5.16.3 bump
This commit is contained in:
parent
338a23705e
commit
ccef258de2
1
.gitignore
vendored
1
.gitignore
vendored
@ -15,3 +15,4 @@ filter-requires.sh
|
||||
/perl-5.16.1-228.fc19.src.rpm
|
||||
/perl-5.16.1.tar.gz
|
||||
/perl-5.16.2.tar.gz
|
||||
/perl-5.16.3.tar.bz2
|
||||
|
@ -1,56 +0,0 @@
|
||||
From 4a808ed163df1057031bc6d085300fe1ef6f57d2 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Schroeder <mls@suse.de>
|
||||
Date: Fri, 8 Jun 2012 20:29:54 -0700
|
||||
Subject: [PATCH] [perl #111610] Trouble with XS-APItest/t/clone-with-stack.t
|
||||
|
||||
I ran into a bit of a problem when building perl-5.16.0.
|
||||
'make test' showed a segfault in ext/XS-APItest/t/clone-with-stack.t.
|
||||
It seems to be caused by accessing already freed memory, it
|
||||
segfaults because I have MALLOC_PERTUBE_ set, thus glibc fills
|
||||
freed memory with some value.
|
||||
|
||||
Digging deeper, it seems like perl_clone() does not fix
|
||||
the cx's blk_oldcop element when doing context cloning, thus
|
||||
blk_oldcop still points to PL_compiling in the old interp--the
|
||||
calling scope for the BEGIN block being the compilation of the
|
||||
code surrounding it--and the POPBLOCK done in leavesub will copy
|
||||
the data from the old interp to PL_curcop.
|
||||
|
||||
After fixing this, it still crashed because interp_dup->Iop was
|
||||
zero after the runops_standard() call (which is probably
|
||||
correct as the end of the BEGIN block was reached). So I
|
||||
also added an if statement that checks the pointer.
|
||||
---
|
||||
ext/XS-APItest/APItest.xs | 3 ++-
|
||||
sv.c | 1 +
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ext/XS-APItest/APItest.xs b/ext/XS-APItest/APItest.xs
|
||||
index 2c0ee61..69b7066 100644
|
||||
--- a/ext/XS-APItest/APItest.xs
|
||||
+++ b/ext/XS-APItest/APItest.xs
|
||||
@@ -3084,7 +3084,8 @@ CODE:
|
||||
PERL_SET_CONTEXT(interp_dup);
|
||||
|
||||
/* continue after 'clone_with_stack' */
|
||||
- interp_dup->Iop = interp_dup->Iop->op_next;
|
||||
+ if (interp_dup->Iop)
|
||||
+ interp_dup->Iop = interp_dup->Iop->op_next;
|
||||
|
||||
/* run with new perl */
|
||||
Perl_runops_standard(interp_dup);
|
||||
diff --git a/sv.c b/sv.c
|
||||
index 2034c00..fcd76a9 100644
|
||||
--- a/sv.c
|
||||
+++ b/sv.c
|
||||
@@ -12312,6 +12312,7 @@ Perl_cx_dup(pTHX_ PERL_CONTEXT *cxs, I32 ix, I32 max, CLONE_PARAMS* param)
|
||||
Perl_croak(aTHX_ "Cloning substitution context is unimplemented");
|
||||
}
|
||||
else {
|
||||
+ ncx->blk_oldcop = (COP*)any_dup(ncx->blk_oldcop, param->proto_perl);
|
||||
switch (CxTYPE(ncx)) {
|
||||
case CXt_SUB:
|
||||
ncx->blk_sub.cv = (ncx->blk_sub.olddepth == 0
|
||||
--
|
||||
1.7.11.4
|
||||
|
@ -1,170 +0,0 @@
|
||||
From 6e79fe5714a72b1ef86dc890ff60746cdd19f854 Mon Sep 17 00:00:00 2001
|
||||
From: Yves Orton <demerphq@gmail.com>
|
||||
Date: Tue, 12 Feb 2013 10:53:05 +0100
|
||||
Subject: [PATCH] Prevent premature hsplit() calls, and only trigger REHASH
|
||||
after hsplit()
|
||||
|
||||
Triggering a hsplit due to long chain length allows an attacker
|
||||
to create a carefully chosen set of keys which can cause the hash
|
||||
to use 2 * (2**32) * sizeof(void *) bytes ram. AKA a DOS via memory
|
||||
exhaustion. Doing so also takes non trivial time.
|
||||
|
||||
Eliminating this check, and only inspecting chain length after a
|
||||
normal hsplit() (triggered when keys>buckets) prevents the attack
|
||||
entirely, and makes such attacks relatively benign.
