPort,
|
||||
|
@ -1985,10 +2026,10 @@ Requires: perl-HTTP-Tiny, perl-inc-latest, perl-IO-Compress, perl-IO-Socke
|
|||
Requires: perl-IO-Zlib, perl-IPC-Cmd, perl-JSON-PP
|
||||
Requires: perl-Locale-Codes, perl-Locale-Maketext,
|
||||
Requires: perl-Locale-Maketext-Simple
|
||||
Requires: perl-Module-Build, perl-Module-CoreList,
|
||||
Requires: perl-Module-Build, perl-Module-Build-Deprecated, perl-Module-CoreList,
|
||||
Requires: perl-Module-CoreList-tools, perl-Module-Load
|
||||
Requires: perl-Module-Load-Conditional, perl-Module-Loaded, perl-Module-Metadata
|
||||
Requires: perl-Package-Constants, perl-PathTools
|
||||
Requires: perl-open, perl-Package-Constants, perl-PathTools
|
||||
Requires: perl-Params-Check, perl-Parse-CPAN-Meta, perl-Perl-OSType
|
||||
Requires: perl-Pod-Checker, perl-Pod-Escapes
|
||||
Requires: perl-Pod-Parser, perl-Pod-Perldoc, perl-Pod-Usage
|
||||
|
@ -2025,6 +2066,8 @@ tarball from perl.org.
|
|||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
|
@ -2046,9 +2089,11 @@ perl -x patchlevel.h \
|
|||
'Fedora Patch26: Make *DBM_File desctructors thread-safe (RT#61912)' \
|
||||
'Fedora Patch27: Report inaccesible file on failed require (RT#123270)' \
|
||||
'Fedora Patch28: Use stronger algorithm needed for FIPS in t/op/taint.t (RT#123338)' \
|
||||
'Fedora Patch29: Fix Errno.pm generation for GCC 5.0 (RT#123784)' \
|
||||
'Fedora Patch30: Handle hexadecimal constants by h2ph (RT#123784)' \
|
||||
'Fedora Patch31: Do not use -_h2ph_pre.ph from system at tests (RT#123784)' \
|
||||
'Fedora Patch29: Fix debugger y command scope level' \
|
||||
'Fedora Patch30: Fix CVE-2016-2381 (ambiguous environment variables handling)' \
|
||||
'Fedora Patch31: Fix CVE-2015-8853 (regexp matching hangs on illegal UTF-8)' \
|
||||
'Fedora Patch32: Fix duplicating PerlIO::encoding when spawning threads (RT#31923)' \
|
||||
'Fedora Patch33: Do not let XSLoader load relative paths (CVE-2016-6185)' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
|
@ -2057,6 +2102,9 @@ perl -x patchlevel.h \
|
|||
#copy the example script
|
||||
cp -a %{SOURCE5} .
|
||||
|
||||
#copy Pod-Html license clarification
|
||||
cp %{SOURCE6} .
|
||||
|
||||
#
|
||||
# Candidates for doc recoding (need case by case review):
|
||||
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
|
||||
|
@ -2093,6 +2141,12 @@ rm -rf 'cpan/Memoize/Memoize/NDBM_File.pm'
|
|||
sed -i '\|cpan/Memoize/Memoize/NDBM_File.pm|d' MANIFEST
|
||||
%endif
|
||||
|
||||
# Regenerate a2p.c bug #1177672
|
||||
pushd x2p
|
||||
yacc a2p.y
|
||||
mv -f y.tab.c a2p.c
|
||||
popd
|
||||
|
||||
%build
|
||||
echo "RPM Build arch: %{_arch}"
|
||||
|
||||
|
@ -2316,7 +2370,7 @@ sed \
|
|||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%doc Artistic AUTHORS Copying README Changes
