RT#115808 is known as CVE-2016-6185

Correct license tags of the main package, CGI, Compress-Raw-Zlib,
Digest-MD5, Test-Simple and Time-Piece and package a Pod-Html license
clarification email from Tom.

.gitignore

@@ -1,10 +1,6 @@
 perl-5.12.1.tar.gz
-perl-5.8.0-libdir64.patch
-filter-requires.sh
 /perl-5.12.2.tar.gz
 /perl-5.12.3.tar.gz
-/perl.stp
-/perl-example.stp
 /perl-5.14.0-RC2.tar.bz2
 /perl-5.14.0.tar.bz2
 /perl-5.14.0.tar.gz
@@ -21,3 +17,5 @@ filter-requires.sh
 /perl-5.18.2.tar.bz2
 /perl-5.20.0.tar.bz2
 /perl-5.20.1.tar.bz2
+/perl-5.20.2.tar.bz2
+/perl-5.20.3.tar.bz2

Pod-Html-license-clarification

@@ -0,0 +1,41 @@
+Date: Sun, 15 Mar 2015 21:22:10 -0600
+Subject: Re: Pod::Html license
+From: Tom Christiansen <tchrist53147@gmail.com>
+To: Petr Šabata <contyk@redhat.com>
+Cc: Tom Christiansen <tchrist@perl.com>, marcgreen@cpan.org,
+ jplesnik@redhat.com
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Content-Type: text/plain; charset=utf-8
+
+Yes, it was supposed to be licensed just like the rest of Perl.
+
+Sent from my Sprint phone
+
+Petr Šabata <contyk@redhat.com> wrote:
+
+>Marc, Tom,
+>
+>I'm reviewing licensing of our perl package in Fedora and 
+>noticed Pod::HTML and its pod2html script are licensed under
+>the Artistic license (only).
+>
+>This is an issue for us as this license isn't considered free by
+>FSF [0].  Unless the license of this core component changes, we
+>will have to drop it from the tarball and remove support for it
+>from all the modules we ship that use it, such as Module::Build
+>or Module::Install.
+>
+>What I've seen in the past is authors originally claiming their
+>module was released under Artistic while what they actually meant
+>was the common `the same as perl itself', i.e. `GPL+/Aristic' [1],
+>an FSF free license.  Is it possible this is also the case
+>of Pod::Html?
+>
+>Thanks,
+>Petr
+>
+>(also CC'ing Jitka, the primary package maintainer in Fedora)
+>
+>[0] https://www.gnu.org/licenses/license-list.html#ArtisticLicense
+>[1] https://www.gnu.org/licenses/license-list.html#PerlLicense

STAGE2-perl

@@ -0,0 +1,29 @@
+#requires gdbm
+
+mcd $BUILDDIR/perl
+
+GV=$(cd $SRC; echo perl-*)
+SONAME_VER=`echo $GV | cut -f2- -d'-' | sed 's/^\\([^.]*\\.[^.]*\\).*/\\1/'`
+PERL_VER=`echo $GV | cut -f2- -d'-'`
+
+cd $SRC/$GV
+
+sh $SRC/$GV/Configure -des -Dprefix=/usr -Dlibpth="/usr/local/lib$SUFFIX /lib$SUFFIX /usr/lib$SUFFIX" -Darchlib="/usr/lib$SUFFIX/perl5" -Dsitelib="/usr/local/share/perl5" -DDEBUGGING=-g  -Dcc=gcc -Dmyhostname=localhost -Dperladmin=root@localhost -Duseshrplib -Dusethreads -Duseithreads -Uusedtrace -Duselargefiles -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto
+
+BUILD_BZIP2=0
+BZIP2_LIB=%{_libdir}
+export BUILD_BZIP2 BZIP2_LIB
+
+ln -sf libperl.so libperl.so.${SONAME_VER}
+
+make
+
+rm -f /usr/lib${SUFFIX}/perl5/CORE/libperl.so
+
+make install
+
+rm -f /usr/lib${SUFFIX}/libperl.so.${PERL_VER}
+mv /usr/lib${SUFFIX}/perl5/CORE/libperl.so /usr/lib${SUFFIX}/libperl.so.${PERL_VER}
+ln -sf libperl.so.${PERL_VER} /usr/lib${SUFFIX}/libperl.so.${SONAME_VER}
+ln -sf libperl.so.${PERL_VER} /usr/lib${SUFFIX}/libperl.so
+ln -sf libperl.so.${PERL_VER} /usr/lib${SUFFIX}/perl5/CORE/libperl.so

filter-requires.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# The original script name has been passed as the first argument:
+"$@" |
+  awk '
+	$0 != "perl(FCGI)" &&
+	$0 != "perl(Your::Module::Here)" &&
+	$0 != "perl(Tk)" &&
+	$0 !~ /^perl\(Tk::/ &&
+	$0 !~ /^perl\(Mac::/
+      '
+
+# We used to filter also these:
+#	NDBM perl(v5.6.0) perl(Tie::RangeHash)
+# but they don't seem to be present anymore.

perl-5.10.0-libresolv.patch

@@ -5,8 +5,8 @@ diff -up perl-5.10.0/Configure.didi perl-5.10.0/Configure
  : set usesocks on the Configure command line to enable socks.
  : List of libraries we want.
  : If anyone needs extra -lxxx, put those in a hint file.
--libswanted="socket bind inet nsl nm ndbm gdbm dbm db malloc dl ld sun"
-+libswanted="socket resolv inet nsl nm ndbm gdbm dbm db malloc dl ld sun"
- libswanted="$libswanted m crypt sec util c cposix posix ucb bsd BSD"
+-libswanted="cl pthread socket bind inet nsl nm ndbm gdbm dbm db malloc dl ld"
++libswanted="cl pthread socket resolv inet nsl nm ndbm gdbm dbm db malloc dl ld"
+ libswanted="$libswanted sun m crypt sec util c cposix posix ucb bsd BSD"
  : We probably want to search /usr/shlib before most other libraries.
  : This is only used by the lib/ExtUtils/MakeMaker.pm routine extliblist.

