rpms/perl
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8-stream-5.26
Branches Tags
rpms:c8
rpms:c9-beta
rpms:c10
rpms:c9
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c8-stream-5.32
rpms:c8-beta-stream-5.32
rpms:stream-perl-5.32-rhel-8.10.0
rpms:stream-perl-5.32-rhel-8.9.0
rpms:stream-perl-bootstrap-5.32-rhel-8.9.0
rpms:stream-perl-5.30-rhel-8.10.0
rpms:stream-perl-5.30-rhel-8.9.0
rpms:stream-perl-bootstrap-5.30-rhel-8.9.0
rpms:c8-beta
rpms:stream-perl-5.24-rhel-8.9.0
rpms:c8s-stream-5.32
rpms:c8-beta-stream-5.24
rpms:c8-beta-stream-5.30
rpms:c8-stream-5.26
rpms:c8-stream-5.24
rpms:c8s-stream-5.30
rpms:c8-stream-5.30
rpms:c8-stream-5.3
rpms:imports/c9-beta/perl-5.32.1-483.el9
rpms:imports/c10/perl-5.40.2-512.2.el10_0
rpms:imports/c8/perl-5.26.3-423.el8_10
rpms:imports/c9/perl-5.32.1-481.1.el9_6
rpms:imports/c10s/perl-5.40.2-514.el10
rpms:imports/c10/perl-5.40.2-512.1.el10_0
rpms:imports/c10s/perl-5.40.2-513.el10
rpms:imports/c10s/perl-5.40.1-512.el10
rpms:imports/c10s/perl-5.40.0-511.el10
rpms:imports/c10s/perl-5.40.0-510.el10
rpms:imports/c10s/perl-5.38.2-508.el10
rpms:imports/c8-stream-5.32/perl-5.32.1-473.module+el8.10.0+21354+3ad137bb
rpms:imports/c9/perl-5.32.1-481.el9
rpms:imports/c8-stream-5.32/perl-5.32.1-472.module+el8.8.0+17873+3d1ce0e6
rpms:imports/c8/perl-5.26.3-422.el8
rpms:imports/c9/perl-5.32.1-480.el9
rpms:imports/c9-beta/perl-5.32.1-480.el9
rpms:imports/c8-beta-stream-5.32/perl-5.32.1-472.module+el8.8.0+17873+3d1ce0e6
rpms:imports/c8-beta/perl-5.26.3-422.el8
rpms:imports/c8s-stream-5.32/perl-5.32.1-472.module+el8.8.0+17873+3d1ce0e6
rpms:imports/c8s/perl-5.26.3-422.el8
rpms:imports/c9/perl-5.32.1-479.el9
rpms:imports/c8-stream-5.32/perl-5.32.1-471.module+el8.6.0+13324+628a2397
rpms:imports/c8/perl-5.26.3-421.el8
rpms:imports/c8-beta/perl-5.26.3-421.el8
rpms:imports/c8-beta-stream-5.32/perl-5.32.1-471.module+el8.6.0+13324+628a2397
rpms:imports/c9-beta/perl-5.32.1-479.el9
rpms:imports/c8s-stream-5.32/perl-5.32.1-471.module+el8.6.0+13324+628a2397
rpms:imports/c8/perl-5.26.3-420.el8
rpms:imports/c8s/perl-5.26.3-421.el8
rpms:imports/c8-beta-stream-5.24/perl-5.24.4-404.module+el8.1.0+2926+ce7246ad
rpms:imports/c8-beta-stream-5.30/perl-5.30.1-452.module+el8.4.0+8990+01326e37
rpms:imports/c8-beta-stream-5.30/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8-beta/perl-5.26.3-420.el8
rpms:imports/c8-beta/perl-5.26.3-419.el8
rpms:imports/c8-beta/perl-5.26.3-416.el8
rpms:imports/c8-stream-5.26/perl-5.26.2-412.el8+733+86cf098e
rpms:imports/c8-stream-5.24/perl-5.24.4-404.module+el8.1.0+2926+ce7246ad
rpms:imports/c8-stream-5.24/perl-5.24.4-403.module+el8+2770+c759b41a
rpms:imports/c8-stream-5.24/perl-5.24.4-398.el8+1694+ef8073e1
rpms:imports/c8s-stream-5.30/perl-5.30.1-452.module+el8.4.0+8990+01326e37
rpms:imports/c8s-stream-5.30/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8s-stream-5.30/perl-5.30.1-450.module+el8.3.0+6718+7f269185
rpms:imports/c8s-stream-5.30/perl-5.30.1-450.module+el8.3.0+6702+b3e67f28
rpms:imports/c8s/perl-5.26.3-420.el8
rpms:imports/c8s/perl-5.26.3-419.el8
rpms:imports/c8s/perl-5.26.3-418.el8
rpms:imports/c8s/perl-5.26.3-417.el8
rpms:imports/c8-stream-5.30/perl-5.30.1-452.module+el8.4.0+8990+01326e37
rpms:imports/c8-stream-5.30/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8-stream-5.3/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8/perl-5.26.3-419.el8_4.1
rpms:imports/c8/perl-5.26.3-419.el8
rpms:imports/c8/perl-5.26.3-417.el8_3
rpms:imports/c8/perl-5.26.3-416.el8
...
pull from: rpms:c8
Branches Tags
rpms:c9-beta
rpms:c10
rpms:c8
rpms:c9
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c8-stream-5.32
rpms:c8-beta-stream-5.32
rpms:stream-perl-5.32-rhel-8.10.0
rpms:stream-perl-5.32-rhel-8.9.0
rpms:stream-perl-bootstrap-5.32-rhel-8.9.0
rpms:stream-perl-5.30-rhel-8.10.0
rpms:stream-perl-5.30-rhel-8.9.0
rpms:stream-perl-bootstrap-5.30-rhel-8.9.0
rpms:c8-beta
rpms:stream-perl-5.24-rhel-8.9.0
rpms:c8s-stream-5.32
rpms:c8-beta-stream-5.24
rpms:c8-beta-stream-5.30
rpms:c8-stream-5.26
rpms:c8-stream-5.24
rpms:c8s-stream-5.30
rpms:c8-stream-5.30
rpms:c8-stream-5.3
rpms:imports/c9-beta/perl-5.32.1-483.el9
rpms:imports/c10/perl-5.40.2-512.2.el10_0
rpms:imports/c8/perl-5.26.3-423.el8_10
rpms:imports/c9/perl-5.32.1-481.1.el9_6
rpms:imports/c10s/perl-5.40.2-514.el10
rpms:imports/c10/perl-5.40.2-512.1.el10_0
rpms:imports/c10s/perl-5.40.2-513.el10
rpms:imports/c10s/perl-5.40.1-512.el10
rpms:imports/c10s/perl-5.40.0-511.el10
rpms:imports/c10s/perl-5.40.0-510.el10
rpms:imports/c10s/perl-5.38.2-508.el10
rpms:imports/c8-stream-5.32/perl-5.32.1-473.module+el8.10.0+21354+3ad137bb
rpms:imports/c9/perl-5.32.1-481.el9
rpms:imports/c8-stream-5.32/perl-5.32.1-472.module+el8.8.0+17873+3d1ce0e6
rpms:imports/c8/perl-5.26.3-422.el8
rpms:imports/c9/perl-5.32.1-480.el9
rpms:imports/c9-beta/perl-5.32.1-480.el9
rpms:imports/c8-beta-stream-5.32/perl-5.32.1-472.module+el8.8.0+17873+3d1ce0e6
rpms:imports/c8-beta/perl-5.26.3-422.el8
rpms:imports/c8s-stream-5.32/perl-5.32.1-472.module+el8.8.0+17873+3d1ce0e6
rpms:imports/c8s/perl-5.26.3-422.el8
rpms:imports/c9/perl-5.32.1-479.el9
rpms:imports/c8-stream-5.32/perl-5.32.1-471.module+el8.6.0+13324+628a2397
rpms:imports/c8/perl-5.26.3-421.el8
rpms:imports/c8-beta/perl-5.26.3-421.el8
rpms:imports/c8-beta-stream-5.32/perl-5.32.1-471.module+el8.6.0+13324+628a2397
rpms:imports/c9-beta/perl-5.32.1-479.el9
rpms:imports/c8s-stream-5.32/perl-5.32.1-471.module+el8.6.0+13324+628a2397
rpms:imports/c8/perl-5.26.3-420.el8
rpms:imports/c8s/perl-5.26.3-421.el8
rpms:imports/c8-beta-stream-5.24/perl-5.24.4-404.module+el8.1.0+2926+ce7246ad
rpms:imports/c8-beta-stream-5.30/perl-5.30.1-452.module+el8.4.0+8990+01326e37
rpms:imports/c8-beta-stream-5.30/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8-beta/perl-5.26.3-420.el8
rpms:imports/c8-beta/perl-5.26.3-419.el8
rpms:imports/c8-beta/perl-5.26.3-416.el8
rpms:imports/c8-stream-5.26/perl-5.26.2-412.el8+733+86cf098e
rpms:imports/c8-stream-5.24/perl-5.24.4-404.module+el8.1.0+2926+ce7246ad
rpms:imports/c8-stream-5.24/perl-5.24.4-403.module+el8+2770+c759b41a
rpms:imports/c8-stream-5.24/perl-5.24.4-398.el8+1694+ef8073e1
rpms:imports/c8s-stream-5.30/perl-5.30.1-452.module+el8.4.0+8990+01326e37
rpms:imports/c8s-stream-5.30/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8s-stream-5.30/perl-5.30.1-450.module+el8.3.0+6718+7f269185
rpms:imports/c8s-stream-5.30/perl-5.30.1-450.module+el8.3.0+6702+b3e67f28
rpms:imports/c8s/perl-5.26.3-420.el8
rpms:imports/c8s/perl-5.26.3-419.el8
rpms:imports/c8s/perl-5.26.3-418.el8
rpms:imports/c8s/perl-5.26.3-417.el8
rpms:imports/c8-stream-5.30/perl-5.30.1-452.module+el8.4.0+8990+01326e37
rpms:imports/c8-stream-5.30/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8-stream-5.3/perl-5.30.1-451.module+el8.3.0+6961+31ca2e7a
rpms:imports/c8/perl-5.26.3-419.el8_4.1
rpms:imports/c8/perl-5.26.3-419.el8
rpms:imports/c8/perl-5.26.3-417.el8_3
rpms:imports/c8/perl-5.26.3-416.el8

