From e5b865603532a910b784c8c549965fb391467bef Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova <jples...@redhat.com> Date: Mon, 17 Jul 2017 15:08:09 +0200 Subject: 5.22.4 bump
--- .gitignore | 1 + ....3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch | 191 --------------------- perl.spec | 17 +- sources | 2 +- 4 files changed, 10 insertions(+), 201 deletions(-) delete mode 100644 perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch diff --git a/.gitignore b/.gitignore index 28fae75..9749d7a 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ perl-5.12.1.tar.gz /perl-5.22.1.tar.bz2 /perl-5.22.2.tar.bz2 /perl-5.22.3.tar.bz2 +/perl-5.22.4.tar.bz2 diff --git a/perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch b/perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch deleted file mode 100644 index 4ea66de..0000000 --- a/perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 326dd098113de7c1d79c00ef1eb1860d0e502586 Mon Sep 17 00:00:00 2001 -From: Father Chrysostomos <spr...@cpan.org> -Date: Sat, 3 Sep 2016 13:30:22 -0700 -Subject: [PATCH] Fix checks for tainted dir in $ENV{PATH} -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Ported to 5.22.3: - -commit ba0a4150f6f1604df236035adf6df18bd43de88e -Author: Father Chrysostomos <spr...@cpan.org> -Date: Sat Sep 3 13:30:22 2016 -0700 - - Fix checks for tainted dir in $ENV{PATH} - - $ cat > foo - #!/usr/bin/perl - print "What?!\n" - ^D - $ chmod +x foo - $ ./perl -Ilib -Te '$ENV{PATH}="."; exec "foo"' - Insecure directory in $ENV{PATH} while running with -T switch at -e line 1. - - That is what I expect to see. But: - - $ ./perl -Ilib -Te '$ENV{PATH}="/\\:."; exec "foo"' - What?! - - Perl is allowing the \ to escape the :, but the \ is not treated as an - escape by the system, allowing a relative path in PATH to be consid- - ered safe. - -Signed-off-by: Petr Písař <ppi...@redhat.com> ---- - embed.fnc | 4 ++++ - embed.h | 1 + - mg.c | 2 +- - proto.h | 9 +++++++++ - t/op/taint.t | 18 +++++++++++++++++- - util.c | 25 ++++++++++++++++++++++--- - 6 files changed, 54 insertions(+), 5 deletions(-) - -diff --git a/embed.fnc b/embed.fnc -index 3dbf9e8..7eed88e 100644 ---- a/embed.fnc -+++ b/embed.fnc -@@ -343,6 +343,10 @@ Ap |I32 |debstackptrs - pR |SV * |defelem_target |NN SV *sv|NULLOK MAGIC *mg - Anp |char* |delimcpy |NN char* to|NN const char* toend|NN const char* from \ - |NN const char* fromend|int delim|NN I32* retlen -+np |char* |delimcpy_no_escape|NN char* to|NN const char* toend \ -+ |NN const char* from \ -+ |NN const char* fromend|int delim \ -+ |NN I32* retlen - : Used in op.c, perl.c - pM |void |delete_eval_scope - Aprd |OP* |die_sv |NN SV *baseex -diff --git a/embed.h b/embed.h -index e09ffee..fe310b6 100644 ---- a/embed.h -+++ b/embed.h -@@ -1161,6 +1161,7 @@ - #define deb_stack_all() Perl_deb_stack_all(aTHX) - #define defelem_target(a,b) Perl_defelem_target(aTHX_ a,b) - #define delete_eval_scope() Perl_delete_eval_scope(aTHX) -+#define delimcpy_no_escape Perl_delimcpy_no_escape - #define die_unwind(a) Perl_die_unwind(aTHX_ a) - #define do_aexec5(a,b,c,d,e) Perl_do_aexec5(aTHX_ a,b,c,d,e) - #define do_dump_pad(a,b,c,d) Perl_do_dump_pad(aTHX_ a,b,c,d) -diff --git a/mg.c b/mg.c -index 064a1ae..b67f8e2 100644 ---- a/mg.c -+++ b/mg.c -@@ -1254,7 +1254,7 @@ Perl_magic_setenv(pTHX_ SV *sv, MAGIC *mg) - #else - const char path_sep = ':'; - #endif -- s = delimcpy(tmpbuf, tmpbuf + sizeof tmpbuf, -+ s = delimcpy_no_escape(tmpbuf, tmpbuf + sizeof tmpbuf, - s, strend, path_sep, &i); - s++; - if (i >= (I32)sizeof tmpbuf /* too long -- assume the worst */ -diff --git a/proto.h b/proto.h -index f82c62e..3b57ca4 100644 ---- a/proto.h -+++ b/proto.h -@@ -891,6 +891,15 @@ PERL_CALLCONV char* Perl_delimcpy(char* to, const char* toend, const char* from, - #define PERL_ARGS_ASSERT_DELIMCPY \ - assert(to); assert(toend); assert(from); assert(fromend); assert(retlen) - -+PERL_CALLCONV char* Perl_delimcpy_no_escape(char* to, const char* toend, const char* from, const char* fromend, int delim, I32* retlen) -+ __attribute__nonnull__(1) -+ __attribute__nonnull__(2) -+ __attribute__nonnull__(3) -+ __attribute__nonnull__(4) -+ __attribute__nonnull__(6); -+#define PERL_ARGS_ASSERT_DELIMCPY_NO_ESCAPE \ -+ assert(to); assert(toend); assert(from); assert(fromend); assert(retlen) -+ - PERL_CALLCONV void Perl_despatch_signals(pTHX); - PERL_CALLCONV_NO_RET OP* Perl_die(pTHX_ const char* pat, ...) - __attribute__noreturn__ -diff --git a/t/op/taint.t b/t/op/taint.t -index 08afc78..5437dbd 100644 ---- a/t/op/taint.t -+++ b/t/op/taint.t -@@ -17,7 +17,7 @@ BEGIN { - use strict; - use Config; - --plan tests => 801; -+plan tests => 805; - - $| = 1; - -@@ -187,6 +187,22 @@ my $TEST = 'TEST'; - like($@, qr/^Insecure (?:directory in )?\$ENV\{PATH}/); - } - -+ # Relative paths in $ENV{PATH} are always implicitly tainted. -+ SKIP: { -+ skip "Do these work on VMS?", 4 if $Is_VMS; -+ skip "Not applicable to DOSish systems", 4 if! $tmp; -+ -+ local $ENV{PATH} = '.'; -+ is(eval { `$echo 1` }, undef); -+ like($@, qr/^Insecure (?:directory in )?\$ENV\{PATH}/); -+ -+ # Backslash should not fool perl into thinking that this is one -+ # path. -+ local $ENV{PATH} = '/\:.'; -+ is(eval { `$echo 1` }, undef); -+ like($@, qr/^Insecure (?:directory in )?\$ENV\{PATH}/); -+ } -+ - SKIP: { - skip "This is not VMS", 4 unless $Is_VMS; - -diff --git a/util.c b/util.c -index 457b013..6dca6f2 100644 ---- a/util.c -+++ b/util.c -@@ -520,15 +520,17 @@ Free_t Perl_mfree (Malloc_t where) - - /* copy a string up to some (non-backslashed) delimiter, if any */ - --char * --Perl_delimcpy(char *to, const char *toend, const char *from, const char *fromend, int delim, I32 *retlen) -+static char * -+S_delimcpy(char *to, const char *toend, const char *from, -+ const char *fromend, int delim, I32 *retlen, -+ const bool allow_escape) - { - I32 tolen; - - PERL_ARGS_ASSERT_DELIMCPY; - - for (tolen = 0; from < fromend; from++, tolen++) { -- if (*from == '\\') { -+ if (allow_escape && *from == '\\') { - if (from[1] != delim) { - if (to < toend) - *to++ = *from; -@@ -1217,6 +1219,23 @@ Perl_form_nocontext(const char* pat, ...) - } - #endif /* PERL_IMPLICIT_CONTEXT */ - -+char * -+Perl_delimcpy(char *to, const char *toend, const char *from, const char *fromend, int delim, I32 *retlen) -+{ -+ PERL_ARGS_ASSERT_DELIMCPY; -+ -+ return S_delimcpy(to, toend, from, fromend, delim, retlen, 1); -+} -+ -+char * -+Perl_delimcpy_no_escape(char *to, const char *toend, const char *from, -+ const char *fromend, int delim, I32 *retlen) -+{ -+ PERL_ARGS_ASSERT_DELIMCPY_NO_ESCAPE; -+ -+ return S_delimcpy(to, toend, from, fromend, delim, retlen, 0); -+} -+ - /* - =head1 Miscellaneous Functions - =for apidoc form --- -2.9.4 - diff --git a/perl.spec b/perl.spec index d5b8b1a..83cd299 