From 71479c998510e7d192fef68fcd535c90f1c2bc24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Thu, 3 Nov 2016 13:11:14 +0100 Subject: Fix parsing perl options in shell bang line
--- ...336-perl-i-u-erroneously-interpreted-as-u.patch | 92 ++++++++++++++++++++++ perl.spec | 6 ++ 2 files changed, 98 insertions(+) create mode 100644 perl-5.24.0-rt-129336-perl-i-u-erroneously-interpreted-as-u.patch diff --git a/perl-5.24.0-rt-129336-perl-i-u-erroneously-interpreted-as-u.patch b/perl-5.24.0-rt-129336-perl-i-u-erroneously-interpreted-as-u.patch new file mode 100644 index 0000000..7039076 --- /dev/null +++ b/perl-5.24.0-rt-129336-perl-i-u-erroneously-interpreted-as-u.patch @@ -0,0 +1,92 @@ +From 03fcc0c44bc7972f2c92736daae5b63d601b7c49 Mon Sep 17 00:00:00 2001 +From: Dan Collins <dcolli...@gmail.com> +Date: Fri, 23 Sep 2016 01:21:20 -0400 +Subject: [PATCH] [rt #129336] #!perl -i u erroneously interpreted as -u +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.24.0: + +commit f54cfdacff1f3744ef08fc70f1f3bc6c7d862e83 +Author: Dan Collins <dcolli...@gmail.com> +Date: Fri Sep 23 01:21:20 2016 -0400 + + [rt #129336] #!perl -i u erroneously interpreted as -u + + Perl_moreswitches processes a single switch, and returns a pointer + to the start of the next switch. It can return either + the a pointer to the next flag itself: + + #!perl -n -p + ^ Can point here + + Or, to the space before the next "arg": + + #!perl -n -p + ^ Can point here + + (Where the next call to Perl_moreswitches will consume " -".) + + In the case of -i[extension], the pointer is by default pointing at + the space after the end of the argument. The current code tries to + do the former, by unconditionally advancing the pointer, and then + advancing it again if it is on a '-'. But that is incorrect: + + #!perl -i p + ^ Will point here, but that isn't a flag + + I could fix this by removing the unconditional s++, and having it + increment by 2 if *(s+1)=='-', but this work isn't actually + necessary - it's better to just leave it pointing at the space after + the argument. + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + perl.c | 5 ----- + t/op/lex.t | 9 ++++++++- + 2 files changed, 8 insertions(+), 6 deletions(-) + +diff --git a/perl.c b/perl.c +index 228a0d8..5cc7d0b 100644 +--- a/perl.c ++++ b/perl.c +@@ -3306,11 +3306,6 @@ Perl_moreswitches(pTHX_ const char *s) + + PL_inplace = savepvn(start, s - start); + } +- if (*s) { +- ++s; +- if (*s == '-') /* Additional switches on #! line. */ +- s++; +- } + return s; + case 'I': /* -I handled both here and in parse_body() */ + forbid_setid('I', FALSE); +diff --git a/t/op/lex.t b/t/op/lex.t +index c515449..9ada592 100644 +--- a/t/op/lex.t ++++ b/t/op/lex.t +@@ -7,7 +7,7 @@ use warnings; + + BEGIN { chdir 't' if -d 't'; require './test.pl'; } + +-plan(tests => 25); ++plan(tests => 26); + + { + no warnings 'deprecated'; +@@ -209,3 +209,10 @@ fresh_perl_is( + { stderr => 1 }, + 's;@{<<a; [perl #123995]' + ); ++ ++fresh_perl_like( ++ "#!perl -i u\nprint 'OK'", ++ qr/OK/, ++ {}, ++ '[perl #129336] - #!perl -i argument handling' ++); +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index fb1f529..9197bbb 100644 --- a/perl.spec +++ b/perl.spec @@ -131,6 +131,9 @@ Patch42: perl-5.25.4-perl-129267-Test-for-gv_fetchmethod-buffer-overrun.p # in upstream after 5.25.5 Patch43: perl-5.22.2-perl-129350-anchored-floating-substrings-must-be-utf.patch +# Fix parsing perl options in shell bang line, RT#129336, +# in upstream after 5.25.5 +Patch44: perl-5.24.0-rt-129336-perl-i-u-erroneously-interpreted-as-u.patch # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2187,6 +2190,7 @@ Perl extension for Version Objects %patch41 -p1 %patch42 -p1 %patch43 -p1 +%patch44 -p1 %patch200 -p1 %patch201 -p1 @@ -2222,6 +2226,7 @@ perl -x patchlevel.h \ 'Fedora Patch41: Fix string overrun in Perl_gv_fetchmethod_pvn_flags (RT#129267)' \ 'Fedora Patch42: Fix string overrun in Perl_gv_fetchmethod_pvn_flags (RT#129267)' \ 'Fedora Patch43: Fix crash when matching UTF-8 string with non-UTF-8 substrings (RT#129350)' \ + 'Fedora Patch44: Fix parsing perl options in shell bang line (RT#129336)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4242,6 +4247,7 @@ popd - Fix crash in splice (RT#129164, RT#129166, RT#129167) - Fix string overrun in Perl_gv_fetchmethod_pvn_flags (RT#129267) - Fix crash when matching UTF-8 string with non-UTF-8 substrings (RT#129350) +- Fix parsing perl options in shell bang line (RT#129336) * Wed Aug 03 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.2-354 - Avoid loading optional modules from default . (CVE-2016-1238) -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f23&id=71479c998510e7d192fef68fcd535c90f1c2bc24 _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org