No commits in common. "c8-stream-5.26" and "c8" have entirely different histories.
c8-stream- ... c8

16 changed files with 1556 additions and 21 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/perl-5.26.2.tar.bz2
SOURCES/perl-5.26.3.tar.bz2

2
.perl.metadata
View File

@ -1 +1 @@
2057b65e3a6ac71287c973402cd01084a1edc35b SOURCES/perl-5.26.2.tar.bz2
4c61872bab631427cbb5b519ef8809d3a4c7f921 SOURCES/perl-5.26.3.tar.bz2

63
SOURCES/perl-5.26.2-Pass-CFLAGS-to-dtrace.patch Normal file
View File

@ -0,0 +1,63 @@
Subject: [PATCH] Pass CFLAGS to dtrace
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
Makefile.SH | 8 +++++---
cflags.SH | 5 ++++-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/Makefile.SH b/Makefile.SH
index 5fc6d1c..e89ad70 100755
--- a/Makefile.SH
+++ b/Makefile.SH
@@ -457,6 +457,8 @@ CCCMD = sh $(shellflags) cflags "optimize='$(OPTIMIZE)'" $@
CCCMDSRC = sh $(shellflags) cflags "optimize='$(OPTIMIZE)'" $<
+DTRACEFLAGS = sh $(shellflags) cflags "optimize='$(OPTIMIZE)'" $@
+
CONFIGPM_FROM_CONFIG_SH = lib/Config.pm lib/Config_heavy.pl
CONFIGPM = $(CONFIGPM_FROM_CONFIG_SH) lib/Config_git.pl
@@ -890,19 +892,19 @@ $(DTRACE_MINI_O): perldtrace.d $(miniperl_objs_nodt)
-rm -rf mpdtrace
mkdir mpdtrace
cp $(miniperl_objs_nodt) mpdtrace/
- $(DTRACE) -G -s perldtrace.d -o $(DTRACE_MINI_O) $(miniperl_dtrace_objs)
+ CFLAGS="`$(DTRACEFLAGS)`" $(DTRACE) -G -s perldtrace.d -o $(DTRACE_MINI_O) $(miniperl_dtrace_objs)
$(DTRACE_PERLLIB_O): perldtrace.d $(perllib_objs_nodt)
-rm -rf libpdtrace
mkdir libpdtrace
cp $(perllib_objs_nodt) libpdtrace/
- $(DTRACE) -G -s perldtrace.d -o $(DTRACE_PERLLIB_O) $(perllib_dtrace_objs)
+ CFLAGS="`$(DTRACEFLAGS)`" $(DTRACE) -G -s perldtrace.d -o $(DTRACE_PERLLIB_O) $(perllib_dtrace_objs)
$(DTRACE_MAIN_O): perldtrace.d perlmain$(OBJ_EXT)
-rm -rf maindtrace
mkdir maindtrace
cp perlmain$(OBJ_EXT) maindtrace/
- $(DTRACE) -G -s perldtrace.d -o $(DTRACE_MAIN_O) $(perlmain_dtrace_objs) || \
+ CFLAGS="`$(DTRACEFLAGS)`" $(DTRACE) -G -s perldtrace.d -o $(DTRACE_MAIN_O) $(perlmain_dtrace_objs) || \
( $(ECHO) "No probes in perlmain$(OBJ_EXT), generating a dummy $(DTRACE_MAIN_O)" && \
$(ECHO) >dtrace_main.c && \
`$(CCCMD)` $(PLDLFLAGS) dtrace_main.c && \
diff --git a/cflags.SH b/cflags.SH
index 3af1e97..b845127 100755
--- a/cflags.SH
+++ b/cflags.SH
@@ -516,7 +516,10 @@ for file do
esac
# Can we perhaps use $ansi2knr here
- echo "$cc -c -DPERL_CORE $ccflags $stdflags $optimize $warn $extra"
+ case "$file" in
+ dtrace_*) echo "$ccflags $stdflags $optimize $warn $extra";;
+ *) echo "$cc -c -DPERL_CORE $ccflags $stdflags $optimize $warn $extra";;
+ esac
. $TOP/config.sh
--
2.17.1

35
SOURCES/perl-5.26.2-perl.h-Add-parens-around-macro-arguments.patch Normal file
View File

@ -0,0 +1,35 @@
From 7714b11d11da2bfd0dc11638e9dd6836b6a32e90 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Mon, 11 Jun 2018 13:26:24 -0600
Subject: [PATCH] perl.h: Add parens around macro arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Arguments used within macros need to be parenthesized in case they are
called with an expression. This commit changes
_CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG() to do that.
Petr Písař: Ported to 5.26.2 from upstream ff58ca57f844 commit.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
perl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/perl.h b/perl.h
index 1c613bc..d278c2a 100644
--- a/perl.h
+++ b/perl.h
@@ -5980,7 +5980,7 @@ typedef struct am_table_short AMTS;
# define _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(s, send) \
STMT_START { /* Check if to warn before doing the conversion work */\
if (! PL_in_utf8_CTYPE_locale && ckWARN(WARN_LOCALE)) { \
- UV cp = utf8_to_uvchr_buf((U8 *) s, (U8 *) send, NULL); \
+ UV cp = utf8_to_uvchr_buf((U8 *) (s), (U8 *) (send), NULL); \
Perl_warner(aTHX_ packWARN(WARN_LOCALE), \
"Wide character (U+%" UVXf ") in %s", \
(cp == 0) \
--
2.14.4

34
SOURCES/perl-5.26.3-CVE-2020-10543.patch Normal file
View File

@ -0,0 +1,34 @@
From 208dea486fa24081cbc0cf05fa5a15c802e2bc68 Mon Sep 17 00:00:00 2001
From: John Lightsey <jd@cpanel.net>
Date: Wed, 20 Nov 2019 20:02:45 -0600
Subject: [PATCH v528 1/3] regcomp.c: Prevent integer overflow from nested
regex quantifiers.
(CVE-2020-10543) On 32bit systems the size calculations for nested regular
expression quantifiers could overflow causing heap memory corruption.
Fixes: Perl/perl5-security#125
---
regcomp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/regcomp.c b/regcomp.c
index e1da15a77c..dd18add1db 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -5102,6 +5139,12 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
(void)ReREFCNT_inc(RExC_rx_sv);
}
+ if ( ( minnext > 0 && mincount >= SSize_t_MAX / minnext )
+ || min >= SSize_t_MAX - minnext * mincount )
+ {
+ FAIL("Regexp out of space");
+ }
+
min += minnext * mincount;
is_inf_internal |= deltanext == SSize_t_MAX
|| (maxcount == REG_INFTY && minnext + deltanext > 0);
--
2.20.1

148
SOURCES/perl-5.26.3-CVE-2020-10878.patch Normal file
View File

@ -0,0 +1,148 @@
From a3a7598c8ec6efb0eb9c0b786d80c4d2a3751b70 Mon Sep 17 00:00:00 2001
From: Hugo van der Sanden <hv@crypt.org>
Date: Tue, 18 Feb 2020 13:51:16 +0000
Subject: [PATCH v528 2/3] study_chunk: extract rck_elide_nothing
(CVE-2020-10878)
---
embed.fnc | 1 +
embed.h | 1 +
proto.h | 3 +++
regcomp.c | 70 ++++++++++++++++++++++++++++++++++---------------------
4 files changed, 48 insertions(+), 27 deletions(-)
diff --git a/embed.fnc b/embed.fnc
index e762fe1eec..cf89277163 100644
--- a/embed.fnc
+++ b/embed.fnc
@@ -2398,6 +2398,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
|I32 stopparen|U32 recursed_depth \
|NULLOK regnode_ssc *and_withp \
|U32 flags|U32 depth|bool was_mutate_ok
+Es |void |rck_elide_nothing|NN regnode *node
EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
|NN const char* const s|const U32 n
rs |void |re_croak2 |bool utf8|NN const char* pat1|NN const char* pat2|...
diff --git a/embed.h b/embed.h
index a5416a1148..886551ce5c 100644
--- a/embed.h
+++ b/embed.h
@@ -1046,6 +1046,7 @@
#define output_or_return_posix_warnings(a,b,c) S_output_or_return_posix_warnings(aTHX_ a,b,c)
#define parse_lparen_question_flags(a) S_parse_lparen_question_flags(aTHX_ a)
#define populate_ANYOF_from_invlist(a,b) S_populate_ANYOF_from_invlist(aTHX_ a,b)
+#define rck_elide_nothing(a) S_rck_elide_nothing(aTHX_ a)
#define reg(a,b,c,d) S_reg(aTHX_ a,b,c,d)
#define reg2Lanode(a,b,c,d) S_reg2Lanode(aTHX_ a,b,c,d)
#define reg_node(a,b) S_reg_node(aTHX_ a,b)
diff --git a/proto.h b/proto.h
index 66bb29b132..d3f8802c1d 100644
--- a/proto.h
+++ b/proto.h
@@ -5150,6 +5150,9 @@ STATIC void S_parse_lparen_question_flags(pTHX_ RExC_state_t *pRExC_state);
STATIC void S_populate_ANYOF_from_invlist(pTHX_ regnode *node, SV** invlist_ptr);
#define PERL_ARGS_ASSERT_POPULATE_ANYOF_FROM_INVLIST \
assert(node); assert(invlist_ptr)
+STATIC void S_rck_elide_nothing(pTHX_ regnode *node);
+#define PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING \
+ assert(node)
PERL_STATIC_NO_RET void S_re_croak2(pTHX_ bool utf8, const char* pat1, const char* pat2, ...)
__attribute__noreturn__;
#define PERL_ARGS_ASSERT_RE_CROAK2 \
diff --git a/regcomp.c b/regcomp.c
index dd18add1db..0a9c6a8085 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -4094,6 +4094,43 @@ S_unwind_scan_frames(pTHX_ const void *p)
} while (f);
}
+/* Follow the next-chain of the current node and optimize away
+ all the NOTHINGs from it.
+ */
+STATIC void
+S_rck_elide_nothing(pTHX_ regnode *node)
+{
+ dVAR;
+
+ PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING;
+
+ if (OP(node) != CURLYX) {
+ const int max = (reg_off_by_arg[OP(node)]
+ ? I32_MAX
+ /* I32 may be smaller than U16 on CRAYs! */
+ : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
+ int off = (reg_off_by_arg[OP(node)] ? ARG(node) : NEXT_OFF(node));
+ int noff;
+ regnode *n = node;
+
+ /* Skip NOTHING and LONGJMP. */
+ while (
+ (n = regnext(n))
+ && (
+ (PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
+ || ((OP(n) == LONGJMP) && (noff = ARG(n)))
+ )
+ && off + noff < max
+ ) {
+ off += noff;
+ }
+ if (reg_off_by_arg[OP(node)])
+ ARG(node) = off;
+ else
+ NEXT_OFF(node) = off;
+ }
+ return;
+}
STATIC SSize_t
S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
@@ -4197,28 +4234,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
if (mutate_ok)
JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
- /* Follow the next-chain of the current node and optimize
- away all the NOTHINGs from it. */
- if (OP(scan) != CURLYX) {
- const int max = (reg_off_by_arg[OP(scan)]
- ? I32_MAX
- /* I32 may be smaller than U16 on CRAYs! */
- : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
- int off = (reg_off_by_arg[OP(scan)] ? ARG(scan) : NEXT_OFF(scan));
- int noff;
- regnode *n = scan;
-
- /* Skip NOTHING and LONGJMP. */
- while ((n = regnext(n))
- && ((PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
- || ((OP(n) == LONGJMP) && (noff = ARG(n))))
- && off + noff < max)
- off += noff;
- if (reg_off_by_arg[OP(scan)])
- ARG(scan) = off;
- else
- NEXT_OFF(scan) = off;
- }
+ /* Follow the next-chain of the current node and optimize
+ away all the NOTHINGs from it.
+ */
+ rck_elide_nothing(scan);
/* The principal pseudo-switch. Cannot be a switch, since we
look into several different things. */
@@ -5348,11 +5367,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
if (data && (fl & SF_HAS_EVAL))
data->flags |= SF_HAS_EVAL;
optimize_curly_tail:
- if (OP(oscan) != CURLYX) {
- while (PL_regkind[OP(next = regnext(oscan))] == NOTHING
- && NEXT_OFF(next))
- NEXT_OFF(oscan) += NEXT_OFF(next);
- }
+ rck_elide_nothing(oscan);
continue;
default:
--
2.20.1

