Signed-off-by: Michail Frolov <frolovm@pobox.com>lilik-openwrt-22.03
@ -1,16 +0,0 @@ | |||||
perl: Work around recompile failures | |||||
Apparently, recompiling/relinking fails under some circumstances. This | |||||
patch has been reported to work around that issue. | |||||
--- a/Makefile.SH | |||||
+++ b/Makefile.SH | |||||
@@ -818,7 +818,7 @@ $(LIBPERL): $& $(obj) $(DYNALOADER) $(LI | |||||
true) | |||||
$spitshell >>$Makefile <<'!NO!SUBS!' | |||||
rm -f $@ | |||||
- $(LD) -o $@ $(SHRPLDFLAGS) $(obj) $(DYNALOADER) $(libs) | |||||
+ $(CC) -o $@ $(SHRPLDFLAGS) $(obj) $(DYNALOADER) $(libs) | |||||
!NO!SUBS! | |||||
case "$osname" in | |||||
aix) |
@ -0,0 +1,42 @@ | |||||
--- a/cpan/podlators/Makefile.PL | |||||
+++ b/cpan/podlators/Makefile.PL | |||||
@@ -18,6 +18,19 @@ use Config; | |||||
use ExtUtils::MakeMaker; | |||||
use File::Spec; | |||||
+foreach (glob('scripts/pod*.PL')) { | |||||
+ # The various pod*.PL extractors change directory. Doing that with relative | |||||
+ # paths in @INC breaks. It seems the lesser of two evils to copy (to avoid) | |||||
+ # the chdir doing anything, than to attempt to convert lib paths to | |||||
+ # absolute, and potentially run into problems with quoting special | |||||
+ # characters in the path to our build dir (such as spaces) | |||||
+ require File::Copy; | |||||
+ | |||||
+ my $temp = $_; | |||||
+ $temp =~ s!scripts/!!; | |||||
+ File::Copy::copy($_, $temp) or die "Can't copy $temp to $_: $!"; | |||||
+} | |||||
+ | |||||
# Generate full paths for scripts distributed in the bin directory. Appends | |||||
# the .com extension to scripts on VMS, unless they already have the .PL | |||||
# extension. | |||||
@@ -28,7 +41,7 @@ use File::Spec; | |||||
# (Scalar) Space-separated relative paths from top of distribution | |||||
sub scripts { | |||||
my (@scripts) = @_; | |||||
- my @paths = map { File::Spec->catfile('scripts', $_) } @scripts; | |||||
+ my @paths = @scripts; | |||||
if ($^O eq 'VMS') { | |||||
@paths = map { m{ [.] PL \z }xms ? $_ : $_ . '.com' } @paths; | |||||
} | |||||
@@ -77,8 +90,8 @@ my %metadata = ( | |||||
# Override the files that generate section 1 man pages. | |||||
MAN1PODS => { | |||||
- man1pod('scripts', 'pod2man.PL'), | |||||
- man1pod('scripts', 'pod2text.PL'), | |||||
+ man1pod('.', 'pod2man.PL'), | |||||
+ man1pod('.', 'pod2text.PL'), | |||||
# Perl core uses a separate copy in the top-level pod directory. | |||||
($ENV{PERL_CORE} ? () : man1pod('pod', 'perlpodstyle.pod')), |
@ -1,26 +0,0 @@ | |||||
--- a/t/op/tie_fetch_count.t | |||||
+++ b/t/op/tie_fetch_count.t | |||||
@@ -250,12 +250,17 @@ for ([chdir=>''],[chmod=>'0,'],[chown=>' | |||||
check_count "$op $args\\\$tied_glob$postargs"; | |||||
} | |||||
-$dummy = crypt $var,0; check_count 'crypt $tied, ...'; | |||||
-$dummy = crypt 0,$var; check_count 'crypt ..., $tied'; | |||||
-$var = substr(chr 256,0,0); | |||||
-$dummy = crypt $var,0; check_count 'crypt $tied_utf8, ...'; | |||||
-$var = substr(chr 256,0,0); | |||||
-$dummy = crypt 0,$var; check_count 'crypt ..., $tied_utf8'; | |||||
+SKIP: { | |||||