perl-5.20.2-Fix-Errno.pm-generation-for-gcc-5.0.patch

@@ -29,15 +29,6 @@ diff --git a/ext/Errno/Errno_pm.PL b/ext/Errno/Errno_pm.PL
 index 55ad01a..63b5916 100644
 --- a/ext/Errno/Errno_pm.PL
 +++ b/ext/Errno/Errno_pm.PL
-@@ -2,7 +2,7 @@ use ExtUtils::MakeMaker;
- use Config;
- use strict;
- 
--our $VERSION = "1.20_03";
-+our $VERSION = "1.20_04";
- 
- my %err = ();
- 
 @@ -225,20 +225,31 @@ sub write_errno_pm {
      {	# BeOS (support now removed) did not enter this block
      # invoke CPP and read the output

perl-5.20.2-Install-libperl.so-to-shrpdir-on-Linux.patch

@@ -38,7 +38,7 @@ index 2f30261..825496e 100755
 @@ -8294,7 +8295,7 @@ if "$useshrplib"; then
  		xxx="-Wl,-R$shrpdir"
  		;;
- 	bsdos|linux|irix*|dec_osf|gnu*)
+ 	bsdos|linux|irix*|dec_osf|gnu*|haiku)
 -		xxx="-Wl,-rpath,$shrpdir"
 +		# We want standard path
  		;;

perl-5.20.3-PATCH-perl-123562-Regexp-matching-hangs.patch

@@ -0,0 +1,107 @@
+From b39ae59113865155c41edd6781a4901d5171cf0c Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Wed, 16 Sep 2015 14:34:31 -0600
+Subject: [PATCH] PATCH [perl #123562] Regexp-matching "hangs"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The regex engine got into an infinite loop because of the malformation.
+It is trying to back-up over a sequence of UTF-8 continuation bytes.
+But the character just before the sequence should be a start byte.  If
+not, there is a malformation.  I added a test to croak if that isn't the
+case so that it doesn't just infinitely loop.  I did this also in the
+similar areas of regexec.c.
+
+Comments long ago added to the code suggested that we check for
+malformations in the vicinity of the new tests.  But that was never
+done.  These new tests should be good enough to prevent looping, anyway.
+
+Petr Písař: Ported to 5.20.3.
+
+CVE-2015-8853
+<https://bugzilla.redhat.com/show_bug.cgi?id=1329107>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ regexec.c  | 12 ++++++++++++
+ t/re/pat.t | 19 ++++++++++++++++++-
+ 2 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/regexec.c b/regexec.c
+index 66f6e04..ee6705a 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -7830,6 +7830,10 @@ S_reghop3(U8 *s, SSize_t off, const U8* lim)
+             if (UTF8_IS_CONTINUED(*s)) {
+                 while (s > lim && UTF8_IS_CONTINUATION(*s))
+                     s--;
++                if (! UTF8_IS_START(*s)) {
++                    dTHX;
++                    Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
++                }
+ 	    }
+             /* XXX could check well-formedness here */
+ 	}
+@@ -7856,6 +7860,10 @@ S_reghop4(U8 *s, SSize_t off, const U8* llim, const U8* rlim)
+             if (UTF8_IS_CONTINUED(*s)) {
+                 while (s > llim && UTF8_IS_CONTINUATION(*s))
+                     s--;
++                if (! UTF8_IS_START(*s)) {
++                    dTHX;
++                    Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
++                }
+             }
+             /* XXX could check well-formedness here */
+         }
+@@ -7887,6 +7895,10 @@ S_reghopmaybe3(U8* s, SSize_t off, const U8* lim)
+             if (UTF8_IS_CONTINUED(*s)) {
+                 while (s > lim && UTF8_IS_CONTINUATION(*s))
+                     s--;
++                if (! UTF8_IS_START(*s)) {
++                    dTHX;
++                    Perl_croak(aTHX_ "Malformed UTF-8 character (fatal)");
++                }
+ 	    }
+             /* XXX could check well-formedness here */
+ 	}
+diff --git a/t/re/pat.t b/t/re/pat.t
+index 7965f4e..2fa6206 100644
+--- a/t/re/pat.t
++++ b/t/re/pat.t
+@@ -20,7 +20,7 @@ BEGIN {
+     require './test.pl';
+ }
+ 
+-plan tests => 726;  # Update this when adding/deleting tests.
++plan tests => 727;  # Update this when adding/deleting tests.
+ 
+ run_tests() unless caller;
+ 
+@@ -1602,6 +1602,23 @@ EOP
+ 		ok(1, "did not crash");
+ 		ok($match, "[bbb...] resolved as character class, not subscript");
+ 	}
++
++    {   # Test that we handle some malformed UTF-8 without looping [perl
++        # #123562]
++
++        my $code='
++            BEGIN{require q(test.pl);}
++            use Encode qw(_utf8_on);
++            my $malformed = "a\x80\n";
++            _utf8_on($malformed);
++            watchdog(3);
++            $malformed =~ /(\n\r|\r)$/;
++            print q(No infinite loop here!);
++        ';
++        fresh_perl_like($code, qr/Malformed UTF-8 character/, {},
++            "test that we handle some UTF-8 malformations without looping" );
++    }
++
+ } # End of sub run_tests
+ 
+ 1;
+-- 
+2.5.5
+

