lc launders tainted flag, RT #87336
This commit is contained in:
parent
8d64ee7006
commit
724ab9627b
62
perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
Normal file
62
perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
diff -up perl-5.12.3/pp.c.87 perl-5.12.3/pp.c
|
||||||
|
--- perl-5.12.3/pp.c.87 2011-01-09 21:20:58.000000000 +0100
|
||||||
|
+++ perl-5.12.3/pp.c 2011-04-01 15:06:23.000000000 +0200
|
||||||
|
@@ -3949,6 +3949,8 @@ PP(pp_ucfirst)
|
||||||
|
SvCUR_set(dest, need - 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ if (dest != source && SvTAINTED(source))
|
||||||
|
+ SvTAINT(dest);
|
||||||
|
SvSETMAGIC(dest);
|
||||||
|
RETURN;
|
||||||
|
}
|
||||||
|
@@ -4008,7 +4010,8 @@ PP(pp_uc)
|
||||||
|
SvUPGRADE(dest, SVt_PV);
|
||||||
|
d = (U8*)SvGROW(dest, min);
|
||||||
|
(void)SvPOK_only(dest);
|
||||||
|
-
|
||||||
|
+ if (dest != source && SvTAINTED(source))
|
||||||
|
+ SvTAINT(dest);
|
||||||
|
SETs(dest);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -4433,6 +4436,8 @@ PP(pp_lc)
|
||||||
|
SvCUR_set(dest, d - (U8*)SvPVX_const(dest));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ if (dest != source && SvTAINTED(source))
|
||||||
|
+ SvTAINT(dest);
|
||||||
|
SvSETMAGIC(dest);
|
||||||
|
RETURN;
|
||||||
|
}
|
||||||
|
diff -up perl-5.12.3/t/op/taint.t.87 perl-5.12.3/t/op/taint.t
|
||||||
|
--- perl-5.12.3/t/op/taint.t.87 2011-01-09 21:20:58.000000000 +0100
|
||||||
|
+++ perl-5.12.3/t/op/taint.t 2011-04-01 15:07:43.000000000 +0200
|
||||||
|
@@ -17,7 +17,7 @@ use Config;
|
||||||
|
use File::Spec::Functions;
|
||||||
|
|
||||||
|
BEGIN { require './test.pl'; }
|
||||||
|
-plan tests => 302;
|
||||||
|
+plan tests => 306;
|
||||||
|
|
||||||
|
$| = 1;
|
||||||
|
|
||||||
|
@@ -1318,6 +1318,18 @@ foreach my $ord (78, 163, 256) {
|
||||||
|
unlike($err, qr/^\d+$/, 'tainted $!');
|
||||||
|
}
|
||||||
|
|
||||||
|
+{
|
||||||
|
+ # [perl #87336] lc/uc(first) failing to taint the returned string
|
||||||
|
+ my $source = "foo$TAINT";
|
||||||
|
+ my $dest = lc $source;
|
||||||
|
+ test $dest, "lc(tainted) taints its return value";
|
||||||
|
+ $dest = lcfirst $source;
|
||||||
|
+ test $dest, "lcfirst(tainted) taints its return value";
|
||||||
|
+ $dest = uc $source;
|
||||||
|
+ test $dest, "uc(tainted) taints its return value";
|
||||||
|
+ $dest = ucfirst $source;
|
||||||
|
+ test $dest, "ucfirst(tainted) taints its return value";
|
||||||
|
+}
|
||||||
|
|
||||||
|
# This may bomb out with the alarm signal so keep it last
|
||||||
|
SKIP: {
|
12
perl.spec
12
perl.spec
@ -21,7 +21,7 @@
|
|||||||
Name: perl
|
Name: perl
|
||||||
Version: %{perl_version}
|
Version: %{perl_version}
|
||||||
# release number must be even higher, becase dual-lived modules will be broken otherwise
|
# release number must be even higher, becase dual-lived modules will be broken otherwise
|
||||||
Release: 157%{?dist}
|
Release: 158%{?dist}
|
||||||
Epoch: %{perl_epoch}
|
Epoch: %{perl_epoch}
|
||||||
Summary: Practical Extraction and Report Language
|
Summary: Practical Extraction and Report Language
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
@ -81,6 +81,11 @@ Patch9: perl-5.12.2-h2ph.patch
|
|||||||
# Update ExtUtils::ParseXS to 2.2206
|
# Update ExtUtils::ParseXS to 2.2206
|
||||||
Patch10: perl-ExtUtils-ParseXS-2.2206.patch
|
Patch10: perl-ExtUtils-ParseXS-2.2206.patch
|
||||||
|
|
||||||
|
# 692900 - lc launders tainted flag, RT #87336
|
||||||
|
Patch11: perl-87336-lc-uc-first-fail-to-taint-the-returned-st.patch
|
||||||
|
|
||||||
|
# Update some of the bundled modules
|
||||||
|
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
|
||||||
|
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
BuildRequires: db4-devel, gdbm-devel, groff, tcsh, zlib-devel, systemtap-sdt-devel
|
BuildRequires: db4-devel, gdbm-devel, groff, tcsh, zlib-devel, systemtap-sdt-devel
|
||||||
@ -951,6 +956,7 @@ tarball from perl.org.
|
|||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
|
|
||||||
#copy the example script
|
#copy the example script
|
||||||
cp -a %{SOURCE5} .
|
cp -a %{SOURCE5} .
|
||||||
@ -1164,6 +1170,7 @@ pushd %{build_archlib}/CORE/
|
|||||||
'Fedora Patch8: Do not leak when destroying thread; RT #77352' \
|
'Fedora Patch8: Do not leak when destroying thread; RT #77352' \
|
||||||
'Fedora Patch9: h2ph produces incorrect code in preamble, based mainly on RT #74614 ' \
|
'Fedora Patch9: h2ph produces incorrect code in preamble, based mainly on RT #74614 ' \
|
||||||
'Fedora Patch10: Update ExtUtils::ParseXS to 2.2206' \
|
'Fedora Patch10: Update ExtUtils::ParseXS to 2.2206' \
|
||||||
|
'Fedora Patch11: lc launders tainted flag RT #87336' \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
rm patchlevel.bak
|
rm patchlevel.bak
|
||||||
@ -1964,6 +1971,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
# Old changelog entries are preserved in CVS.
|
# Old changelog entries are preserved in CVS.
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Apr 1 2011 Marcela Mašláňová <mmaslano@redhat.com> - 4:5.12.3-158
|
||||||
|
- 692900 - lc launders tainted flag, RT #87336
|
||||||
|
|
||||||
* Fri Apr 1 2011 Robin Lee <cheeselee@fedoraproject.org> - 4:5.12.3-157
|
* Fri Apr 1 2011 Robin Lee <cheeselee@fedoraproject.org> - 4:5.12.3-157
|
||||||
- Cwd.so go to the PathTools sub-package
|
- Cwd.so go to the PathTools sub-package
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user