279
SOURCES/perl-5.26.3-CVE-2020-12723.patch Normal file
View File

@ -0,0 +1,279 @@
From c031e3ec7c713077659f5f7dc6638d926c69d7b2 Mon Sep 17 00:00:00 2001
From: Hugo van der Sanden <hv@crypt.org>
Date: Sat, 11 Apr 2020 14:10:24 +0100
Subject: [PATCH v528 3/3] study_chunk: avoid mutating regexp program within
GOSUB
gh16947 and gh17743: studying GOSUB may restudy in an inner call
(via a mix of recursion and enframing) something that an outer call
is in the middle of looking at. Let the outer frame deal with it.
(CVE-2020-12723)
---
embed.fnc | 2 +-
embed.h | 2 +-
proto.h | 2 +-
regcomp.c | 48 ++++++++++++++++++++++++++++++++----------------
t/re/pat.t | 26 +++++++++++++++++++++++++-
5 files changed, 60 insertions(+), 20 deletions(-)
diff --git a/embed.fnc b/embed.fnc
index cf89277163..4b1ba28277 100644
--- a/embed.fnc
+++ b/embed.fnc
@@ -2397,7 +2397,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
|NULLOK struct scan_data_t *data \
|I32 stopparen|U32 recursed_depth \
|NULLOK regnode_ssc *and_withp \
- |U32 flags|U32 depth
+ |U32 flags|U32 depth|bool was_mutate_ok
EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
|NN const char* const s|const U32 n
rs |void |re_croak2 |bool utf8|NN const char* pat1|NN const char* pat2|...
diff --git a/embed.h b/embed.h
index 886551ce5c..50fcabc140 100644
--- a/embed.h
+++ b/embed.h
@@ -1075,7 +1075,7 @@
#define ssc_is_cp_posixl_init S_ssc_is_cp_posixl_init
#define ssc_or(a,b,c) S_ssc_or(aTHX_ a,b,c)
#define ssc_union(a,b,c) S_ssc_union(aTHX_ a,b,c)
-#define study_chunk(a,b,c,d,e,f,g,h,i,j,k) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k)
+#define study_chunk(a,b,c,d,e,f,g,h,i,j,k,l) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k,l)
# endif
# if defined(PERL_IN_REGCOMP_C) || defined (PERL_IN_DUMP_C)
#define _invlist_dump(a,b,c,d) Perl__invlist_dump(aTHX_ a,b,c,d)
diff --git a/proto.h b/proto.h
index d3f8802c1d..e276f69bd1 100644
--- a/proto.h
+++ b/proto.h
@@ -5258,7 +5258,7 @@ PERL_STATIC_INLINE void S_ssc_union(pTHX_ regnode_ssc *ssc, SV* const invlist, c
#define PERL_ARGS_ASSERT_SSC_UNION \
assert(ssc); assert(invlist)
#endif
-STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth);
+STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth, bool was_mutate_ok);
#define PERL_ARGS_ASSERT_STUDY_CHUNK \
assert(pRExC_state); assert(scanp); assert(minlenp); assert(deltap); assert(last)
#endif
diff --git a/regcomp.c b/regcomp.c
index 0a9c6a8085..e66032a16a 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -110,6 +110,7 @@ typedef struct scan_frame {
regnode *next_regnode; /* next node to process when last is reached */
U32 prev_recursed_depth;
I32 stopparen; /* what stopparen do we use */
+ bool in_gosub; /* this or an outer frame is for GOSUB */
U32 is_top_frame; /* what flags do we use? */
struct scan_frame *this_prev_frame; /* this previous frame */
@@ -4102,7 +4103,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
I32 stopparen,
U32 recursed_depth,
regnode_ssc *and_withp,
- U32 flags, U32 depth)
+ U32 flags, U32 depth, bool was_mutate_ok)
/* scanp: Start here (read-write). */
/* deltap: Write maxlen-minlen here. */
/* last: Stop before this one. */
@@ -4179,6 +4180,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
node length to get a real minimum (because
the folded version may be shorter) */
bool unfolded_multi_char = FALSE;
+ /* avoid mutating ops if we are anywhere within the recursed or
+ * enframed handling for a GOSUB: the outermost level will handle it.
+ */
+ bool mutate_ok = was_mutate_ok && !(frame && frame->in_gosub);
/* Peephole optimizer: */
DEBUG_STUDYDATA("Peep:", data, depth);
DEBUG_PEEP("Peep", scan, depth);
@@ -4189,7 +4194,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
* parsing code, as each (?:..) is handled by a different invocation of
* reg() -- Yves
*/
- JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
+ if (mutate_ok)
+ JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
/* Follow the next-chain of the current node and optimize
away all the NOTHINGs from it. */
@@ -4238,7 +4244,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
* NOTE we dont use the return here! */
(void)study_chunk(pRExC_state, &scan, &minlen,
&deltanext, next, &data_fake, stopparen,
- recursed_depth, NULL, f, depth+1);
+ recursed_depth, NULL, f, depth+1, mutate_ok);
scan = next;
} else
@@ -4305,7 +4311,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
/* we suppose the run is continuous, last=next...*/
minnext = study_chunk(pRExC_state, &scan, minlenp,
&deltanext, next, &data_fake, stopparen,
- recursed_depth, NULL, f,depth+1);
+ recursed_depth, NULL, f, depth+1,
+ mutate_ok);
if (min1 > minnext)
min1 = minnext;
@@ -4372,9 +4379,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
}
}
- if (PERL_ENABLE_TRIE_OPTIMISATION &&
- OP( startbranch ) == BRANCH )
- {
+ if (PERL_ENABLE_TRIE_OPTIMISATION
+ && OP(startbranch) == BRANCH
+ && mutate_ok
+ ) {
/* demq.
Assuming this was/is a branch we are dealing with: 'scan'
@@ -4825,6 +4833,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
newframe->stopparen = stopparen;
newframe->prev_recursed_depth = recursed_depth;
newframe->this_prev_frame= frame;
+ newframe->in_gosub = (
+ (frame && frame->in_gosub) || OP(scan) == GOSUB
+ );
DEBUG_STUDYDATA("frame-new:",data,depth);
DEBUG_PEEP("fnew", scan, depth);
@@ -5043,7 +5054,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
(mincount == 0
? (f & ~SCF_DO_SUBSTR)
: f)
- ,depth+1);
+ , depth+1, mutate_ok);
if (flags & SCF_DO_STCLASS)
data->start_class = oclass;
@@ -5105,7 +5116,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
if ( OP(oscan) == CURLYX && data
&& data->flags & SF_IN_PAR
&& !(data->flags & SF_HAS_EVAL)
- && !deltanext && minnext == 1 ) {
+ && !deltanext && minnext == 1
+ && mutate_ok
+ ) {
/* Try to optimize to CURLYN. */
regnode *nxt = NEXTOPER(oscan) + EXTRA_STEP_2ARGS;
regnode * const nxt1 = nxt;
@@ -5151,10 +5164,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
&& !(data->flags & SF_HAS_EVAL)
&& !deltanext /* atom is fixed width */
&& minnext != 0 /* CURLYM can't handle zero width */
-
/* Nor characters whose fold at run-time may be
* multi-character */
&& ! (RExC_seen & REG_UNFOLDED_MULTI_SEEN)
+ && mutate_ok
) {
/* XXXX How to optimize if data == 0? */
/* Optimize to a simpler form. */
@@ -5201,7 +5214,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
#endif
/* Optimize again: */
study_chunk(pRExC_state, &nxt1, minlenp, &deltanext, nxt,
- NULL, stopparen, recursed_depth, NULL, 0,depth+1);
+ NULL, stopparen, recursed_depth, NULL, 0,
+ depth+1, mutate_ok);
}
else
oscan->flags = 0;
@@ -5592,7 +5606,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
nscan = NEXTOPER(NEXTOPER(scan));
minnext = study_chunk(pRExC_state, &nscan, minlenp, &deltanext,
last, &data_fake, stopparen,
- recursed_depth, NULL, f, depth+1);
+ recursed_depth, NULL, f, depth+1,
+ mutate_ok);
if (scan->flags) {
if (deltanext) {
FAIL("Variable length lookbehind not implemented");
@@ -5681,7 +5696,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
*minnextp = study_chunk(pRExC_state, &nscan, minnextp,
&deltanext, last, &data_fake,
stopparen, recursed_depth, NULL,
- f,depth+1);
+ f, depth+1, mutate_ok);
if (scan->flags) {
if (deltanext) {
FAIL("Variable length lookbehind not implemented");
@@ -5841,7 +5856,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
branches even though they arent otherwise used. */
minnext = study_chunk(pRExC_state, &scan, minlenp,
&deltanext, (regnode *)nextbranch, &data_fake,
- stopparen, recursed_depth, NULL, f,depth+1);
+ stopparen, recursed_depth, NULL, f, depth+1,
+ mutate_ok);
}
if (nextbranch && PL_regkind[OP(nextbranch)]==BRANCH)
nextbranch= regnext((regnode*)nextbranch);
@@ -7524,7 +7540,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
&data, -1, 0, NULL,
SCF_DO_SUBSTR | SCF_WHILEM_VISITED_POS | stclass_flag
| (restudied ? SCF_TRIE_DOING_RESTUDY : 0),
- 0);
+ 0, TRUE);
CHECK_RESTUDY_GOTO_butfirst(LEAVE_with_name("study_chunk"));
@@ -7670,7 +7686,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
SCF_DO_STCLASS_AND|SCF_WHILEM_VISITED_POS|(restudied
? SCF_TRIE_DOING_RESTUDY
: 0),
- 0);
+ 0, TRUE);
CHECK_RESTUDY_GOTO_butfirst(NOOP);
diff --git a/t/re/pat.t b/t/re/pat.t
index 1d98fe77d7..1488259b02 100644
--- a/t/re/pat.t
+++ b/t/re/pat.t
@@ -23,7 +23,7 @@ BEGIN {
skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader;
skip_all_without_unicode_tables();
-plan tests => 840; # Update this when adding/deleting tests.
+plan tests => 844; # Update this when adding/deleting tests.
run_tests() unless caller;
@@ -1929,6 +1929,30 @@ EOP
fresh_perl_is('"AA" =~ m/AA{1,0}/','',{},"handle OPFAIL insert properly");
}
+ # gh16947: test regexp corruption (GOSUB)
+ {
+ fresh_perl_is(q{
+ 'xy' =~ /x(?0)|x(?|y|y)/ && print 'ok'
+ }, 'ok', {}, 'gh16947: test regexp corruption (GOSUB)');
+ }
+ # gh16947: test fix doesn't break SUSPEND
+ {
+ fresh_perl_is(q{ 'sx' =~ m{ss++}i; print 'ok' },
+ 'ok', {}, "gh16947: test fix doesn't break SUSPEND");
+ }
+
+ # gh17743: more regexp corruption via GOSUB
+ {
+ fresh_perl_is(q{
+ "0" =~ /((0(?0)|000(?|0000|0000)(?0))|)/; print "ok"
+ }, 'ok', {}, 'gh17743: test regexp corruption (1)');
+
+ fresh_perl_is(q{
+ "000000000000" =~ /(0(())(0((?0)())|000(?|\x{ef}\x{bf}\x{bd}|\x{ef}\x{bf}\x{bd}))|)/;
+ print "ok"
+ }, 'ok', {}, 'gh17743: test regexp corruption (2)');
+ }
+
} # End of sub run_tests
1;
--
2.20.1

