jplesnik pushed to perl (f24). "5.22.4 bump"

Mon, 17 Jul 2017 06:09:17 -0700 

From e5b865603532a910b784c8c549965fb391467bef Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jples...@redhat.com>
Date: Mon, 17 Jul 2017 15:08:09 +0200
Subject: 5.22.4 bump

---
 .gitignore                                         |   1 +
 ....3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch | 191 ---------------------
 perl.spec                                          |  17 +-
 sources                                            |   2 +-
 4 files changed, 10 insertions(+), 201 deletions(-)
 delete mode 100644 perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch

diff --git a/.gitignore b/.gitignore
index 28fae75..9749d7a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@ perl-5.12.1.tar.gz
 /perl-5.22.1.tar.bz2
 /perl-5.22.2.tar.bz2
 /perl-5.22.3.tar.bz2
+/perl-5.22.4.tar.bz2
diff --git a/perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch 
b/perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch
deleted file mode 100644
index 4ea66de..0000000
--- a/perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-From 326dd098113de7c1d79c00ef1eb1860d0e502586 Mon Sep 17 00:00:00 2001
-From: Father Chrysostomos <spr...@cpan.org>
-Date: Sat, 3 Sep 2016 13:30:22 -0700
-Subject: [PATCH] Fix checks for tainted dir in $ENV{PATH}
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ported to 5.22.3:
-
-commit ba0a4150f6f1604df236035adf6df18bd43de88e
-Author: Father Chrysostomos <spr...@cpan.org>
-Date:   Sat Sep 3 13:30:22 2016 -0700
-
-    Fix checks for tainted dir in $ENV{PATH}
-
-    $ cat > foo
-    #!/usr/bin/perl
-    print "What?!\n"
-    ^D
-    $ chmod +x foo
-    $ ./perl -Ilib -Te '$ENV{PATH}="."; exec "foo"'
-    Insecure directory in $ENV{PATH} while running with -T switch at -e line 1.
-
-    That is what I expect to see.  But:
-
-    $ ./perl -Ilib -Te '$ENV{PATH}="/\\:."; exec "foo"'
-    What?!
-
-    Perl is allowing the \ to escape the :, but the \ is not treated as an
-    escape by the system, allowing a relative path in PATH to be consid-
-    ered safe.
-
-Signed-off-by: Petr Písař <ppi...@redhat.com>
----
- embed.fnc    |  4 ++++
- embed.h      |  1 +
- mg.c         |  2 +-
- proto.h      |  9 +++++++++
- t/op/taint.t | 18 +++++++++++++++++-
- util.c       | 25 ++++++++++++++++++++++---
- 6 files changed, 54 insertions(+), 5 deletions(-)
-
-diff --git a/embed.fnc b/embed.fnc
-index 3dbf9e8..7eed88e 100644
---- a/embed.fnc
-+++ b/embed.fnc
-@@ -343,6 +343,10 @@ Ap        |I32    |debstackptrs
- pR    |SV *   |defelem_target |NN SV *sv|NULLOK MAGIC *mg
- Anp   |char*  |delimcpy       |NN char* to|NN const char* toend|NN const 
char* from \
-                               |NN const char* fromend|int delim|NN I32* retlen
-+np    |char*  |delimcpy_no_escape|NN char* to|NN const char* toend \
-+                                 |NN const char* from \
-+                                 |NN const char* fromend|int delim \
-+                                 |NN I32* retlen
- : Used in op.c, perl.c
- pM    |void   |delete_eval_scope
- Aprd    |OP*    |die_sv         |NN SV *baseex
-diff --git a/embed.h b/embed.h
-index e09ffee..fe310b6 100644
---- a/embed.h
-+++ b/embed.h
-@@ -1161,6 +1161,7 @@
- #define deb_stack_all()               Perl_deb_stack_all(aTHX)
- #define defelem_target(a,b)   Perl_defelem_target(aTHX_ a,b)
- #define delete_eval_scope()   Perl_delete_eval_scope(aTHX)
-+#define delimcpy_no_escape    Perl_delimcpy_no_escape
- #define die_unwind(a)         Perl_die_unwind(aTHX_ a)
- #define do_aexec5(a,b,c,d,e)  Perl_do_aexec5(aTHX_ a,b,c,d,e)
- #define do_dump_pad(a,b,c,d)  Perl_do_dump_pad(aTHX_ a,b,c,d)
-diff --git a/mg.c b/mg.c
-index 064a1ae..b67f8e2 100644
---- a/mg.c
-+++ b/mg.c
-@@ -1254,7 +1254,7 @@ Perl_magic_setenv(pTHX_ SV *sv, MAGIC *mg)
- #else
-               const char path_sep = ':';
- #endif
--              s = delimcpy(tmpbuf, tmpbuf + sizeof tmpbuf,
-+              s = delimcpy_no_escape(tmpbuf, tmpbuf + sizeof tmpbuf,
-                            s, strend, path_sep, &i);
-               s++;
-               if (i >= (I32)sizeof tmpbuf   /* too long -- assume the worst */
-diff --git a/proto.h b/proto.h
-index f82c62e..3b57ca4 100644
---- a/proto.h
