12 changed files with 312 additions and 722 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/Storable-2.51.tar.gz
+SOURCES/Storable-3.15.tar.gz
--- a/.perl-Storable.metadata
+++ b/.perl-Storable.metadata
@ -1 +1 @@
-3ccd6ac2b898aa589ac5c6dd73d6b600f5192a47 SOURCES/Storable-2.51.tar.gz
+dfd5ef17f9cdca7c246a90cbde7948e4c0168670 SOURCES/Storable-3.15.tar.gz
--- a/SOURCES/Storable-2.51-Upgrade-to-2.53.patch
+++ b/SOURCES/Storable-2.51-Upgrade-to-2.53.patch
@ -1,307 +0,0 @@
-From fd2e79041c553c1220c6eca796293873246c5682 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Wed, 6 May 2015 09:39:53 +0200
-Subject: [PATCH] Upgrade to 2.53
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
---
- ChangeLog         |  2 +-
- MANIFEST          |  3 +++
- Storable.pm       |  6 +++---
- t/attach.t        | 42 ++++++++++++++++++++++++++++++++++++
- t/attach_errors.t |  2 +-
- t/canonical.t     |  2 +-
- t/code.t          |  2 +-
- t/leaks.t         | 34 +++++++++++++++++++++++++++++
- t/tied_store.t    | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- t/utf8.t          |  6 ++++--
- 10 files changed, 154 insertions(+), 9 deletions(-)
- create mode 100644 t/attach.t
- create mode 100644 t/leaks.t
- create mode 100644 t/tied_store.t
-
-diff --git a/ChangeLog b/ChangeLog
-index 4df921e..cbfdbab 100644
--- a/ChangeLog
-+++ b/ChangeLog
-@@ -209,7 +209,7 @@ Fri Jun  7 23:55:41 BST 2002   Nicholas Clark
- 	The bug was introduced as development perl change 16442 (on
- 	2002/05/07), so has been present since 2.00.
- 	Patches to introduce more regression tests to reduce the chance of
-	a reoccurence of this sort of goof are always welcome.
-+	a reoccurrence of this sort of goof are always welcome.
- 	
- Thu May 30 20:31:08 BST 2002   Nicholas Clark <nick@ccl4.org>
- 
-diff --git a/MANIFEST b/MANIFEST
-index 84b72f1..2f5b725 100644
--- a/MANIFEST
-+++ b/MANIFEST
-@@ -9,6 +9,7 @@ ppport.h
- README
- Storable.pm
- Storable.xs
-+t/attach.t
- t/attach_errors.t
- t/attach_singleton.t
- t/blessed.t
-@@ -33,6 +34,7 @@ t/HAS_OVERLOAD.pm
- t/integer.t
- t/interwork56.t
- t/just_plain_nasty.t
-+t/leaks.t
- t/lock.t
- t/make_56_interwork.pl
- t/make_downgrade.pl
-@@ -51,6 +53,7 @@ t/threads.t
- t/tied.t
- t/tied_hook.t
- t/tied_items.t
-+t/tied_store.t
- t/utf8.t
- t/utf8hash.t
- t/weak.t
-diff --git a/Storable.pm b/Storable.pm
-index 839c1d1..9d8b621 100644
--- a/Storable.pm
-+++ b/Storable.pm
-@@ -22,7 +22,7 @@ package Storable; @ISA = qw(Exporter);
- 
- use vars qw($canonical $forgive_me $VERSION);
- 
-$VERSION = '2.51';
-+$VERSION = '2.53';
- 
- BEGIN {
-     if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
-@@ -1088,8 +1088,8 @@ deal with them.
- 
- The store functions will C<croak> if they run into such references
- unless you set C<$Storable::forgive_me> to some C<TRUE> value. In that
-case, the fatal message is turned in a warning and some
-meaningless string is stored instead.
-+case, the fatal message is converted to a warning and some meaningless
-+string is stored instead.
