diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8537539 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Storable-2.51.tar.gz diff --git a/.perl-Storable.metadata b/.perl-Storable.metadata new file mode 100644 index 0000000..8730896 --- /dev/null +++ b/.perl-Storable.metadata @@ -0,0 +1 @@ +3ccd6ac2b898aa589ac5c6dd73d6b600f5192a47 SOURCES/Storable-2.51.tar.gz diff --git a/SOURCES/Storable-2.51-Upgrade-to-2.53.patch b/SOURCES/Storable-2.51-Upgrade-to-2.53.patch new file mode 100644 index 0000000..f88f45f --- /dev/null +++ b/SOURCES/Storable-2.51-Upgrade-to-2.53.patch @@ -0,0 +1,307 @@ +From fd2e79041c553c1220c6eca796293873246c5682 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Wed, 6 May 2015 09:39:53 +0200 +Subject: [PATCH] Upgrade to 2.53 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + ChangeLog | 2 +- + MANIFEST | 3 +++ + Storable.pm | 6 +++--- + t/attach.t | 42 ++++++++++++++++++++++++++++++++++++ + t/attach_errors.t | 2 +- + t/canonical.t | 2 +- + t/code.t | 2 +- + t/leaks.t | 34 +++++++++++++++++++++++++++++ + t/tied_store.t | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + t/utf8.t | 6 ++++-- + 10 files changed, 154 insertions(+), 9 deletions(-) + create mode 100644 t/attach.t + create mode 100644 t/leaks.t + create mode 100644 t/tied_store.t + +diff --git a/ChangeLog b/ChangeLog +index 4df921e..cbfdbab 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -209,7 +209,7 @@ Fri Jun 7 23:55:41 BST 2002 Nicholas Clark + The bug was introduced as development perl change 16442 (on + 2002/05/07), so has been present since 2.00. + Patches to introduce more regression tests to reduce the chance of +- a reoccurence of this sort of goof are always welcome. ++ a reoccurrence of this sort of goof are always welcome. + + Thu May 30 20:31:08 BST 2002 Nicholas Clark + +diff --git a/MANIFEST b/MANIFEST +index 84b72f1..2f5b725 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -9,6 +9,7 @@ ppport.h + README + Storable.pm + Storable.xs ++t/attach.t + t/attach_errors.t + t/attach_singleton.t + t/blessed.t +@@ -33,6 +34,7 @@ t/HAS_OVERLOAD.pm + t/integer.t + t/interwork56.t + t/just_plain_nasty.t ++t/leaks.t + t/lock.t + t/make_56_interwork.pl + t/make_downgrade.pl +@@ -51,6 +53,7 @@ t/threads.t + t/tied.t + t/tied_hook.t + t/tied_items.t ++t/tied_store.t + t/utf8.t + t/utf8hash.t + t/weak.t +diff --git a/Storable.pm b/Storable.pm +index 839c1d1..9d8b621 100644 +--- a/Storable.pm ++++ b/Storable.pm +@@ -22,7 +22,7 @@ package Storable; @ISA = qw(Exporter); + + use vars qw($canonical $forgive_me $VERSION); + +-$VERSION = '2.51'; ++$VERSION = '2.53'; + + BEGIN { + if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) { +@@ -1088,8 +1088,8 @@ deal with them. + + The store functions will C if they run into such references + unless you set C<$Storable::forgive_me> to some C value. In that +-case, the fatal message is turned in a warning and some +-meaningless string is stored instead. ++case, the fatal message is converted to a warning and some meaningless ++string is stored instead. + + Setting C<$Storable::canonical> may not yield frozen strings that + compare equal due to possible stringification of numbers. When the +diff --git a/t/attach.t b/t/attach.t +new file mode 100644 +index 0000000..5ffdae5 +--- /dev/null ++++ b/t/attach.t +@@ -0,0 +1,42 @@ ++#!./perl -w ++# ++# This file tests that Storable correctly uses STORABLE_attach hooks ++ ++sub BEGIN { ++ unshift @INC, 't'; ++ unshift @INC, 't/compat' if $] < 5.006002; ++ require Config; import Config; ++ if ($ENV{PERL_CORE} and $Config{'extensions'} !