5.16.3 bump

This commit is contained in:
Petr Písař 2013-03-14 17:15:58 +01:00
parent 338a23705e
commit ccef258de2
5 changed files with 14 additions and 248 deletions

1
.gitignore vendored
View File

@ -15,3 +15,4 @@ filter-requires.sh
/perl-5.16.1-228.fc19.src.rpm
/perl-5.16.1.tar.gz
/perl-5.16.2.tar.gz
/perl-5.16.3.tar.bz2

View File

@ -1,56 +0,0 @@
From 4a808ed163df1057031bc6d085300fe1ef6f57d2 Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Fri, 8 Jun 2012 20:29:54 -0700
Subject: [PATCH] [perl #111610] Trouble with XS-APItest/t/clone-with-stack.t
I ran into a bit of a problem when building perl-5.16.0.
'make test' showed a segfault in ext/XS-APItest/t/clone-with-stack.t.
It seems to be caused by accessing already freed memory, it
segfaults because I have MALLOC_PERTUBE_ set, thus glibc fills
freed memory with some value.
Digging deeper, it seems like perl_clone() does not fix
the cx's blk_oldcop element when doing context cloning, thus
blk_oldcop still points to PL_compiling in the old interp--the
calling scope for the BEGIN block being the compilation of the
code surrounding it--and the POPBLOCK done in leavesub will copy
the data from the old interp to PL_curcop.
After fixing this, it still crashed because interp_dup->Iop was
zero after the runops_standard() call (which is probably
correct as the end of the BEGIN block was reached). So I
also added an if statement that checks the pointer.
---
ext/XS-APItest/APItest.xs | 3 ++-
sv.c | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/ext/XS-APItest/APItest.xs b/ext/XS-APItest/APItest.xs
index 2c0ee61..69b7066 100644
--- a/ext/XS-APItest/APItest.xs
+++ b/ext/XS-APItest/APItest.xs
@@ -3084,7 +3084,8 @@ CODE:
PERL_SET_CONTEXT(interp_dup);
/* continue after 'clone_with_stack' */
- interp_dup->Iop = interp_dup->Iop->op_next;
+ if (interp_dup->Iop)
+ interp_dup->Iop = interp_dup->Iop->op_next;
/* run with new perl */
Perl_runops_standard(interp_dup);
diff --git a/sv.c b/sv.c
index 2034c00..fcd76a9 100644
--- a/sv.c
+++ b/sv.c
@@ -12312,6 +12312,7 @@ Perl_cx_dup(pTHX_ PERL_CONTEXT *cxs, I32 ix, I32 max, CLONE_PARAMS* param)
Perl_croak(aTHX_ "Cloning substitution context is unimplemented");
}
else {
+ ncx->blk_oldcop = (COP*)any_dup(ncx->blk_oldcop, param->proto_perl);
switch (CxTYPE(ncx)) {
case CXt_SUB:
ncx->blk_sub.cv = (ncx->blk_sub.olddepth == 0
--
1.7.11.4