- 
- Setting C<$Storable::canonical> may not yield frozen strings that
- compare equal due to possible stringification of numbers. When the
-diff --git a/t/attach.t b/t/attach.t
-new file mode 100644
-index 0000000..5ffdae5
--- /dev/null
-+++ b/t/attach.t
-@@ -0,0 +1,42 @@
-+#!./perl -w
-+#
-+# This file tests that Storable correctly uses STORABLE_attach hooks
-+
-+sub BEGIN {
-+	unshift @INC, 't';
-+	unshift @INC, 't/compat' if $] < 5.006002;
-+	require Config; import Config;
-+	if ($ENV{PERL_CORE} and $Config{'extensions'} !~ /\bStorable\b/) {
-+		print "1..0 # Skip: Storable was not built\n";
-+		exit 0;
-+	}
-+}
-+
-+use Test::More tests => 3;
-+use Storable ();
-+
-+{
-+	my $destruct_cnt = 0;
-+	my $obj = bless {data => 'ok'}, 'My::WithDestructor';
-+	my $target = Storable::thaw( Storable::freeze( $obj ) );
-+	is( $target->{data}, 'ok', 'We got correct object after freeze/thaw' );
-+	is( $destruct_cnt, 0, 'No tmp objects created by Storable' );
-+	undef $obj;
-+	undef $target;
-+	is( $destruct_cnt, 2, 'Only right objects destroyed at the end' );
-+
-+	package My::WithDestructor;
-+
-+	sub STORABLE_freeze {
-+		my ($self, $clone) = @_;
-+		return $self->{data};
-+	}
-+
-+	sub STORABLE_attach {
-+		my ($class, $clone, $string) = @_;
-+		return bless {data => $string}, 'My::WithDestructor';
-+	}
-+
-+	sub DESTROY { $destruct_cnt++; }
-+}
-+
-diff --git a/t/attach_errors.t b/t/attach_errors.t
-index c163ca0..6cebd97 100644
--- a/t/attach_errors.t
-+++ b/t/attach_errors.t
-@@ -234,7 +234,7 @@ use Storable ();
- 	isa_ok( $thawed->[1], 'My::GoodAttach::MultipleReferences' );
- 
- 	is($thawed->[0], $thawed->[1], 'References to the same object are attached properly');
-	is($thawed->[1]{id}, $obj->{id}, 'Object with multiple references attchached properly');
-+	is($thawed->[1]{id}, $obj->{id}, 'Object with multiple references attached properly');
- 
-     package My::GoodAttach::MultipleReferences;
- 
-diff --git a/t/canonical.t b/t/canonical.t
-index 23e012f..35046de 100644
--- a/t/canonical.t
-+++ b/t/canonical.t
-@@ -34,7 +34,7 @@ $maxarraysize = 100;
- 
- eval { require Digest::MD5; };
- $gotmd5 = !$@;
-diag "Will use Digest::MD5" if $gotmd5;
-+note "Will use Digest::MD5" if $gotmd5;
- 
- # Use Data::Dumper if debugging and it is available to create an ASCII dump
- 
-diff --git a/t/code.t b/t/code.t
-index c383142..7fc40ba 100644
--- a/t/code.t
-+++ b/t/code.t
-@@ -102,7 +102,7 @@ is($thawed->{"b"}->(), "JAPH");
- $freezed = freeze $obj[2];
- $thawed  = thaw $freezed;
- 
-is($thawed->(), 42);
-+is($thawed->(), (ord "A") == 193 ? -118 : 42);
- 
- ######################################################################
- 
-diff --git a/t/leaks.t b/t/leaks.t
-new file mode 100644
-index 0000000..06360d6
--- /dev/null
-+++ b/t/leaks.t
-@@ -0,0 +1,34 @@
-+#!./perl
-+
-+use Test::More;
-+use Storable ();
-+BEGIN {
-+eval "use Test::LeakTrace";
-+plan 'skip_all' => 'Test::LeakTrace required for this tests' if $@;
-+}
-+plan 'tests' => 1;
-+
-+{
-+    my $c = My::Simple->new;
-+    my $d;
-+    my $freezed = Storable::freeze($c);
-+    no_leaks_ok
-+    {
-+        $d = Storable::thaw($freezed);
-+        undef $d;
-+    };
-+
-+    package My::Simple;
-+    sub new {
-+        my ($class, $arg) = @_;
-+        bless {t=>$arg}, $class;
-+    }
-+    sub STORABLE_freeze {
-+        return "abcderfgh";
-+    }
-+    sub STORABLE_attach {
-+        my ($class, $c, $serialized) = @_;
-+        return $class->new($serialized);
-+    }
-+}
-+
-diff --git a/t/tied_store.t b/t/tied_store.t
-new file mode 100644
-index 0000000..c657f95
--- /dev/null
-+++ b/t/tied_store.t
-@@ -0,0 +1,64 @@
-+#!./perl
-+
-+sub BEGIN {
-+    unshift @INC, 't';
-+    unshift @INC, 't/compat' if $] < 5.006002;
-+    require Config; import Config;
-+    if ($ENV{PERL_CORE} and $Config{'extensions'} !~ /\bStorable\b/) {
-+        print "1..0 # Skip: Storable was not built\n";
-+        exit 0;
-+    }
-+}
-+
-+use Storable ();
-+use Test::More tests => 3;
-+
-+our $f;
-+
-+package TIED_HASH;
-+
-+sub TIEHASH { bless({}, $_[0]) }
-+
-+sub STORE {
-+	$f = Storable::freeze(\$_[2]);
-+	1;
-+}
-+
-+package TIED_ARRAY;
-+
-+sub TIEARRAY { bless({}, $_[0]) }
-+
-+sub STORE {
-+	$f = Storable::freeze(\$_[2]);
-+	1;
-+}
-+
-+package TIED_SCALAR;
-+
-+sub TIESCALAR { bless({}, $_[0]) }
-+
-+sub STORE {
-+	$f = Storable::freeze(\$_[1]);
-+	1;
-+}
-+
-+package main;
-+
-+my($s, @a, %h);
-+tie $s, "TIED_SCALAR";
-+tie @a, "TIED_ARRAY";
-+tie %h, "TIED_HASH";
-+
-+$f = undef;
-+$s = 111;
-+is $f, Storable::freeze(\111);
-+
-+$f = undef;
-+$a[3] = 222;
-+is $f, Storable::freeze(\222);
-+
-+$f = undef;
-+$h{foo} = 333;
-+is $f, Storable::freeze(\333);
-+
-+1;
-diff --git a/t/utf8.t b/t/utf8.t
-index fd20ef6..a8dd6cd 100644
--- a/t/utf8.t
-+++ b/t/utf8.t
-@@ -32,8 +32,10 @@ is($x, ${thaw freeze \$x});
- $x = join '', map {chr $_} (0..1023);
- is($x, ${thaw freeze \$x});
- 
-# Char in the range 127-255 (probably) in utf8
-$x = chr (175) . chr (256);
-+# Char in the range 127-255 (probably) in utf8.  This just won't work for
-+# EBCDIC for early Perls.