perl-5.20.3-Properly-duplicate-PerlIO-encoding-objects.patch

@@ -0,0 +1,154 @@
+From f358580268a0098209b72f7fbaa15e92df801b34 Mon Sep 17 00:00:00 2001
+From: Vincent Pit <perl@profvince.com>
+Date: Fri, 28 Aug 2015 14:17:00 -0300
+Subject: [PATCH] Properly duplicate PerlIO::encoding objects
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream commit ported to 5.20.3:
+
+commit 0ee3fa26f660ac426e3e082f77d806c9d1471f93
+Author: Vincent Pit <perl@profvince.com>
+Date:   Fri Aug 28 14:17:00 2015 -0300
+
+    Properly duplicate PerlIO::encoding objects
+
+    PerlIO::encoding objects are usually initialized by calling Perl methods,
+    essentially from the pushed() and getarg() callbacks. During cloning, the
+    PerlIO API will by default call these methods to initialize the duplicate
+    struct when the PerlIOBase parent struct is itself duplicated. This does
+    not behave so well because the perl interpreter is not ready to call
+    methods at this point, for the stacks are not set up yet.
+
+    The proper way to duplicate the PerlIO::encoding object is to call sv_dup()
+    on its members from the dup() PerlIO callback. So the only catch is to make
+    the getarg() and pushed() calls implied by the duplication of the underlying
+    PerlIOBase object aware that they are called during cloning, and make them
+    wait that the control flow returns to the dup() callback. Fortunately,
+    getarg() knows since its param argument is then non-null, and its return
+    value is passed immediately to pushed(), so it is enough to tag this
+    returned value with a custom magic so that pushed() can see it is being
+    called during cloning.
+
+    This fixes [RT #31923].
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ MANIFEST                        |  1 +
+ ext/PerlIO-encoding/encoding.xs | 25 +++++++++++++++++++++++--
+ ext/PerlIO-encoding/t/threads.t | 35 +++++++++++++++++++++++++++++++++++
+ 3 files changed, 59 insertions(+), 2 deletions(-)
+ create mode 100644 ext/PerlIO-encoding/t/threads.t
+
+diff --git a/MANIFEST b/MANIFEST
+index af12626..f707105 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -3758,6 +3758,7 @@ ext/PerlIO-encoding/encoding.xs	PerlIO::encoding
+ ext/PerlIO-encoding/t/encoding.t	See if PerlIO encoding conversion works
+ ext/PerlIO-encoding/t/fallback.t	See if PerlIO fallbacks work
+ ext/PerlIO-encoding/t/nolooping.t	Tests for PerlIO::encoding
++ext/PerlIO-encoding/t/threads.t		Tests PerlIO::encoding and threads
+ ext/PerlIO-mmap/mmap.pm	PerlIO layer for memory maps
+ ext/PerlIO-mmap/mmap.xs	PerlIO layer for memory maps
+ ext/PerlIO-scalar/scalar.pm	PerlIO layer for scalars
+diff --git a/ext/PerlIO-encoding/encoding.xs b/ext/PerlIO-encoding/encoding.xs
+index fababd1..2332615 100644
+--- a/ext/PerlIO-encoding/encoding.xs
++++ b/ext/PerlIO-encoding/encoding.xs
+@@ -49,13 +49,23 @@ typedef struct {
+ 
+ #define NEEDS_LINES	1
+ 
++static const MGVTBL PerlIOEncode_tag = { 0, 0, 0, 0, 0, 0, 0, 0 };
++
+ SV *
+ PerlIOEncode_getarg(pTHX_ PerlIO * f, CLONE_PARAMS * param, int flags)
+ {
+     PerlIOEncode *e = PerlIOSelf(f, PerlIOEncode);
+-    SV *sv = &PL_sv_undef;
+-    PERL_UNUSED_ARG(param);
++    SV *sv;
+     PERL_UNUSED_ARG(flags);
++    /* During cloning, return an undef token object so that _pushed() knows
++     * that it should not call methods and wait for _dup() to actually dup the
++     * encoding object. */
++    if (param) {
++	sv = newSV(0);
++	sv_magicext(sv, NULL, PERL_MAGIC_ext, &PerlIOEncode_tag, 0, 0);
++	return sv;
++    }
++    sv = &PL_sv_undef;
+     if (e->enc) {
+ 	dSP;
+ 	/* Not 100% sure stack swap is right thing to do during dup ... */
+@@ -85,6 +95,14 @@ PerlIOEncode_pushed(pTHX_ PerlIO * f, const char *mode, SV * arg, PerlIO_funcs *
+     IV  code = PerlIOBuf_pushed(aTHX_ f, mode, Nullsv,tab);
+     SV *result = Nullsv;
+ 
++    if (SvTYPE(arg) >= SVt_PVMG
++		&& mg_findext(arg, PERL_MAGIC_ext, &PerlIOEncode_tag)) {
++	e->enc = NULL;
++	e->chk = NULL;
++	e->inEncodeCall = 0;
++	return code;
++    }
++
+     PUSHSTACKi(PERLSI_MAGIC);
+     ENTER;
+     SAVETMPS;
+@@ -563,6 +581,9 @@ PerlIOEncode_dup(pTHX_ PerlIO * f, PerlIO * o,
+ 	if (oe->enc) {
+ 	    fe->enc = PerlIO_sv_dup(aTHX_ oe->enc, params);
+ 	}
++	if (oe->chk) {
++	    fe->chk = PerlIO_sv_dup(aTHX_ oe->chk, params);
++	}
+     }
+     return f;
+ }
+diff --git a/ext/PerlIO-encoding/t/threads.t b/ext/PerlIO-encoding/t/threads.t
+new file mode 100644
+index 0000000..64f0e55
+--- /dev/null
++++ b/ext/PerlIO-encoding/t/threads.t
+@@ -0,0 +1,35 @@
++#!perl
++
++use strict;
++use warnings;
++
++BEGIN {
++    use Config;
++    if ($Config{extensions} !~ /\bEncode\b/) {
++	print "1..0 # Skip: no Encode\n";
++	exit 0;
++    }
++    unless ($Config{useithreads}) {
++	print "1..0 # Skip: no threads\n";
++	exit 0;
++    }
++}
++
++use threads;
++
++use Test::More tests => 3 + 1;
++
++binmode *STDOUT, ':encoding(UTF-8)';
++
++SKIP: {
++    local $@;
++    my $ret = eval {
++	my $thread = threads->create(sub { pass 'in thread'; return 1 });
++	skip 'test thread could not be spawned' => 3 unless $thread;
++	$thread->join;
++    };
++    is $@, '', 'thread did not croak';
++    is $ret, 1, 'thread returned the right value';
++}
++
++pass 'passes at least one test';
+-- 
+2.5.5
+

perl-5.21.3-fix-debugger-y-command-scope-level.patch

@@ -0,0 +1,28 @@
+From 496f5ba57a43840a3c8ee61b21dc60d0c8bb5d52 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Fri, 15 Aug 2014 10:45:57 +1000
+Subject: [PATCH] fix debugger y command scope level
+
+5c2b78e73d3 moved handling of the y command into its own function,
+but did not adjust the provided scope level to account for the extra
+scope.
+---
+ lib/perl5db.pl | 2 +-
+ 1 file changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/perl5db.pl b/lib/perl5db.pl
+index e3f63b3..e8d7751 100644
+--- a/lib/perl5db.pl
++++ b/lib/perl5db.pl
+@@ -1957,7 +1957,7 @@ sub _DB__handle_y_command {
+         my @vars = split( ' ', $match_vars || '' );
+ 
+         # Find the pad.
+-        my $h = eval { PadWalker::peek_my( ( $match_level || 0 ) + 1 ) };
++        my $h = eval { PadWalker::peek_my( ( $match_level || 0 ) + 2 ) };
+ 
+         # Oops. Can't find it.
+         if (my $Err = $@) {
+-- 
+2.4.3
+