View File

@ -1,170 +0,0 @@
From 6e79fe5714a72b1ef86dc890ff60746cdd19f854 Mon Sep 17 00:00:00 2001
From: Yves Orton <demerphq@gmail.com>
Date: Tue, 12 Feb 2013 10:53:05 +0100
Subject: [PATCH] Prevent premature hsplit() calls, and only trigger REHASH
after hsplit()
Triggering a hsplit due to long chain length allows an attacker
to create a carefully chosen set of keys which can cause the hash
to use 2 * (2**32) * sizeof(void *) bytes ram. AKA a DOS via memory
exhaustion. Doing so also takes non trivial time.
Eliminating this check, and only inspecting chain length after a
normal hsplit() (triggered when keys>buckets) prevents the attack
entirely, and makes such attacks relatively benign.
---
ext/Hash-Util-FieldHash/t/10_hash.t | 18 ++++++++++++++++--
hv.c | 35 ++++++++---------------------------
t/op/hash.t | 20 +++++++++++++++++---
3 files changed, 41 insertions(+), 32 deletions(-)
diff --git a/ext/Hash-Util-FieldHash/t/10_hash.t b/ext/Hash-Util-FieldHash/t/10_hash.t
index 2cfb4e8..d58f053 100644
--- a/ext/Hash-Util-FieldHash/t/10_hash.t
+++ b/ext/Hash-Util-FieldHash/t/10_hash.t
@@ -38,15 +38,29 @@ use constant START => "a";
# some initial hash data
fieldhash my %h2;
-%h2 = map {$_ => 1} 'a'..'cc';
+my $counter= "a";
+$h2{$counter++}++ while $counter ne 'cd';
ok (!Internals::HvREHASH(%h2),
"starting with pre-populated non-pathological hash (rehash flag if off)");
my @keys = get_keys(\%h2);
+my $buckets= buckets(\%h2);
$h2{$_}++ for @keys;
+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
ok (Internals::HvREHASH(%h2),
- scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
+ scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
+
+# returns the number of buckets in a hash
+sub buckets {
+ my $hr = shift;
+ my $keys_buckets= scalar(%$hr);
+ if ($keys_buckets=~m!/([0-9]+)\z!) {
+ return 0+$1;
+ } else {
+ return 8;
+ }
+}
sub get_keys {
my $hr = shift;
diff --git a/hv.c b/hv.c
index 6b66251..a031703 100644
--- a/hv.c
+++ b/hv.c
@@ -35,7 +35,8 @@ holds the key and hash value.
#define PERL_HASH_INTERNAL_ACCESS
#include "perl.h"
-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
+#define HV_MAX_LENGTH_BEFORE_REHASH 14
+#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
static const char S_strtab_error[]
= "Cannot modify shared string table in hv_%s";
@@ -798,29 +799,9 @@ Perl_hv_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
if (masked_flags & HVhek_ENABLEHVKFLAGS)
HvHASKFLAGS_on(hv);
- {
- const HE *counter = HeNEXT(entry);
-
- xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
- if (!counter) { /* initial entry? */
- } else if (xhv->xhv_keys > xhv->xhv_max) {
- /* Use only the old HvUSEDKEYS(hv) > HvMAX(hv) condition to limit
- bucket splits on a rehashed hash, as we're not going to
- split it again, and if someone is lucky (evil) enough to
- get all the keys in one list they could exhaust our memory
- as we repeatedly double the number of buckets on every
- entry. Linear search feels a less worse thing to do. */
- hsplit(hv);
- } else if(!HvREHASH(hv)) {
- U32 n_links = 1;
-
- while ((counter = HeNEXT(counter)))
- n_links++;
-
- if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
- hsplit(hv);
- }
- }
+ xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+ if ( SHOULD_DO_HSPLIT(xhv) ) {
+ hsplit(hv);
}
if (return_svp) {
@@ -1197,7 +1178,7 @@ S_hsplit(pTHX_ HV *hv)
/* Pick your policy for "hashing isn't working" here: */
- if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked? */
+ if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked? */
|| HvREHASH(hv)) {
return;
}
@@ -2782,8 +2763,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
if (!next) { /* initial entry? */
- } else if (xhv->xhv_keys > xhv->xhv_max /* HvUSEDKEYS(hv) > HvMAX(hv) */) {
- hsplit(PL_strtab);
+ } else if ( SHOULD_DO_HSPLIT(xhv) ) {
+ hsplit(PL_strtab);
}
}
diff --git a/t/op/hash.t b/t/op/hash.t
index ef757a3..97eb81b 100644
--- a/t/op/hash.t
+++ b/t/op/hash.t
@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
use constant START => "a";
# some initial hash data
-my %h2 = map {$_ => 1} 'a'..'cc';
+my %h2;
+my $counter= "a";
+$h2{$counter++}++ while $counter ne 'cd';
ok (!Internals::HvREHASH(%h2),
"starting with pre-populated non-pathological hash (rehash flag if off)");
my @keys = get_keys(\%h2);
+my $buckets= buckets(\%h2);
$h2{$_}++ for @keys;
+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
ok (Internals::HvREHASH(%h2),
- scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
+ scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
+
+# returns the number of buckets in a hash
+sub buckets {
+ my $hr = shift;
+ my $keys_buckets= scalar(%$hr);
+ if ($keys_buckets=~m!/([0-9]+)\z!) {
+ return 0+$1;
+ } else {
+ return 8;
+ }
+}
sub get_keys {
my $hr = shift;
# the minimum of bits required to mount the attack on a hash
my $min_bits = log(THRESHOLD)/log(2);
-
# if the hash has already been populated with a significant amount
# of entries the number of mask bits can be higher
my $keys = scalar keys %$hr;
--
1.8.1.4