~ /\bStorable\b/) { ++ print "1..0 # Skip: Storable was not built\n"; ++ exit 0; ++ } ++} ++ ++use Test::More tests => 3; ++use Storable (); ++ ++{ ++ my $destruct_cnt = 0; ++ my $obj = bless {data => 'ok'}, 'My::WithDestructor'; ++ my $target = Storable::thaw( Storable::freeze( $obj ) ); ++ is( $target->{data}, 'ok', 'We got correct object after freeze/thaw' ); ++ is( $destruct_cnt, 0, 'No tmp objects created by Storable' ); ++ undef $obj; ++ undef $target; ++ is( $destruct_cnt, 2, 'Only right objects destroyed at the end' ); ++ ++ package My::WithDestructor; ++ ++ sub STORABLE_freeze { ++ my ($self, $clone) = @_; ++ return $self->{data}; ++ } ++ ++ sub STORABLE_attach { ++ my ($class, $clone, $string) = @_; ++ return bless {data => $string}, 'My::WithDestructor'; ++ } ++ ++ sub DESTROY { $destruct_cnt++; } ++} ++ +diff --git a/t/attach_errors.t b/t/attach_errors.t +index c163ca0..6cebd97 100644 +--- a/t/attach_errors.t ++++ b/t/attach_errors.t +@@ -234,7 +234,7 @@ use Storable (); + isa_ok( $thawed->[1], 'My::GoodAttach::MultipleReferences' ); + + is($thawed->[0], $thawed->[1], 'References to the same object are attached properly'); +- is($thawed->[1]{id}, $obj->{id}, 'Object with multiple references attchached properly'); ++ is($thawed->[1]{id}, $obj->{id}, 'Object with multiple references attached properly'); + + package My::GoodAttach::MultipleReferences; + +diff --git a/t/canonical.t b/t/canonical.t +index 23e012f..35046de 100644 +--- a/t/canonical.t ++++ b/t/canonical.t +@@ -34,7 +34,7 @@ $maxarraysize = 100; + + eval { require Digest::MD5; }; + $gotmd5 = !$@; +-diag "Will use Digest::MD5" if $gotmd5; ++note "Will use Digest::MD5" if $gotmd5; + + # Use Data::Dumper if debugging and it is available to create an ASCII dump + +diff --git a/t/code.t b/t/code.t +index c383142..7fc40ba 100644 +--- a/t/code.t ++++ b/t/code.t +@@ -102,7 +102,7 @@ is($thawed->{"b"}->(), "JAPH"); + $freezed = freeze $obj[2]; + $thawed = thaw $freezed; + +-is($thawed->(), 42); ++is($thawed->(), (ord "A") == 193 ? -118 : 42); + + ###################################################################### + +diff --git a/t/leaks.t b/t/leaks.t +new file mode 100644 +index 0000000..06360d6 +--- /dev/null ++++ b/t/leaks.t +@@ -0,0 +1,34 @@ ++#!./perl ++ ++use Test::More; ++use Storable (); ++BEGIN { ++eval "use Test::LeakTrace"; ++plan 'skip_all' => 'Test::LeakTrace required for this tests' if $@; ++} ++plan 'tests' => 1; ++ ++{ ++ my $c = My::Simple->new; ++ my $d; ++ my $freezed = Storable::freeze($c); ++ no_leaks_ok ++ { ++ $d = Storable::thaw($freezed); ++ undef $d; ++ }; ++ ++ package My::Simple; ++ sub new { ++ my ($class, $arg) = @_; ++ bless {t=>$arg}, $class; ++ } ++ sub STORABLE_freeze { ++ return "abcderfgh"; ++ } ++ sub STORABLE_attach { ++ my ($class, $c, $serialized) = @_; ++ return $class->new($serialized); ++ } ++} ++ +diff --git a/t/tied_store.t b/t/tied_store.t +new file mode 100644 +index 0000000..c657f95 +--- /dev/null ++++ b/t/tied_store.t +@@ -0,0 +1,64 @@ ++#!./perl ++ ++sub BEGIN { ++ unshift @INC, 't'; ++ unshift @INC, 't/compat' if $] < 5.006002; ++ require Config; import Config; ++ if ($ENV{PERL_CORE} and $Config{'extensions'} !