-+$x = ($] lt 5.007_003) ? chr(175) : chr(utf8::unicode_to_native(175))
-+   . chr (256);
- chop $x;
- is($x, ${thaw freeze \$x});
- 
-- 
-2.1.0
-
--- a/SOURCES/Storable-2.53-Upgrade-to-2.56.patch
+++ b/SOURCES/Storable-2.53-Upgrade-to-2.56.patch
@ -1,99 +0,0 @@
-diff --git a/Storable.pm b/Storable.pm
-index 9d8b621..c8f6db1 100644
--- a/Storable.pm
-+++ b/Storable.pm
-@@ -22,7 +22,7 @@ package Storable; @ISA = qw(Exporter);
- 
- use vars qw($canonical $forgive_me $VERSION);
- 
-$VERSION = '2.53';
-+$VERSION = '2.56';
- 
- BEGIN {
-     if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
-@@ -979,43 +979,43 @@ such.
- 
- Here are some code samples showing a possible usage of Storable:
- 
-	use Storable qw(store retrieve freeze thaw dclone);
-+ use Storable qw(store retrieve freeze thaw dclone);
- 
-	%color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
-+ %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
- 
-	store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n";
-+ store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n";
- 
-	$colref = retrieve('mycolors');
-	die "Unable to retrieve from mycolors!\n" unless defined $colref;
-	printf "Blue is still %lf\n", $colref->{'Blue'};
-+ $colref = retrieve('mycolors');
-+ die "Unable to retrieve from mycolors!\n" unless defined $colref;
-+ printf "Blue is still %lf\n", $colref->{'Blue'};
- 
-	$colref2 = dclone(\%color);
-+ $colref2 = dclone(\%color);
- 
-	$str = freeze(\%color);
-	printf "Serialization of %%color is %d bytes long.\n", length($str);
-	$colref3 = thaw($str);
-+ $str = freeze(\%color);
-+ printf "Serialization of %%color is %d bytes long.\n", length($str);
-+ $colref3 = thaw($str);
- 
- which prints (on my machine):
- 
-	Blue is still 0.100000
-	Serialization of %color is 102 bytes long.
-+ Blue is still 0.100000
-+ Serialization of %color is 102 bytes long.
- 
- Serialization of CODE references and deserialization in a safe
- compartment:
- 
- =for example begin
- 
-	use Storable qw(freeze thaw);
-	use Safe;
-	use strict;
-	my $safe = new Safe;
-+ use Storable qw(freeze thaw);
-+ use Safe;
-+ use strict;
-+ my $safe = new Safe;
-         # because of opcodes used in "use strict":
-	$safe->permit(qw(:default require));
-	local $Storable::Deparse = 1;
-	local $Storable::Eval = sub { $safe->reval($_[0]) };
-	my $serialized = freeze(sub { 42 });
-	my $code = thaw($serialized);
-	$code->() == 42;
-+ $safe->permit(qw(:default require));
-+ local $Storable::Deparse = 1;
-+ local $Storable::Eval = sub { $safe->reval($_[0]) };
-+ my $serialized = freeze(sub { 42 });
-+ my $code = thaw($serialized);
-+ $code->() == 42;
- 
- =for example end
- 
-diff --git a/Storable.xs b/Storable.xs
-index e7d0329..83cd001 100644
--- a/Storable.xs
-+++ b/Storable.xs
-@@ -1667,6 +1667,7 @@ static void free_context(pTHX_ stcxt_t *cxt)
- 
- 	ASSERT(!cxt->s_dirty, ("clean context"));
- 	ASSERT(prev, ("not freeing root context"));
-+	assert(prev);
- 
- 	SvREFCNT_dec(cxt->my_sv);
- 	SET_STCXT(prev);
-@@ -6677,6 +6678,7 @@ SV *	obj
-  ALIAS:
-   net_mstore = 1
-  CODE:
-+  RETVAL = &PL_sv_undef;
-   if (!do_store(aTHX_ (PerlIO*) 0, obj, 0, ix, &RETVAL))
-     RETVAL = &PL_sv_undef;
-  OUTPUT:
--- a/SOURCES/Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch
+++ b/SOURCES/Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch
@ -1,18 +0,0 @@
-diff -up Storable/Storable.pm.cve Storable/Storable.pm
--- Storable/Storable.pm.cve	2016-03-19 19:50:47.000000000 +0100
-+++ Storable/Storable.pm	2016-08-03 12:48:36.415082280 +0200
-@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERS
- $VERSION = '2.56';
- 
- BEGIN {
-    if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) {
-+    if (eval {
-+        local $SIG{__DIE__};
-+        local @INC = @INC;
-+        pop @INC if $INC[-1] eq '.';
-+        require Log::Agent;
-+        1;
-+    }) {
-         Log::Agent->import;
-     }
-     #
--- a/SOURCES/Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch
+++ b/SOURCES/Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch
@ -1,103 +0,0 @@
-From c34e1dd29983e5d36d367462b9b4b4b8fcd5a0f8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 6 Feb 2017 15:13:41 +0100
-Subject: [PATCH] Fix stack buffer overflow in deserialization of hooks.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ported from perl:
-
-commit 3e998ddfb597cfae7bdb460b22e6c50440b1de92
-Author: John Lightsey <jd@cpanel.net>
-Date:   Tue Jan 24 10:30:18 2017 -0600
-
-    Fix stack buffer overflow in deserialization of hooks.