62
SOURCES/perl-5.26.3-Net-Ping-Fix-_resolv-return-value.patch Normal file
View File

@ -0,0 +1,62 @@
From 47d2c70bde8c0bdc67e85578133338fc63c33f13 Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jplesnik@redhat.com>
Date: Thu, 17 Jun 2021 11:41:48 +0200
Subject: [PATCH 2/2] Fix _resolv return value
in case of the new warnings.
Thanks to @nlv02636
Backported fromn Net-Ping 2.68
---
dist/Net-Ping/lib/Net/Ping.pm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/dist/Net-Ping/lib/Net/Ping.pm b/dist/Net-Ping/lib/Net/Ping.pm
index 9e2497c..87087fc 100644
--- a/dist/Net-Ping/lib/Net/Ping.pm
+++ b/dist/Net-Ping/lib/Net/Ping.pm
@@ -1794,6 +1794,7 @@ sub _resolv {
# Clean up port
if (defined($h{port}) && (($h{port} !~ /^\d{1,5}$/) || ($h{port} < 1) || ($h{port} > 65535))) {
croak("Invalid port `$h{port}' in `$name'");
+ return undef;
}
# END - host:port
@@ -1850,18 +1851,21 @@ sub _resolv {
} else {
(undef, $h{addr_in}, undef, undef) = Socket::unpack_sockaddr_in6 $getaddr[0]->{addr};
}
- return \%h
+ return \%h;
} else {
carp("getnameinfo($getaddr[0]->{addr}) failed - $err");
+ return undef;
}
} else {
warn(sprintf("getaddrinfo($h{host},,%s) failed - $err",
$family == AF_INET ? "AF_INET" : "AF_INET6"));
+ return undef;
}
# old way
} else {
if ($family == $AF_INET6) {
croak("Socket >= 1.94 required for IPv6 - found Socket $Socket::VERSION");
+ return undef;
}
my @gethost = gethostbyname($h{host});
@@ -1872,8 +1876,10 @@ sub _resolv {
return \%h
} else {
carp("gethostbyname($h{host}) failed - $^E");
+ return undef;
}
}
+ return undef;
}
sub _pack_sockaddr_in($$) {
--
2.31.1

99
SOURCES/perl-5.26.3-Net-Ping-carp-not-croak-on-most-name-lookup-failures.patch Normal file
View File

@ -0,0 +1,99 @@
From 5a3f94a3f0e21d8e685ede4e851a318578a2151f Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jplesnik@redhat.com>
Date: Thu, 17 Jun 2021 11:12:30 +0200
Subject: [PATCH 1/2] carp, not croak on most name lookup failures
See RT #124830, a regression.
Return undef instead.
Backported from Net-Ping 2.67
---
dist/Net-Ping/lib/Net/Ping.pm | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/dist/Net-Ping/lib/Net/Ping.pm b/dist/Net-Ping/lib/Net/Ping.pm
index 13cbe81..9e2497c 100644
--- a/dist/Net-Ping/lib/Net/Ping.pm
+++ b/dist/Net-Ping/lib/Net/Ping.pm
@@ -144,7 +144,7 @@ sub new
if ($self->{'host'}) {
my $host = $self->{'host'};
my $ip = _resolv($host)
- or croak("could not resolve host $host");
+ or carp("could not resolve host $host");
$self->{host} = $ip;
$self->{family} = $ip->{family};
}
@@ -152,7 +152,7 @@ sub new
if ($self->{bind}) {
my $addr = $self->{bind};
my $ip = _resolv($addr)
- or croak("could not resolve local addr $addr");
+ or carp("could not resolve local addr $addr");
$self->{local_addr} = $ip;
} else {
$self->{local_addr} = undef; # Don't bind by default
@@ -323,7 +323,7 @@ sub bind
($self->{proto} eq "udp" || $self->{proto} eq "icmp");
$ip = $self->_resolv($local_addr);
- croak("nonexistent local address $local_addr") unless defined($ip);
+ carp("nonexistent local address $local_addr") unless defined($ip);
$self->{local_addr} = $ip;
if (($self->{proto} ne "udp") &&
@@ -1129,13 +1129,14 @@ sub open
$self->{family_local} = $self->{family};
}
- $ip = $self->_resolv($host);
$timeout = $self->{timeout} unless $timeout;
+ $ip = $self->_resolv($host);
- if($self->{proto} eq "stream") {
- if(defined($self->{fh}->fileno())) {
+ if ($self->{proto} eq "stream") {
+ if (defined($self->{fh}->fileno())) {
croak("socket is already open");
} else {
+ return () unless $ip;
$self->tcp_connect($ip, $timeout);
}
}
@@ -1851,12 +1852,11 @@ sub _resolv {
}
return \%h
} else {
- croak("getnameinfo($getaddr[0]->{addr}) failed - $err");
+ carp("getnameinfo($getaddr[0]->{addr}) failed - $err");
}
} else {
- my $error = sprintf "getaddrinfo($h{host},,%s) failed - $err",
- ($family == AF_INET) ? "AF_INET" : "AF_INET6";
- croak("$error");
+ warn(sprintf("getaddrinfo($h{host},,%s) failed - $err",
+ $family == AF_INET ? "AF_INET" : "AF_INET6"));
}
# old way
} else {
@@ -1871,7 +1871,7 @@ sub _resolv {
$h{family} = AF_INET;
return \%h
} else {
- croak("gethostbyname($h{host}) failed - $^E");
+ carp("gethostbyname($h{host}) failed - $^E");
}
}
}
@@ -1913,7 +1913,7 @@ sub _inet_ntoa {
if (defined($address)) {
$ret = $address;
} else {
- croak("getnameinfo($addr) failed - $err");
+ carp("getnameinfo($addr) failed - $err");
}
} else {
$ret = inet_ntoa($addr)
--
2.31.1

