rpms/perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Apply upstream patches 26283 and 26284 : complete, revised fixes for

Browse Source 
CVE-2005-3962 and CVE-2005-3912 and "Sys::Syslog security
    vulnerabilities" issues.
- Fix bug 136009 / MakeMaker LD_RUN_PATH issue: restore previous default
    Red Hat behavior of removing the MakeMaker generated LD_RUN_PATH
    setting from the link command . Document this removal, as it
    contravenes upstream default behavior, and provide a USE_MM_LD_RUN_PATH
    MakeMaker member to enable use of the MakeMaker generated LD_RUN_PATH .
This commit is contained in:
jvdias 2005-12-09 20:02:31 +00:00
parent 59c48485b7
commit ae5aa7ac32
3 changed files with 510 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

386
perl-5.8.7-CVE-2005-3962-bz174684.patch
View File

@ -1,18 +1,54 @@
--- perl-5.8.7/t/lib/warnings/sv.CVE-2005-3962-bz174684 2004-03-18 07:51:14.000000000 -0500
+++ perl-5.8.7/t/lib/warnings/sv 2005-12-09 13:57:57.000000000 -0500
@@ -301,12 +301,12 @@
printf F "%\x02" ;
$a = sprintf "%\x02" ;
EXPECT
-Invalid conversion in sprintf: "%z" at - line 5.
-Invalid conversion in sprintf: end of string at - line 7.
-Invalid conversion in sprintf: "%\002" at - line 9.
Invalid conversion in printf: "%z" at - line 4.
+Invalid conversion in sprintf: "%z" at - line 5.
Invalid conversion in printf: end of string at - line 6.
+Invalid conversion in sprintf: end of string at - line 7.
Invalid conversion in printf: "%\002" at - line 8.
+Invalid conversion in sprintf: "%\002" at - line 9.
########
# sv.c
use warnings 'misc' ;
--- perl-5.8.7/t/op/sprintf.t.CVE-2005-3962-bz174684 2003-09-01 03:41:07.000000000 -0400
+++ perl-5.8.7/t/op/sprintf.t 2005-12-09 13:57:57.000000000 -0500
@@ -385,3 +385,6 @@
>%4$K %d< >[45, 67]< >%4$K 45 INVALID<
>%d %K %d< >[23, 45]< >23 %K 45 INVALID<
>%*v*999\$d %d %d< >[11, 22, 33]< >%*v*999\$d 11 22 INVALID<
+>%#b< >0< >0<
+>%#o< >0< >0<
+>%#x< >0< >0<
--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684 2004-02-09 16:37:13.000000000 -0500
+++ perl-5.8.7/t/op/sprintf2.t 2005-12-01 13:11:34.000000000 -0500
+++ perl-5.8.7/t/op/sprintf2.t 2005-12-09 13:57:57.000000000 -0500
@@ -6,7 +6,7 @@
require './test.pl';
}
-plan tests => 3;
+plan tests => 6;
+plan tests => 7;
is(
sprintf("%.40g ",0.01),
@@ -26,3 +26,20 @@
@@ -26,3 +26,29 @@
q(width calculation under utf8 upgrade)
);
}
+
+# Used to mangle PL_sv_undef
+fresh_perl_is(
+ 'print sprintf "xxx%n\n"; print undef',
+ 'Modification of a read-only value attempted at - line 1.',
+ { switches => [ '-w' ] },
+ q(%n should not be able to modify read-only constants),
+);
+
+# check %NNN$ for range bounds, especially negative 2's complement
+{
+ my ($warn, $bad) = (0,0);
@ -30,9 +66,312 @@
+ is($warn, 36, "expected warnings");
+ is($bad, 0, "unexpected warnings");
+}
--- perl-5.8.7/opcode.h.CVE-2005-3962-bz174684 2005-05-27 12:29:50.000000000 -0400
+++ perl-5.8.7/opcode.h 2005-12-09 13:57:57.000000000 -0500
@@ -1585,7 +1585,7 @@
0x0022281c, /* vec */
0x0122291c, /* index */
0x0122291c, /* rindex */
- 0x0004280f, /* sprintf */
+ 0x0004280d, /* sprintf - WAS 0x0004280f before patch #26283 */
0x00042805, /* formline */
0x0001379e, /* ord */
0x0001378e, /* chr */