|
||||
---
|
||||
ext/Hash-Util-FieldHash/t/10_hash.t | 18 ++++++++++++++++--
|
||||
hv.c | 35 ++++++++---------------------------
|
||||
t/op/hash.t | 20 +++++++++++++++++---
|
||||
3 files changed, 41 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/ext/Hash-Util-FieldHash/t/10_hash.t b/ext/Hash-Util-FieldHash/t/10_hash.t
|
||||
index 2cfb4e8..d58f053 100644
|
||||
--- a/ext/Hash-Util-FieldHash/t/10_hash.t
|
||||
+++ b/ext/Hash-Util-FieldHash/t/10_hash.t
|
||||
@@ -38,15 +38,29 @@ use constant START => "a";
|
||||
|
||||
# some initial hash data
|
||||
fieldhash my %h2;
|
||||
-%h2 = map {$_ => 1} 'a'..'cc';
|
||||
+my $counter= "a";
|
||||
+$h2{$counter++}++ while $counter ne 'cd';
|
||||
|
||||
ok (!Internals::HvREHASH(%h2),
|
||||
"starting with pre-populated non-pathological hash (rehash flag if off)");
|
||||
|
||||
my @keys = get_keys(\%h2);
|
||||
+my $buckets= buckets(\%h2);
|
||||
$h2{$_}++ for @keys;
|
||||
+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
|
||||
ok (Internals::HvREHASH(%h2),
|
||||
- scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
|
||||
+ scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
|
||||
+
|
||||
+# returns the number of buckets in a hash
|
||||
+sub buckets {
|
||||
+ my $hr = shift;
|
||||
+ my $keys_buckets= scalar(%$hr);
|
||||
+ if ($keys_buckets=~m!/([0-9]+)\z!) {
|
||||
+ return 0+$1;
|
||||
+ } else {
|
||||
+ return 8;
|
||||
+ }
|
||||
+}
|
||||
|
||||
sub get_keys {
|
||||
my $hr = shift;
|
||||
diff --git a/hv.c b/hv.c
|
||||
index 6b66251..a031703 100644
|
||||
--- a/hv.c
|
||||
+++ b/hv.c
|
||||
@@ -35,7 +35,8 @@ holds the key and hash value.
|
||||
#define PERL_HASH_INTERNAL_ACCESS
|
||||
#include "perl.h"
|
||||
|
||||
-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
|
||||
+#define HV_MAX_LENGTH_BEFORE_REHASH 14
|
||||
+#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
|
||||
|
||||
static const char S_strtab_error[]
|
||||
= "Cannot modify shared string table in hv_%s";
|
||||
@@ -798,29 +799,9 @@ Perl_hv_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
|
||||
if (masked_flags & HVhek_ENABLEHVKFLAGS)
|
||||
HvHASKFLAGS_on(hv);
|
||||
|
||||
- {
|
||||
- const HE *counter = HeNEXT(entry);
|
||||
-
|
||||
- xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
|
||||
- if (!counter) { /* initial entry? */
|
||||
- } else if (xhv->xhv_keys > xhv->xhv_max) {
|
||||
- /* Use only the old HvUSEDKEYS(hv) > HvMAX(hv) condition to limit
|
||||
- bucket splits on a rehashed hash, as we're not going to
|
||||
- split it again, and if someone is lucky (evil) enough to
|
||||
- get all the keys in one list they could exhaust our memory
|
||||
- as we repeatedly double the number of buckets on every
|
||||
- entry. Linear search feels a less worse thing to do. */
|
||||
- hsplit(hv);
|
||||
- } else if(!HvREHASH(hv)) {
|
||||
- U32 n_links = 1;
|
||||
-
|
||||
- while ((counter = HeNEXT(counter)))
|
||||
- n_links++;
|
||||
-
|
||||
- if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
|
||||
- hsplit(hv);
|
||||
- }
|
||||
- }
|
||||
+ xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
|
||||
+ if ( SHOULD_DO_HSPLIT(xhv) ) {
|
||||
+ hsplit(hv);
|
||||
}
|
||||
|
||||
if (return_svp) {
|
||||
@@ -1197,7 +1178,7 @@ S_hsplit(pTHX_ HV *hv)
|
||||
|
||||
|
||||
/* Pick your policy for "hashing isn't working" here: */
|
||||
- if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked? */
|
||||
+ if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked? */
|
||||
|| HvREHASH(hv)) {
|
||||
return;
|
||||
}
|
||||
@@ -2782,8 +2763,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
|
||||
|
||||
xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
|
||||
if (!next) { /* initial entry? */
|
||||
- } else if (xhv->xhv_keys > xhv->xhv_max /* HvUSEDKEYS(hv) > HvMAX(hv) */) {
|
||||
- hsplit(PL_strtab);
|
||||
+ } else if ( SHOULD_DO_HSPLIT(xhv) ) {
|
||||
+ hsplit(PL_strtab);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/t/op/hash.t b/t/op/hash.t
|
||||
index ef757a3..97eb81b 100644
|
||||
--- a/t/op/hash.t
|
||||
+++ b/t/op/hash.t
|
||||
@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
|
||||
use constant START => "a";
|
||||
|
||||
# some initial hash data
|
||||
-my %h2 = map {$_ => 1} 'a'..'cc';
|
||||
+my %h2;
|
||||
+my $counter= "a";
|
||||
+$h2{$counter++}++ while $counter ne 'cd';
|
||||
|
||||
ok (!Internals::HvREHASH(%h2),
|
||||
"starting with pre-populated non-pathological hash (rehash flag if off)");
|
||||
|
||||
my @keys = get_keys(\%h2);
|
||||
+my $buckets= buckets(\%h2);
|
||||
$h2{$_}++ for @keys;
|
||||
+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
|
||||
ok (Internals::HvREHASH(%h2),
|
||||
- scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
|
||||
+ scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
|
||||
+
|
||||
+# returns the number of buckets in a hash
|
||||
+sub buckets {
|
||||
+ my $hr = shift;
|
||||
+ my $keys_buckets= scalar(%$hr);
|
||||
+ if ($keys_buckets=~m!/([0-9]+)\z!) {
|
||||
+ return 0+$1;
|
||||
+ } else {
|
||||
+ return 8;
|
||||
+ }
|
||||
+}
|
||||
|
||||
sub get_keys {
|
||||
my $hr = shift;
|
||||
|
||||
# the minimum of bits required to mount the attack on a hash
|
||||
my $min_bits = log(THRESHOLD)/log(2);
|
||||
-
|
||||
# if the hash has already been populated with a significant amount
|
||||
# of entries the number of mask bits can be higher
|
||||
my $keys = scalar keys %$hr;
|
||||
--
|
||||
1.8.1.4
|
||||
|
29
perl.spec
29
perl.spec
@ -1,4 +1,4 @@
|
||||
%global perl_version 5.16.2
|
||||
%global perl_version 5.16.3
|
||||
%global perl_epoch 4
|
||||
%global perl_arch_stem -thread-multi
|
||||
%global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
|
||||
@ -29,7 +29,7 @@
|
||||
Name: perl
|
||||
Version: %{perl_version}
|
||||
# release number must be even higher, because dual-lived modules will be broken otherwise
|
||||
Release: 260%{?dist}
|
||||
Release: 261%{?dist}
|
||||
Epoch: %{perl_epoch}
|
||||
Summary: Practical Extraction and Report Language
|
||||
Group: Development/Languages
|
||||
@ -41,7 +41,7 @@ Group: Development/Languages
|
||||
# Copyright Only: for example ext/Text-Soundex/Soundex.xs
|
||||
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and Copyright Only and MIT and Public Domain and UCD
|
||||
Url: http://www.perl.org/
|
||||
Source0: http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.gz
|
||||
Source0: http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.bz2
|
||||
Source2: perl-5.8.0-libnet.cfg
|
||||
Source3: macros.perl
|
||||
#Systemtap tapset and example that make use of systemtap-sdt-devel
|
||||
@ -82,9 +82,6 @@ Patch9: perl-5.14.2-find2perl-transtate-question-mark-properly.patch
|
||||
# Fix broken atof, rhbz#835452, RT#109318
|
||||
Patch10: perl-5.16.0-fix-broken-atof.patch
|
||||
|
||||
# Do not access freed memory when cloning thread, rhbz#825749, RT#111610
|
||||
Patch11: perl-5.16.1-perl-111610-Trouble-with-XS-APItest-t-clone-with-sta.patch
|
||||
|
||||
# Clear $@ before `do' I/O error, rhbz#834226, RT#113730
|
||||
Patch13: perl-5.16.1-RT-113730-should-be-cleared-on-do-IO-error.patch
|
||||
|
||||
@ -115,9 +112,6 @@ Patch20: perl-5.17.6-Fix-misparsing-of-maketext-strings.patch
|
||||
# Add NAME heading into CPAN PODs, rhbz#908113, CPANRT#73396
|
||||