100644 --- a/perl.spec +++ b/perl.spec @@ -1,4 +1,4 @@ -%global perl_version 5.22.3 +%global perl_version 5.22.4 %global perl_epoch 4 %global perl_arch_stem -thread-multi %global perl_archname %{_arch}-%{_os}%{perl_arch_stem} @@ -29,7 +29,7 @@ Name: perl Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 371%{?dist} +Release: 372%{?dist} Epoch: %{perl_epoch} Summary: Practical Extraction and Report Language Group: Development/Languages @@ -259,10 +259,6 @@ Patch85: perl-5.24.1-perl-131263-clear-the-UTF8-flag-on-a-glob-if-it-isn- # Fix a buffer overflow in my_atof2(), RT#131526, in upstream after 5.27.0 Patch86: perl-5.27.0-perl-131526-don-t-go-beyond-the-end-of-the-NUL-in-my.patch -# Fix checks for tainted directory in $ENV{PATH} if a backslash escape presents, -# in upstream after 5.25.4 -Patch87: perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch - # Fix handling backslashes in PATH environment variable when executing # "perl -S", RT#129183, in upstream after 5.27.0 Patch88: perl-5.27.0-perl-129183-don-t-treat-as-an-escape-in-PATH-for-S.patch @@ -291,7 +287,7 @@ BuildRequires: procps, rsyslog # compat macro needed for rebuild -%global perl_compat perl(:MODULE_COMPAT_5.22.3) +%global perl_compat perl(:MODULE_COMPAT_5.22.4) # perl-interpreter denotes a package with the perl executable. # Full EVR is for compatibility with systems that swapped perl and perl-core @@ -349,6 +345,7 @@ Group: Development/Languages License: GPL+ or Artistic # Compat provides Provides: %perl_compat +Provides: perl(:MODULE_COMPAT_5.22.3) Provides: perl(:MODULE_COMPAT_5.22.2) Provides: perl(:MODULE_COMPAT_5.22.1) Provides: perl(:MODULE_COMPAT_5.22.0) @@ -2600,7 +2597,6 @@ Perl extension for Version Objects %patch84 -p1 %patch85 -p1 %patch86 -p1 -%patch87 -p1 %patch88 -p1 %patch200 -p1 %patch201 -p1 @@ -2668,7 +2664,6 @@ perl -x patchlevel.h \ 'Fedora Patch83: Fix cloning :via handles on thread creation (RT#131221)' \ 'Fedora Patch85: Fix glob UTF-8 flag on a glob reassignment (RT#131263)' \ 'Fedora Patch86: Fix a buffer overflow in my_atof2() (RT#131526)' \ - 'Fedora Patch87: Fix checks for tainted directory in $ENV{PATH} if a backslash escape presents' \ 'Fedora Patch88: Fix handling backslashes in PATH environment variable when executing "perl -S" (RT#129183)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ @@ -4922,6 +4917,10 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Mon Jul 17 2017 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.4-372 +- 5.22.4 bump (see <http://search.cpan.org/dist/perl-5.22.4/pod/perldelta.pod> + for release notes) + * Mon Jun 26 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-371 - Make File::Glob more resistant against degenerative matching (RT#131211) - Fix a memory wrap in sv_vcatpvfn_flags() (RT#131260) diff --git a/sources b/sources index f71a4c8..93886e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (perl-5.22.3.tar.bz2) = cca1f320208044934db8aa35653e461876f81618e2dd26f8a2c997d1dec39c9e4ef2aef324e42ca7a6ff2de58246afb1bdff664d5009ac24c1bc04b8e3b0fc30 +SHA512 (perl-5.22.4.tar.bz2) = d91e86449e86e42657e62f7592675cee73eeef1766fdde6df923702f3b5f30ae82c0e4c847615f3de61acf6ff4e294f763fc0381a9cc044f25debb369415d96b -- cgit v1.1 https://src.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=e5b865603532a910b784c8c549965fb391467bef _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org