--- perl-5.8.7/op.c.CVE-2005-3962-bz174684 2005-04-22 10:12:32.000000000 -0400
+++ perl-5.8.7/op.c 2005-12-09 13:57:57.000000000 -0500
@@ -2076,7 +2076,9 @@
/* XXX might want a ck_negate() for this */
cUNOPo->op_first->op_private &= ~OPpCONST_STRICT;
break;
- case OP_SPRINTF:
+/* Removed as part of fix for CVE-2005-3962 / Upstream patch 26283 :
+ * case OP_SPRINTF:
+ */
case OP_UCFIRST:
case OP_LCFIRST:
case OP_UC:
--- perl-5.8.7/makedef.pl.CVE-2005-3962-bz174684 2005-05-09 09:27:41.000000000 -0400
+++ perl-5.8.7/makedef.pl 2005-12-09 13:57:57.000000000 -0500
@@ -635,11 +635,13 @@
)];
}
-if ($define{'PERL_MALLOC_WRAP'}) {
- emit_symbols [qw(
- PL_memory_wrap
- )];
-}
+# Removed as part of fix for CVE-2005-3962 / CVE-2005-3962 /
+# Upstream patch #26283
+# if ($define{'PERL_MALLOC_WRAP'}) {
+# emit_symbols [qw(
+# PL_memory_wrap
+# )];
+#}
unless ($define{'USE_5005THREADS'} || $define{'USE_ITHREADS'}) {
skip_symbols [qw(
--- perl-5.8.7/ext/Sys/Syslog/Syslog.pm.CVE-2005-3962-bz174684 2005-04-22 07:53:56.000000000 -0400
+++ perl-5.8.7/ext/Sys/Syslog/Syslog.pm 2005-12-09 13:57:57.000000000 -0500
@@ -1,14 +1,13 @@
package Sys::Syslog;
require 5.006;
require Exporter;
-require DynaLoader;
use Carp;
use strict;
-our @ISA = qw(Exporter DynaLoader);
+our @ISA = qw(Exporter);
our @EXPORT = qw(openlog closelog setlogmask syslog);
our @EXPORT_OK = qw(setlogsock);
-our $VERSION = '0.06';
+our $VERSION = '0.08';
# it would be nice to try stream/unix first, since that will be
# most efficient. However streams are dodgy - see _syslog_send_stream
@@ -54,26 +53,38 @@
=item openlog $ident, $logopt, $facility
+Opens the syslog.
I<$ident> is prepended to every message. I<$logopt> contains zero or
more of the words I<pid>, I<ndelay>, I<nowait>. The cons option is
ignored, since the failover mechanism will drop down to the console
automatically if all other media fail. I<$facility> specifies the
part of the system to report about, for example LOG_USER or LOG_LOCAL0:
see your C<syslog(3)> documentation for the facilities available in
-your system.
+your system. This function will croak if it can't connect to the syslog
+daemon.
B<You should use openlog() before calling syslog().>
+=item syslog $priority, $message
+
=item syslog $priority, $format, @args
-If I<$priority> permits, logs I<($format, @args)>
-printed as by C<printf(3V)>, with the addition that I<%m>
-is replaced with C<"$!"> (the latest error message).
+If I<$priority> permits, logs I<$message> or I<sprintf($format, @args)>
+with the addition that I<%m> in $message or $format is replaced with
+C<"$!"> (the latest error message).
If you didn't use openlog() before using syslog(), syslog will try to
guess the I<$ident> by extracting the shortest prefix of I<$format>
that ends in a ":".
+Note that Sys::Syslog version v0.07 and older passed the $message as
+the formatting string to sprintf() even when no formatting arguments
+were provided. If the code calling syslog() might execute with older
+versions of this module, make sure to call the function as
+syslog($priority, "%s", $message) instead of syslog($priority,
+$message). This protects against hostile formatting sequences that
+might show up if $message contains tainted data.