perl-5.23.8-remove-duplicate-environment-variables-from-environ.patch

@@ -0,0 +1,112 @@
+From ae37b791a73a9e78dedb89fb2429d2628cf58076 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 27 Jan 2016 11:52:15 +1100
+Subject: [PATCH] remove duplicate environment variables from environ
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If we see duplicate environment variables while iterating over
+environ[]:
+
+a) make sure we use the same value in %ENV that getenv() returns.
+
+Previously on a duplicate, %ENV would have the last entry for the name
+from environ[], but a typical getenv() would return the first entry.
+
+Rather than assuming all getenv() implementations return the first entry
+explicitly call getenv() to ensure they agree.
+
+b) remove duplicate entries from environ
+
+Previously if there was a duplicate definition for a name in environ[]
+setting that name in %ENV could result in an unsafe value being passed
+to a child process, so ensure environ[] has no duplicates.
+
+CVE-2016-2381
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ perl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 49 insertions(+), 2 deletions(-)
+
+diff --git a/perl.c b/perl.c
+index 4a324c6..5c71fd0 100644
+--- a/perl.c
++++ b/perl.c
+@@ -4329,23 +4329,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env)
+ 	}
+ 	if (env) {
+ 	  char *s, *old_var;
++          STRLEN nlen;
+ 	  SV *sv;
++          HV *dups = newHV();
++
+ 	  for (; *env; env++) {
+ 	    old_var = *env;
+ 
+ 	    if (!(s = strchr(old_var,'=')) || s == old_var)
+ 		continue;
++            nlen = s - old_var;
+ 
+ #if defined(MSDOS) && !defined(DJGPP)
+ 	    *s = '\0';
+ 	    (void)strupr(old_var);
+ 	    *s = '=';
+ #endif
+-	    sv = newSVpv(s+1, 0);
+-	    (void)hv_store(hv, old_var, s - old_var, sv, 0);
++            if (hv_exists(hv, old_var, nlen)) {
++                const char *name = savepvn(old_var, nlen);
++
++                /* make sure we use the same value as getenv(), otherwise code that
++                   uses getenv() (like setlocale()) might see a different value to %ENV
++                 */
++                sv = newSVpv(PerlEnv_getenv(name), 0);
++
++                /* keep a count of the dups of this name so we can de-dup environ later */
++                if (hv_exists(dups, name, nlen))
++                    ++SvIVX(*hv_fetch(dups, name, nlen, 0));
++                else
++                    (void)hv_store(dups, name, nlen, newSViv(1), 0);
++
++                Safefree(name);
++            }
++            else {
++                sv = newSVpv(s+1, 0);
++            }
++	    (void)hv_store(hv, old_var, nlen, sv, 0);
+ 	    if (env_is_not_environ)
+ 	        mg_set(sv);
+ 	  }
++          if (HvKEYS(dups)) {
++              /* environ has some duplicate definitions, remove them */
++              HE *entry;
++              hv_iterinit(dups);
++              while ((entry = hv_iternext_flags(dups, 0))) {
++                  STRLEN nlen;
++                  const char *name = HePV(entry, nlen);
++                  IV count = SvIV(HeVAL(entry));
++                  IV i;
++                  SV **valp = hv_fetch(hv, name, nlen, 0);
++
++                  assert(valp);
++
++                  /* try to remove any duplicate names, depending on the
++                   * implementation used in my_setenv() the iteration might
++                   * not be necessary, but let's be safe.
++                   */
++                  for (i = 0; i < count; ++i)
++                      my_setenv(name, 0);
++
++                  /* and set it back to the value we set $ENV{name} to */
++                  my_setenv(name, SvPV_nolen(*valp));
++              }
++          }
++          SvREFCNT_dec_NN(dups);
+       }
+ #endif /* USE_ENVIRON_ARRAY */
+ #endif /* !PERL_MICRO */
+-- 
+2.5.0
+

perl-5.25.2-Don-t-let-XSLoader-load-relative-paths.patch

@@ -0,0 +1,106 @@
+diff -up perl-5.20.3/dist/XSLoader/XSLoader_pm.PL.load perl-5.20.3/dist/XSLoader/XSLoader_pm.PL
+--- perl-5.20.3/dist/XSLoader/XSLoader_pm.PL.load	2014-12-27 12:49:23.000000000 +0100
++++ perl-5.20.3/dist/XSLoader/XSLoader_pm.PL	2016-07-07 15:39:57.682175264 +0200
+@@ -10,7 +10,7 @@ print OUT <<'EOT';
+ 
+ package XSLoader;
+ 
+-$VERSION = "0.17";
++$VERSION = "0.22";
+ 
+ #use strict;
+ 
+@@ -88,6 +88,43 @@ print OUT <<'EOT';
+     $modlibname =~ s,[\\/][^\\/]+$,, while $c--;    # Q&D basename
+ EOT
+ 
++my $to_print = <<'EOT';
++    # Does this look like a relative path?
++    if ($modlibname !~ m{regexp}) {
++EOT
++
++$to_print =~ s~regexp~
++    $^O eq 'MSWin32' || $^O eq 'os2' || $^O eq 'cygwin' || $^O eq 'amigaos'
++        ? '^(?:[A-Za-z]:)?[\\\/]' # Optional drive letter
++        : '^/'
++~e;
++
++print OUT $to_print, <<'EOT';
++        # Someone may have a #line directive that changes the file name, or
++        # may be calling XSLoader::load from inside a string eval.  We cer-
++        # tainly do not want to go loading some code that is not in @INC,
++        # as it could be untrusted.
++        #
++        # We could just fall back to DynaLoader here, but then the rest of
++        # this function would go untested in the perl core, since all @INC
++        # paths are relative during testing.  That would be a time bomb
++        # waiting to happen, since bugs could be introduced into the code.
++        #
++        # So look through @INC to see if $modlibname is in it.  A rela-
++        # tive $modlibname is not a common occurrence, so this block is
++        # not hot code.
++        FOUND: {
++            for (@INC) {
++                if ($_ eq $modlibname) {
++                    last FOUND;
++                }
++            }
++            # Not found.  Fall back to DynaLoader.
++            goto \&XSLoader::bootstrap_inherit;
++        }
++    }
++EOT
++
+ my $dl_dlext = quotemeta($Config::Config{'dlext'});
+ 
+ print OUT <<"EOT";
+@@ -203,7 +240,7 @@ XSLoader - Dynamically load C libraries
+ 
+ =head1 VERSION
+ 
+-Version 0.17
++Version 0.22
+ 
+ =head1 SYNOPSIS
+ 
+diff -up perl-5.20.3/dist/XSLoader/t/XSLoader.t.load perl-5.20.3/dist/XSLoader/t/XSLoader.t
+--- perl-5.20.3/dist/XSLoader/t/XSLoader.t.load	2014-12-27 12:49:23.000000000 +0100
++++ perl-5.20.3/dist/XSLoader/t/XSLoader.t	2016-07-07 15:39:57.682175264 +0200
+@@ -33,7 +33,7 @@ my %modules = (
+     'Time::HiRes'=> q| ::can_ok( 'Time::HiRes' => 'usleep'  ) |,  # 5.7.3
+ );
+ 
+-plan tests => keys(%modules) * 3 + 8;
++plan tests => keys(%modules) * 3 + 9;
+ 
+ # Try to load the module
+ use_ok( 'XSLoader' );
+@@ -96,3 +96,28 @@ SKIP: {
+     like $@, "/^Invalid version format/",
+         'correct error msg for invalid versions';
+ }
++
++SKIP: {
++  skip "File::Path not available", 1
++    unless eval { require File::Path };
++  my $name = "phooo$$";
++  File::Path::mkpath("$name/auto/Foo/Bar");
++  open my $fh,
++    ">$name/auto/Foo/Bar/Bar.$Config::Config{'dlext'}";
++  close $fh;
++  my $fell_back;
++  local *XSLoader::bootstrap_inherit = sub {
++    $fell_back++;
++    # Break out of the calling subs
++    goto the_test;
++  };
++  eval <<END;
++#line 1 $name
++package Foo::Bar;
++XSLoader::load("Foo::Bar");
++END
++ the_test:
++  ok $fell_back,
++    'XSLoader will not load relative paths based on (caller)[1]';
++  File::Path::rmtree($name);
++}

