From 4f72402355b6a69506093ad6eeced99863dad4eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 4 Mar 2021 17:34:09 +0100 Subject: [PATCH 1/4] Protect locale tests from LANGUAGE environment variable --- ...cale.t-Rmv-LANGUAGE-from-environment.patch | 32 +++++++++++++++++++ perl.spec | 11 ++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch diff --git a/perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch b/perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch new file mode 100644 index 0000000..bdc0c35 --- /dev/null +++ b/perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch @@ -0,0 +1,32 @@ +From a2f57b06b018b254bee93e1a1265cfc09833366f Mon Sep 17 00:00:00 2001 +From: Karl Williamson +Date: Tue, 9 Feb 2021 11:32:15 -0700 +Subject: [PATCH] t/run/locale.t: Rmv LANGUAGE from environment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This could cause interference with our tests on some platforms that have +this environment variable. + +Signed-off-by: Petr Písař +--- + t/run/locale.t | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/t/run/locale.t b/t/run/locale.t +index 8a04d1aea6..0f2a2ba457 100644 +--- a/t/run/locale.t ++++ b/t/run/locale.t +@@ -38,7 +38,7 @@ if (defined $ARGV[0] && $ARGV[0] ne "") { + } + + # reset the locale environment +-delete local @ENV{'LANG', (grep /^LC_[A-Z]+$/, keys %ENV)}; ++delete local @ENV{'LANGUAGE', 'LANG', (grep /^LC_[A-Z]+$/, keys %ENV)}; + + # If user wants this to happen, they set the environment variable AND use + # 'debug' +-- +2.26.2 + diff --git a/perl.spec b/perl.spec index 53396a4..37c952e 100644 --- a/perl.spec +++ b/perl.spec @@ -100,7 +100,7 @@ License: GPL+ or Artistic Epoch: %{perl_epoch} Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 471%{?dist} +Release: 472%{?dist} Summary: Practical Extraction and Report Language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz @@ -261,6 +261,10 @@ Patch52: perl-5.33.5-Use-perl.h-versions-of-PERL_UNUSED_foo-in-XSUB.h.pat # Add missing entries to perldiag, GH#18276, in upstream after 5.33.6 Patch53: perl-5.33.6-Add-missing-entries-to-perldiag-GH-18276.patch +# Protect locale tests from LANGUAGE environment variable, +# in upstream after 5.33.6 +Patch54: perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -4315,6 +4319,7 @@ you're not running VMS, this module does nothing. %patch51 -p1 %patch52 -p1 %patch53 -p1 +%patch54 -p1 %patch200 -p1 %patch201 -p1 @@ -4367,6 +4372,7 @@ perl -x patchlevel.h \ 'Fedora Patch51: Fix croaking on "my $_" when "use utf8" is in effect (GH#18449)' \ 'Fedora Patch52: Fix PERL_UNUSED_ARG() definition in XSUB.h' \ 'Fedora Patch53: Add missing entries to perldiag (GH#18276)' \ + 'Fedora Patch54: Protect locale tests from LANGUAGE environment variable' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -7094,6 +7100,9 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Thu Mar 04 2021 Petr Pisar - 4:5.32.1-472 +- Protect locale tests from LANGUAGE environment variable + * Tue Feb 09 2021 Petr Pisar - 4:5.32.1-471 - Make accessing environment by DynaLoader thread-safe - Use duplocale() if available From 622440427f30eca31409841eb26637c3862ca0ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 4 Mar 2021 17:39:11 +0100 Subject: [PATCH 2/4] Prevent the number of buckets in a hash from getting too large --- ...