-+++ b/proto.h
-@@ -891,6 +891,15 @@ PERL_CALLCONV char*       Perl_delimcpy(char* to, const 
char* toend, const char* from,
- #define PERL_ARGS_ASSERT_DELIMCPY     \
-       assert(to); assert(toend); assert(from); assert(fromend); assert(retlen)
- 
-+PERL_CALLCONV char*   Perl_delimcpy_no_escape(char* to, const char* toend, 
const char* from, const char* fromend, int delim, I32* retlen)
-+                      __attribute__nonnull__(1)
-+                      __attribute__nonnull__(2)
-+                      __attribute__nonnull__(3)
-+                      __attribute__nonnull__(4)
-+                      __attribute__nonnull__(6);
-+#define PERL_ARGS_ASSERT_DELIMCPY_NO_ESCAPE   \
-+      assert(to); assert(toend); assert(from); assert(fromend); assert(retlen)
-+
- PERL_CALLCONV void    Perl_despatch_signals(pTHX);
- PERL_CALLCONV_NO_RET OP*      Perl_die(pTHX_ const char* pat, ...)
-                       __attribute__noreturn__
-diff --git a/t/op/taint.t b/t/op/taint.t
-index 08afc78..5437dbd 100644
---- a/t/op/taint.t
-+++ b/t/op/taint.t
-@@ -17,7 +17,7 @@ BEGIN {
- use strict;
- use Config;
- 
--plan tests => 801;
-+plan tests => 805;
- 
- $| = 1;
- 
-@@ -187,6 +187,22 @@ my $TEST = 'TEST';
-       like($@, qr/^Insecure (?:directory in )?\$ENV\{PATH}/);
-     }
- 
-+    # Relative paths in $ENV{PATH} are always implicitly tainted.
-+    SKIP: {
-+        skip "Do these work on VMS?", 4 if $Is_VMS;
-+        skip "Not applicable to DOSish systems", 4 if! $tmp;
-+
-+        local $ENV{PATH} = '.';
-+        is(eval { `$echo 1` }, undef);
-+        like($@, qr/^Insecure (?:directory in )?\$ENV\{PATH}/);
-+
-+        # Backslash should not fool perl into thinking that this is one
-+        # path.
-+        local $ENV{PATH} = '/\:.';
-+        is(eval { `$echo 1` }, undef);
-+        like($@, qr/^Insecure (?:directory in )?\$ENV\{PATH}/);
-+    }
-+
-     SKIP: {
-         skip "This is not VMS", 4 unless $Is_VMS;
- 
-diff --git a/util.c b/util.c
-index 457b013..6dca6f2 100644
---- a/util.c
-+++ b/util.c
-@@ -520,15 +520,17 @@ Free_t   Perl_mfree (Malloc_t where)
- 
- /* copy a string up to some (non-backslashed) delimiter, if any */
- 
--char *
--Perl_delimcpy(char *to, const char *toend, const char *from, const char 
*fromend, int delim, I32 *retlen)
-+static char *
-+S_delimcpy(char *to, const char *toend, const char *from,
-+         const char *fromend, int delim, I32 *retlen,
-+         const bool allow_escape)
- {
-     I32 tolen;
- 
-     PERL_ARGS_ASSERT_DELIMCPY;
- 
-     for (tolen = 0; from < fromend; from++, tolen++) {
--      if (*from == '\\') {
-+      if (allow_escape && *from == '\\') {
-           if (from[1] != delim) {
-               if (to < toend)
-                   *to++ = *from;
-@@ -1217,6 +1219,23 @@ Perl_form_nocontext(const char* pat, ...)
- }
- #endif /* PERL_IMPLICIT_CONTEXT */
- 
-+char *
-+Perl_delimcpy(char *to, const char *toend, const char *from, const char 
*fromend, int delim, I32 *retlen)
-+{
-+    PERL_ARGS_ASSERT_DELIMCPY;
-+
-+    return S_delimcpy(to, toend, from, fromend, delim, retlen, 1);
-+}
-+
-+char *
-+Perl_delimcpy_no_escape(char *to, const char *toend, const char *from,
-+                      const char *fromend, int delim, I32 *retlen)
-+{
-+    PERL_ARGS_ASSERT_DELIMCPY_NO_ESCAPE;
-+
-+    return S_delimcpy(to, toend, from, fromend, delim, retlen, 0);
-+}
-+
- /*
- =head1 Miscellaneous Functions
- =for apidoc form
--- 
-2.9.4
-
diff --git a/perl.spec b/perl.spec
index d5b8b1a..83cd299 100644
--- a/perl.spec
+++ b/perl.spec
@@ -1,4 +1,4 @@
-%global perl_version    5.22.3
+%global perl_version    5.22.4
 %global perl_epoch      4
 %global perl_arch_stem -thread-multi
 %global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
@@ -29,7 +29,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be 
broken otherwise
-Release:        371%{?dist}
+Release:        372%{?dist}
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 Group:          Development/Languages
@@ -259,10 +259,6 @@ Patch85:        
perl-5.24.1-perl-131263-clear-the-UTF8-flag-on-a-glob-if-it-isn-
 # Fix a buffer overflow in my_atof2(), RT#131526, in upstream after 5.27.0
 Patch86:        
perl-5.27.0-perl-131526-don-t-go-beyond-the-end-of-the-NUL-in-my.patch
 