+ use Config; | |||||
+ skip "crypt() is unavailable", 4, unless defined $Config{'d_crypt'}; | |||||
+ | |||||
+ $dummy = crypt $var,0; check_count 'crypt $tied, ...'; | |||||
+ $dummy = crypt 0,$var; check_count 'crypt ..., $tied'; | |||||
+ $var = substr(chr 256,0,0); | |||||
+ $dummy = crypt $var,0; check_count 'crypt $tied_utf8, ...'; | |||||
+ $var = substr(chr 256,0,0); | |||||
+ $dummy = crypt 0,$var; check_count 'crypt ..., $tied_utf8'; | |||||
+} | |||||
SKIP: | |||||
{ |
@ -1,57 +0,0 @@ | |||||
From b6307f728a4f842a54ea96959e386c7daa92ece1 Mon Sep 17 00:00:00 2001 | |||||
From: Tony Cook <tony@develop-help.com> | |||||
Date: Tue, 15 Dec 2015 10:56:54 +1100 | |||||
Subject: [perl #126862] ensure File::Spec::canonpath() preserves taint | |||||
Previously the unix specific XS implementation of canonpath() would | |||||
return an untainted path when supplied a tainted path. | |||||
For the empty string case, newSVpvs() already sets taint as needed on | |||||
its result. | |||||
--- | |||||
dist/PathTools/Cwd.xs | 1 + | |||||
dist/PathTools/t/taint.t | 19 ++++++++++++++++++- | |||||
2 files changed, 19 insertions(+), 1 deletion(-) | |||||
--- a/dist/PathTools/Cwd.xs | |||||
+++ b/dist/PathTools/Cwd.xs | |||||
@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) | |||||
*o = 0; | |||||
SvPOK_on(retval); | |||||
SvCUR_set(retval, o - SvPVX(retval)); | |||||
+ SvTAINT(retval); | |||||
return retval; | |||||
} | |||||
--- a/dist/PathTools/t/taint.t | |||||
+++ b/dist/PathTools/t/taint.t | |||||
@@ -12,7 +12,7 @@ use Test::More; | |||||
BEGIN { | |||||
plan( | |||||
${^TAINT} | |||||
- ? (tests => 17) | |||||
+ ? (tests => 21) | |||||
: (skip_all => "A perl without taint support") | |||||
); | |||||
} | |||||
@@ -34,3 +34,20 @@ foreach my $func (@Functions) { | |||||
# Previous versions of Cwd tainted $^O | |||||
is !tainted($^O), 1, "\$^O should not be tainted"; | |||||
+ | |||||
+{ | |||||
+ # [perl #126862] canonpath() loses taint | |||||
+ my $tainted = substr($ENV{PATH}, 0, 0); | |||||
+ # yes, getcwd()'s result should be tainted, and is tested above | |||||
+ # but be sure | |||||
+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), | |||||
+ "canonpath() keeps taint on non-empty string"; | |||||
+ ok tainted(File::Spec->canonpath($tainted)), | |||||
+ "canonpath() keeps taint on empty string"; | |||||
+ | |||||
+ (Cwd::getcwd() =~ /^(.*)/); | |||||
+ my $untainted = $1; | |||||
+ ok !tainted($untainted), "make sure our untainted value is untainted"; | |||||
+ ok !tainted(File::Spec->canonpath($untainted)), | |||||
+ "canonpath() doesn't add taint to untainted string"; | |||||
+} |
@ -1,102 +0,0 @@ | |||||
From: Tony Cook <tony@develop-help.com> | |||||
Date: Wed, 27 Jan 2016 00:52:15 +0000 (+1100) | |||||
Subject: remove duplicate environment variables from environ | |||||
X-Git-Url: http://perl5.git.perl.org/perl.git/commitdiff_plain/ae37b791a73a9e78dedb89fb2429d2628cf58076 | |||||
remove duplicate environment variables from environ | |||||
If we see duplicate environment variables while iterating over | |||||