perl-example.stp

@@ -0,0 +1,21 @@
+/*
+    Example of the perl systemtap tapset shows a nested view of perl subroutine
+    calls and returns across the whole system.
+
+    To run:
+        stap perl-example.stp (for all perl processes)
+    For specific perl process:
+        stap perl-example.stp -c COMMAND
+*/
+
+probe perl.sub.call
+{
+    printf("%s => sub: %s, filename: %s, line: %d, package: %s\n",
+        thread_indent(1), sub, filename, lineno, package)
+}
+
+probe perl.sub.return
+{
+    printf("%s <= sub: %s, filename: %s, line: %d, package: %s\n",
+        thread_indent(-1), sub, filename, lineno, package)
+}

perl.spec

@@ -1,4 +1,4 @@
-%global perl_version    5.20.1
+%global perl_version    5.20.3
 %global perl_epoch      4
 %global perl_arch_stem -thread-multi
 %global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
@@ -30,7 +30,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        319%{?dist}
+Release:        332%{?dist}
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 Group:          Development/Languages
@@ -39,8 +39,10 @@ Group:          Development/Languages
 # under UCD are unicode tables
 # Public domain: ext/SDBM_File/sdbm/*, ext/Compress-Raw-Bzip2/bzip2-src/dlltest.c 
 # MIT: ext/MIME-Base64/Base64.xs 
-# Copyright Only: for example ext/Text-Soundex/Soundex.xs 
-License:        (GPL+ or Artistic) and (GPLv2+ or Artistic) and Copyright Only and MIT and Public Domain and UCD
+# Copyright Only: for example ext/Text-Soundex/Soundex.xs
+# HSRL; regexec.c
+# TTWL: Text-Tabs+Wrap
+License:        (GPL+ or Artistic) and (GPLv2+ or Artistic) and Copyright Only and HSRL and MIT and Public Domain and TTWL and UCD
 Url:            http://www.perl.org/
 Source0:        http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.bz2
 Source2:        perl-5.8.0-libnet.cfg
@@ -49,6 +51,8 @@ Source3:        macros.perl
 # build requirement. Written by lberk; Not yet upstream.
 Source4:        perl.stp
 Source5:        perl-example.stp
+# Tom Christiansen confirms Pod::Html uses the same license as perl
+Source6:        Pod-Html-license-clarification
 
 # Removes date check, Fedora/RHEL specific
 Patch1:         perl-perlbug-tag.patch
@@ -80,7 +84,7 @@ Patch8:         perl-5.14.1-offtest.patch
 Patch15:        perl-5.16.3-create_libperl_soname.patch
 
 # Install libperl.so to -Dshrpdir value
-Patch16:        perl-5.16.3-Install-libperl.so-to-shrpdir-on-Linux.patch
+Patch16:        perl-5.20.2-Install-libperl.so-to-shrpdir-on-Linux.patch
 
 # Document Math::BigInt::CalcEmu requires Math::BigInt, rhbz#959096,
 # CPAN RT#85015
@@ -101,14 +105,25 @@ Patch27:        perl-5.21.6-Report-inaccesible-file-on-failed-require.patch
 # RT#123338, in upstream after 5.21.6
 Patch28:        perl-5.21.6-t-op-taint.t-Perform-SHA-256-algorithm-by-crypt-if-d.patch
 
-# Fix Errno.pm generation for GCC 5.0, RT#123784, in upstream after 5.21.8
-Patch29:        perl-5.20.1-Fix-Errno.pm-generation-for-gcc-5.0.patch
+# Fix debugger y command scope level, bug #1129850,
+# riIn upstream after 5.21.3
+Patch29:        perl-5.21.3-fix-debugger-y-command-scope-level.patch
 
-# Handle hexadecimal constants by h2ph, RT#123784, in upstream after 5.21.8
-Patch30:        perl-5.21.8-h2ph-correct-handling-of-hex-constants-for-the-pream.patch
+# Fix CVE-2016-2381 (ambiguous environment variables handling), bug #1313702,
+# in upstream after 5.23.8
+Patch30:        perl-5.23.8-remove-duplicate-environment-variables-from-environ.patch
 
-# Do not use -_h2ph_pre.ph from system at tests, RT#123784
-Patch31:        perl-5.21.8-lib-h2ph.t-to-test-generated-t-_h2ph_pre.ph-instead-.patch
+# Fix CVE-2015-8853 (regexp matching hangs indefinitely on illegal UTF-8
+# input), bug #1329107, RT#123562, in upstream after 5.23.2
+Patch31:        perl-5.20.3-PATCH-perl-123562-Regexp-matching-hangs.patch
+
+# Fix duplicating PerlIO::encoding when spawning threads, bug #1345788,
+# RT#31923, in upstream after 5.23.3
+Patch32:        perl-5.20.3-Properly-duplicate-PerlIO-encoding-objects.patch
+
+# Do not let XSLoader load relative paths, CVE-2016-6185, RT#115808,
+# in upstream after 5.25.2
+Patch33:        perl-5.25.2-Don-t-let-XSLoader-load-relative-paths.patch
 
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -124,9 +139,12 @@ BuildRequires:  groff-base
 BuildRequires:  libdb-devel, tcsh, zlib-devel, bzip2-devel
 BuildRequires:  systemtap-sdt-devel
 %if %{with gdbm}
-BuildRequires: gdbm-devel
+BuildRequires:  gdbm-devel
 %endif
 
+# Regenerate a2p.c bug #1177672
+BuildRequires:  byacc
+
 # For tests
 BuildRequires:  procps, rsyslog
 
@@ -134,10 +152,12 @@ BuildRequires:  procps, rsyslog
 
 
 # compat macro needed for rebuild
-%global perl_compat perl(:MODULE_COMPAT_5.20.1)
+%global perl_compat perl(:MODULE_COMPAT_5.20.3)
 