|
||||
%doc Artistic AUTHORS Copying README Changes Pod-Html-license-clarification
|
||||
%{_mandir}/man1/*.1*
|
||||
%{_mandir}/man3/*.3*
|
||||
%{_bindir}/*
|
||||
|
@ -2394,6 +2448,10 @@ sed \
|
|||
%exclude %{_mandir}/man3/CGI.3*
|
||||
%exclude %{_mandir}/man3/CGI::*.3*
|
||||
|
||||
# CGI-Fast
|
||||
%exclude %{privlib}/CGI/Fast.pm
|
||||
%exclude %{_mandir}/man3/CGI::Fast.3*
|
||||
|
||||
# constant
|
||||
%exclude %{privlib}/constant.pm
|
||||
%exclude %{_mandir}/man3/constant.3*
|
||||
|
@ -2775,6 +2833,14 @@ sed \
|
|||
%exclude %{_mandir}/man1/config_data.1*
|
||||
%exclude %{_mandir}/man3/Module::Build*
|
||||
|
||||
# Module-Build-Deprecated
|
||||
%exclude %{privlib}/Module/Build/ModuleInfo.pm
|
||||
%exclude %{privlib}/Module/Build/Version.pm
|
||||
%exclude %{privlib}/Module/Build/YAML.pm
|
||||
%exclude %{_mandir}/man3/Module::Build::ModuleInfo.3*
|
||||
%exclude %{_mandir}/man3/Module::Build::Version.3*
|
||||
%exclude %{_mandir}/man3/Module::Build::YAML.3*
|
||||
|
||||
# Module-CoreList
|
||||
%exclude %dir %{privlib}/Module
|
||||
%exclude %{privlib}/Module/CoreList
|
||||
|
@ -2827,6 +2893,10 @@ sed \
|
|||
%exclude %{privlib}/Perl/OSType.pm
|
||||
%exclude %{_mandir}/man3/Perl::OSType.3pm*
|
||||
|
||||
# open
|
||||
%exclude %{privlib}/open.pm
|
||||
%exclude %{_mandir}/man3/open.3*
|
||||
|
||||
# parent
|
||||
%exclude %{privlib}/parent.pm
|
||||
%exclude %{_mandir}/man3/parent.3*
|
||||
|
@ -3081,8 +3151,14 @@ sed \
|
|||
%files CGI
|
||||
%{privlib}/CGI/
|
||||
%{privlib}/CGI.pm
|
||||
%exclude %{privlib}/CGI/Fast.pm
|
||||
%{_mandir}/man3/CGI.3*
|
||||
%{_mandir}/man3/CGI::*.3*
|
||||
%exclude %{_mandir}/man3/CGI::Fast.3*
|
||||
|
||||
%files CGI-Fast
|
||||
%{privlib}/CGI/Fast.pm
|
||||
%{_mandir}/man3/CGI::Fast.3*
|
||||
|
||||
%files Compress-Raw-Bzip2
|
||||
%dir %{archlib}/Compress
|
||||
|
@ -3550,8 +3626,22 @@ sed \
|
|||
%dir %{privlib}/Module
|
||||
%{privlib}/Module/Build
|
||||
%{privlib}/Module/Build.pm
|
||||
%exclude %{privlib}/Module/Build/ModuleInfo.pm
|
||||
%exclude %{privlib}/Module/Build/Version.pm
|
||||
%exclude %{privlib}/Module/Build/YAML.pm
|
||||
%{_mandir}/man1/config_data.1*
|
||||
%{_mandir}/man3/Module::Build*
|
||||
%exclude %{_mandir}/man3/Module::Build::ModuleInfo.3*
|
||||
%exclude %{_mandir}/man3/Module::Build::Version.3*
|
||||
%exclude %{_mandir}/man3/Module::Build::YAML.3*
|
||||
|
||||
%files Module-Build-Deprecated
|
||||
%{privlib}/Module/Build/ModuleInfo.pm
|
||||
%{privlib}/Module/Build/Version.pm
|
||||
%{privlib}/Module/Build/YAML.pm
|
||||
%{_mandir}/man3/Module::Build::ModuleInfo.3*
|
||||
%{_mandir}/man3/Module::Build::Version.3*
|
||||
%{_mandir}/man3/Module::Build::YAML.3*
|
||||
%endif
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
|
@ -3623,6 +3713,10 @@ sed \
|
|||
%{_mandir}/man3/Parse::CPAN::Meta.3*
|
||||
%endif
|
||||
|
||||
%files open
|
||||
%{privlib}/open.pm
|
||||
%{_mandir}/man3/open.3*
|
||||
|
||||
%if %{dual_life} || %{rebuild_from_scratch}
|
||||
%files parent
|
||||
%{privlib}/parent.pm
|
||||
|
@ -3853,6 +3947,55 @@ sed \
|
|||
|
||||
# Old changelog entries are preserved in CVS.
|
||||
%changelog
|
||||
* Thu Jul 07 2016 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.3-332
|
||||
- Do not let XSLoader load relative paths (CVE-2016-6185)
|
||||
|
||||
* Mon Jun 13 2016 Petr Pisar <ppisar@redhat.com> - 4:5.20.3-331
|
||||
- Fix duplicating PerlIO::encoding when spawning threads (bug #1345788)
|
||||
|
||||
* Thu Apr 21 2016 Petr Pisar <ppisar@redhat.com> - 4:5.20.3-330
|
||||
- Fix CVE-2015-8853 (regexp matching hangs indefinitely on illegal UTF-8
|
||||
input) (bug #1329107)
|
||||
|
||||
* Wed Mar 02 2016 Petr Pisar <ppisar@redhat.com> - 4:5.20.3-329
|
||||
- Fix CVE-2016-2381 (ambiguous environment variables handling) (bug #1313702)
|
||||
|
||||
* Thu Sep 24 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.3-328
|
||||