~ /\bStorable\b/) { ++ print "1..0 # Skip: Storable was not built\n"; ++ exit 0; ++ } ++} ++ ++use Storable (); ++use Test::More tests => 3; ++ ++our $f; ++ ++package TIED_HASH; ++ ++sub TIEHASH { bless({}, $_[0]) } ++ ++sub STORE { ++ $f = Storable::freeze(\$_[2]); ++ 1; ++} ++ ++package TIED_ARRAY; ++ ++sub TIEARRAY { bless({}, $_[0]) } ++ ++sub STORE { ++ $f = Storable::freeze(\$_[2]); ++ 1; ++} ++ ++package TIED_SCALAR; ++ ++sub TIESCALAR { bless({}, $_[0]) } ++ ++sub STORE { ++ $f = Storable::freeze(\$_[1]); ++ 1; ++} ++ ++package main; ++ ++my($s, @a, %h); ++tie $s, "TIED_SCALAR"; ++tie @a, "TIED_ARRAY"; ++tie %h, "TIED_HASH"; ++ ++$f = undef; ++$s = 111; ++is $f, Storable::freeze(\111); ++ ++$f = undef; ++$a[3] = 222; ++is $f, Storable::freeze(\222); ++ ++$f = undef; ++$h{foo} = 333; ++is $f, Storable::freeze(\333); ++ ++1; +diff --git a/t/utf8.t b/t/utf8.t +index fd20ef6..a8dd6cd 100644 +--- a/t/utf8.t ++++ b/t/utf8.t +@@ -32,8 +32,10 @@ is($x, ${thaw freeze \$x}); + $x = join '', map {chr $_} (0..1023); + is($x, ${thaw freeze \$x}); + +-# Char in the range 127-255 (probably) in utf8 +-$x = chr (175) . chr (256); ++# Char in the range 127-255 (probably) in utf8. This just won't work for ++# EBCDIC for early Perls. ++$x = ($] lt 5.007_003) ? chr(175) : chr(utf8::unicode_to_native(175)) ++ . chr (256); + chop $x; + is($x, ${thaw freeze \$x}); + +-- +2.1.0 + diff --git a/SOURCES/Storable-2.53-Upgrade-to-2.56.patch b/SOURCES/Storable-2.53-Upgrade-to-2.56.patch new file mode 100644 index 0000000..5ab0425 --- /dev/null +++ b/SOURCES/Storable-2.53-Upgrade-to-2.56.patch @@ -0,0 +1,99 @@ +diff --git a/Storable.pm b/Storable.pm +index 9d8b621..c8f6db1 100644 +--- a/Storable.pm ++++ b/Storable.pm +@@ -22,7 +22,7 @@ package Storable; @ISA = qw(Exporter); + + use vars qw($canonical $forgive_me $VERSION); + +-$VERSION = '2.53'; ++$VERSION = '2.56'; + + BEGIN { + if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) { +@@ -979,43 +979,43 @@ such. + + Here are some code samples showing a possible usage of Storable: + +- use Storable qw(store retrieve freeze thaw dclone); ++ use Storable qw(store retrieve freeze thaw dclone); + +- %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1); ++ %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1); + +- store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n"; ++ store(\%color, 'mycolors') or die "Can't store %a in mycolors!\n"; + +- $colref = retrieve('mycolors'); +- die "Unable to retrieve from mycolors!\n" unless defined $colref; +- printf "Blue is still %lf\n", $colref->{'Blue'}; ++ $colref = retrieve('mycolors'); ++ die "Unable to retrieve from mycolors!\n" unless defined $colref; ++ printf "Blue is still %lf\n", $colref->{'Blue'}; + +- $colref2 = dclone(\%color); ++ $colref2 = dclone(\%color); + +- $str = freeze(\%color); +- printf "Serialization of %%color is %d bytes long.\n", length($str); +- $colref3 = thaw($str); ++ $str = freeze(\%color); ++ printf "Serialization of %%color is %d bytes long.