-# Fix checks for tainted directory in $ENV{PATH} if a backslash escape 
presents,
-# in upstream after 5.25.4
-Patch87:        perl-5.22.3-Fix-checks-for-tainted-dir-in-ENV-PATH.patch
-
 # Fix handling backslashes in PATH environment variable when executing
 # "perl -S", RT#129183, in upstream after 5.27.0
 Patch88:        
perl-5.27.0-perl-129183-don-t-treat-as-an-escape-in-PATH-for-S.patch
@@ -291,7 +287,7 @@ BuildRequires:  procps, rsyslog
 
 
 # compat macro needed for rebuild
-%global perl_compat perl(:MODULE_COMPAT_5.22.3)
+%global perl_compat perl(:MODULE_COMPAT_5.22.4)
 
 # perl-interpreter denotes a package with the perl executable.
 # Full EVR is for compatibility with systems that swapped perl and perl-core
@@ -349,6 +345,7 @@ Group:          Development/Languages
 License:        GPL+ or Artistic
 # Compat provides
 Provides:       %perl_compat
+Provides:       perl(:MODULE_COMPAT_5.22.3)
 Provides:       perl(:MODULE_COMPAT_5.22.2)
 Provides:       perl(:MODULE_COMPAT_5.22.1)
 Provides:       perl(:MODULE_COMPAT_5.22.0)
@@ -2600,7 +2597,6 @@ Perl extension for Version Objects
 %patch84 -p1
 %patch85 -p1
 %patch86 -p1
-%patch87 -p1
 %patch88 -p1
 %patch200 -p1
 %patch201 -p1
@@ -2668,7 +2664,6 @@ perl -x patchlevel.h \
     'Fedora Patch83: Fix cloning :via handles on thread creation (RT#131221)' \
     'Fedora Patch85: Fix glob UTF-8 flag on a glob reassignment (RT#131263)' \
     'Fedora Patch86: Fix a buffer overflow in my_atof2() (RT#131526)' \
-    'Fedora Patch87: Fix checks for tainted directory in $ENV{PATH} if a 
backslash escape presents' \
     'Fedora Patch88: Fix handling backslashes in PATH environment variable 
when executing "perl -S" (RT#129183)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on 
Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
@@ -4922,6 +4917,10 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Mon Jul 17 2017 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.4-372
+- 5.22.4 bump (see <http://search.cpan.org/dist/perl-5.22.4/pod/perldelta.pod>
+  for release notes)
+
 * Mon Jun 26 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-371
 - Make File::Glob more resistant against degenerative matching (RT#131211)
 - Fix a memory wrap in sv_vcatpvfn_flags() (RT#131260)
diff --git a/sources b/sources
index f71a4c8..93886e6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (perl-5.22.3.tar.bz2) = 
cca1f320208044934db8aa35653e461876f81618e2dd26f8a2c997d1dec39c9e4ef2aef324e42ca7a6ff2de58246afb1bdff664d5009ac24c1bc04b8e3b0fc30
+SHA512 (perl-5.22.4.tar.bz2) = 
d91e86449e86e42657e62f7592675cee73eeef1766fdde6df923702f3b5f30ae82c0e4c847615f3de61acf6ff4e294f763fc0381a9cc044f25debb369415d96b
-- 
cgit v1.1


        
https://src.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=e5b865603532a910b784c8c549965fb391467bef
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

Reply via email to