113
SOURCES/perl-5.28.2-Only-pass-2-digit-years-to-tests-when-testing-2-digi.patch Normal file
View File

@ -0,0 +1,113 @@
From 381d51822fccaa333cbd0ab9fca8b69f650c05f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 14 Feb 2020 14:10:10 +0100
Subject: [PATCH] Only pass 2-digit years to tests when testing 2-digit year
handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This will start breaking in 2020 if done without working around the whole
breakpoint thing. See https://rt.cpan.org/Ticket/Display.html?id=124787.
Ported from Time-Local 63265fd81c7f6177bf28dfe0d1ada9cb897de566 commit
by Dave Rolsky <autarch@urth.org> to perl 5.28.2.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
cpan/Time-Local/t/Local.t | 40 +++++++++++++++++++++++++++++----------
1 file changed, 30 insertions(+), 10 deletions(-)
diff --git a/cpan/Time-Local/t/Local.t b/cpan/Time-Local/t/Local.t
index 6341396..701d22d 100644
--- a/cpan/Time-Local/t/Local.t
+++ b/cpan/Time-Local/t/Local.t
@@ -85,19 +85,17 @@ my $epoch_is_64
for ( @time, @neg_time ) {
my ( $year, $mon, $mday, $hour, $min, $sec ) = @$_;
- $year -= 1900;
$mon--;
SKIP: {
skip '1970 test on VOS fails.', 12
- if $^O eq 'vos' && $year == 70;
+ if $^O eq 'vos' && $year == 1970;
skip 'this platform does not support negative epochs.', 12
- if $year < 70 && !$neg_epoch_ok;
+ if $year < 1970 && !$neg_epoch_ok;
# Test timelocal()
{
- my $year_in = $year < 70 ? $year + 1900 : $year;
- my $time = timelocal( $sec, $min, $hour, $mday, $mon, $year_in );
+ my $time = timelocal( $sec, $min, $hour, $mday, $mon, $year );
my ( $s, $m, $h, $D, $M, $Y ) = localtime($time);
@@ -106,13 +104,12 @@ SKIP: {
is( $h, $hour, "timelocal hour for @$_" );
is( $D, $mday, "timelocal day for @$_" );
is( $M, $mon, "timelocal month for @$_" );
- is( $Y, $year, "timelocal year for @$_" );
+ is( $Y, $year - 1900, "timelocal year for @$_" );
}
# Test timegm()
{
- my $year_in = $year < 70 ? $year + 1900 : $year;
- my $time = timegm( $sec, $min, $hour, $mday, $mon, $year_in );
+ my $time = timegm( $sec, $min, $hour, $mday, $mon, $year );
my ( $s, $m, $h, $D, $M, $Y ) = gmtime($time);
@@ -121,14 +118,13 @@ SKIP: {
is( $h, $hour, "timegm hour for @$_" );
is( $D, $mday, "timegm day for @$_" );
is( $M, $mon, "timegm month for @$_" );
- is( $Y, $year, "timegm year for @$_" );
+ is( $Y, $year - 1900, "timegm year for @$_" );
}
}
}
for (@bad_time) {
my ( $year, $mon, $mday, $hour, $min, $sec ) = @$_;
- $year -= 1900;
$mon--;
eval { timegm( $sec, $min, $hour, $mday, $mon, $year ) };
@@ -229,6 +225,30 @@ SKIP:
);
}
+# 2-digit years
+{
+ my $current_year = ( localtime() )[5];
+ my $pre_break = ( $current_year + 49 ) - 100;
+ my $break = ( $current_year + 50 ) - 100;
+ my $post_break = ( $current_year + 51 ) - 100;
+
+ is(
+ ( ( localtime( timelocal( 0, 0, 0, 1, 1, $pre_break ) ) )[5] ),
+ $pre_break + 100,
+ "year $pre_break is treated as next century",
+ );
+ is(
+ ( ( localtime( timelocal( 0, 0, 0, 1, 1, $break ) ) )[5] ),
+ $break + 100,
+ "year $break is treated as next century",
+ );
+ is(
+ ( ( localtime( timelocal( 0, 0, 0, 1, 1, $post_break ) ) )[5] ),
+ $post_break,
+ "year $post_break is treated as current century",
+ );
+}
+
SKIP:
{
skip 'These tests only run for the package maintainer.', 8
--
2.21.1

94
SOURCES/perl-5.29.0-Remove-ext-GDBM_File-t-fatal.t.patch Normal file
View File

@ -0,0 +1,94 @@
From 892e8b006aa99ac2c880cdc2a81fd16f06c1a0f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 9 Jul 2018 16:18:36 +0200
Subject: [PATCH] Remove ext/GDBM_File/t/fatal.t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
gdbm-1.15 defaults to a memory-mapped I/O and does not report any I/O
errors on store and close operations. Thus ext/GDBM_File/t/fatal.t
test that expects these fatal error reports fails. Because there is
no other way to provoke a fatal error in gdbm-1.15 this patch
removes the test. Future gdbm version promisses reporting a regular
error on closing a database.
RT#133295
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
MANIFEST | 1 -
ext/GDBM_File/t/fatal.t | 49 -------------------------------------------------
2 files changed, 50 deletions(-)
delete mode 100644 ext/GDBM_File/t/fatal.t
diff --git a/MANIFEST b/MANIFEST
index 95fa539095..b07fed1f54 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -4100,7 +4100,6 @@ ext/GDBM_File/GDBM_File.pm GDBM extension Perl module
ext/GDBM_File/GDBM_File.xs GDBM extension external subroutines
ext/GDBM_File/hints/sco.pl Hint for GDBM_File for named architecture
ext/GDBM_File/Makefile.PL GDBM extension makefile writer
-ext/GDBM_File/t/fatal.t Test the fatal_func argument to gdbm_open
ext/GDBM_File/t/gdbm.t See if GDBM_File works
ext/GDBM_File/typemap GDBM extension interface types
ext/Hash-Util/Changes Change history of Hash::Util
diff --git a/ext/GDBM_File/t/fatal.t b/ext/GDBM_File/t/fatal.t
deleted file mode 100644
index 0e426d4dbc..0000000000
--- a/ext/GDBM_File/t/fatal.t
+++ /dev/null
@@ -1,49 +0,0 @@
-#!./perl -w
-use strict;
-
-use Test::More;
-use Config;
-
-BEGIN {
- plan(skip_all => "GDBM_File was not built")
- unless $Config{extensions} =~ /\bGDBM_File\b/;
-
- # https://rt.perl.org/Public/Bug/Display.html?id=117967
- plan(skip_all => "GDBM_File is flaky in $^O")
- if $^O =~ /darwin/;
-
- plan(tests => 8);
- use_ok('GDBM_File');
-}
-
-unlink <Op_dbmx*>;
-
-open my $fh, '<', $^X or die "Can't open $^X: $!";
-my $fileno = fileno $fh;
-isnt($fileno, undef, "Can find next available file descriptor");
-close $fh or die $!;
-
-is((open $fh, "<&=$fileno"), undef,
- "Check that we cannot open fileno $fileno. \$! is $!");
-
-umask(0);
-my %h;
-isa_ok(tie(%h, 'GDBM_File', 'Op_dbmx', GDBM_WRCREAT, 0640), 'GDBM_File');
-
-isnt((open $fh, "<&=$fileno"), undef, "dup fileno $fileno")
- or diag("\$! = $!");
-isnt(close $fh, undef,
- "close fileno $fileno, out from underneath the GDBM_File");
-is(eval {
- $h{Perl} = 'Rules';
- untie %h;
- 1;
-}, undef, 'Trapped error when attempting to write to knobbled GDBM_File');
-
-# Observed "File write error" and "lseek error" from two different systems.
-# So there might be more variants. Important part was that we trapped the error
-# via croak.
-like($@, qr/ at .*\bfatal\.t line \d+\.\n\z/,
- 'expected error message from GDBM_File');
-
-unlink <Op_dbmx*>;
--
2.14.4

32
SOURCES/perl-5.29.0-regexec.c-Call-macro-with-correct-args.patch Normal file
View File

@ -0,0 +1,32 @@
From e1a2878a55b1a7f11f19b384c4ea5235c29866b2 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Mon, 11 Jun 2018 13:28:53 -0600
Subject: [PATCH] regexec.c: Call macro with correct args.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The second argument to this macro is a pointer to the end, as opposed to
a length.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
regexec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/regexec.c b/regexec.c
index 7ed8f4fabc..ba52ae97c7 100644
--- a/regexec.c
+++ b/regexec.c
@@ -1808,7 +1808,7 @@ STMT_START {
case trie_flu8: \
_CHECK_AND_WARN_PROBLEMATIC_LOCALE; \
if (UTF8_IS_ABOVE_LATIN1(*uc)) { \
- _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc_end - uc); \
+ _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc_end); \
} \
goto do_trie_utf8_fold; \
case trie_utf8_exactfa_fold: \
--
2.14.4

22
SOURCES/perl-5.31.5-PATCH-gh-17218-memory-leak.patch Normal file
View File

@ -0,0 +1,22 @@
From 70f089724b15d1b2ed9264f277454aa559d50232 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Fri, 15 Nov 2019 15:01:15 -0700
Subject: [PATCH] PATCH: gh#17218 memory leak
Indeed, a variable's ref count was not getting decremented.
---
regcomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/regcomp.c b/regcomp.c
index ddac290d2bf0..de4f6f24dac8 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -17602,6 +17602,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
/* Likewise for 'posixes' */
_invlist_union(posixes, cp_list, &cp_list);
+ SvREFCNT_dec(posixes);
/* Likewise for anything else in the range that matched only
* under UTF-8 */

39
SOURCES/perl-5.36.0-Add-definition-of-OPTIMIZE-to-.ph-files.patch Normal file
View File

@ -0,0 +1,39 @@
From 6d9d949fb4962e32636aee48a948081d8936d318 Mon Sep 17 00:00:00 2001
From: Jitka Plesnikova <jplesnik@redhat.com>
Date: Wed, 11 Jan 2023 09:12:18 +0100
Subject: [PATCH] Add definition of OPTIMIZE to .ph files
The fortify.h header includes a test to ensure that -O is used when
compiling with _FORTIFY_SOURCE, and the header looks for OPTIMIZE, which
is set by the compiler whenever -O is used. Perl translates this test
to the .ph file, but nothing ever sets OPTIMIZE. This causes a warning
for anything that uses features.ph.
_FORTIFY_SOURCE is defined in /usr/lib64/perl5/_h2ph_pre.ph which is
generated by h2ph. It uses value of @Config{'ccsymbols', 'cppsymbols',
'cppccsymbols'} which does not contain definition for OPTIMIZE.
The patch updated h2ph to add OPTIMIZE if -O is used.
---
utils/h2ph.PL | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/utils/h2ph.PL b/utils/h2ph.PL
index afa53c2..3950d11 100644
--- a/utils/h2ph.PL
+++ b/utils/h2ph.PL
@@ -865,6 +865,11 @@ sub _extract_cc_defines
my $allsymbols = join " ",
@Config{'ccsymbols', 'cppsymbols', 'cppccsymbols'};
+ # If optimizing -O2 is used, add the definition
+ if ($Config{'ccflags'} =~ /(?:\s+|^)-O([\d]+)(?:\s+|$)/) {
+ $allsymbols .= " __OPTIMIZE__=$1";
+ }
+
# Split compiler pre-definitions into 'key=value' pairs:
while ($allsymbols =~ /([^\s]+)=((\\\s|[^\s])+)/g) {
$define{$1} = $2;
--
2.39.0