+
=item setlogmask $mask_priority
Sets log mask I<$mask_priority> and returns the old mask.
@@ -175,7 +186,8 @@
goto &$AUTOLOAD;
}
-bootstrap Sys::Syslog $VERSION;
+require XSLoader;
+XSLoader::load('Sys::Syslog', $VERSION);
our $maskpri = &LOG_UPTO(&LOG_DEBUG);
@@ -316,9 +328,16 @@
$whoami .= "[$$]" if our $lo_pid;
- $mask =~ s/(?<!%)%m/$!/g;
+ if ($mask =~ /%m/) {
+ my $err = $!;
+ # escape percent signs if sprintf will be called
+ $err =~ s/%/%%/g if @_;
+ # replace %m with $err, if preceded by an even number of percent signs
+ $mask =~ s/(?<!%)((?:%%)*)%m/$1$err/g;
+ }
+
$mask .= "\n" unless $mask =~ /\n$/;
- $message = sprintf ($mask, @_);
+ $message = @_ ? sprintf($mask, @_) : $mask;
$sum = $numpri + $numfac;
my $buf = "<$sum>$whoami: $message\0";
--- perl-5.8.7/opcode.pl.CVE-2005-3962-bz174684 2004-12-01 08:54:30.000000000 -0500
+++ perl-5.8.7/opcode.pl 2005-12-09 13:57:57.000000000 -0500
@@ -606,7 +606,7 @@
index index ck_index isT@ S S S?
rindex rindex ck_index isT@ S S S?
-sprintf sprintf ck_fun mfst@ S L
+sprintf sprintf ck_fun mst@ S L
formline formline ck_fun ms@ S L
ord ord ck_fun ifsTu% S?
chr chr ck_fun fsTu% S?
--- perl-5.8.7/handy.h.CVE-2005-3962-bz174684 2005-04-20 12:33:28.000000000 -0400
+++ perl-5.8.7/handy.h 2005-12-09 13:57:57.000000000 -0500
@@ -598,91 +598,65 @@
=cut */
-#ifndef lint
-
#define NEWSV(x,len) newSV(len)
#ifdef PERL_MALLOC_WRAP
#define MEM_WRAP_CHECK(n,t) \
- (void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(PL_memory_wrap),0):0)
+ (void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(PL_memory_wrap),0):0)
#define MEM_WRAP_CHECK_1(n,t,a) \
- (void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a),0):0)
+ (void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a),0):0)
#define MEM_WRAP_CHECK_2(n,t,a,b) \
- (void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a,b),0):0)
+ (void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a,b),0):0)
+#define MEM_WRAP_CHECK_(n,t) MEM_WRAP_CHECK(n,t),
-#define New(x,v,n,t) (v = (MEM_WRAP_CHECK(n,t), (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
-#define Newc(x,v,n,t,c) (v = (MEM_WRAP_CHECK(n,t), (c*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
-#define Newz(x,v,n,t) (v = (MEM_WRAP_CHECK(n,t), (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))), \
- memzero((char*)(v), (n)*sizeof(t))
-#define Renew(v,n,t) \
- (v = (MEM_WRAP_CHECK(n,t), (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
-#define Renewc(v,n,t,c) \
- (v = (MEM_WRAP_CHECK(n,t), (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
-#define Safefree(d) safefree((Malloc_t)(d))
-
-#define Move(s,d,n,t) (MEM_WRAP_CHECK(n,t), (void)memmove((char*)(d),(char*)(s), (n) * sizeof(t)))
-#define Copy(s,d,n,t) (MEM_WRAP_CHECK(n,t), (void)memcpy((char*)(d),(char*)(s), (n) * sizeof(t)))
