From 3f386ca0c4d07d6ffed4672c6b9fab46c63eeac4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Thu, 3 Nov 2016 09:16:29 +0100
Subject: Fix crash in "evalbytes S"
---
perl-5.24.0-Regression-test-for-RT-129196.patch | 45 +++++++++++++++++++++
...rl-129196-Crash-bad-read-with-evalbytes-S.patch | 37 +++++++++++++++++
perl-5.25.4-toke.c-fix-mswin32-builds.patch | 46 ++++++++++++++++++++++
perl.spec | 16 +++++++-
4 files changed, 143 insertions(+), 1 deletion(-)
create mode 100644 perl-5.24.0-Regression-test-for-RT-129196.patch
create mode 100644
perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
create mode 100644 perl-5.25.4-toke.c-fix-mswin32-builds.patch
diff --git a/perl-5.24.0-Regression-test-for-RT-129196.patch
b/perl-5.24.0-Regression-test-for-RT-129196.patch
new file mode 100644
index 0000000..23beb36
--- /dev/null
+++ b/perl-5.24.0-Regression-test-for-RT-129196.patch
@@ -0,0 +1,45 @@
+From a51d828a6d402f30f37707c714de218f6b47dbd8 Mon Sep 17 00:00:00 2001
+From: Dan Collins <dcolli...@gmail.com>
+Date: Sun, 4 Sep 2016 14:43:41 -0400
+Subject: [PATCH] Regression test for RT #129196
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.24.0:
+
+commit a6128716d2cc20147851e0a37768376647bd3242
+Author: Dan Collins <dcolli...@gmail.com>
+Date: Sun Sep 4 14:43:41 2016 -0400
+
+ Regression test for RT #129196
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ t/op/evalbytes.t | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/t/op/evalbytes.t b/t/op/evalbytes.t
+index cca7c04..5e2af76 100644
+--- a/t/op/evalbytes.t
++++ b/t/op/evalbytes.t
+@@ -6,7 +6,7 @@ BEGIN {
+ require './test.pl'; require './charset_tools.pl';
+ }
+
+-plan(tests => 8);
++plan(tests => 9);
+
+ {
+ local $SIG{__WARN__} = sub {};
+@@ -33,3 +33,7 @@ chop($upcode = "use utf8; $U_100" . chr 256);
+ is evalbytes $upcode, chr 256, 'use utf8 within evalbytes on utf8 string';
+ eval { evalbytes chr 256 };
+ like $@, qr/Wide character/, 'evalbytes croaks on non-bytes';
++
++eval 'evalbytes S';
++ok 1, '[RT #129196] evalbytes S should not segfault';
++
+--
+2.7.4
+
diff --git a/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
b/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
new file mode 100644
index 0000000..e224f30
--- /dev/null
+++ b/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
@@ -0,0 +1,37 @@
+From 9bde56224e82f20e7a65b3469b1ffb6b9f6d4df8 Mon Sep 17 00:00:00 2001
+From: Father Chrysostomos <spr...@cpan.org>
+Date: Sun, 4 Sep 2016 20:24:19 -0700
+Subject: [PATCH] =?UTF-8?q?[perl=20#129196]=20Crash/bad=20read=20with=20?=
+ =?UTF-8?q?=E2=80=98evalbytes=20S=E2=80=99?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+5dc13276 added some code to toke.c that did not take into account
+that the opnum (‘f’) argument to UNI* could be a negated op number.
+PL_last_lop_op must never be negative, since it is used as an offset
+into a struct.