 # Compat provides
 Provides: %perl_compat
+Provides: perl(:MODULE_COMPAT_5.20.2)
+Provides: perl(:MODULE_COMPAT_5.20.1)
 Provides: perl(:MODULE_COMPAT_5.20.0)
 
 # Threading provides
@@ -148,42 +168,10 @@ Provides: perl(:WITH_LARGEFILES)
 # PerlIO provides
 Provides: perl(:WITH_PERLIO)
 # File provides
-Provides: perl(abbrev.pl)
-Provides: perl(assert.pl)
-Provides: perl(bigfloat.pl)
-Provides: perl(bigint.pl)
-Provides: perl(bigrat.pl)
 Provides: perl(bytes_heavy.pl)
-Provides: perl(cacheout.pl)
-Provides: perl(complete.pl)
-Provides: perl(ctime.pl)
-Provides: perl(dotsh.pl)
 Provides: perl(dumpvar.pl)
-Provides: perl(exceptions.pl)
-Provides: perl(fastcwd.pl)
-Provides: perl(find.pl)
-Provides: perl(finddepth.pl)
-Provides: perl(flush.pl)
-Provides: perl(ftp.pl)
-Provides: perl(getcwd.pl)
-Provides: perl(getopt.pl)
-Provides: perl(getopts.pl)
-Provides: perl(hostname.pl)
-Provides: perl(importenv.pl)
-Provides: perl(look.pl)
-Provides: perl(newgetopt.pl)
-Provides: perl(open2.pl)
-Provides: perl(open3.pl)
 Provides: perl(perl5db.pl)
-Provides: perl(pwd.pl)
-Provides: perl(shellwords.pl)
-Provides: perl(stat.pl)
-Provides: perl(syslog.pl)
-Provides: perl(tainted.pl)
-Provides: perl(termcap.pl)
-Provides: perl(timelocal.pl)
 Provides: perl(utf8_heavy.pl)
-Provides: perl(validate.pl)
 
 # suidperl isn't created by upstream since 5.12.0
 Obsoletes: perl-suidperl <= 4:5.12.2
@@ -414,7 +402,7 @@ but it is a good educated guess.
 %package CGI
 Summary:        Handle Common Gateway Interface requests and responses
 Group:          Development/Libraries
-License:        GPL+ or Artistic
+License:        (GPL+ or Artistic) and Artistic 2.0
 Epoch:          0
 Version:        3.63
 Requires:       %perl_compat
@@ -439,11 +427,31 @@ CGI.pm performs very well in in a vanilla CGI.pm environment and also comes
 with built-in support for mod_perl and mod_perl2 as well as FastCGI.
 %endif
 
+%if %{dual_life} || %{rebuild_from_scratch}
+%package CGI-Fast
+Summary:        CGI Interface for Fast CGI
+Group:          Development/Libraries
+License:        GPL+ or Artistic
+Epoch:          0
+Version:        1.10
+Requires:       %perl_compat
+BuildArch:      noarch
+
+%description CGI-Fast
+CGI::Fast is a subclass of the CGI object created by CGI.pm. It is
+specialized to work well FCGI module, which greatly speeds up CGI scripts
+by turning them into persistently running server processes. Scripts that
+perform time-consuming initialization processes, such as loading large
+modules or opening persistent database connections, will see large
+performance improvements.
+%endif
+
+
 %if %{dual_life} || %{rebuild_from_scratch}
 %package Compress-Raw-Bzip2
 Summary:        Low-Level Interface to bzip2 compression library
 Group:          Development/Libraries
-License:        GPL+ or Artistic
+License:        (GPL+ or Artistic) and zlib
 Epoch:          0
 Version:        2.064
 Requires:       perl(Exporter), perl(File::Temp)
@@ -691,7 +699,7 @@ bytes or bits.
 %package Digest-MD5
 Summary:        Perl interface to the MD5 Algorithm
 Group:          Development/Libraries
-License:        GPL+ or Artistic
+License:        (GPL+ or Artistic) and BSD
 # Epoch bump for clean upgrade over old standalone package
 Epoch:          0
 Version:        2.53
@@ -1348,6 +1356,22 @@ are included with perl 5.6.0, and it works fine on perl 5.005 if you can
 install a few additional modules.
 %endif
 
+%if %{dual_life} || %{rebuild_from_scratch}
+%package Module-Build-Deprecated
+Summary:        Collection of modules removed from Module-Build
+Group:          Development/Libraries
+License:        GPL+ or Artistic
+Version:        0.4205
+Requires:       %perl_compat
+Conflicts:      perl-Module-Build < 0.42.05
+
+%description Module-Build-Deprecated
+This module contains a number of module that have been removed from
+Module-Build:
+Module::Build::ModuleInfo - This has been superseded by Module::Metadata
+Module::Build::Version - This has been replaced by version
+Module::Build::YAML - This has been replaced by CPAN::Meta::YAML
+%endif
 
 %if %{dual_life} || %{rebuild_from_scratch}
 %package Module-CoreList
@@ -1355,7 +1379,7 @@ Summary:        What modules are shipped with versions of perl
 Group:          Development/Libraries
 License:        GPL+ or Artistic
 Epoch:          1
-Version:        5.020001
+Version:        5.20150822
 Requires:       %perl_compat
 Requires:       perl(List::Util)
 Requires:       perl(version) >= 0.88
@@ -1371,7 +1395,7 @@ Summary:        Tool for listing modules shipped with perl
 Group:          Development/Tools
 License:        GPL+ or Artistic
 Epoch:          1
-Version:        5.020001
+Version:        5.20150822
 Requires:       %perl_compat
 Requires:       perl(feature)
 Requires:       perl(version) >= 0.88
@@ -1452,6 +1476,22 @@ Requires:       %perl_compat
 Gather package and POD information from perl module files
 %endif
 
+%package open
+Summary:        Perl pragma to set default PerlIO layers for input and output
+Group:          Development/Libraries
+License:        GPL+ or Artistic
+Epoch:          0
+Version:        1.10
+Requires:       %perl_compat
+Requires:       perl(Carp)
+Requires:       perl(Encode)
+Requires:       perl(encoding)
+Conflicts:      perl < 4:5.20.2-326
+BuildArch:      noarch
+
+%description open
+The "open" pragma serves as one of the interfaces to declare default "layers"
+(also known as "disciplines") for all I/O.
 