\n", length($str); ++ $colref3 = thaw($str); + + which prints (on my machine): + +- Blue is still 0.100000 +- Serialization of %color is 102 bytes long. ++ Blue is still 0.100000 ++ Serialization of %color is 102 bytes long. + + Serialization of CODE references and deserialization in a safe + compartment: + + =for example begin + +- use Storable qw(freeze thaw); +- use Safe; +- use strict; +- my $safe = new Safe; ++ use Storable qw(freeze thaw); ++ use Safe; ++ use strict; ++ my $safe = new Safe; + # because of opcodes used in "use strict": +- $safe->permit(qw(:default require)); +- local $Storable::Deparse = 1; +- local $Storable::Eval = sub { $safe->reval($_[0]) }; +- my $serialized = freeze(sub { 42 }); +- my $code = thaw($serialized); +- $code->() == 42; ++ $safe->permit(qw(:default require)); ++ local $Storable::Deparse = 1; ++ local $Storable::Eval = sub { $safe->reval($_[0]) }; ++ my $serialized = freeze(sub { 42 }); ++ my $code = thaw($serialized); ++ $code->() == 42; + + =for example end + +diff --git a/Storable.xs b/Storable.xs +index e7d0329..83cd001 100644 +--- a/Storable.xs ++++ b/Storable.xs +@@ -1667,6 +1667,7 @@ static void free_context(pTHX_ stcxt_t *cxt) + + ASSERT(!cxt->s_dirty, ("clean context")); + ASSERT(prev, ("not freeing root context")); ++ assert(prev); + + SvREFCNT_dec(cxt->my_sv); + SET_STCXT(prev); +@@ -6677,6 +6678,7 @@ SV * obj + ALIAS: + net_mstore = 1 + CODE: ++ RETVAL = &PL_sv_undef; + if (!do_store(aTHX_ (PerlIO*) 0, obj, 0, ix, &RETVAL)) + RETVAL = &PL_sv_undef; + OUTPUT: diff --git a/SOURCES/Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch b/SOURCES/Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch new file mode 100644 index 0000000..d51fb3e --- /dev/null +++ b/SOURCES/Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch @@ -0,0 +1,18 @@ +diff -up Storable/Storable.pm.cve Storable/Storable.pm +--- Storable/Storable.pm.cve 2016-03-19 19:50:47.000000000 +0100 ++++ Storable/Storable.pm 2016-08-03 12:48:36.415082280 +0200 +@@ -25,7 +25,13 @@ use vars qw($canonical $forgive_me $VERS + $VERSION = '2.56'; + + BEGIN { +- if (eval { local $SIG{__DIE__}; require Log::Agent; 1 }) { ++ if (eval { ++ local $SIG{__DIE__}; ++ local @INC = @INC; ++ pop @INC if $INC[-1] eq '.'; ++ require Log::Agent; ++ 1; ++ }) { + Log::Agent->import; + } + # diff --git a/SOURCES/Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch b/SOURCES/Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch new file mode 100644 index 0000000..eff2340 --- /dev/null +++ b/SOURCES/Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch @@ -0,0 +1,103 @@ +From c34e1dd29983e5d36d367462b9b4b4b8fcd5a0f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 6 Feb 2017 15:13:41 +0100 +Subject: [PATCH] Fix stack buffer overflow in deserialization of hooks. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported from perl: + +commit 3e998ddfb597cfae7bdb460b22e6c50440b1de92 +Author: John Lightsey +Date: Tue Jan 24 10:30:18 2017 -0600 + + Fix stack buffer overflow in deserialization of hooks. + + The use of signed lengths resulted in a stack overflow in retrieve_hook() + when a negative length was provided in the storable data. + + The retrieve_blessed() codepath had a similar problem with the placement + of the trailing null byte when negative lengths were provided. + +Signed-off-by: Petr Písař +--- + Storable.xs | 11 +++++++++-- + t/store.t | 12 +++++++++++- + 2 files changed, 20 insertions(+), 3 deletions(-) + +diff --git a/Storable.xs