-
-    The use of signed lengths resulted in a stack overflow in retrieve_hook()
-    when a negative length was provided in the storable data.
-
-    The retrieve_blessed() codepath had a similar problem with the placement
-    of the trailing null byte when negative lengths were provided.
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
---
- Storable.xs | 11 +++++++++--
- t/store.t   | 12 +++++++++++-
- 2 files changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/Storable.xs b/Storable.xs
-index bc15d1d..3cce3ed 100644
--- a/Storable.xs
-+++ b/Storable.xs
-@@ -4016,7 +4016,7 @@ static SV *retrieve_idx_blessed(pTHX_ stcxt_t *cxt, const char *cname)
-  */
- static SV *retrieve_blessed(pTHX_ stcxt_t *cxt, const char *cname)
- {
-	I32 len;
-+	U32 len;
- 	SV *sv;
- 	char buf[LG_BLESS + 1];		/* Avoid malloc() if possible */
- 	char *classname = buf;
-@@ -4037,6 +4037,9 @@ static SV *retrieve_blessed(pTHX_ stcxt_t *cxt, const char *cname)
- 	if (len & 0x80) {
- 		RLEN(len);
- 		TRACEME(("** allocating %d bytes for class name", len+1));
-+		if (len > I32_MAX) {
-+			CROAK(("Corrupted classname length"));
-+		}
- 		New(10003, classname, len+1, char);
- 		malloced_classname = classname;
- 	}
-@@ -4087,7 +4090,7 @@ static SV *retrieve_blessed(pTHX_ stcxt_t *cxt, const char *cname)
-  */
- static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
- {
-	I32 len;
-+	U32 len;
- 	char buf[LG_BLESS + 1];		/* Avoid malloc() if possible */
- 	char *classname = buf;
- 	unsigned int flags;
-@@ -4221,6 +4224,10 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
- 		else
- 			GETMARK(len);
- 
-+		if (len > I32_MAX) {
-+			CROAK(("Corrupted classname length"));
-+		}
-+
- 		if (len > LG_BLESS) {
- 			TRACEME(("** allocating %d bytes for class name", len+1));
- 			New(10003, classname, len+1, char);
-diff --git a/t/store.t b/t/store.t
-index be43299..1cbf021 100644
--- a/t/store.t
-+++ b/t/store.t
-@@ -19,7 +19,7 @@ sub BEGIN {
- 
- use Storable qw(store retrieve store_fd nstore_fd fd_retrieve);
- 
-use Test::More tests => 21;
-+use Test::More tests => 22;
- 
- $a = 'toto';
- $b = \$a;
-@@ -87,5 +87,15 @@ is(&dump($r), &dump(\%a));
- eval { $r = fd_retrieve(::OUT); };
- isnt($@, '');
- 
-+{
-+
-+    my $frozen =
-+      "\x70\x73\x74\x30\x04\x0a\x08\x31\x32\x33\x34\x35\x36\x37\x38\x04\x08\x08\x08\x03\xff\x00\x00\x00\x19\x08\xff\x00\x00\x00\x08\x08\xf9\x16\x16\x13\x16\x10\x10\x10\xff\x15\x16\x16\x16\x1e\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x13\xf0\x16\x16\x16\xfe\x16\x41\x41\x41\x41\xe8\x03\x41\x41\x41\x41\x41\x41\x41\x41\x51\x41\xa9\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xb8\xac\xac\xac\xac\xac\xac\xac\xac\x9a\xac\xac\xac\xac\xac\xac\xac\xac\xac\x93\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\x00\x64\xac\xa8\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\x2c\xac\x41\x41\x41\x41\x41\x41\x41\x41\x41\x00\x80\x41\x80\x41\x41\x41\x41\x41\x41\x51\x41\xac\xac\xac";
-+    open my $fh, '<', \$frozen;
-+    eval { Storable::fd_retrieve($fh); };
-+    pass('RT 130635:  no stack smashing error when retrieving hook');
-+
-+}
-+
- close OUT or die "Could not close: $!";
- END { 1 while unlink 'store' }
-- 
-2.7.4
-
--- a/SOURCES/Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch
+++ b/SOURCES/Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch
@ -1,81 +0,0 @@
-From 979ae704ddc9e6f19d8dbf7a83bea155065ef3cc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 6 Feb 2017 15:26:09 +0100
-Subject: [PATCH] prevent leak of class name from retrieve_hook() on an
- exception
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ported from perl:
-
-commit da1ec2b1b9abdfd956d9c539abf39d908d046304
-Author: Tony Cook <tony@develop-help.com>
-Date:   Mon Feb 6 11:38:10 2017 +1100
-
-    prevent leak of class name from retrieve_hook() on an exception
-
-    If supplied with a large class name, retrieve_hook() allocates
-    buffer for the class name and Safefree()s it on exit path.
-
-    Unfortunately this memory leaks if load_module() (or a couple of other
-    code paths) throw an exception.