environ[]: | |||||
a) make sure we use the same value in %ENV that getenv() returns. | |||||
Previously on a duplicate, %ENV would have the last entry for the name | |||||
from environ[], but a typical getenv() would return the first entry. | |||||
Rather than assuming all getenv() implementations return the first entry | |||||
explicitly call getenv() to ensure they agree. | |||||
b) remove duplicate entries from environ | |||||
Previously if there was a duplicate definition for a name in environ[] | |||||
setting that name in %ENV could result in an unsafe value being passed | |||||
to a child process, so ensure environ[] has no duplicates. | |||||
CVE-2016-2381 | |||||
--- | |||||
--- a/perl.c | |||||
+++ b/perl.c | |||||
@@ -4298,23 +4298,70 @@ S_init_postdump_symbols(pTHX_ int argc, | |||||
} | |||||
if (env) { | |||||
char *s, *old_var; | |||||
+ STRLEN nlen; | |||||
SV *sv; | |||||
+ HV *dups = newHV(); | |||||
+ | |||||
for (; *env; env++) { | |||||
old_var = *env; | |||||
if (!(s = strchr(old_var,'=')) || s == old_var) | |||||
continue; | |||||
+ nlen = s - old_var; | |||||
#if defined(MSDOS) && !defined(DJGPP) | |||||
*s = '\0'; | |||||
(void)strupr(old_var); | |||||
*s = '='; | |||||
#endif | |||||
- sv = newSVpv(s+1, 0); | |||||
- (void)hv_store(hv, old_var, s - old_var, sv, 0); | |||||
+ if (hv_exists(hv, old_var, nlen)) { | |||||
+ const char *name = savepvn(old_var, nlen); | |||||
+ | |||||
+ /* make sure we use the same value as getenv(), otherwise code that | |||||
+ uses getenv() (like setlocale()) might see a different value to %ENV | |||||
+ */ | |||||
+ sv = newSVpv(PerlEnv_getenv(name), 0); | |||||
+ | |||||
+ /* keep a count of the dups of this name so we can de-dup environ later */ | |||||
+ if (hv_exists(dups, name, nlen)) | |||||
+ ++SvIVX(*hv_fetch(dups, name, nlen, 0)); | |||||
+ else | |||||
+ (void)hv_store(dups, name, nlen, newSViv(1), 0); | |||||
+ | |||||
+ Safefree(name); | |||||
+ } | |||||
+ else { | |||||
+ sv = newSVpv(s+1, 0); | |||||
+ } | |||||
+ (void)hv_store(hv, old_var, nlen, sv, 0); | |||||
if (env_is_not_environ) | |||||
mg_set(sv); | |||||
} | |||||
+ if (HvKEYS(dups)) { | |||||
+ /* environ has some duplicate definitions, remove them */ | |||||
+ HE *entry; | |||||
+ hv_iterinit(dups); | |||||
+ while ((entry = hv_iternext_flags(dups, 0))) { | |||||
+ STRLEN nlen; | |||||
+ const char *name = HePV(entry, nlen); | |||||
+ IV count = SvIV(HeVAL(entry)); | |||||
+ IV i; | |||||
+ SV **valp = hv_fetch(hv, name, nlen, 0); | |||||
+ | |||||
+ assert(valp); | |||||
+ | |||||
+ /* try to remove any duplicate names, depending on the | |||||
+ * implementation used in my_setenv() the iteration might | |||||
+ * not be necessary, but let's be safe. | |||||
+ */ | |||||
+ for (i = 0; i < count; ++i) | |||||
+ my_setenv(name, 0); | |||||
+ | |||||
+ /* and set it back to the value we set $ENV{name} to */ | |||||
+ my_setenv(name, SvPV_nolen(*valp)); | |||||
+ } | |||||
+ } | |||||
+ SvREFCNT_dec_NN(dups); | |||||
} | |||||
#endif /* USE_ENVIRON_ARRAY */ | |||||
#endif /* !PERL_MICRO */ |