Patch21: perl-5.16.2-cpan-CPAN-add-NAME-headings-in-modules-with-POD.patch
|
||||
|
||||
# Fix CVE-2013-1667, rhbz#918008
|
||||
Patch22: perl-5.16.2-CVE-2013-1667.patch
|
||||
|
||||
# Update some of the bundled modules
|
||||
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
|
||||
|
||||
@ -134,10 +128,11 @@ BuildRequires: procps, rsyslog
|
||||
|
||||
|
||||
# compat macro needed for rebuild
|
||||
%global perl_compat perl(:MODULE_COMPAT_5.16.2)
|
||||
%global perl_compat perl(:MODULE_COMPAT_5.16.3)
|
||||
|
||||
# Compat provides
|
||||
Provides: %perl_compat
|
||||
Provides: perl(:MODULE_COMPAT_5.16.2)
|
||||
Provides: perl(:MODULE_COMPAT_5.16.1)
|
||||
Provides: perl(:MODULE_COMPAT_5.16.0)
|
||||
|
||||
@ -567,7 +562,7 @@ Summary: Character encodings in Perl
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 0
|
||||
Version: 2.44
|
||||
Version: 2.44.01
|
||||
Requires: %perl_compat
|
||||
Conflicts: perl < 4:5.16.2-256
|
||||
|
||||
@ -580,7 +575,7 @@ Summary: Character encodings in Perl
|
||||
Group: Development/Libraries
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 0
|
||||
Version: 2.44
|
||||
Version: 2.44.01
|
||||
Requires: %perl_compat
|
||||
Requires: %{name}-Encode = %{epoch}:%{version}-%{release}
|
||||
Requires: perl-devel
|
||||
@ -945,7 +940,7 @@ Summary: Perl core modules indexed by perl versions
|
||||
Group: Development/Languages
|
||||
License: GPL+ or Artistic
|
||||
Epoch: 1
|
||||
Version: 2.70
|
||||
Version: 2.76.02
|
||||
Requires: %perl_compat
|
||||
Requires: perl(version)
|
||||
BuildArch: noarch
|
||||
@ -1576,7 +1571,6 @@ tarball from perl.org.
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
@ -1586,7 +1580,6 @@ tarball from perl.org.
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
|
||||
#copy the example script
|
||||
cp -a %{SOURCE5} .
|
||||
@ -1789,7 +1782,6 @@ pushd %{build_archlib}/CORE/
|
||||
'Fedora Patch7: Dont run one io test due to random builder failures' \
|
||||
'Fedora Patch9: Fix find2perl to translate ? glob properly (RT#113054)' \
|
||||
'Fedora Patch10: Fix broken atof (RT#109318)' \
|
||||
'Fedora Patch11: Do not access freed memory when cloning thread (RT#111610)' \
|
||||
'Fedora Patch13: Clear $@ before "do" I/O error (RT#113730)' \
|
||||
'Fedora Patch14: Do not truncate syscall() return value to 32 bits (RT#113980)' \
|
||||
'Fedora Patch15: Override the Pod::Simple::parse_file (CPANRT#77530)' \
|
||||
@ -1799,7 +1791,6 @@ pushd %{build_archlib}/CORE/
|
||||
'Fedora Patch19: Do not crash when vivifying $|' \
|
||||
'Fedora Patch20: Fix misparsing of maketext strings (CVE-2012-6329)' \
|
||||
'Fedora Patch21: Add NAME headings to CPAN modules (CPANRT#73396)' \
|
||||
'Fedora Patch22: Fix DoS in rehashing code (CVE-2013-1667)' \
|
||||
%{nil}
|
||||
|
||||
rm patchlevel.bak
|
||||
@ -3079,6 +3070,10 @@ sed \
|
||||
|
||||
# Old changelog entries are preserved in CVS.
|
||||
%changelog
|
||||
* Thu Mar 14 2013 Petr Pisar <ppisar@redhat.com> - 4:5.16.3-261
|
||||
- 5.16.3 bump (see <http://search.cpan.org/dist/perl-5.16.3/pod/perldelta.pod>
|
||||
for release notes)
|
||||
|
||||
* Tue Mar 05 2013 Petr Pisar <ppisar@redhat.com> - 4:5.16.2-260
|
||||
- Fix CVE-2013-1667 (DoS in rehashing code) (bug #918008)
|
||||
|
||||
|
6
sources
6
sources
@ -1,5 +1 @@
|
||||
aceea3db13a159cd5f7e5f2e3ad9534f perl-5.8.0-libdir64.patch
|
||||
ad5d07285d6e4914384b43c9abc2bdba filter-requires.sh
|
||||
1737a36154bb5bca781296794afc6791 perl.stp
|
||||
df28fe2c574e8807d0a803308c545dca perl-example.stp
|
||||
0e57f2d01d96471d9effc3fb43175e84 perl-5.16.2.tar.gz
|
||||
025102de0e4a597cf541e57da80c6aa3 perl-5.16.3.tar.bz2
|
||||
|
Loading…
Reference in New Issue
Block a user