-
-    So use SAVEFREEPV() to release the memory instead.
-
-    ==20183== 193 bytes in 1 blocks are definitely lost in loss record 4 of 6
-    ==20183==    at 0x4C28C20: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
-    ==20183==    by 0x55F85D: Perl_safesysmalloc (util.c:153)
-    ==20183==    by 0x6ACA046: retrieve_hook (Storable.xs:4265)
-    ==20183==    by 0x6AD6D19: retrieve (Storable.xs:6217)
-    ==20183==    by 0x6AD8144: do_retrieve (Storable.xs:6401)
-    ==20183==    by 0x6AD85B7: pretrieve (Storable.xs:6506)
-    ==20183==    by 0x6AD8E14: XS_Storable_pretrieve (Storable.xs:6718)
-    ==20183==    by 0x5C176D: Perl_pp_entersub (pp_hot.c:4227)
-    ==20183==    by 0x55E1C6: Perl_runops_debug (dump.c:2450)
-    ==20183==    by 0x461B79: S_run_body (perl.c:2528)
-    ==20183==    by 0x46115C: perl_run (perl.c:2451)
-    ==20183==    by 0x41F1CD: main (perlmain.c:123)
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
---
- Storable.xs | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/Storable.xs b/Storable.xs
-index 3cce3ed..75ce3df 100644
--- a/Storable.xs
-+++ b/Storable.xs
-@@ -4249,6 +4249,11 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
- 
- 	TRACEME(("class name: %s", classname));
- 
-+	if (!(flags & SHF_IDX_CLASSNAME) && classname != buf) {
-+                /* some execution paths can throw an exception */
-+		SAVEFREEPV(classname);
-+        }
-+
- 	/*
- 	 * Decode user-frozen string length and read it in an SV.
- 	 *
-@@ -4367,8 +4372,6 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
- 		SEEN0(sv, 0);
- 		SvRV_set(attached, NULL);
- 		SvREFCNT_dec(attached);
-		if (!(flags & SHF_IDX_CLASSNAME) && classname != buf)
-		    Safefree(classname);
- 		return sv;
- 	    }
- 	    CROAK(("STORABLE_attach did not return a %s object", classname));
-@@ -4449,8 +4452,6 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
- 	SvREFCNT_dec(frozen);
- 	av_undef(av);
- 	sv_free((SV *) av);
-	if (!(flags & SHF_IDX_CLASSNAME) && classname != buf)
-		Safefree(classname);
- 
- 	/*
- 	 * If we had an <extra> type, then the object was not as simple, and
-- 
-2.7.4
-
--- a/SOURCES/Storable-3.15-perl-134179-include-regexps-in-the-seen-objects-tabl.patch
+++ b/SOURCES/Storable-3.15-perl-134179-include-regexps-in-the-seen-objects-tabl.patch
@ -0,0 +1,92 @@
+From 16f2ddb794883529d5a3ad8326974a07aae7e567 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 10 Jun 2019 10:17:20 +1000
+Subject: [PATCH] (perl #134179) include regexps in the seen objects table on
+ retrieve
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Also, bless the regexp object, so freezing/thawing bless qr//, "Foo"
+returns a "Foo" blesses regexp.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ dist/Storable/Storable.xs |  5 +++--
+ dist/Storable/t/regexp.t  |  4 +++-
+ dist/Storable/t/weak.t    | 10 +++++++++-
+ 3 files changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
+index ed729c94a6..6a45d8adf2 100644
+--- a/dist/Storable/Storable.xs
+++ b/dist/Storable/Storable.xs
+@@ -6808,8 +6808,7 @@ static SV *retrieve_regexp(pTHX_ stcxt_t *cxt, const char *cname) {
+     SV *sv;
+     dSP;
+     I32 count;
+-
+-    PERL_UNUSED_ARG(cname);
+    HV *stash;
+ 
+     ENTER;
+     SAVETMPS;
+@@ -6857,6 +6856,8 @@ static SV *retrieve_regexp(pTHX_ stcxt_t *cxt, const char *cname) {
+ 
+     sv = SvRV(re_ref);
+     SvREFCNT_inc(sv);
+    stash = cname ? gv_stashpv(cname, GV_ADD) : 0;
+    SEEN_NN(sv, stash, 0);
+     
+     FREETMPS;
+     LEAVE;
+diff --git a/dist/Storable/t/regexp.t b/dist/Storable/t/regexp.t
+index acf28cfec6..e7c6c7e94a 100644
+--- a/dist/Storable/t/regexp.t
+++ b/dist/Storable/t/regexp.t
+@@ -37,7 +37,7 @@ while (<DATA>) {
+     }
+ }
+ 
+-plan tests => 9 + 3*scalar(@tests);
+plan tests => 10 + 3*scalar(@tests);
+ 
+ SKIP:
+ {
+@@ -75,6 +75,8 @@ SKIP:
+     ok(!eval { dclone($re) }, "should fail to clone, even with use re 'eval'");
+ }
+ 
+is(ref(dclone(bless qr//, "Foo")), "Foo", "check reblessed regexps");
+
+ for my $test (@tests) {
+     my ($code, $not, $match, $matchc, $name) = @$test;
+     my $qr = eval $code;
+diff --git a/dist/Storable/t/weak.t b/dist/Storable/t/weak.t
+index 220c70160f..48752fbec4 100644
+--- a/dist/Storable/t/weak.t
+++ b/dist/Storable/t/weak.t
+@@ -29,7 +29,7 @@ sub BEGIN {
+ }
+ 
+ use Test::More 'no_plan';
+-use Storable qw (store retrieve freeze thaw nstore nfreeze);
+use Storable qw (store retrieve freeze thaw nstore nfreeze dclone);
+ require 'testlib.pl';
+ our $file;
+ use strict;
+@@ -143,3 +143,11 @@ foreach (@tests) {
+   $stored = nfreeze $input;
+   tester($stored, \&freeze_and_thaw, $testsub, 'network string');
+ }
+
+{
+    # [perl #134179] sv_upgrade from type 7 down to type 1
+    my $foo = [qr//,[]];
+    weaken($foo->[1][0][0] = $foo->[1]);
+    my $out = dclone($foo); # croaked here
+    is_deeply($out, $foo, "check they match");
+}
+-- 
+2.20.1
+
--- a/SOURCES/Storable-3.16-Storable-make-count-large-enough.patch
+++ b/SOURCES/Storable-3.16-Storable-make-count-large-enough.patch
@ -0,0 +1,53 @@
+From f7724052d1b8b75339f5ec2cc3d5b35ca5d130b5 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 7 Aug 2019 11:13:53 +1000
+Subject: [PATCH] Storable: make count large enough
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+AvARRAY() could be very large, and we check for that at line 3807,
+but int was (potentially) too small to make that comparison
+meaningful.