381
SOURCES/perl-5.42.0-CVE-2025-40909-Clone-dirhandles-without-fchdir.patch Normal file
View File

@ -0,0 +1,381 @@
Subject: [PATCH] CVE-2025-40909: Clone dirhandles without fchdir
This uses fdopendir and dup to dirhandles. This means it won't change
working directory during thread cloning, which prevents race conditions
that can happen if a third thread is active at the same time.
Backport commit 918bfff86ca8d6d4e4ec5b30994451e0bd74aba9
diff -up perl-5.26.3/Configure.cve1 perl-5.26.3/Configure
--- perl-5.26.3/Configure.cve1 2025-07-01 16:14:01.993333056 +0200
+++ perl-5.26.3/Configure 2025-07-01 16:17:14.176225381 +0200
@@ -477,6 +477,7 @@ d_fd_set=''
d_fds_bits=''
d_fdclose=''
d_fdim=''
+d_fdopendir=''
d_fegetround=''
d_fgetpos=''
d_finite=''
@@ -13432,6 +13433,10 @@ esac
set i_fcntl
eval $setvar
+: see if fdopendir exists
+set fdopendir d_fdopendir
+eval $inlibc
+
: see if fork exists
set fork d_fork
eval $inlibc
@@ -24553,6 +24558,7 @@ d_flockproto='$d_flockproto'
d_fma='$d_fma'
d_fmax='$d_fmax'
d_fmin='$d_fmin'
+d_fdopendir='$d_fdopendir'
d_fork='$d_fork'
d_fp_class='$d_fp_class'
d_fp_classify='$d_fp_classify'
diff -up perl-5.26.3/Cross/config.sh-arm-linux.cve1 perl-5.26.3/Cross/config.sh-arm-linux
--- perl-5.26.3/Cross/config.sh-arm-linux.cve1 2025-07-01 16:14:02.356103884 +0200
+++ perl-5.26.3/Cross/config.sh-arm-linux 2025-07-01 16:22:47.326303792 +0200
@@ -209,6 +209,7 @@ d_fd_macros='define'
d_fd_set='define'
d_fdclose='undef'
d_fdim='undef'
+d_fdopendir=undef
d_fds_bits='undef'
d_fegetround='define'
d_fgetpos='define'
diff -up perl-5.26.3/Cross/config.sh-arm-linux-n770.cve1 perl-5.26.3/Cross/config.sh-arm-linux-n770
--- perl-5.26.3/Cross/config.sh-arm-linux-n770.cve1 2025-07-01 16:14:02.356465600 +0200
+++ perl-5.26.3/Cross/config.sh-arm-linux-n770 2025-07-01 16:52:20.320275584 +0200
@@ -182,6 +182,7 @@ d_fcntl='define'
d_fcntl_can_lock='define'
d_fd_macros='define'
d_fd_set='define'
+d_fdopendir=undef
d_fds_bits='undef'
d_fgetpos='define'
d_finite='define'
diff -up perl-5.26.3/Porting/Glossary.cve1 perl-5.26.3/Porting/Glossary
--- perl-5.26.3/Porting/Glossary.cve1 2018-03-23 20:34:30.000000000 +0100
+++ perl-5.26.3/Porting/Glossary 2025-07-01 16:14:02.357025809 +0200
@@ -928,6 +928,11 @@ d_fmin (d_fmin.U):
This variable conditionally defines the HAS_FMIN symbol, which
indicates to the C program that the fmin() routine is available.
+d_fdopendir (d_fdopendir.U):
+ This variable conditionally defines the HAS_FORK symbol, which
+ indicates that the fdopen routine is available to open a
+ directory descriptor.
+
d_fork (d_fork.U):
This variable conditionally defines the HAS_FORK symbol, which
indicates to the C program that the fork() routine is available.
diff -up perl-5.26.3/Porting/config.sh.cve1 perl-5.26.3/Porting/config.sh
--- perl-5.26.3/Porting/config.sh.cve1 2025-07-01 16:14:02.357538931 +0200
+++ perl-5.26.3/Porting/config.sh 2025-07-01 17:00:56.990037450 +0200
@@ -218,6 +218,7 @@ d_fd_macros='define'
d_fd_set='define'
d_fdclose='undef'
d_fdim='define'
+d_fdopendir='define'
d_fds_bits='define'
d_fegetround='define'
d_fgetpos='define'
diff -up perl-5.26.3/config_h.SH.cve1 perl-5.26.3/config_h.SH
--- perl-5.26.3/config_h.SH.cve1 2018-03-23 20:34:31.000000000 +0100
+++ perl-5.26.3/config_h.SH 2025-07-01 16:14:02.357918043 +0200
@@ -168,6 +168,12 @@ sed <<!GROK!THIS! >$CONFIG_H -e 's!^#und
*/
#$d_fcntl HAS_FCNTL /**/
+/* HAS_FDOPENDIR:
+ * This symbol, if defined, indicates that the fdopen routine is
+ * available to open a directory descriptor.
+ */
+#$d_fdopendir HAS_FDOPENDIR /**/
+
/* HAS_FGETPOS:
* This symbol, if defined, indicates that the fgetpos routine is
* available to get the file position indicator, similar to ftell().
diff -up perl-5.26.3/configure.com.cve1 perl-5.26.3/configure.com
--- perl-5.26.3/configure.com.cve1 2025-07-01 16:14:02.358633549 +0200
+++ perl-5.26.3/configure.com 2025-07-01 17:03:59.095435784 +0200
@@ -6048,6 +6048,7 @@ $ WC "d_fd_set='" + d_fd_set + "'"
$ WC "d_fd_macros='define'"
$ WC "d_fdclose='undef'"
$ WC "d_fdim='" + d_fdim + "'"
+$ WC "d_fdopendir='undef'"
$ WC "d_fds_bits='define'"
$ WC "d_fegetround='undef'"
$ WC "d_fgetpos='define'"
diff -up perl-5.26.3/plan9/config_sh.sample.cve1 perl-5.26.3/plan9/config_sh.sample
--- perl-5.26.3/plan9/config_sh.sample.cve1 2025-07-01 16:14:02.359271688 +0200
+++ perl-5.26.3/plan9/config_sh.sample 2025-07-01 17:06:27.780427041 +0200
@@ -209,6 +209,7 @@ d_fd_macros='undef'
d_fd_set='undef'
d_fdclose='undef'
d_fdim='undef'
+d_fdopendir=undef
d_fds_bits='undef'
d_fegetround='undef'
d_fgetpos='define'
diff -up perl-5.26.3/sv.c.cve1 perl-5.26.3/sv.c
--- perl-5.26.3/sv.c.cve1 2025-07-01 16:14:02.026333724 +0200
+++ perl-5.26.3/sv.c 2025-07-01 17:13:18.322638398 +0200
@@ -13296,15 +13296,6 @@ Perl_dirp_dup(pTHX_ DIR *const dp, CLONE
{
DIR *ret;
-#if defined(HAS_FCHDIR) && defined(HAS_TELLDIR) && defined(HAS_SEEKDIR)
- DIR *pwd;
- const Direntry_t *dirent;
- char smallbuf[256]; /* XXX MAXPATHLEN, surely? */
- char *name = NULL;
- STRLEN len = 0;
- long pos;
-#endif
-
PERL_UNUSED_CONTEXT;
PERL_ARGS_ASSERT_DIRP_DUP;
@@ -13316,89 +13307,13 @@ Perl_dirp_dup(pTHX_ DIR *const dp, CLONE
if (ret)
return ret;
-#if defined(HAS_FCHDIR) && defined(HAS_TELLDIR) && defined(HAS_SEEKDIR)
+#ifdef HAS_FDOPENDIR
PERL_UNUSED_ARG(param);
- /* create anew */
-
- /* open the current directory (so we can switch back) */
- if (!(pwd = PerlDir_open("."))) return (DIR *)NULL;
-
- /* chdir to our dir handle and open the present working directory */
- if (fchdir(my_dirfd(dp)) < 0 || !(ret = PerlDir_open("."))) {
- PerlDir_close(pwd);
- return (DIR *)NULL;
- }
- /* Now we should have two dir handles pointing to the same dir. */
-
- /* Be nice to the calling code and chdir back to where we were. */
- /* XXX If this fails, then what? */
- PERL_UNUSED_RESULT(fchdir(my_dirfd(pwd)));
-
- /* We have no need of the pwd handle any more. */
- PerlDir_close(pwd);
-
-#ifdef DIRNAMLEN
-# define d_namlen(d) (d)->d_namlen
-#else
-# define d_namlen(d) strlen((d)->d_name)
