diff --git a/perl-5.24.0-Regression-test-for-RT-129196.patch b/perl-5.24.0-Regression-test-for-RT-129196.patch new file mode 100644 index 0000000..23beb36 --- /dev/null +++ b/perl-5.24.0-Regression-test-for-RT-129196.patch @@ -0,0 +1,45 @@ +From a51d828a6d402f30f37707c714de218f6b47dbd8 Mon Sep 17 00:00:00 2001 +From: Dan Collins +Date: Sun, 4 Sep 2016 14:43:41 -0400 +Subject: [PATCH] Regression test for RT #129196 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.24.0: + +commit a6128716d2cc20147851e0a37768376647bd3242 +Author: Dan Collins +Date: Sun Sep 4 14:43:41 2016 -0400 + + Regression test for RT #129196 + +Signed-off-by: Petr Písař +--- + t/op/evalbytes.t | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/t/op/evalbytes.t b/t/op/evalbytes.t +index cca7c04..5e2af76 100644 +--- a/t/op/evalbytes.t ++++ b/t/op/evalbytes.t +@@ -6,7 +6,7 @@ BEGIN { + require './test.pl'; require './charset_tools.pl'; + } + +-plan(tests => 8); ++plan(tests => 9); + + { + local $SIG{__WARN__} = sub {}; +@@ -33,3 +33,7 @@ chop($upcode = "use utf8; $U_100" . chr 256); + is evalbytes $upcode, chr 256, 'use utf8 within evalbytes on utf8 string'; + eval { evalbytes chr 256 }; + like $@, qr/Wide character/, 'evalbytes croaks on non-bytes'; ++ ++eval 'evalbytes S'; ++ok 1, '[RT #129196] evalbytes S should not segfault'; ++ +-- +2.7.4 + diff --git a/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch b/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch new file mode 100644 index 0000000..e224f30 --- /dev/null +++ b/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch @@ -0,0 +1,37 @@ +From 9bde56224e82f20e7a65b3469b1ffb6b9f6d4df8 Mon Sep 17 00:00:00 2001 +From: Father Chrysostomos +Date: Sun, 4 Sep 2016 20:24:19 -0700 +Subject: [PATCH] =?UTF-8?q?[perl=20#129196]=20Crash/bad=20read=20with=20?= + =?UTF-8?q?=E2=80=98evalbytes=20S=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +5dc13276 added some code to toke.c that did not take into account +that the opnum (‘f’) argument to UNI* could be a negated op number. +PL_last_lop_op must never be negative, since it is used as an offset +into a struct. + +Tests for the crash will come in the next commit. + +Signed-off-by: Petr Písař +--- + toke.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/toke.c b/toke.c +index 2fe8b69..2350703 100644 +--- a/toke.c ++++ b/toke.c +@@ -241,7 +241,7 @@ static const char* const lex_state_names[] = { + if (have_x) PL_expect = x; \ + PL_bufptr = s; \ + PL_last_uni = PL_oldbufptr; \ +- PL_last_lop_op = f; \ ++ PL_last_lop_op = f < 0 ? -f : f; \ + if (*s == '(') \ + return REPORT( (int)FUNC1 ); \ + s = skipspace(s); \ +-- +2.7.4 + diff --git a/perl-5.25.4-toke.c-fix-mswin32-builds.patch b/perl-5.25.4-toke.c-fix-mswin32-builds.patch new file mode 100644 index 0000000..5b066c8 --- /dev/null +++ b/perl-5.25.4-toke.c-fix-mswin32-builds.patch @@ -0,0 +1,46 @@ +From 0af40c757f083cc12988effb46da5313cd042f00 Mon Sep 17 00:00:00 2001 +From: David Mitchell +Date: Mon, 5 Sep 2016 15:49:28 +0100 +Subject: [PATCH] toke.c: fix mswin32 builds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +9bde56224 added this as part of macro: + +- PL_last_lop_op = f; \ ++ PL_last_lop_op = f < 0 ? -f : f; \ + +which broke win32 builds due to this + + UNIBRACK(-OP_ENTEREVAL) + +expanding to + + PL_last_lop_op = -345 < 0 ? --345 : -345 + +and the -- being seen as a pre-dec op. + +Diagnosed by Dagfinn Ilmari Mannsåker. + +Signed-off-by: Petr Písař +--- + toke.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/toke.c b/toke.c +index 2350703..a1cdda8 100644 +--- a/toke.c ++++ b/toke.c +@@ -241,7 +241,7 @@ static const char* const lex_state_names[] = { + if (have_x) PL_expect = x; \ + PL_bufptr = s; \ + PL_last_uni = PL_oldbufptr; \ +- PL_last_lop_op = f < 0 ? -f : f; \ ++ PL_last_lop_op = (f) < 0 ? -(f) : (f); \ + if (*s == '(') \ + return REPORT( (int)FUNC1 ); \ + s = skipspace(s); \ +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index fecc951..6a5811a 100644 --- a/perl.spec +++ b/perl.spec @@ -28,7 +28,7 @@ Name: perl Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 378%{?dist} +Release: 379%{?dist} Epoch: %{perl_epoch} Summary: Practical Extraction and Report Language Group: Development/Languages @@ -183,6 +183,11 @@ Patch43: perl-5.24.0-PATCH-perl-128734-tr-N-.-failing-for-128-255.patch # in upstream after 5.24.1 Patch44: perl-5.24.0-CVE-2016-1238-maint-5.24-dot-in-inc.patch +# Fix crash in "evalbytes S", RT#129196, in upstream after 5.25.4 +Patch45: perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch +Patch46: perl-5.24.0-Regression-test-for-RT-129196.patch +Patch47: perl-5.25.4-toke.c-fix-mswin32-builds.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2850,6 +2855,9 @@ Perl extension for Version Objects %patch42 -p1 %patch43 -p1 %patch44 -p1 +%patch45 -p1 +%patch46 -p1 +%patch47 -p1 %patch200 -p1 %patch201 -p1 @@ -2885,6 +2893,9 @@ perl -x patchlevel.h \ 'Fedora Patch42: Fix a crash in lexical scope warnings (RT#128597)' \ 'Fedora Patch43: Fix handling \N{} in tr for characters in range 128--255 (RT#128734)' \ 'Fedora Patch44: Avoid loading of modules from current directory (CVE-2016-1238)' \ + 'Fedora Patch45: Fix crash in "evalbytes S" (RT#129196)' \ + 'Fedora Patch46: Fix crash in "evalbytes S" (RT#129196)' \ + 'Fedora Patch47: Fix crash in "evalbytes S" (RT#129196)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5163,6 +5174,9 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Thu Nov 03 2016 Petr Pisar - 4:5.24.0-379 +- Fix crash in "evalbytes S" (RT#129196) + * Fri Sep 02 2016 Petr Pisar - 4:5.24.0-378 - perl-core depends on Parse::CPAN::Meta module instead of package name to allow upgrading perl-CPAN-Meta to 2.150010 (bug #1370681)