-#define Zero(d,n,t) (MEM_WRAP_CHECK(n,t), (void)memzero((char*)(d), (n) * sizeof(t)))
-
-#define MoveD(s,d,n,t) (MEM_WRAP_CHECK(n,t), memmove((char*)(d),(char*)(s), (n) * sizeof(t)))
-#define CopyD(s,d,n,t) (MEM_WRAP_CHECK(n,t), memcpy((char*)(d),(char*)(s), (n) * sizeof(t)))
-#ifdef HAS_MEMSET
-#define ZeroD(d,n,t) (MEM_WRAP_CHECK(n,t), memzero((char*)(d), (n) * sizeof(t)))
-#else
-/* Using bzero(), which returns void. */
-#define ZeroD(d,n,t) (MEM_WRAP_CHECK(n,t), memzero((char*)(d), (n) * sizeof(t)),d)
-#endif
-
-#define Poison(d,n,t) (MEM_WRAP_CHECK(n,t), (void)memset((char*)(d), 0xAB, (n) * sizeof(t)))
+#define PERL_STRLEN_ROUNDUP(n) ((void)(((n) > (MEM_SIZE)~0 - 2 * PERL_STRLEN_ROUNDUP_QUANTUM) ? (Perl_croak_nocontext(PL_memory_wrap),0):0),((n-1+PERL_STRLEN_ROUNDUP_QUANTUM)&~((MEM_SIZE)PERL_STRLEN_ROUNDUP_QUANTUM-1)))
#else
#define MEM_WRAP_CHECK(n,t)
#define MEM_WRAP_CHECK_1(n,t,a)
#define MEM_WRAP_CHECK_2(n,t,a,b)
+#define MEM_WRAP_CHECK_(n,t)
+
+#define PERL_STRLEN_ROUNDUP(n) (((n-1+PERL_STRLEN_ROUNDUP_QUANTUM)&~((MEM_SIZE)PERL_STRLEN_ROUNDUP_QUANTUM-1)))
-#define New(x,v,n,t) (v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
-#define Newc(x,v,n,t,c) (v = (c*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
-#define Newz(x,v,n,t) (v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))), \
+#endif
+
+#define Newx(v,n,t) (v = (MEM_WRAP_CHECK_(n,t) (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
+#define Newxc(v,n,t,c) (v = (MEM_WRAP_CHECK_(n,t) (c*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
+#define Newxz(v,n,t) (v = (MEM_WRAP_CHECK_(n,t) (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))), \
memzero((char*)(v), (n)*sizeof(t))
+/* pre 5.9.x compatibility */
+#define New(x,v,n,t) Newx(v,n,t)
+#define Newc(x,v,n,t,c) Newxc(v,n,t,c)
+#define Newz(x,v,n,t) Newxz(v,n,t)
+
#define Renew(v,n,t) \
- (v = (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t))))
+ (v = (MEM_WRAP_CHECK_(n,t) (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
#define Renewc(v,n,t,c) \
- (v = (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t))))
-#define Safefree(d) safefree((Malloc_t)(d))
-
-#define Move(s,d,n,t) (void)memmove((char*)(d),(char*)(s), (n) * sizeof(t))
-#define Copy(s,d,n,t) (void)memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
-#define Zero(d,n,t) (void)memzero((char*)(d), (n) * sizeof(t))
+ (v = (MEM_WRAP_CHECK_(n,t) (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
-#define MoveD(s,d,n,t) memmove((char*)(d),(char*)(s), (n) * sizeof(t))
-#define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
-#ifdef HAS_MEMSET
-#define ZeroD(d,n,t) memzero((char*)(d), (n) * sizeof(t))
+#ifdef PERL_POISON
+#define Safefree(d) \