+
+CID 174681.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ dist/Storable/Storable.xs | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
+index 6a45d8adf2..d75125b839 100644
+--- a/dist/Storable/Storable.xs
+++ b/dist/Storable/Storable.xs
+@@ -3662,7 +3662,7 @@ static int store_hook(
+     SV *ref;
+     AV *av;
+     SV **ary;
+-    int count;			/* really len3 + 1 */
+    IV count;			/* really len3 + 1 */
+     unsigned char flags;
+     char *pv;
+     int i;
+@@ -3752,7 +3752,7 @@ static int store_hook(
+     SvREFCNT_dec(ref);			/* Reclaim temporary reference */
+ 
+     count = AvFILLp(av) + 1;
+-    TRACEME(("store_hook, array holds %d items", count));
+    TRACEME(("store_hook, array holds %" IVdf " items", count));
+ 
+     /*
+      * If they return an empty list, it means they wish to ignore the
+@@ -3986,7 +3986,7 @@ static int store_hook(
+      */
+ 
+     TRACEME(("SX_HOOK (recursed=%d) flags=0x%x "
+-             "class=%" IVdf " len=%" IVdf " len2=%" IVdf " len3=%d",
+             "class=%" IVdf " len=%" IVdf " len2=%" IVdf " len3=%" IVdf,
+              recursed, flags, (IV)classnum, (IV)len, (IV)len2, count-1));
+ 
+     /* SX_HOOK <flags> [<extra>] */
+-- 
+2.20.1
+
--- a/SOURCES/perl-5.25.7-Fix-Storable-segfaults.patch
+++ b/SOURCES/perl-5.25.7-Fix-Storable-segfaults.patch
@ -1,61 +0,0 @@
-From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001
-From: John Lightsey <lightsey@debian.org>
-Date: Mon, 14 Nov 2016 11:56:15 +0100
-Subject: [PATCH] Fix Storable segfaults.
-
-Fix a null pointed dereference segfault in storable when the
-retrieve_code logic was unable to read the string that contained
-the code.
-
-Also fix several locations where retrieve_other was called with a
-null context pointer. This also resulted in a null pointer
-dereference.
---
- dist/Storable/Storable.xs | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
-index 053951c..caa489c 100644
--- a/dist/Storable/Storable.xs
-+++ b/dist/Storable/Storable.xs
-@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char *cname)
- 		CROAK(("Unexpected type %d in retrieve_code\n", type));
- 	}
- 
-+	if (!text) {
-+		CROAK(("Unable to retrieve code\n"));
-+	}
-+
- 	/*
- 	 * prepend "sub " to the source
- 	 */
-@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const char *cname)
- 			continue;			/* av_extend() already filled us with undef */
- 		}
- 		if (c != SX_ITEM)
-			(void) retrieve_other(aTHX_ (stcxt_t *) 0, 0);	/* Will croak out */
-+			(void) retrieve_other(aTHX_ cxt, 0);	/* Will croak out */
- 		TRACEME(("(#%d) item", i));
- 		sv = retrieve(aTHX_ cxt, 0);						/* Retrieve item */
- 		if (!sv)
-@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname)
- 			if (!sv)
- 				return (SV *) 0;
- 		} else
-			(void) retrieve_other(aTHX_ (stcxt_t *) 0, 0);	/* Will croak out */
-+			(void) retrieve_other(aTHX_ cxt, 0);	/* Will croak out */
- 
- 		/*
- 		 * Get key.