- Fix debugger y command scope level (bug #1129850)
|
||||
|
||||
* Mon Sep 14 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.3-327
|
||||
- 5.20.3 bump (see <http://search.cpan.org/dist/perl-5.20.3/pod/perldelta.pod>
|
||||
for release notes
|
||||
|
||||
* Fri Jun 05 2015 Petr Pisar <ppisar@redhat.com> - 4:5.20.2-326
|
||||
- Subpackage "open" module in order to keep deprecated "encoding" module
|
||||
optional (bug #1228378)
|
||||
|
||||
* Wed Apr 15 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.2-325
|
||||
- Sub-package perl-CGI-Fast and perl-Module-Build-Deprecated
|
||||
- Add missing dual-life modules to perl-core
|
||||
|
||||
* Thu Apr 02 2015 Petr Šabata <contyk@redhat.com> - 4:5.20.2-324
|
||||
- Correct a typo in the license tag
|
||||
|
||||
* Thu Apr 02 2015 Petr Šabata <contyk@redhat.com> - 4:5.20.2-323
|
||||
- Correct license tags of the main package, CGI, Compress-Raw-Zlib,
|
||||
Digest-MD5, Test-Simple and Time-Piece
|
||||
- Package a Pod-Html license clarification email
|
||||
|
||||
* Thu Mar 19 2015 Lubomir Rintel <lkundrak@v3.sk> - 4:5.20.2-322
|
||||
- Add systemtap probes for new dtrace markers
|
||||
|
||||
* Wed Feb 18 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.2-321
|
||||
- Provide 5.20.2 MODULE_COMPAT
|
||||
- Clean list of provided files
|
||||
- Update names of changed patches
|
||||
|
||||
* Tue Feb 17 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.2-320
|
||||
- 5.20.2 bump (see <http://search.cpan.org/dist/perl-5.20.2/pod/perldelta.pod>
|
||||
for release notes)
|
||||
- Regenerate a2p.c (BZ#1177672)
|
||||
|
||||
* Mon Feb 16 2015 Petr Pisar <ppisar@redhat.com> - 4:5.20.1-319
|
||||
- Improve h2ph fix for GCC 5.0
|
||||
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
This probe will fire when the perl script enters a subroutine.
|
||||
*/
|
||||
|
||||
probe perl.sub.call = process("LIBRARY_PATH").mark("sub__entry")
|
||||
{
|
||||
|
||||
sub = user_string($arg1)
|
||||
filename = user_string($arg2)
|
||||
lineno = $arg3
|
||||
package = user_string($arg4)
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
This probe will fire when the return from a subroutine has been
|
||||
hit.
|
||||
*/
|
||||
|
||||
probe perl.sub.return = process("LIBRARY_PATH").mark("sub__return")
|
||||
{
|
||||
|
||||
sub = user_string($arg1)
|
||||
filename = user_string($arg2)
|
||||
lineno = $arg3
|
||||
package = user_string($arg4)
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
This probe will fire when the Perl interperter changes state.
|
||||
*/
|
||||
|
||||
probe perl.phase.change = process("LIBRARY_PATH").mark("phase__change")
|
||||
{
|
||||
newphase = user_string($arg1)
|
||||
oldphase = user_string($arg2)
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Fires when Perl has successfully loaded an individual file.
|
||||
*/
|
||||
|
||||
probe perl.loaded.file = process("LIBRARY_PATH").mark("loaded__file")
|
||||
{
|
||||
filename = user_string($arg1)
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Fires when Perl is about to load an individual file.
|
||||
*/
|
||||
|
||||
probe perl.loading.file = process("LIBRARY_PATH").mark("loading__file")
|
||||
{
|
||||
filename = user_string($arg1)
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Traces the execution of each opcode in the Perl runloop.
|
||||
*/
|
||||
|
||||
probe perl.op.entry = process("LIBRARY_PATH").mark("op__entry")
|
||||
{
|
||||
opname = user_string($arg1)
|
||||
}
|
6
sources
6
sources
|
@ -1,5 +1 @@
|
|||
aceea3db13a159cd5f7e5f2e3ad9534f perl-5.8.0-libdir64.patch
|
||||
ad5d07285d6e4914384b43c9abc2bdba filter-requires.sh
|
||||
93b780a770906408a34b1c511e333a12 perl.stp
|
||||
735480c6749c2aa86faa8311fe651142 perl-example.stp
|
||||
ede5166f949d9a07163bc5b086be9759 perl-5.20.1.tar.bz2
|
||||
aee7ee4d70b60fb2c923f41087db8cb0 perl-5.20.3.tar.bz2
|
||||
|
|
Loading…
Reference in New Issue