-clause-to-prevent-the-number-of-buc.patch | 53 +++++++++++++++++++ perl.spec | 7 +++ 2 files changed, 60 insertions(+) create mode 100644 perl-5.32.1-hv.c-add-a-guard-clause-to-prevent-the-number-of-buc.patch diff --git a/perl-5.32.1-hv.c-add-a-guard-clause-to-prevent-the-number-of-buc.patch b/perl-5.32.1-hv.c-add-a-guard-clause-to-prevent-the-number-of-buc.patch new file mode 100644 index 0000000..de7652e --- /dev/null +++ b/perl-5.32.1-hv.c-add-a-guard-clause-to-prevent-the-number-of-buc.patch @@ -0,0 +1,53 @@ +From c5eed6e541fe27d9e9dfd31f42c43f4dfa1f486b Mon Sep 17 00:00:00 2001 +From: Yves Orton +Date: Sat, 11 Jul 2020 09:26:21 +0200 +Subject: [PATCH] hv.c: add a guard clause to prevent the number of buckets in + a hash from getting too large +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This caps it at 1<<28 buckets, eg, ~268M. In theory without a guard clause like +this we could grow to the point of possibly wrapping around in terms of size, +not to mention being ridiculously wasteful of memory at larger sizes. +Even this cap is probably too high. It should probably be something like 1<<24. + +Petr Písař: Ported to 5.32.1 from +aae087f7cec022be14a17deb95cb2208e16b7891. + +Signed-off-by: Petr Písař +--- + hv.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/hv.c b/hv.c +index eccae62..32dbd19 100644 +--- a/hv.c ++++ b/hv.c +@@ -38,7 +38,13 @@ holds the key and hash value. + * NOTE if you change this formula so we split earlier than previously + * you MUST change the logic in hv_ksplit() + */ +-#define DO_HSPLIT(xhv) ( ((xhv)->xhv_keys + ((xhv)->xhv_keys >> 1)) > (xhv)->xhv_max ) ++ ++/* MAX_BUCKET_MAX is the maximum max bucket index, at which point we stop growing the ++ * number of buckets, ++ */ ++#define MAX_BUCKET_MAX ((1<<26)-1) ++#define DO_HSPLIT(xhv) ( ( ((xhv)->xhv_keys + ((xhv)->xhv_keys >> 1)) > (xhv)->xhv_max ) && \ ++ ((xhv)->xhv_max < MAX_BUCKET_MAX) ) + #define HV_FILL_THRESHOLD 31 + + static const char S_strtab_error[] +@@ -1426,6 +1432,8 @@ S_hsplit(pTHX_ HV *hv, STRLEN const oldsize, STRLEN newsize) + ); + + PERL_ARGS_ASSERT_HSPLIT; ++ if (newsize > MAX_BUCKET_MAX+1) ++ return; + + PL_nomemok = TRUE; + Renew(a, PERL_HV_ARRAY_ALLOC_BYTES(newsize) +-- +2.26.2 + diff --git a/perl.spec b/perl.spec index 37c952e..ffe8a9f 100644 --- a/perl.spec +++ b/perl.spec @@ -265,6 +265,10 @@ Patch53: perl-5.33.6-Add-missing-entries-to-perldiag-GH-18276.patch # in upstream after 5.33.6 Patch54: perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch +# Prevent the number of buckets in a hash from getting too large, +# in upstream after 5.33.6 +Patch55: perl-5.32.1-hv.c-add-a-guard-clause-to-prevent-the-number-of-buc.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -4320,6 +4324,7 @@ you're not running VMS, this module does nothing. %patch52 -p1 %patch53 -p1 %patch54 -p1 +%patch55 -p1 %patch200 -p1 %patch201 -p1 @@ -4373,6 +4378,7 @@ perl -x patchlevel.h \ 'Fedora Patch52: Fix PERL_UNUSED_ARG() definition in XSUB.h' \ 'Fedora Patch53: Add missing entries to perldiag (GH#18276)' \ 'Fedora Patch54: Protect locale tests from LANGUAGE environment variable' \ + 'Fedora Patch55: Prevent the number of buckets in a hash from getting too large' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -7102,6 +7108,7 @@ popd %changelog * Thu Mar 04 2021 Petr Pisar - 4:5.32.1-472 - Protect locale tests from LANGUAGE environment variable +- Prevent the number of buckets in a hash from getting too large * Tue Feb 09 2021 Petr Pisar - 4:5.32.1-471 - Make accessing environment by DynaLoader thread-safe From c43a56bb9c4ce04c6b2d13a93fa1f455397f63fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 4 Mar 2021 17:51:21 +0100 Subject: [PATCH 3/4] Fix a memory leak when compiling a regular expression --- ...