-@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname)
- 
- 		GETMARK(c);
- 		if (c != SX_KEY)
-			(void) retrieve_other(aTHX_ (stcxt_t *) 0, 0);	/* Will croak out */
-+			(void) retrieve_other(aTHX_ cxt, 0);	/* Will croak out */
- 		RLEN(size);						/* Get key size */
- 		KBUFCHK((STRLEN)size);					/* Grow hash key read pool if needed */
- 		if (size)
-- 
-2.10.2
-
--- a/SOURCES/perl-5.31.6-disallow-vstring-magic-strings-over-2GB-1.patch
+++ b/SOURCES/perl-5.31.6-disallow-vstring-magic-strings-over-2GB-1.patch
@ -0,0 +1,67 @@
+From ea1e86cfdf26a330e58ea377a80273de7110011b Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 21 Aug 2019 11:37:58 +1000
+Subject: [PATCH] disallow vstring magic strings over 2GB-1
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On reads this could result in buffer overflows, so avoid writing
+such large vstrings to avoid causing problems for older Storable.
+
+Since we no longer write such large vstrings, we don't want to accept
+them.
+
+I doubt that restricting versions strings to under 2GB-1 will have
+a practical effect on downstream users.
+
+fixes #17306
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ dist/Storable/Storable.xs | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
+index c2335680ab..d27ac58012 100644
+--- a/dist/Storable/Storable.xs
+++ b/dist/Storable/Storable.xs
+@@ -2628,6 +2628,12 @@ static int store_scalar(pTHX_ stcxt_t *cxt, SV *sv)
+             /* The macro passes this by address, not value, and a lot of
+                called code assumes that it's 32 bits without checking.  */
+             const SSize_t len = mg->mg_len;
+            /* we no longer accept vstrings over I32_SIZE-1, so don't emit
+               them, also, older Storables handle them badly.
+            */
+            if (len >= I32_MAX) {
+                CROAK(("vstring too large to freeze"));
+            }
+             STORE_PV_LEN((const char *)mg->mg_ptr,
+                          len, SX_VSTRING, SX_LVSTRING);
+         }
+@@ -5937,12 +5943,19 @@ static SV *retrieve_lvstring(pTHX_ stcxt_t *cxt, const char *cname)
+ {
+ #ifdef SvVOK
+     char *s;
+-    I32 len;
+    U32 len;
+     SV *sv;
+ 
+     RLEN(len);
+-    TRACEME(("retrieve_lvstring (#%d), len = %" IVdf,
+-             (int)cxt->tagnum, (IV)len));
+    TRACEME(("retrieve_lvstring (#%d), len = %" UVuf,
+             (int)cxt->tagnum, (UV)len));
+
+    /* Since we'll no longer produce such large vstrings, reject them
+       here too.
+    */
+    if (len >= I32_MAX) {
+        CROAK(("vstring too large to fetch"));
+    }
+ 
+     New(10003, s, len+1, char);
+     SAFEPVREAD(s, len, s);
+-- 
+2.21.0
+
--- a/SPECS/perl-Storable.spec
+++ b/SPECS/perl-Storable.spec
@ -1,50 +1,46 @@
-%global base_version 2.51
-
 Name:           perl-Storable
 Epoch:          1
-Version:        2.56
-Release:        369%{?dist}
+Version:        3.15
+Release:        442%{?dist}
 Summary:        Persistence for Perl data structures
+# __Storable__.pm:  GPL+ or Artistic
 License:        GPL+ or Artistic
-Group:          Development/Libraries
-URL:            http://search.cpan.org/dist/Storable/
-Source0:        http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}.tar.gz
-# Unbundled from perl 5.21.11
-Patch0:         Storable-2.51-Upgrade-to-2.53.patch
-# Unbundled from perl 5.24.0
-Patch1:         Storable-2.53-Upgrade-to-2.56.patch
-# Avoid loading optional modules from default . (CVE-2016-1238)
-Patch2:         Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch
-# Fix crash in Storable when deserializing malformed code reference, RT#68348,
-# RT130098
-Patch3:         perl-5.25.7-Fix-Storable-segfaults.patch
-# Fix a stack buffer overflow in deserialization of hooks, RT#130635,
-# fixed in perl after 5.25.9
-Patch4:         Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch
-# Fix a memory leak of a class name from retrieve_hook() on an exception,
-# RT#130635, fixed in perl after 5.25.9
-Patch5:         Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch
-BuildRequires:  coreutils
+URL:            https://metacpan.org/release/Storable
+Source0:        https://cpan.metacpan.org/authors/id/X/XS/XSAWYERX/Storable-%{version}.tar.gz
+# Fix deep cloning regular expression objects, RT#134179,
+# in Perl upstream after 5.31.0
+Patch0:         Storable-3.15-perl-134179-include-regexps-in-the-seen-objects-tabl.patch
+# Fix array length check in a store hook, in Perl upstream after 5.31.2
+Patch1:         Storable-3.16-Storable-make-count-large-enough.patch
+# Fix a buffer overflow when processing a vstring longer than 2^31-1,
+# Perl GH#17306, in perl upstream after 5.31.6
+Patch2:         perl-5.31.6-disallow-vstring-magic-strings-over-2GB-1.patch
 BuildRequires:  gcc
 BuildRequires:  make
-BuildRequires:  perl
 BuildRequires:  perl-devel
 BuildRequires:  perl-generators
+BuildRequires:  perl-interpreter
 BuildRequires:  perl(Config)
-BuildRequires:  perl(ExtUtils::MakeMaker)
-BuildRequires:  sed
+BuildRequires:  perl(Cwd)
+BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
+BuildRequires:  perl(File::Copy)
+BuildRequires:  perl(File::Spec) >= 0.8
+BuildRequires:  perl(strict)
+BuildRequires:  perl(warnings)
+# Win32 not used on Linux
+# Win32API::File not used on Linux
 # Run-time:
-# Carp substitutes missing Log::Agent
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Exporter)
 # Fcntl is optional, but locking is good
 BuildRequires:  perl(Fcntl)
 BuildRequires:  perl(IO::File)
 # Log::Agent is optional
-BuildRequires:  perl(vars)
 BuildRequires:  perl(XSLoader)
 # Tests:
+BuildRequires:  perl(base)
 BuildRequires:  perl(bytes)
+BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(integer)
 BuildRequires:  perl(overload)
 BuildRequires:  perl(utf8)
@ -52,19 +48,18 @@ BuildRequires:  perl(Test::More)
 BuildRequires:  perl(threads)
 BuildRequires:  perl(Safe)
 BuildRequires:  perl(Scalar::Util)
-BuildRequires:  perl(strict)
-BuildRequires:  perl(warnings)
+BuildRequires:  perl(Tie::Array)
 # Optional tests:
+# gzip not used
 # Data::Dump not used
 # Data::Dumper not used
 BuildRequires:  perl(B::Deparse) >= 0.61
 BuildRequires:  perl(Digest::MD5)
-BuildRequires:  perl(File::Spec) >= 0.8
 BuildRequires:  perl(Hash::Util)
+# Test::LeakTrace omitted because it's not a core module requried for building
+# core Storable.