b/Storable.xs +index bc15d1d..3cce3ed 100644 +--- a/Storable.xs ++++ b/Storable.xs +@@ -4016,7 +4016,7 @@ static SV *retrieve_idx_blessed(pTHX_ stcxt_t *cxt, const char *cname) + */ + static SV *retrieve_blessed(pTHX_ stcxt_t *cxt, const char *cname) + { +- I32 len; ++ U32 len; + SV *sv; + char buf[LG_BLESS + 1]; /* Avoid malloc() if possible */ + char *classname = buf; +@@ -4037,6 +4037,9 @@ static SV *retrieve_blessed(pTHX_ stcxt_t *cxt, const char *cname) + if (len & 0x80) { + RLEN(len); + TRACEME(("** allocating %d bytes for class name", len+1)); ++ if (len > I32_MAX) { ++ CROAK(("Corrupted classname length")); ++ } + New(10003, classname, len+1, char); + malloced_classname = classname; + } +@@ -4087,7 +4090,7 @@ static SV *retrieve_blessed(pTHX_ stcxt_t *cxt, const char *cname) + */ + static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname) + { +- I32 len; ++ U32 len; + char buf[LG_BLESS + 1]; /* Avoid malloc() if possible */ + char *classname = buf; + unsigned int flags; +@@ -4221,6 +4224,10 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname) + else + GETMARK(len); + ++ if (len > I32_MAX) { ++ CROAK(("Corrupted classname length")); ++ } ++ + if (len > LG_BLESS) { + TRACEME(("** allocating %d bytes for class name", len+1)); + New(10003, classname, len+1, char); +diff --git a/t/store.t b/t/store.t +index be43299..1cbf021 100644 +--- a/t/store.t ++++ b/t/store.t +@@ -19,7 +19,7 @@ sub BEGIN { + + use Storable qw(store retrieve store_fd nstore_fd fd_retrieve); + +-use Test::More tests => 21; ++use Test::More tests => 22; + + $a = 'toto'; + $b = \$a; +@@ -87,5 +87,15 @@ is(&dump($r), &dump(\%a)); + eval { $r = fd_retrieve(::OUT); }; + isnt($@, ''); + ++{ ++ ++ my $frozen = ++ "\x70\x73\x74\x30\x04\x0a\x08\x31\x32\x33\x34\x35\x36\x37\x38\x04\x08\x08\x08\x03\xff\x00\x00\x00\x19\x08\xff\x00\x00\x00\x08\x08\xf9\x16\x16\x13\x16\x10\x10\x10\xff\x15\x16\x16\x16\x1e\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x13\xf0\x16\x16\x16\xfe\x16\x41\x41\x41\x41\xe8\x03\x41\x41\x41\x41\x41\x41\x41\x41\x51\x41\xa9\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xb8\xac\xac\xac\xac\xac\xac\xac\xac\x9a\xac\xac\xac\xac\xac\xac\xac\xac\xac\x93\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\x00\x64\xac\xa8\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\xac\x2c\xac\x41\x41\x41\x41\x41\x41\x41\x41\x41\x00\x80\x41\x80\x41\x41\x41\x41\x41\x41\x51\x41\xac\xac\xac"; ++ open my $fh, '<', \$frozen; ++ eval { Storable::fd_retrieve($fh); }; ++ pass('RT 130635: no stack smashing error when retrieving hook'); ++ ++} ++ + close OUT or die "Could not close: $!"; + END { 1 while unlink 'store' } +-- +2.7.4 + diff --git a/SOURCES/Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch b/SOURCES/Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch new file mode 100644 index 0000000..bcd9c65 --- /dev/null +++ b/SOURCES/Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch @@ -0,0 +1,81 @@ +From 979ae704ddc9e6f19d8dbf7a83bea155065ef3cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 6 Feb 2017 15:26:09 +0100 +Subject: [PATCH] prevent leak of class name from retrieve_hook() on an + exception +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported from perl: + +commit da1ec2b1b9abdfd956d9c539abf39d908d046304 +Author: Tony Cook +Date: Mon Feb 6 