 %if %{dual_life} || %{rebuild_from_scratch}
 %package Package-Constants
@@ -1757,7 +1797,7 @@ Use TAP::Parser, Test::Harness package was whole rewritten.
 %package Test-Simple
 Summary:        Basic utilities for writing tests
 Group:          Development/Languages
-License:        GPL+ or Artistic
+License:        (GPL+ or Artistic) and Public Domain
 Epoch:          0
 Version:        1.001002
 Requires:       %perl_compat
@@ -1842,7 +1882,7 @@ so dates before the system's epoch may not work on all operating systems.
 %package Time-Piece
 Summary:        Time objects from localtime and gmtime
 Group:          Development/Libraries
-License:        GPL+ or Artistic
+License:        (GPL+ or Artistic) and BSD
 Epoch:          0
 Version:        1.27
 Requires:       %perl_compat
@@ -1968,7 +2008,8 @@ Requires:       perl-macros
 Requires:       perl-App-a2p, perl-App-find2perl, perl-App-s2p
 Requires:       perl-Archive-Tar, perl-autodie, perl-B-Debug,
 Requires:       perl-Compress-Raw-Bzip2,
-Requires:       perl-Carp, perl-Compress-Raw-Zlib, perl-CGI, perl-constant,
+Requires:       perl-Carp, perl-Compress-Raw-Zlib, perl-CGI,
+Requires:       perl-CGI-Fast, perl-constant,
 Requires:       perl-CPAN, perl-CPAN-Meta, perl-CPAN-Meta-Requirements,
 Requires:       perl-CPAN-Meta-YAML, perl-Encode, perl-encoding
 Requires:       perl-Data-Dumper, perl-DB_File, perl-Devel-PPPort,
@@ -1985,10 +2026,10 @@ Requires:       perl-HTTP-Tiny, perl-inc-latest, perl-IO-Compress, perl-IO-Socke
 Requires:       perl-IO-Zlib, perl-IPC-Cmd, perl-JSON-PP
 Requires:       perl-Locale-Codes, perl-Locale-Maketext,
 Requires:       perl-Locale-Maketext-Simple
-Requires:       perl-Module-Build, perl-Module-CoreList,
+Requires:       perl-Module-Build, perl-Module-Build-Deprecated, perl-Module-CoreList,
 Requires:       perl-Module-CoreList-tools, perl-Module-Load
 Requires:       perl-Module-Load-Conditional, perl-Module-Loaded, perl-Module-Metadata
-Requires:       perl-Package-Constants, perl-PathTools
+Requires:       perl-open, perl-Package-Constants, perl-PathTools
 Requires:       perl-Params-Check, perl-Parse-CPAN-Meta, perl-Perl-OSType
 Requires:       perl-Pod-Checker, perl-Pod-Escapes
 Requires:       perl-Pod-Parser, perl-Pod-Perldoc, perl-Pod-Usage
@@ -2025,6 +2066,8 @@ tarball from perl.org.
 %patch29 -p1
 %patch30 -p1
 %patch31 -p1
+%patch32 -p1
+%patch33 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2046,9 +2089,11 @@ perl -x patchlevel.h \
     'Fedora Patch26: Make *DBM_File desctructors thread-safe (RT#61912)' \
     'Fedora Patch27: Report inaccesible file on failed require (RT#123270)' \
     'Fedora Patch28: Use stronger algorithm needed for FIPS in t/op/taint.t (RT#123338)' \
-    'Fedora Patch29: Fix Errno.pm generation for GCC 5.0 (RT#123784)' \
-    'Fedora Patch30: Handle hexadecimal constants by h2ph (RT#123784)' \
-    'Fedora Patch31: Do not use -_h2ph_pre.ph from system at tests (RT#123784)' \
+    'Fedora Patch29: Fix debugger y command scope level' \
+    'Fedora Patch30: Fix CVE-2016-2381 (ambiguous environment variables handling)' \
+    'Fedora Patch31: Fix CVE-2015-8853 (regexp matching hangs on illegal UTF-8)' \
+    'Fedora Patch32: Fix duplicating PerlIO::encoding when spawning threads (RT#31923)' \
+    'Fedora Patch33: Do not let XSLoader load relative paths (CVE-2016-6185)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -2057,6 +2102,9 @@ perl -x patchlevel.h \
 #copy the example script
 cp -a %{SOURCE5} .
 
+#copy Pod-Html license clarification
+cp %{SOURCE6} .
+
 #
 # Candidates for doc recoding (need case by case review):
 # find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
@@ -2093,6 +2141,12 @@ rm -rf 'cpan/Memoize/Memoize/NDBM_File.pm'
 sed -i '\|cpan/Memoize/Memoize/NDBM_File.pm|d' MANIFEST
 %endif
 
+# Regenerate a2p.c bug #1177672
+pushd x2p
+yacc a2p.y
+mv -f y.tab.c a2p.c
+popd
+
 %build
 echo "RPM Build arch: %{_arch}"
 
@@ -2316,7 +2370,7 @@ sed \
 %postun libs -p /sbin/ldconfig
 
 %files
-%doc Artistic AUTHORS Copying README Changes
+%doc Artistic AUTHORS Copying README Changes Pod-Html-license-clarification
 %{_mandir}/man1/*.1*
 %{_mandir}/man3/*.3*
 %{_bindir}/*
@@ -2394,6 +2448,10 @@ sed \
 %exclude %{_mandir}/man3/CGI.3*
 %exclude %{_mandir}/man3/CGI::*.3*
 
+# CGI-Fast
+%exclude %{privlib}/CGI/Fast.pm
+%exclude %{_mandir}/man3/CGI::Fast.3*
+
 # constant
 %exclude %{privlib}/constant.pm
 %exclude %{_mandir}/man3/constant.3*
@@ -2775,6 +2833,14 @@ sed \
 %exclude %{_mandir}/man1/config_data.1*
 %exclude %{_mandir}/man3/Module::Build*
 
+# Module-Build-Deprecated
+%exclude %{privlib}/Module/Build/ModuleInfo.pm
+%exclude %{privlib}/Module/Build/Version.pm
+%exclude %{privlib}/Module/Build/YAML.pm
+%exclude %{_mandir}/man3/Module::Build::ModuleInfo.3*
+%exclude %{_mandir}/man3/Module::Build::Version.3*
+%exclude %{_mandir}/man3/Module::Build::YAML.3*
+
 # Module-CoreList
 %exclude %dir %{privlib}/Module
 %exclude %{privlib}/Module/CoreList
@@ -2827,6 +2893,10 @@ sed \
 %exclude %{privlib}/Perl/OSType.pm
 %exclude %{_mandir}/man3/Perl::OSType.3pm*
 
+# open
+%exclude %{privlib}/open.pm
+%exclude %{_mandir}/man3/open.3*
+
 # parent
 %exclude %{privlib}/parent.pm
 %exclude %{_mandir}/man3/parent.3*
@@ -3081,8 +3151,14 @@ sed \
 %files CGI
 %{privlib}/CGI/
 %{privlib}/CGI.pm
+%exclude %{privlib}/CGI/Fast.pm
 %{_mandir}/man3/CGI.3*
 %{_mandir}/man3/CGI::*.3*
+%exclude %{_mandir}/man3/CGI::Fast.3*
+
+%files CGI-Fast
+%{privlib}/CGI/Fast.pm
+%{_mandir}/man3/CGI::Fast.3*
 