 BuildRequires:  perl(Tie::Hash)
 Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
-# Carp substitutes missing Log::Agent
-Requires:       perl(Carp)
 Requires:       perl(Config)
 # Fcntl is optional, but locking is good
 Requires:       perl(Fcntl)
@ -78,30 +73,23 @@ containing scalar, array, hash or reference objects, i.e. anything that
 can be conveniently stored to disk and retrieved at a later time.

 %prep
-%setup -q -n Storable-%{base_version}
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p3
-%patch4 -p1
-%patch5 -p1
-# Remove bundled modules
-rm -rf t/compat
-sed -i -e '/^t\/compat\//d' MANIFEST
+%setup -q -n Storable-%{version}
+%patch0 -p3
+%patch1 -p3
+%patch2 -p3

 %build
-# Be ware hints/linux.pl removes "-ON" from CFLAGS if N > 2 because it can
-# break the code.
-perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="$RPM_OPT_FLAGS"
-make %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1 OPTIMIZE="$RPM_OPT_FLAGS"
+%{make_build}

 %install
-make pure_install DESTDIR=$RPM_BUILD_ROOT
-find $RPM_BUILD_ROOT -type f -name .packlist -delete
+%{make_install}
 find $RPM_BUILD_ROOT -type f -name '*.bs' -size 0 -delete
+find $RPM_BUILD_ROOT -type f -name '*.3pm' -size 0 -delete
 %{_fixperms} $RPM_BUILD_ROOT/*

 %check
+unset PERL_CORE PERL_TEST_MEMORY PERL_RUN_SLOW_TESTS
 make test

 %files
@ -111,8 +99,67 @@ make test
 %{_mandir}/man3/*

 %changelog
-* Fri Mar 29 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.56-369
- Rebuild with enable hardening (bug #1636329)
+* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 1:3.15-442
+- Fix a buffer overflow when processing a vstring longer than 2^31-1
+  (Perl GH#17306)
+
+* Thu Aug 08 2019 Petr Pisar <ppisar@redhat.com> - 1:3.15-441
+- Fix array length check in a store hook
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.15-440
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 11 2019 Petr Pisar <ppisar@redhat.com> - 1:3.15-439
+- Fix deep cloning regular expression objects (RT#134179)
+
+* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.15-438
+- Increase release to favour standalone package
+
+* Wed Apr 24 2019 Petr Pisar <ppisar@redhat.com> - 1:3.15-1
+- 3.15 bump
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.11-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 07 2019 Petr Pisar <ppisar@redhat.com> - 1:3.11-6
+- Storable-3.11 source archive repackaged without a t/CVE-2015-1592.inc file
+  (RT#133706)
+
+* Mon Aug 27 2018 Petr Pisar <ppisar@redhat.com> - 1:3.11-5
+- Fix recursion check (RT#133326)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.11-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 26 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1:3.11-3
+- Perl 5.28 rebuild
+
+* Tue Jun 05 2018 Petr Pisar <ppisar@redhat.com> - 1:3.11-2
+- Do not package empty Storable::Limit(3pm) manual page
+
+* Mon Apr 30 2018 Petr Pisar <ppisar@redhat.com> - 1:3.11-1
+- 3.11 bump
+
+* Mon Apr 23 2018 Petr Pisar <ppisar@redhat.com> - 1:3.09-1
+- 3.09 bump
+
+* Thu Apr 19 2018 Petr Pisar <ppisar@redhat.com> - 1:3.06-1
+- 3.06 bump
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.62-396
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.62-395
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.62-394
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Jun 03 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1:2.62-393
+- Perl 5.26 rebuild
+
+* Thu May 11 2017 Petr Pisar <ppisar@redhat.com> - 1:2.62-1
+- Upgrade to 2.62 as provided in perl-5.25.12

 * Mon Feb 06 2017 Petr Pisar <ppisar@redhat.com> - 1:2.56-368
 - Fix a stack buffer overflow in deserialization of hooks (RT#130635)