+ (d ? (void)(safefree((Malloc_t)(d)), Poison(&(d), 1, Malloc_t)) : (void) 0)
#else
-#define ZeroD(d,n,t) ((void)memzero((char*)(d), (n) * sizeof(t)),d)
+#define Safefree(d) safefree((Malloc_t)(d))
#endif
-#define Poison(d,n,t) (void)memset((char*)(d), 0xAB, (n) * sizeof(t))
+#define Move(s,d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memmove((char*)(d),(const char*)(s), (n) * sizeof(t)))
+#define Copy(s,d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memcpy((char*)(d),(const char*)(s), (n) * sizeof(t)))
+#define Zero(d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memzero((char*)(d), (n) * sizeof(t)))
+#define MoveD(s,d,n,t) (MEM_WRAP_CHECK_(n,t) memmove((char*)(d),(const char*)(s), (n) * sizeof(t)))
+#define CopyD(s,d,n,t) (MEM_WRAP_CHECK_(n,t) memcpy((char*)(d),(const char*)(s), (n) * sizeof(t)))
+#ifdef HAS_MEMSET
+#define ZeroD(d,n,t) (MEM_WRAP_CHECK_(n,t) memzero((char*)(d), (n) * sizeof(t)))
+#else
+/* Using bzero(), which returns void. */
+#define ZeroD(d,n,t) (MEM_WRAP_CHECK_(n,t) memzero((char*)(d), (n) * sizeof(t)),d)
#endif
-#else /* lint */
-
-#define New(x,v,n,s) (v = Null(s *))
-#define Newc(x,v,n,s,c) (v = Null(s *))
-#define Newz(x,v,n,s) (v = Null(s *))
-#define Renew(v,n,s) (v = Null(s *))
-#define Move(s,d,n,t)
-#define Copy(s,d,n,t)
-#define Zero(d,n,t)
-#define MoveD(s,d,n,t) d
-#define CopyD(s,d,n,t) d
-#define ZeroD(d,n,t) d
-#define Poison(d,n,t)
-#define Safefree(d) (d) = (d)
-
-#endif /* lint */
+#define Poison(d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memset((char*)(d), 0xAB, (n) * sizeof(t)))
#ifdef USE_STRUCT_COPY
#define StructCopy(s,d,t) (*((t*)(d)) = *((t*)(s)))
--- perl-5.8.7/perl.h.CVE-2005-3962-bz174684 2005-12-09 13:57:57.000000000 -0500
+++ perl-5.8.7/perl.h 2005-12-09 13:57:57.000000000 -0500
@@ -720,6 +720,13 @@
#define MEM_SIZE Size_t
+/* Round all values passed to malloc up, by default to a multiple of
+ sizeof(size_t)
+*/
+#ifndef PERL_STRLEN_ROUNDUP_QUANTUM
+#define PERL_STRLEN_ROUNDUP_QUANTUM Size_t_size
+#endif
+
#if defined(STANDARD_C) && defined(I_STDDEF)
# include <stddef.h>
# define STRUCT_OFFSET(s,m) offsetof(s,m)
@@ -3332,10 +3339,8 @@
INIT("\"my\" variable %s can't be in a package");
EXTCONST char PL_no_localize_ref[]
INIT("Can't localize through a reference");
-#ifdef PERL_MALLOC_WRAP
EXTCONST char PL_memory_wrap[]
INIT("panic: memory wrap");
-#endif
EXTCONST char PL_uuemap[65]
INIT("`!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_");
--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684 2005-05-27 06:38:11.000000000 -0400
+++ perl-5.8.7/sv.c 2005-12-01 13:11:14.000000000 -0500
@@ -8707,9 +8707,10 @@
+++ perl-5.8.7/sv.c 2005-12-09 13:58:10.000000000 -0500
@@ -8707,9 +8707,15 @@
if (vectorize)
argsv = vecsv;
@ -40,9 +379,42 @@
- argsv = (efix ? efix <= svmax : svix < svmax) ?
- svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
+ else if (!args) {
+ I32 i = efix ? efix-1 : svix++;
+ argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
+ if (efix) {
+ const I32 i = efix-1;
+ argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
+ } else {
+ argsv = (svix >= 0 && svix < svmax)
+ ? svargs[svix++] : &PL_sv_undef;
+ }
+ }
switch (c = *q++) {
@@ -8972,6 +8978,8 @@
*--eptr = '0';
break;
case 2:
+ if (!uv)
+ alt = FALSE;
do {
dig = uv & 1;
*--eptr = '0' + dig;
@@ -9274,6 +9282,8 @@
/* calculate width before utf8_upgrade changes it */
have = esignlen + zeros + elen;
+ if (have < zeros)
+ Perl_croak_nocontext(PL_memory_wrap);
if (is_utf8 != has_utf8) {
if (is_utf8) {
@@ -9301,6 +9311,9 @@
need = (have > width ? have : width);
gap = need - have;
+ if (need >= (((STRLEN)~0) - SvCUR(sv) - dotstrlen - 1))
+ Perl_croak_nocontext(PL_memory_wrap);
+
SvGROW(sv, SvCUR(sv) + need + dotstrlen + 1);
p = SvEND(sv);
if (esignlen && fill == '0') {

115
perl-5.8.7-USE_MM_LD_RUN_PATH.patch Normal file
View File

@ -0,0 +1,115 @@
--- perl-5.8.7/lib/ExtUtils/MakeMaker.pm.USE_MM_LD_RUN_PATH 2005-12-08 15:10:24.000000000 -0500
+++ perl-5.8.7/lib/ExtUtils/MakeMaker.pm 2005-12-08 19:36:26.000000000 -0500
@@ -226,7 +226,7 @@
PERL_SRC PERM_RW PERM_RWX
PL_FILES PM PM_FILTER PMLIBDIRS POLLUTE PPM_INSTALL_EXEC
PPM_INSTALL_SCRIPT PREREQ_FATAL PREREQ_PM PREREQ_PRINT PRINT_PREREQ
- SKIP TYPEMAPS VERSION VERSION_FROM XS XSOPT XSPROTOARG
+ SKIP TYPEMAPS USE_MM_LD_RUN_PATH VERSION VERSION_FROM XS XSOPT XSPROTOARG
XS_VERSION clean depend dist dynamic_lib linkext macro realclean
tool_autosplit
@@ -362,7 +362,27 @@
print join(" ", map { "perl($_)>=$self->{PREREQ_PM}->{$_} " }
sort keys %{$self->{PREREQ_PM}}), "\n";
exit 0;
- }
+ }
+
+ # USE_MM_LD_RUN_PATH - another RedHatism to disable automatic RPATH generation
+ if ( ( ! $self->{USE_MM_LD_RUN_PATH} )
+ &&( ("@ARGV" =~ /\bUSE_MM_LD_RUN_PATH(=([01]))?\b/)
+ ||( exists( $ENV{USE_MM_LD_RUN_PATH} )
+ &&( $ENV{USE_MM_LD_RUN_PATH} =~ /([01])?$/ )
+ )
+ )
+ )
+ {
+ my $v = $1;
+ if( $v )
+ {
+ $v = ($v=~/=([01])$/)[0];
+ }else
+ {
+ $v = 1;
+ };
+ $self->{USE_MM_LD_RUN_PATH}=$v;
+ }
print STDOUT "MakeMaker (v$VERSION)\n" if $Verbose;
if (-f "MANIFEST" && ! -f "Makefile"){
@@ -2007,6 +2027,40 @@
precedence, even if it isn't listed in TYPEMAPS. The default system
typemap has lowest precedence.
+=item USE_MM_LD_RUN_PATH
+
+boolean
+The Red Hat perl MakeMaker distribution differs from the standard
+upstream release in that it disables use of the MakeMaker generated
+LD_RUN_PATH by default, UNLESS this attribute is specified , or the
+USE_MM_LD_RUN_PATH environment variable is set during the MakeMaker run.
+
+The upstream MakeMaker will set the ld(1) environment variable LD_RUN_PATH
+to the concatenation of every -L ld(1) option directory in which a -l ld(1)
+option library is found, which is used as the ld(1) -rpath option if none
+is specified. This means that, if your application builds shared libraries
+and your MakeMaker application links to them, that the absolute paths of the
+libraries in the build tree will be inserted into the RPATH header of all
+MakeMaker generated binaries, and that such binaries will be unable to link
+to these libraries if they do not still reside in the build tree directories
+(unlikely) or in the system library directories (/lib or /usr/lib), regardless
+of any LD_LIBRARY_PATH setting. So if you specified -L../mylib -lmylib , and
+ your 'libmylib.so' gets installed into /some_directory_other_than_usr_lib,
+ your MakeMaker application will be unable to link to it, even if LD_LIBRARY_PATH
+is set to include /some_directory_other_than_usr_lib, because RPATH overrides
+LD_LIBRARY_PATH.