 %files Compress-Raw-Bzip2
 %dir %{archlib}/Compress
@@ -3550,8 +3626,22 @@ sed \
 %dir %{privlib}/Module
 %{privlib}/Module/Build
 %{privlib}/Module/Build.pm
+%exclude %{privlib}/Module/Build/ModuleInfo.pm
+%exclude %{privlib}/Module/Build/Version.pm
+%exclude %{privlib}/Module/Build/YAML.pm
 %{_mandir}/man1/config_data.1*
 %{_mandir}/man3/Module::Build*
+%exclude %{_mandir}/man3/Module::Build::ModuleInfo.3*
+%exclude %{_mandir}/man3/Module::Build::Version.3*
+%exclude %{_mandir}/man3/Module::Build::YAML.3*
+
+%files Module-Build-Deprecated
+%{privlib}/Module/Build/ModuleInfo.pm
+%{privlib}/Module/Build/Version.pm
+%{privlib}/Module/Build/YAML.pm
+%{_mandir}/man3/Module::Build::ModuleInfo.3*
+%{_mandir}/man3/Module::Build::Version.3*
+%{_mandir}/man3/Module::Build::YAML.3*
 %endif
 
 %if %{dual_life} || %{rebuild_from_scratch}
@@ -3623,6 +3713,10 @@ sed \
 %{_mandir}/man3/Parse::CPAN::Meta.3*
 %endif
 
+%files open
+%{privlib}/open.pm
+%{_mandir}/man3/open.3*
+
 %if %{dual_life} || %{rebuild_from_scratch}
 %files parent
 %{privlib}/parent.pm
@@ -3853,6 +3947,55 @@ sed \
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Thu Jul 07 2016 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.3-332
+- Do not let XSLoader load relative paths (CVE-2016-6185)
+
+* Mon Jun 13 2016 Petr Pisar <ppisar@redhat.com> - 4:5.20.3-331
+- Fix duplicating PerlIO::encoding when spawning threads (bug #1345788)
+
+* Thu Apr 21 2016 Petr Pisar <ppisar@redhat.com> - 4:5.20.3-330
+- Fix CVE-2015-8853 (regexp matching hangs indefinitely on illegal UTF-8
+  input) (bug #1329107)
+
+* Wed Mar 02 2016 Petr Pisar <ppisar@redhat.com> - 4:5.20.3-329
+- Fix CVE-2016-2381 (ambiguous environment variables handling) (bug #1313702)
+
+* Thu Sep 24 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.3-328
+- Fix debugger y command scope level (bug #1129850)
+
+* Mon Sep 14 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.3-327
+- 5.20.3 bump (see <http://search.cpan.org/dist/perl-5.20.3/pod/perldelta.pod>
+  for release notes
+
+* Fri Jun 05 2015 Petr Pisar <ppisar@redhat.com> - 4:5.20.2-326
+- Subpackage "open" module in order to keep deprecated "encoding" module
+  optional (bug #1228378)
+
+* Wed Apr 15 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.2-325
+- Sub-package perl-CGI-Fast and perl-Module-Build-Deprecated
+- Add missing dual-life modules to perl-core
+
+* Thu Apr 02 2015 Petr Šabata <contyk@redhat.com> - 4:5.20.2-324
+- Correct a typo in the license tag
+
+* Thu Apr 02 2015 Petr Šabata <contyk@redhat.com> - 4:5.20.2-323
+- Correct license tags of the main package, CGI, Compress-Raw-Zlib,
+  Digest-MD5, Test-Simple and Time-Piece
+- Package a Pod-Html license clarification email
+
+* Thu Mar 19 2015 Lubomir Rintel <lkundrak@v3.sk> - 4:5.20.2-322
+- Add systemtap probes for new dtrace markers
+
+* Wed Feb 18 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.2-321
+- Provide 5.20.2 MODULE_COMPAT
+- Clean list of provided files
+- Update names of changed patches
+
+* Tue Feb 17 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.20.2-320
+- 5.20.2 bump (see <http://search.cpan.org/dist/perl-5.20.2/pod/perldelta.pod>
+  for release notes)
+- Regenerate a2p.c (BZ#1177672)
+
 * Mon Feb 16 2015 Petr Pisar <ppisar@redhat.com> - 4:5.20.1-319
 - Improve h2ph fix for GCC 5.0
 

perl.stp

@@ -0,0 +1,71 @@
+/*
+   This probe will fire when the perl script enters a subroutine.
+ */
+
+probe perl.sub.call = process("LIBRARY_PATH").mark("sub__entry")
+{
+
+  sub = user_string($arg1)
+  filename = user_string($arg2)
+  lineno = $arg3
+  package = user_string($arg4)
+
+}
+
+/*
+   This probe will fire when the return from a subroutine has been
+   hit.
+ */
+
+probe perl.sub.return = process("LIBRARY_PATH").mark("sub__return")
+{
+
+  sub = user_string($arg1)
+  filename = user_string($arg2)
+  lineno = $arg3
+  package = user_string($arg4)
+
+}
+
+/*
+   This probe will fire when the Perl interperter changes state.
+ */
+
+probe perl.phase.change = process("LIBRARY_PATH").mark("phase__change")
+{
+  newphase = user_string($arg1)
+  oldphase = user_string($arg2)
+
+}
+
+
+/*
+   Fires when Perl has successfully loaded an individual file.
+ */
+
+probe perl.loaded.file = process("LIBRARY_PATH").mark("loaded__file")
+{
+  filename = user_string($arg1)
+
+}
+
+
+/*
+   Fires when Perl is about to load an individual file.
+ */
+
+probe perl.loading.file = process("LIBRARY_PATH").mark("loading__file")
+{
+  filename = user_string($arg1)
+
+}
+
+
+/*
+   Traces the execution of each opcode in the Perl runloop.
+ */
+
+probe perl.op.entry = process("LIBRARY_PATH").mark("op__entry")
+{
+  opname = user_string($arg1)
+}

sources

@@ -1,5 +1 @@
-aceea3db13a159cd5f7e5f2e3ad9534f  perl-5.8.0-libdir64.patch
-ad5d07285d6e4914384b43c9abc2bdba  filter-requires.sh
-93b780a770906408a34b1c511e333a12  perl.stp
-735480c6749c2aa86faa8311fe651142  perl-example.stp
-ede5166f949d9a07163bc5b086be9759  perl-5.20.1.tar.bz2
+aee7ee4d70b60fb2c923f41087db8cb0  perl-5.20.3.tar.bz2