View File

@ -1,4 +1,4 @@
%global perl_version 5.16.2
%global perl_version 5.16.3
%global perl_epoch 4
%global perl_arch_stem -thread-multi
%global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
@ -29,7 +29,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise
Release: 260%{?dist}
Release: 261%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@ -41,7 +41,7 @@ Group: Development/Languages
# Copyright Only: for example ext/Text-Soundex/Soundex.xs
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and Copyright Only and MIT and Public Domain and UCD
Url: http://www.perl.org/
Source0: http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.gz
Source0: http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.bz2
Source2: perl-5.8.0-libnet.cfg
Source3: macros.perl
#Systemtap tapset and example that make use of systemtap-sdt-devel
@ -82,9 +82,6 @@ Patch9: perl-5.14.2-find2perl-transtate-question-mark-properly.patch
# Fix broken atof, rhbz#835452, RT#109318
Patch10: perl-5.16.0-fix-broken-atof.patch
# Do not access freed memory when cloning thread, rhbz#825749, RT#111610
Patch11: perl-5.16.1-perl-111610-Trouble-with-XS-APItest-t-clone-with-sta.patch
# Clear $@ before `do' I/O error, rhbz#834226, RT#113730
Patch13: perl-5.16.1-RT-113730-should-be-cleared-on-do-IO-error.patch
@ -115,9 +112,6 @@ Patch20: perl-5.17.6-Fix-misparsing-of-maketext-strings.patch
# Add NAME heading into CPAN PODs, rhbz#908113, CPANRT#73396
Patch21: perl-5.16.2-cpan-CPAN-add-NAME-headings-in-modules-with-POD.patch
# Fix CVE-2013-1667, rhbz#918008
Patch22: perl-5.16.2-CVE-2013-1667.patch
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@ -134,10 +128,11 @@ BuildRequires: procps, rsyslog
# compat macro needed for rebuild
%global perl_compat perl(:MODULE_COMPAT_5.16.2)
%global perl_compat perl(:MODULE_COMPAT_5.16.3)
# Compat provides
Provides: %perl_compat
Provides: perl(:MODULE_COMPAT_5.16.2)
Provides: perl(:MODULE_COMPAT_5.16.1)
Provides: perl(:MODULE_COMPAT_5.16.0)
@ -567,7 +562,7 @@ Summary: Character encodings in Perl
Group: Development/Libraries
License: GPL+ or Artistic
Epoch: 0
Version: 2.44
Version: 2.44.01
Requires: %perl_compat
Conflicts: perl < 4:5.16.2-256
@ -580,7 +575,7 @@ Summary: Character encodings in Perl
Group: Development/Libraries
License: GPL+ or Artistic
Epoch: 0
Version: 2.44
Version: 2.44.01
Requires: %perl_compat
Requires: %{name}-Encode = %{epoch}:%{version}-%{release}
Requires: perl-devel
@ -945,7 +940,7 @@ Summary: Perl core modules indexed by perl versions
Group: Development/Languages
License: GPL+ or Artistic
Epoch: 1
Version: 2.70
Version: 2.76.02
Requires: %perl_compat
Requires: perl(version)
BuildArch: noarch
@ -1576,7 +1571,6 @@ tarball from perl.org.
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
@ -1586,7 +1580,6 @@ tarball from perl.org.
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
#copy the example script
cp -a %{SOURCE5} .
@ -1789,7 +1782,6 @@ pushd %{build_archlib}/CORE/
'Fedora Patch7: Dont run one io test due to random builder failures' \
'Fedora Patch9: Fix find2perl to translate ? glob properly (RT#113054)' \
'Fedora Patch10: Fix broken atof (RT#109318)' \
'Fedora Patch11: Do not access freed memory when cloning thread (RT#111610)' \
'Fedora Patch13: Clear $@ before "do" I/O error (RT#113730)' \
'Fedora Patch14: Do not truncate syscall() return value to 32 bits (RT#113980)' \
'Fedora Patch15: Override the Pod::Simple::parse_file (CPANRT#77530)' \
@ -1799,7 +1791,6 @@ pushd %{build_archlib}/CORE/
'Fedora Patch19: Do not crash when vivifying $|' \
'Fedora Patch20: Fix misparsing of maketext strings (CVE-2012-6329)' \
'Fedora Patch21: Add NAME headings to CPAN modules (CPANRT#73396)' \
'Fedora Patch22: Fix DoS in rehashing code (CVE-2013-1667)' \
%{nil}
rm patchlevel.bak
@ -3079,6 +3070,10 @@ sed \
# Old changelog entries are preserved in CVS.
%changelog
* Thu Mar 14 2013 Petr Pisar <ppisar@redhat.com> - 4:5.16.3-261
- 5.16.3 bump (see <http://search.cpan.org/dist/perl-5.16.3/pod/perldelta.pod>
for release notes)
* Tue Mar 05 2013 Petr Pisar <ppisar@redhat.com> - 4:5.16.2-260
- Fix CVE-2013-1667 (DoS in rehashing code) (bug #918008)

View File

@ -1,5 +1 @@
aceea3db13a159cd5f7e5f2e3ad9534f perl-5.8.0-libdir64.patch
ad5d07285d6e4914384b43c9abc2bdba filter-requires.sh
1737a36154bb5bca781296794afc6791 perl.stp
df28fe2c574e8807d0a803308c545dca perl-example.stp
0e57f2d01d96471d9effc3fb43175e84 perl-5.16.2.tar.gz
025102de0e4a597cf541e57da80c6aa3 perl-5.16.3.tar.bz2