+
+So for Red Hat MakeMaker builds LD_RUN_PATH is NOT generated by default for
+every link. You can still use explicit -rpath ld options or the LD_RUN_PATH
+environment variable during the build to generate an RPATH for the binaries.
+
+You can set the USE_MM_LD_RUN_PATH attribute to 1 on the MakeMaker command
+line or in the WriteMakefile arguments to enable generation of LD_RUN_PATH
+for every link command.
+
+USE_MM_LD_RUN_PATH will default to 1 (LD_RUN_PATH will be used) IF the
+$USE_MM_LD_RUN_PATH environment variable is set during a MakeMaker run.
+
=item VENDORPREFIX
Like PERLPREFIX, but only for the vendor install locations.
--- perl-5.8.7/lib/ExtUtils/MM_Unix.pm.USE_MM_LD_RUN_PATH 2005-12-08 15:10:24.000000000 -0500
+++ perl-5.8.7/lib/ExtUtils/MM_Unix.pm 2005-12-08 18:35:13.000000000 -0500
@@ -1142,7 +1142,7 @@
}
my $ld_run_path_shell = "";
- if ($self->{LD_RUN_PATH} ne "") {
+ if (($self->{LD_RUN_PATH} ne "") && ($self->{USE_MM_LD_RUN_PATH})) {
$ld_run_path_shell = 'LD_RUN_PATH="$(LD_RUN_PATH)" ';
}
push(@m,
--- perl-5.8.7/lib/ExtUtils/Liblist.pm.USE_MM_LD_RUN_PATH 2003-04-07 14:58:17.000000000 -0400
+++ perl-5.8.7/lib/ExtUtils/Liblist.pm 2005-12-08 19:39:28.000000000 -0500
@@ -51,6 +51,8 @@
specifics below. The list of the filenames is returned only if
$need_names argument is true.
+NOTE: if the LD_RUN_PATH me
+
Dependent libraries can be linked in one of three ways:
=over 2
@@ -87,6 +89,11 @@
in LDLOADLIBS. It is passed as an environment variable to the process
that links the shared library.
+Red Hat extension: This generation of LD_RUN_PATH is disabled by default.
+To use the generated LD_RUN_PATH for all links, set the USE_MM_LD_RUN_PATH
+MakeMaker object attribute / argument, (or set the $USE_MM_LD_RUN_PATH
+environment variable).
+
=head2 BSLOADLIBS
List of those libraries that are needed but can be linked in

17
perl.spec
View File

@ -5,7 +5,7 @@
%define multilib_64_archs x86_64 s390x ppc64 sparc64
%define perlver 5.8.7
%define perlrel 0.8.fc5
%define perlrel 8
%define perlepoch 3
%{?!perl_debugging: %define perl_debugging 0}
@ -132,6 +132,8 @@ Patch136009: perl-5.8.7-MM_Unix-rpath-136009.patch
Patch174684: perl-5.8.7-CVE-2005-3962-bz174684.patch
Patch1360090: perl-5.8.7-USE_MM_LD_RUN_PATH.patch
# module updatesd
# Patch202: perl-5.8.0-Safe2.09.patch
@ -298,6 +300,8 @@ more secure running of setuid perl scripts.
%patch174684 -p1
%patch1360090 -p1
# Candidates for doc recoding (need case by case review):
# find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
recode()
@ -507,6 +511,17 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Thu Dec 08 2005 Jason Vas Dias <jvdias@redhat.com> - 3.5.8.7-8
- Apply upstream patches 26283 and 26284 : complete, revised fixes
for CVE-2005-3962 and CVE-2005-3912 and
"Sys::Syslog security vulnerabilities" issues.
- Fix bug 136009 / MakeMaker LD_RUN_PATH issue:
restore previous default Red Hat behavior of removing the MakeMaker
generated LD_RUN_PATH setting from the link command .
Document this removal, as it contravenes upstream default behavior, and
provide a USE_MM_LD_RUN_PATH MakeMaker member to enable use of the
MakeMaker generated LD_RUN_PATH .
* Thu Dec 01 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.8
- fix bug 174684 / CVE-2005-3962: sprintf integer overflow vulnerability
backport upstream patch #26240