-#endif
- /* Iterate once through dp, to get the file name at the current posi-
- tion. Then step back. */
- pos = PerlDir_tell(dp);
- if ((dirent = PerlDir_read(dp))) {
- len = d_namlen(dirent);
- if (len > sizeof(dirent->d_name) && sizeof(dirent->d_name) > PTRSIZE) {
- /* If the len is somehow magically longer than the
- * maximum length of the directory entry, even though
- * we could fit it in a buffer, we could not copy it
- * from the dirent. Bail out. */
- PerlDir_close(ret);
- return (DIR*)NULL;
- }
- if (len <= sizeof smallbuf) name = smallbuf;
- else Newx(name, len, char);
- Move(dirent->d_name, name, len, char);
- }
- PerlDir_seek(dp, pos);
-
- /* Iterate through the new dir handle, till we find a file with the
- right name. */
- if (!dirent) /* just before the end */
- for(;;) {
- pos = PerlDir_tell(ret);
- if (PerlDir_read(ret)) continue; /* not there yet */
- PerlDir_seek(ret, pos); /* step back */
- break;
- }
- else {
- const long pos0 = PerlDir_tell(ret);
- for(;;) {
- pos = PerlDir_tell(ret);
- if ((dirent = PerlDir_read(ret))) {
- if (len == (STRLEN)d_namlen(dirent)
- && memEQ(name, dirent->d_name, len)) {
- /* found it */
- PerlDir_seek(ret, pos); /* step back */
- break;
- }
- /* else we are not there yet; keep iterating */
- }
- else { /* This is not meant to happen. The best we can do is
- reset the iterator to the beginning. */
- PerlDir_seek(ret, pos0);
- break;
- }
- }
- }
-#undef d_namlen
-
- if (name && name != smallbuf)
- Safefree(name);
-#endif
+ ret = fdopendir(dup(my_dirfd(dp)));
-#ifdef WIN32
+#elif defined(WIN32)
ret = win32_dirp_dup(dp, param);
#endif
diff -up perl-5.26.3/t/op/threads-dirh.t.cve1 perl-5.26.3/t/op/threads-dirh.t
--- perl-5.26.3/t/op/threads-dirh.t.cve1 2018-03-01 13:19:45.000000000 +0100
+++ perl-5.26.3/t/op/threads-dirh.t 2025-07-01 17:14:31.513499120 +0200
@@ -12,16 +12,12 @@ BEGIN {
skip_all_without_config('useithreads');
skip_all_if_miniperl("no dynamic loading on miniperl, no threads");
- plan(6);
+ plan(1);
}
use strict;
use warnings;
use threads;
-use threads::shared;
-use File::Path;
-use File::Spec::Functions qw 'updir catdir';
-use Cwd 'getcwd';
# Basic sanity check: make sure this does not crash
fresh_perl_is <<'# this is no comment', 'ok', {}, 'crash when duping dirh';
@@ -30,101 +26,3 @@ fresh_perl_is <<'# this is no comment',
async{}->join for 1..2;
print "ok";
# this is no comment
-
-my $dir;
-SKIP: {
- skip "telldir or seekdir not defined on this platform", 5
- if !$Config::Config{d_telldir} || !$Config::Config{d_seekdir};
- my $skip = sub {
- chdir($dir);
- chdir updir;
- skip $_[0], 5
- };
-
- if(!$Config::Config{d_fchdir} && $^O ne "MSWin32") {
- $::TODO = 'dir handle cloning currently requires fchdir on non-Windows platforms';
- }
-
- my @w :shared; # warnings accumulator
- local $SIG{__WARN__} = sub { push @w, $_[0] };
-
- $dir = catdir getcwd(), "thrext$$" . int rand() * 100000;
-
- rmtree($dir) if -d $dir;
- mkdir($dir);
-
- # Create a dir structure like this:
- # $dir
- # |
- # `- toberead
- # |
- # +---- thrit
- # |
- # +---- rile
- # |
- # `---- zor
-
- chdir($dir);
- mkdir 'toberead';
- chdir 'toberead';
- {open my $fh, ">thrit" or &$skip("Cannot create file thrit")}
- {open my $fh, ">rile" or &$skip("Cannot create file rile")}
- {open my $fh, ">zor" or &$skip("Cannot create file zor")}
- chdir updir;
-
- # Then test that dir iterators are cloned correctly.
-
- opendir my $toberead, 'toberead';
- my $start_pos = telldir $toberead;
- my @first_2 = (scalar readdir $toberead, scalar readdir $toberead);
- my @from_thread = @{; async { [readdir $toberead ] } ->join };
- my @from_main = readdir $toberead;
- is join('-', sort @from_thread), join('-', sort @from_main),
- 'dir iterator is copied from one thread to another';
- like
- join('-', "", sort(@first_2, @from_thread), ""),
- qr/(?<!-rile)-rile-thrit-zor-(?!zor-)/i,
- 'cloned iterator iterates exactly once over everything not already seen';
-
- seekdir $toberead, $start_pos;
- readdir $toberead for 1 .. @first_2+@from_thread;
- {
- local $::TODO; # This always passes when dir handles are not cloned.
- is
- async { readdir $toberead // 'undef' } ->join, 'undef',
- 'cloned dir iterator that points to the end of the directory'
- ;
- }
-
- # Make sure the cloning code can handle file names longer than 255 chars
- SKIP: {
- chdir 'toberead';
- open my $fh,
- ">floccipaucinihilopilification-"
- . "pneumonoultramicroscopicsilicovolcanoconiosis-"
- . "lopadotemachoselachogaleokranioleipsanodrimypotrimmatosilphiokarabo"
- . "melitokatakechymenokichlepikossyphophattoperisteralektryonoptokephal"
- . "liokinklopeleiolagoiosiraiobaphetraganopterygon"
- or
- chdir updir,
- skip("OS does not support long file names (and I mean *long*)", 1);
- chdir updir;
- opendir my $dirh, "toberead";
- my $test_name
- = "dir iterators can be cloned when the next fn > 255 chars";
- while() {
- my $pos = telldir $dirh;
- my $fn = readdir($dirh);
- if(!defined $fn) { fail($test_name); last SKIP; }
- if($fn =~ 'lagoio') {
- seekdir $dirh, $pos;
- last;
- }
- }
- is length async { scalar readdir $dirh } ->join, 258, $test_name;
- }
-
- is scalar @w, 0, 'no warnings during all that' or diag @w;
- chdir updir;
-}
-rmtree($dir);
diff -up perl-5.26.3/win32/config.gc.cve1 perl-5.26.3/win32/config.gc
--- perl-5.26.3/win32/config.gc.cve1 2025-07-01 16:14:02.361650266 +0200
+++ perl-5.26.3/win32/config.gc 2025-07-01 17:15:40.143502836 +0200
@@ -196,6 +196,7 @@ d_fd_macros='define'
d_fd_set='define'
d_fdclose='undef'
d_fdim='undef'
+d_fdopendir='undef'
d_fds_bits='define'
d_fegetround='undef'
d_fgetpos='define'
diff -up perl-5.26.3/win32/config.vc.cve1 perl-5.26.3/win32/config.vc
--- perl-5.26.3/win32/config.vc.cve1 2025-07-01 16:14:02.362022654 +0200
+++ perl-5.26.3/win32/config.vc 2025-07-01 17:16:42.743767126 +0200
@@ -196,6 +196,7 @@ d_fd_macros='define'
d_fd_set='define'
d_fdclose='undef'
d_fdim='undef'
+d_fdopendir='undef'
d_fds_bits='define'
d_fegetround='undef'
d_fgetpos='define'