+
+Tests for the crash will come in the next commit.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ toke.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/toke.c b/toke.c
+index 2fe8b69..2350703 100644
+--- a/toke.c
++++ b/toke.c
+@@ -241,7 +241,7 @@ static const char* const lex_state_names[] = {
+ if (have_x) PL_expect = x; \
+ PL_bufptr = s; \
+ PL_last_uni = PL_oldbufptr; \
+- PL_last_lop_op = f; \
++ PL_last_lop_op = f < 0 ? -f : f; \
+ if (*s == '(') \
+ return REPORT( (int)FUNC1 ); \
+ s = skipspace(s); \
+--
+2.7.4
+
diff --git a/perl-5.25.4-toke.c-fix-mswin32-builds.patch
b/perl-5.25.4-toke.c-fix-mswin32-builds.patch
new file mode 100644
index 0000000..5b066c8
--- /dev/null
+++ b/perl-5.25.4-toke.c-fix-mswin32-builds.patch
@@ -0,0 +1,46 @@
+From 0af40c757f083cc12988effb46da5313cd042f00 Mon Sep 17 00:00:00 2001
+From: David Mitchell <da...@iabyn.com>
+Date: Mon, 5 Sep 2016 15:49:28 +0100
+Subject: [PATCH] toke.c: fix mswin32 builds
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+9bde56224 added this as part of macro:
+
+- PL_last_lop_op = f; \
++ PL_last_lop_op = f < 0 ? -f : f; \
+
+which broke win32 builds due to this
+
+ UNIBRACK(-OP_ENTEREVAL)
+
+expanding to
+
+ PL_last_lop_op = -345 < 0 ? --345 : -345
+
+and the -- being seen as a pre-dec op.
+
+Diagnosed by Dagfinn Ilmari Mannsåker.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ toke.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/toke.c b/toke.c
+index 2350703..a1cdda8 100644
+--- a/toke.c
++++ b/toke.c
+@@ -241,7 +241,7 @@ static const char* const lex_state_names[] = {
+ if (have_x) PL_expect = x; \
+ PL_bufptr = s; \
+ PL_last_uni = PL_oldbufptr; \
+- PL_last_lop_op = f < 0 ? -f : f; \
++ PL_last_lop_op = (f) < 0 ? -(f) : (f); \
+ if (*s == '(') \
+ return REPORT( (int)FUNC1 ); \
+ s = skipspace(s); \
+--
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index d1e5563..88d11b8 100644
--- a/perl.spec
+++ b/perl.spec
@@ -28,7 +28,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be
broken otherwise
-Release: 377%{?dist}
+Release: 378%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -183,6 +183,11 @@ Patch43:
perl-5.24.0-PATCH-perl-128734-tr-N-.-failing-for-128-255.patch
# in upstream after 5.24.1
Patch44: perl-5.24.0-CVE-2016-1238-maint-5.24-dot-in-inc.patch
+# Fix crash in "evalbytes S", RT#129196, in upstream after 5.25.4
+Patch45: perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
+Patch46: perl-5.24.0-Regression-test-for-RT-129196.patch
+Patch47: perl-5.25.4-toke.c-fix-mswin32-builds.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200:
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -2848,6 +2853,9 @@ Perl extension for Version Objects
%patch42 -p1
%patch43 -p1
%patch44 -p1
+%patch45 -p1
+%patch46 -p1
+%patch47 -p1
%patch200 -p1
%patch201 -p1
@@ -2883,6 +2891,9 @@ perl -x patchlevel.h \
'Fedora Patch42: Fix a crash in lexical scope warnings (RT#128597)' \
'Fedora Patch43: Fix handling \N{} in tr for characters in range 128--255
(RT#128734)' \
'Fedora Patch44: Avoid loading of modules from current directory
(CVE-2016-1238)' \
+ 'Fedora Patch45: Fix crash in "evalbytes S" (RT#129196)' \
+ 'Fedora Patch46: Fix crash in "evalbytes S" (RT#129196)' \
+ 'Fedora Patch47: Fix crash in "evalbytes S" (RT#129196)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on
Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -5161,6 +5172,9 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
+* Thu Nov 03 2016 Petr Pisar <ppi...@redhat.com> - 4:5.24.0-378
+- Fix crash in "evalbytes S" (RT#129196)
+
* Tue Aug 02 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.24.0-377
- Avoid loading of modules from current directory, CVE-2016-1238, (bug
#1360425)
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f25&id=3f386ca0c4d07d6ffed4672c6b9fab46c63eeac4
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