11:38:10 2017 +1100 + + prevent leak of class name from retrieve_hook() on an exception + + If supplied with a large class name, retrieve_hook() allocates + buffer for the class name and Safefree()s it on exit path. + + Unfortunately this memory leaks if load_module() (or a couple of other + code paths) throw an exception. + + So use SAVEFREEPV() to release the memory instead. + + ==20183== 193 bytes in 1 blocks are definitely lost in loss record 4 of 6 + ==20183== at 0x4C28C20: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==20183== by 0x55F85D: Perl_safesysmalloc (util.c:153) + ==20183== by 0x6ACA046: retrieve_hook (Storable.xs:4265) + ==20183== by 0x6AD6D19: retrieve (Storable.xs:6217) + ==20183== by 0x6AD8144: do_retrieve (Storable.xs:6401) + ==20183== by 0x6AD85B7: pretrieve (Storable.xs:6506) + ==20183== by 0x6AD8E14: XS_Storable_pretrieve (Storable.xs:6718) + ==20183== by 0x5C176D: Perl_pp_entersub (pp_hot.c:4227) + ==20183== by 0x55E1C6: Perl_runops_debug (dump.c:2450) + ==20183== by 0x461B79: S_run_body (perl.c:2528) + ==20183== by 0x46115C: perl_run (perl.c:2451) + ==20183== by 0x41F1CD: main (perlmain.c:123) + +Signed-off-by: Petr Písař +--- + Storable.xs | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/Storable.xs b/Storable.xs +index 3cce3ed..75ce3df 100644 +--- a/Storable.xs ++++ b/Storable.xs +@@ -4249,6 +4249,11 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname) + + TRACEME(("class name: %s", classname)); + ++ if (!(flags & SHF_IDX_CLASSNAME) && classname != buf) { ++ /* some execution paths can throw an exception */ ++ SAVEFREEPV(classname); ++ } ++ + /* + * Decode user-frozen string length and read it in an SV. + * +@@ -4367,8 +4372,6 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname) + SEEN0(sv, 0); + SvRV_set(attached, NULL); + SvREFCNT_dec(attached); +- if (!(flags & SHF_IDX_CLASSNAME) && classname != buf) +- Safefree(classname); + return sv; + } + CROAK(("STORABLE_attach did not return a %s object", classname)); +@@ -4449,8 +4452,6 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname) + SvREFCNT_dec(frozen); + av_undef(av); + sv_free((SV *) av); +- if (!(flags & SHF_IDX_CLASSNAME) && classname != buf) +- Safefree(classname); + + /* + * If we had an type, then the object was not as simple, and +-- +2.7.4 + diff --git a/SOURCES/perl-5.25.7-Fix-Storable-segfaults.patch b/SOURCES/perl-5.25.7-Fix-Storable-segfaults.patch new file mode 100644 index 0000000..8934a13 --- /dev/null +++ b/SOURCES/perl-5.25.7-Fix-Storable-segfaults.patch @@ -0,0 +1,61 @@ +From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001 +From: John Lightsey +Date: Mon, 14 Nov 2016 11:56:15 +0100 +Subject: [PATCH] Fix Storable segfaults. + +Fix a null pointed dereference segfault in storable when the +retrieve_code logic was unable to read the string that contained +the code. + +Also fix several locations where retrieve_other was called with a +null context pointer. This also resulted in a null pointer +dereference. +--- + dist/Storable/Storable.xs | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs +index 053951c..caa489c 100644 +--- a/dist/Storable/Storable.xs ++++ b/dist/Storable/Storable.xs +@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char *cname) + CROAK(("Unexpected type %d in retrieve_code\n", type)); + } + ++ if (!text) { ++ CROAK(("Unable to retrieve code\n")); ++ } ++ + /* + * prepend "sub " to the source + */ +@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const char *cname) + continue; /* av_extend() already filled us with undef */ + } + if (c != SX_ITEM) +- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */ ++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */ + TRACEME(("(#%d) item", i)); + sv = retrieve(aTHX_ cxt, 0); /* Retrieve item */ + if (!sv) +@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname) + if (!sv) + return (SV *) 0; + } else +- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */ ++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */ + + /* + * Get key. +@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname) + + GETMARK(c); + if (c != SX_KEY) +- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */ ++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */ + RLEN(size); /* Get key size */ + KBUFCHK((STRLEN)size); /* Grow hash key read pool if needed */ + if (size) +-- +2.10.2 + diff --git a/SPECS/perl-Storable.spec b/SPECS/perl-Storable.spec new file mode 100644 index 0000000..643d56a --- /dev/null +++ b/SPECS/perl-Storable.spec @@ -0,0 +1,178 @@ +%global base_version 2.51 + +Name: perl-Storable +Epoch: 1 +Version: 2.56 +Release: 369%{?dist} +Summary: Persistence for Perl data structures +License: GPL+ or Artistic +Group: Development/Libraries +URL: http://search.cpan.org/dist/Storable/ +Source0: http://www.cpan.org/authors/id/A/AM/AMS/Storable-%{base_version}.tar.gz +# Unbundled from perl 5.21.11 +Patch0: Storable-2.51-Upgrade-to-2.53.patch +# Unbundled from perl 5.24.0 +Patch1: Storable-2.53-Upgrade-to-2.56.patch +# Avoid loading optional modules from default . (CVE-2016-1238) +Patch2: Storable-2.56-CVE-2016-1238-avoid-loading-optional-modules-from.patch +# Fix crash in Storable when deserializing malformed code reference, RT#68348, +# RT130098 +Patch3: perl-5.25.7-Fix-Storable-segfaults.patch +# Fix a stack buffer overflow in deserialization of hooks, RT#130635, +# fixed in perl after 5.25.9 +Patch4: Storable-2.56-Fix-stack-buffer-overflow-in-deserialization-of-hook.patch +# Fix a memory leak of a class name from retrieve_hook() on an exception, +# RT#130635, fixed in perl after 5.25.9 +Patch5: Storable-2.56-prevent-leak-of-class-name-from-retrieve_hook-on-an-.patch +BuildRequires: coreutils +BuildRequires: gcc +BuildRequires: make +BuildRequires: perl +BuildRequires: perl-devel +BuildRequires: perl-generators +BuildRequires: perl(Config) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: sed +# Run-time: +# Carp substitutes missing Log::Agent +BuildRequires: perl(Carp) +BuildRequires: perl(Exporter) +# Fcntl is optional, but locking is good +BuildRequires: perl(Fcntl) +BuildRequires: perl(IO::File) +# Log::Agent is optional +BuildRequires: perl(vars) +BuildRequires: perl(XSLoader) +# Tests: +BuildRequires: perl(bytes) +BuildRequires: perl(integer) +BuildRequires: perl(overload) +BuildRequires: perl(utf8) +BuildRequires: perl(Test::More) +BuildRequires: perl(threads) +BuildRequires: perl(Safe) +BuildRequires: perl(Scalar::Util) +BuildRequires: perl(strict) +BuildRequires: perl(warnings) +# Optional tests: +# Data::Dump not used +# Data::Dumper not used +BuildRequires: perl(B::Deparse) >= 0.61 +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(File::Spec) >= 0.8 +BuildRequires: perl(Hash::Util) +BuildRequires: perl(Tie::Hash) +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) +# Carp substitutes missing Log::Agent +Requires: perl(Carp) +Requires: perl(Config) +# Fcntl is optional, but locking is good +Requires: perl(Fcntl) +Requires: perl(IO::File) + +%{?perl_default_filter} + +%description +The Storable package brings persistence to your Perl data structures +containing scalar, array, hash or reference objects, i.e. anything that +can be conveniently stored to disk and retrieved at a later time. + +%prep +%setup -q -n Storable-%{base_version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p3 +%patch4 -p1 +%patch5 -p1 +# Remove bundled modules +rm -rf t/compat +sed -i -e '/^t\/compat\//d' MANIFEST + +%build +# Be ware hints/linux.pl removes "-ON" from CFLAGS if N > 2 because it can +# break the code. +perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="$RPM_OPT_FLAGS" +make %{?_smp_mflags} + +%install +make pure_install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -type f -name .packlist -delete +find $RPM_BUILD_ROOT -type f -name '*.bs' -size 0 -delete +%{_fixperms} $RPM_BUILD_ROOT/* + +%check +make test + +%files +%doc ChangeLog README +%{perl_vendorarch}/auto/* +%{perl_vendorarch}/Storable* +%{_mandir}/man3/* + +%changelog +* Fri Mar 29 2019 Jitka Plesnikova - 1:2.56-369 +- Rebuild with enable hardening (bug #1636329) + +* Mon Feb 06 2017 Petr Pisar - 1:2.56-368 +- Fix a stack buffer overflow in deserialization of hooks (RT#130635) +- Fix a memory leak of a class name from retrieve_hook() on an exception + (RT#130635) + +* Tue Dec 20 2016 Petr Pisar - 1:2.56-367 +- Fix crash in Storable when deserializing malformed code reference + (RT#68348, RT#130098) + +* Wed Aug 03 2016 Jitka Plesnikova - 1:2.56-366 +- Avoid loading optional modules from default . (CVE-2016-1238) + +* Sat May 14 2016 Jitka Plesnikova - 1:2.56-365 +- Increase release to favour standalone package + +* Wed May 11 2016 Jitka Plesnikova - 2.56-1 +- 2.56 bump in order to dual-live with perl 5.24 + +* Thu Feb 04 2016 Fedora Release Engineering - 1:2.53-347 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 1:2.53-346 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 04 2015 Jitka Plesnikova - 1:2.53-345 +- Increase release to favour standalone package + +* Wed Jun 03 2015 Jitka Plesnikova - 1:2.53-2 +- Perl 5.22 rebuild + +* Wed May 06 2015 Petr Pisar - 1:2.53-1 +- 2.53 bump in order to dual-live with perl 5.22 + +* Wed Sep 03 2014 Jitka Plesnikova - 1:2.51-4 +- Increase Epoch to favour standalone package + +* Tue Aug 26 2014 Jitka Plesnikova - 2.51-3 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 2.51-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jul 07 2014 Petr Pisar - 2.51-1 +- 2.51 bump + +* Sat Jun 07 2014 Fedora Release Engineering - 2.45-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering - 2.45-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Petr Pisar - 2.45-1 +- 2.45 bump + +* Fri Jul 12 2013 Petr Pisar - 2.39-3 +- Link minimal build-root packages against libperl.so explicitly + +* Tue Jun 11 2013 Petr Pisar - 2.39-2 +- Do not export private libraries + +* Fri May 24 2013 Petr Pisar 2.39-1 +- Specfile autogenerated by cpanspec 1.78.