172
SPECS/perl.spec
View File

@ -1,4 +1,4 @@
%global perl_version 5.26.2
%global perl_version 5.26.3
%global perl_epoch 4
%global perl_arch_stem -thread-multi
%global perl_archname %{_arch}-%{_os}%{perl_arch_stem}
@ -81,7 +81,7 @@ License: GPL+ or Artistic
Epoch: %{perl_epoch}
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise
Release: 412%{?dist}
Release: 423%{?dist}
Summary: Practical Extraction and Report Language
Url: http://www.perl.org/
Source0: http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.bz2
@ -275,12 +275,58 @@ Patch84: perl-5.27.10-PATCH-perl-133074-5.26.1-some-coverity-fixes.patch
# in upstream after 5.27.11
Patch85: perl-5.26.2-PATCH-perl-133185-Infinite-loop-in-qr.patch
# Adjust tests to gdbm-1.15, RT#133295
Patch86: perl-5.29.0-Remove-ext-GDBM_File-t-fatal.t.patch
# Fix printing a warning about a wide character when matching a regular
# expression while ISO-8859-1 locale is in effect, in upstream after 5.29.0
Patch88: perl-5.29.0-regexec.c-Call-macro-with-correct-args.patch
# Fix invoking a check for wide characters while ISO-8859-1 locale is in effect,
# in upstream after 5.29.0
Patch89: perl-5.26.2-perl.h-Add-parens-around-macro-arguments.patch
# Pass the correct CFLAGS to dtrace
Patch90: perl-5.26.2-Pass-CFLAGS-to-dtrace.patch
# Fix Time-Local tests to pass after year 2019, bug #1807120, CPAN RT#124787,
# GH#17410, in Time-Local-1.26
Patch91: perl-5.28.2-Only-pass-2-digit-years-to-tests-when-testing-2-digi.patch
# Fix CVE-2020-12723, bug #1839279, GH#16947, fixed in upstream 5.28.3, ported from
# upstream 3f4ba871d2d397dcd4386ed75e05353c36135c29.
Patch92: perl-5.26.3-CVE-2020-12723.patch
# Fix CVE-2020-10543, bug #1839273, fixed in upstream 5.28.3
# Fix heap buffer overflow in Perl's regular expression compiler
Patch93: perl-5.26.3-CVE-2020-10543.patch
# Fix CVE-2020-10878, bug #1839276, fixed in upstream 5.28.3
# Fix integer overflows in the calculation of offsets between instructions
# for the regex engine
Patch94: perl-5.26.3-CVE-2020-10878.patch
# Fix bug #1973030, fixed in Net-Ping 2.68
# Fixed _resolv return value on failing DNS name lookup
Patch95: perl-5.26.3-Net-Ping-carp-not-croak-on-most-name-lookup-failures.patch
Patch96: perl-5.26.3-Net-Ping-Fix-_resolv-return-value.patch
# Fix a memory leak when compiling a regular expression with a non-word class,
# GH#17218, in upstream after 5.31.5
Patch97: perl-5.31.5-PATCH-gh-17218-memory-leak.patch
# Fix CVE-2025-40909 - Fixed in upstream since 5.42.0
Patch98: perl-5.42.0-CVE-2025-40909-Clone-dirhandles-without-fchdir.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
# Link XS modules to libperl.so with EU::MM on Linux, bug #960048
Patch201: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux.patch
# If optimizing -O is used, add the definition to .ph files, bug #2152012
Patch202: perl-5.36.0-Add-definition-of-OPTIMIZE-to-.ph-files.patch
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@ -324,7 +370,7 @@ BuildRequires: rsyslog
# compat macro needed for rebuild
%global perl_compat perl(:MODULE_COMPAT_5.26.2)
%global perl_compat perl(:MODULE_COMPAT_5.26.3)
Requires: %perl_compat
Requires: perl-interpreter%{?_isa} = %{perl_epoch}:%{perl_version}-%{release}
@ -342,11 +388,12 @@ Requires: perl-Compress-Raw-Bzip2,
Requires: perl-Carp, perl-Compress-Raw-Zlib, perl-Config-Perl-V,
Requires: perl-constant,
Requires: perl-CPAN, perl-CPAN-Meta, perl-CPAN-Meta-Requirements,
Requires: perl-CPAN-Meta-YAML, perl-Encode, perl-encoding
Requires: perl-CPAN-Meta-YAML
Requires: perl-Data-Dumper, perl-DB_File,
Requires: perl-Devel-Peek, perl-Devel-PPPort, perl-Devel-SelfStubber,
Requires: perl-Digest, perl-Digest-MD5,
Requires: perl-Digest-SHA,
Requires: perl-Encode, perl-Encode-devel, perl-encoding
Requires: perl-Env, perl-Errno, perl-Exporter, perl-experimental
Requires: perl-ExtUtils-CBuilder, perl-ExtUtils-Command,
Requires: perl-ExtUtils-Embed,
@ -475,6 +522,7 @@ Summary: The libraries for the perl run-time
License: (GPL+ or Artistic) and HSRL and MIT and UCD
# Compat provides
Provides: %perl_compat
Provides: perl(:MODULE_COMPAT_5.26.2)
Provides: perl(:MODULE_COMPAT_5.26.1)
Provides: perl(:MODULE_COMPAT_5.26.0)
# Interpreter version to fulfil required genersted from "require 5.006;"
@ -495,6 +543,8 @@ Provides: perl(unicore::Name)
Provides: perl(utf8_heavy.pl)
# utf8 and utf8_heavy.pl require Carp, re, strict, warnings, XSLoader
Requires: perl(Carp)
# Encode is loaded in BOOT section of PerlIO::encoding
Requires: perl(Encode)
Requires: perl(Exporter)
# Term::Cap is optional
Requires: perl(XSLoader)
@ -546,9 +596,7 @@ Requires: %perl_compat
%endif
%description macros
Macros for rpmbuild are needed during build of srpm in koji. This
sub-package must be installed into buildroot, so it will be needed
by perl. Perl is needed because of git.
RPM macros that are handy when building binary RPM packages.
%package tests
@ -992,7 +1040,7 @@ Requires: %perl_compat
Conflicts: perl < 4:5.22.0-351
%description Devel-Peek
Devel::Peek contains functions which allows raw Perl datatypes to be
Devel::Peek contains functions which allows raw Perl data types to be
manipulated from a Perl script. This is used by those who do XS programming to
check that the data they are sending from C to Perl looks as they think it
should look.
@ -1399,8 +1447,8 @@ writemain() takes an argument list of directories containing archive libraries
that relate to perl modules and should be linked into a new perl binary. It
writes a corresponding perlmain.c file that is a plain C file containing all
the bootstrap code to make the If the first argument to writemain() is a
reference to a scalar it is used as the filename to open for ouput. Any other
reference is used as the filehandle to write to. Otherwise output defaults to
reference to a scalar it is used as the file name to open for output. Any other
reference is used as the file handle to write to. Otherwise output defaults to
STDOUT.
%if %{dual_life} || %{rebuild_from_scratch}
@ -1958,7 +2006,8 @@ encoder/decoder. These encoding methods are specified in RFC 2045 - MIME
Summary: What modules are shipped with versions of perl
License: GPL+ or Artistic
Epoch: 1
Version: 5.20180414
# Real version 5.20181129_26
Version: 5.20181129
Requires: %perl_compat
Requires: perl(List::Util)
Requires: perl(version) >= 0.88
@ -1976,7 +2025,8 @@ are shipped with each version of perl.
Summary: Tool for listing modules shipped with perl
License: GPL+ or Artistic
Epoch: 1
Version: 5.20180414
# Real version 5.20181129_26
Version: 5.20181129
Requires: %perl_compat
Requires: perl(feature)
Requires: perl(version) >= 0.88
@ -2875,16 +2925,29 @@ Perl extension for Version Objects
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch86 -p1
%patch88 -p1
%patch89 -p1
%patch90 -p1
%patch91 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1
%patch97 -p1
%patch98 -p1
%patch200 -p1
%patch201 -p1
%patch202 -p1
%if !%{defined perl_bootstrap}
# Local patch tracking
perl -x patchlevel.h \
'Fedora Patch1: Removes date check, Fedora/RHEL specific' \
%ifarch %{multilib_64_archs} \
%ifarch %{multilib_64_archs}
'Fedora Patch3: support for libdir64' \
%endif \
%endif
'Fedora Patch4: use libresolv instead of libbind' \
'Fedora Patch5: USE_MM_LD_RUN_PATH' \
'Fedora Patch6: Provide MM::maybe_command independently (bug #1129443)' \
@ -2928,13 +2991,25 @@ perl -x patchlevel.h \
'Fedora Patch83: Fix parsing extended bracketed character classes (RT#132167)' \
'Fedora Patch84: Fix a possibly unitialized memory read in the Perl parser (RT#133074)' \
'Fedora Patch85: Fix an infinite loop in the regular expression compiler (RT#133185)' \
'Fedora Patch86: Adjust tests to gdbm-1.15 (RT#133295)' \
'Fedora Patch88: Fix printing a warning about a wide character when matching a regular expression while ISO-8859-1 locale is in effect' \
'Fedora Patch89: Fix invoking a check for wide characters while ISO-8859-1 locale is in effect' \
'Fedora Patch90: Pass the correct CFLAGS to dtrace' \
'RHEL Patch91: Fix Time-Local tests to pass after year 2019 (bug #1807120)' \
'RHEL Patch92: Fix CVE-2020-12723 (GH#16947)' \
'RHEL Patch93: Fix CVE-2020-10543' \
'RHEL Patch94: Fix CVE-2020-10878' \
'RHEL Patch95: Fix Net-Ping _resolv return value on failing DNS name lookup (bug #1973030)' \
'RHEL Patch97: Fix a memory leak when compiling a regular expression with a non-word class (GH#17218)' \
'RHEL Patch98: Fix CVE-2025-40909' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
'Fedora Patch202: Add definition of OPTIMIZE to .ph files (bug #2152012)' \
%{nil}
%endif
#copy the example script
cp -a %{SOURCE5} .
install -m 0644 %{SOURCE5} .
#copy Pod-Html license clarification
cp %{SOURCE6} .
@ -3122,8 +3197,8 @@ mkdir -p $RPM_BUILD_ROOT%{perl_vendorlib}
#
# perl RPM macros
#
mkdir -p ${RPM_BUILD_ROOT}%{_rpmconfigdir}/macros.d
install -p -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_rpmconfigdir}/macros.d/
mkdir -p ${RPM_BUILD_ROOT}%{_rpmmacrodir}
install -p -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_rpmmacrodir}
#
# Core modules removal
@ -3207,16 +3282,26 @@ sed \
%check
%if %{with test}
%{new_perl} -I/lib regen/lib_cleanup.pl
%{new_perl} -Ilib Porting/checkcfgvar.pl --regen --default=undef
%{new_perl} -Ilib regen/uconfig_h.pl
pushd t
%{new_perl} -I../lib porting/customized.t --regen
popd
%if %{parallel_tests}
JOBS=$(printf '%%s' "%{?_smp_mflags}" | sed 's/.*-j\([0-9][0-9]*\).*/\1/')
%ifarch s390 s390x
LC_ALL=C TEST_JOBS=$JOBS make test_harness DFLTCC=0
%else
LC_ALL=C TEST_JOBS=$JOBS make test_harness
%endif
%else
%ifarch s390 s390x
LC_ALL=C make test DFLTCC=0
%else
LC_ALL=C make test
%endif
%endif
%endif
%ldconfig_scriptlets libs
@ -4154,7 +4239,7 @@ popd
%endif
%files macros
%{_rpmconfigdir}/macros.d/macros.perl
%{_rpmmacrodir}/macros.perl
%files tests
%{perl5_testdir}/
@ -5215,6 +5300,55 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
* Wed Jul 02 2025 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-423
- Fix CVE-2025-40909 - Clone dirhandles without fchdir
- Fix test broken by update in zlib on s390x
* Wed Jan 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-422
- Add definition of OPTIMIZE to .ph files, if optimizing is used
(bug#2152012)
* Mon Oct 18 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-421
- Fix a memory leak when compiling a regular expression with a non-word
class (bug #2014981)
* Thu Jun 17 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-420
- Fix _resolv return value in Net-Ping (bug #1973030)
* Wed Jan 06 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-419
- Fix CVE-2020-10543 (bug #1839273)
- Fix CVE-2020-10878 (bug #1839276)
- Fix a file mode of a perl-example.stp example (bug #1913693)
* Fri Dec 18 2020 Petr Pisar <ppisar@redhat.com> - 4:5.26.3-418
- Fix CVE-2020-12723 (bug #1839279)
* Thu Dec 03 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-417
- Fix Time-Local tests to pass after year 2019 (bug #1807120)
- Run-require perl(Encode) by perl-libs (bug #1903503)
* Thu Dec 06 2018 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.3-416
- 5.26.3 bump (bug #1655526)
- Fix CVE-2018-18311 (integer overflow leading to buffer overflow) (bug #1654920)
- Fix CVE-2018-18312 (heap buffer overflow in regcomp.c) (bug #1654922)
- Fix CVE-2018-18313 (heap buffer overflow read in regcomp.c) (bug #1654924)
- Fix CVE-2018-18314 (heap based buffer overflow) (bug #1654925)
* Fri Nov 02 2018 Petr Pisar <ppisar@redhat.com> - 4:5.26.2-415
- Install Encode developmental files when installing complete Perl
(bug #1645225)
* Tue Oct 02 2018 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.2-414
- Fix annocheck failure by passing CFLAGS to dtrace (bug #1630617)
* Mon Jul 09 2018 Petr Pisar <ppisar@redhat.com> - 4:5.26.2-413
- Adjust tests to gdbm-1.15 (RT#133295)
- Fix an integer wrap when allocating memory for an environment variable
(RT#133204)
- Fix printing a warning about a wide character when matching a regular
expression while ISO-8859-1 locale is in effect
- Fix invoking a check for wide characters while ISO-8859-1 locale is in effect
* Fri May 25 2018 Petr Pisar <ppisar@redhat.com> - 4:5.26.2-412
- perl-devel requires redhat-rpm-config because of hardened compiler profiles
(bug #1557667)
@ -5272,7 +5406,7 @@ popd
- Fix error reporting on do() on a directory (RT#125774)
- Fix stack manipulation when a lexical subroutine is defined in a do block in
a member of an iteration list (RT#132442)
- Fix setting $! when statting a closed filehandle (RT#108288)
- Fix setting $! when statting a closed file handle (RT#108288)
- Fix tainting of s/// with overloaded replacement (RT#115266)
- Expand system() arguments before a fork (RT#121105)
- Avoid undefined behavior when copying memory in Glob and pp_caller (RT#131746)