-5.33.7-regcomp.c-Remove-memory-leak.patch | 74 +++++++++++++++++++ perl.spec | 7 ++ 2 files changed, 81 insertions(+) create mode 100644 perl-5.33.7-regcomp.c-Remove-memory-leak.patch diff --git a/perl-5.33.7-regcomp.c-Remove-memory-leak.patch b/perl-5.33.7-regcomp.c-Remove-memory-leak.patch new file mode 100644 index 0000000..44dc94e --- /dev/null +++ b/perl-5.33.7-regcomp.c-Remove-memory-leak.patch @@ -0,0 +1,74 @@ +From 5f41fa466a67b5535aa8bcf4b814f242545ac7bd Mon Sep 17 00:00:00 2001 +From: Karl Williamson +Date: Sat, 27 Feb 2021 11:43:41 -0700 +Subject: [PATCH] regcomp.c: Remove memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes GH #18604. There was a path through the code where a +particular SV did not get its reference count decremented. + +I did an audit of the function and came up with several other +possiblities that are included in this commit. + +Further, there would be leaks for some instances of finding syntax +errors in the input pattern, or when warnings are fatalized. Those +would require mortalizing some SVs, but that is beyond the scope of this +commit. + +Signed-off-by: Petr Písař +--- + regcomp.c | 7 +++++++ + t/op/svleak.t | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/regcomp.c b/regcomp.c +index e44c7a37e5..f5e5f581dc 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -18765,6 +18765,12 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth, + RExC_end = save_end; + RExC_in_multi_char_class = 0; + SvREFCNT_dec_NN(multi_char_matches); ++ SvREFCNT_dec(properties); ++ SvREFCNT_dec(cp_list); ++ SvREFCNT_dec(simple_posixes); ++ SvREFCNT_dec(posixes); ++ SvREFCNT_dec(nposixes); ++ SvREFCNT_dec(cp_foldable_list); + return ret; + } + +@@ -20122,6 +20128,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth, + RExC_parse - orig_parse);; + SvREFCNT_dec(cp_list);; + SvREFCNT_dec(only_utf8_locale_list); ++ SvREFCNT_dec(upper_latin1_only_utf8_matches); + return ret; + } + +diff --git a/t/op/svleak.t b/t/op/svleak.t +index 6acc298c3d..3df4838be8 100644 +--- a/t/op/svleak.t ++++ b/t/op/svleak.t +@@ -15,7 +15,7 @@ BEGIN { + + use Config; + +-plan tests => 150; ++plan tests => 151; + + # run some code N times. If the number of SVs at the end of loop N is + # greater than (N-1)*delta at the end of loop 1, we've got a leak +@@ -278,6 +278,7 @@ eleak(2,0,'/[[:ascii:]]/'); + eleak(2,0,'/[[.zog.]]/'); + eleak(2,0,'/[.zog.]/'); + eleak(2,0,'/|\W/', '/|\W/ [perl #123198]'); ++eleak(2,0,'/a\sb/', '/a\sb/ [GH #18604]'); + eleak(2,0,'no warnings; /(?[])/'); + eleak(2,0,'no warnings; /(?[[a]+[b]])/'); + eleak(2,0,'no warnings; /(?[[a]-[b]])/'); +-- +2.26.2 + diff --git a/perl.spec b/perl.spec index ffe8a9f..d60d4a6 100644 --- a/perl.spec +++ b/perl.spec @@ -269,6 +269,10 @@ Patch54: perl-5.33.6-t-run-locale.t-Rmv-LANGUAGE-from-environment.patch # in upstream after 5.33.6 Patch55: perl-5.32.1-hv.c-add-a-guard-clause-to-prevent-the-number-of-buc.patch +# Fix a memory leak when compiling a regular expression, GH#18604, +# in upstream after 5.33.7 +Patch56: perl-5.33.7-regcomp.c-Remove-memory-leak.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -4325,6 +4329,7 @@ you're not running VMS, this module does nothing. %patch53 -p1 %patch54 -p1 %patch55 -p1 +%patch56 -p1 %patch200 -p1 %patch201 -p1 @@ -4379,6 +4384,7 @@ perl -x patchlevel.h \ 'Fedora Patch53: Add missing entries to perldiag (GH#18276)' \ 'Fedora Patch54: Protect locale tests from LANGUAGE environment variable' \ 'Fedora Patch55: Prevent the number of buckets in a hash from getting too large' \ + 'Fedora Patch56: Fix a memory leak when compiling a regular expression (GH#18604)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -7109,6 +7115,7 @@ popd * Thu Mar 04 2021 Petr Pisar - 4:5.32.1-472 - Protect locale tests from LANGUAGE environment variable - Prevent the number of buckets in a hash from getting too large +- Fix a memory leak when compiling a regular expression (GH#18604) * Tue Feb 09 2021 Petr Pisar - 4:5.32.1-471 - Make accessing environment by DynaLoader thread-safe From a55cccccedf1e8295b3da9a58a988dbb119a6850 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 4 Mar 2021 17:54:33 +0100 Subject: [PATCH 4/4] Correct typos in a changelog --- perl.spec | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/perl.spec b/perl.spec index d60d4a6..5928192 100644 --- a/perl.spec +++ b/perl.spec @@ -164,7 +164,7 @@ Patch12: perl-5.27.8-hints-linux-Add-lphtread-to-lddlflags.patch # Pass the correct CFLAGS to dtrace Patch13: perl-5.28.0-Pass-CFLAGS-to-dtrace.patch -# Do not use a C compiler reserved identifiers, in upstream after 5.33.0 +# Do not use C compiler reserved identifiers, in upstream after 5.33.0 Patch14: perl-5.33.0-MUTABLE_PTR-Rmv-non-standard-syntax.patch # Fix SvUV_nomg() macro definition, in upstream after 5.33.0 @@ -217,14 +217,14 @@ Patch35: perl-5.33.1-sort-return-foo.patch # Fix sv_collxfrm macro to respect locale, in upstream after 5.33.2 Patch38: perl-5.33.2-sv.h-sv_collxfrm-didn-t-work-properly.patch -# Fix an iterator signedness in handling a mro exception, GH#18155, +# Fix an iterator signedness in handling an mro exception, GH#18155, # in upstream after 5.33.2 Patch39: perl-5.33.2-mro.xs-Fix-compiler-warning.patch # Fix a code flow in Perl_sv_inc_nomg(), in upstream after 5.33.2 Patch40: perl-5.33.2-sv.c-Added-missing-braces-in-Perl_sv_inc_nomg.patch -# Fix un undefined behavior in Perl_custom_op_get_field(), +# Fix an undefined behavior in Perl_custom_op_get_field(), # in upstream after 5.33.3 Patch41: perl-5.33.3-Perl_custom_op_get_field-remove-undef-behaviour.patch @@ -4350,7 +4350,7 @@ perl -x patchlevel.h \ 'Fedora Patch11: Replace EU::MakeMaker dependency with EU::MM::Utils in IPC::Cmd (bug #1129443)' \ 'Fedora Patch12: Link XS modules to pthread library to fix linking with -z defs' \ 'Fedora Patch13: Pass the correct CFLAGS to dtrace' \ - 'Fedora Patch14: Do not use a C compiler reserved identifiers' \ + 'Fedora Patch14: Do not use C compiler reserved identifiers' \ 'Fedora Patch15: Fix SvUV_nomg() macro definition' \ 'Fedora Patch16: Fix SvTRUE() documentation' \ 'Fedora Patch17: Fix ext/XS-APItest/t/utf8_warn_base.pl tests' \ @@ -4367,9 +4367,9 @@ perl -x patchlevel.h \ 'Fedora Patch30: Fix inheritance resolution of lexial objects in a debugger (GH#17661)' \ 'Fedora Patch35: Fix sorting with a block that calls return (GH#18081)' \ 'Fedora Patch38: Fix sv_collxfrm macro to respect locale' \ - 'Fedora Patch39: Fix an iterator signedness in handling a mro exception (GH#18155)' \ + 'Fedora Patch39: Fix an iterator signedness in handling an mro exception (GH#18155)' \ 'Fedora Patch40: Fix a code flow in Perl_sv_inc_nomg()' \ - 'Fedora Patch41: Fix un undefined behavior in Perl_custom_op_get_field()' \ + 'Fedora Patch41: Fix an undefined behavior in Perl_custom_op_get_field()' \ 'Fedora Patch42: Fix Config variable names in in t/op tests' \ 'Fedora Patch43: Fix fetching a magic on the stacked file test operators' \ 'Fedora Patch44: Fix a crash in optimizing split() (GH#18232)' \ @@ -7146,7 +7146,7 @@ popd * Wed Oct 14 2020 Petr Pisar - 4:5.32.0-465 - Fix sv_collxfrm macro to respect locale -- Fix an iterator signedness in handling a mro exception (GH#18155) +- Fix an iterator signedness in handling an mro exception (GH#18155) - Fix a code flow in Perl_sv_inc_nomg() - Disable a dual-lived perl-Tie-RefHash subpackage (bug #1887937) @@ -7178,7 +7178,7 @@ popd - Fix an IO::Handle spurious error reported for regular file handles (GH#18019) * Wed Aug 05 2020 Petr Pisar - 4:5.32.0-459 -- Do not use a C compiler reserved identifiers +- Do not use C compiler reserved identifiers - Fix SvUV_nomg() macro definition - Fix SvTRUE() documentation - Fix ext/XS-APItest/t/utf8_warn_base.pl tests @@ -7457,7 +7457,7 @@ popd - Fix reporting a line number for non-terminated prototypes (RT#133524) - Fix first eof() return value (RT#133721) - Fix a crash when compiling a malformed form (RT#132158) -- Fix un undefined C behavior in NULL pointer arithmetics (RT#133223) +- Fix an undefined C behavior in NULL pointer arithmetics (RT#133223) - Prevent long jumps from clobbering local variables (RT#133575) - Fix a mismatch with a case-insesitive regular expression on a text with ligatures (RT#133756)