rpms/perl/F-13 perl-update-Safe.patch,NONE,1.1 perl.spec,1.259,1.260
Marcela Mašláňová
mmaslano at fedoraproject.org
Wed Jul 21 15:13:54 UTC 2010
- Previous message: rpms/control-center/devel control-center.spec, 1.537, 1.538 0001-Convert-from-libunique-to-GtkApplication-to-remove-t.patch, 1.1, NONE 0001-Use-gnome-desktop-3.0-not-2.0.patch, 1.1, NONE 0001-Use-gtk-3.0.patch, 1.1, NONE 0001-You-can-t-mix-GTK2-and-GTK3-so-depend-on-gtk-3.0-ver.patch, 1.1, NONE seal.patch, 1.5, NONE
- Next message: rpms/control-center/devel control-center.spec,1.538,1.539
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmaslano
Update of /cvs/pkgs/rpms/perl/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv28094
Modified Files:
perl.spec
Added Files:
perl-update-Safe.patch
Log Message:
- CVE-2010-1168 perl Safe: Intended restriction bypass via object references
- CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in
compartment is called from outside
- Resolves: rhbz#588269, rhbz#576508
perl-update-Safe.patch:
Safe.pm | 310 ++++++++++++++++++++++++++++++++++++++++--------------
t/safe1.t | 4
t/safe2.t | 4
t/safe3.t | 4
t/safeload.t | 4
t/safeops.t | 10 -
t/safesort.t | 56 +++++++++
t/safeuniversal.t | 13 --
t/safeutf8.t | 46 ++++++++
t/safewrap.t | 39 ++++++
10 files changed, 383 insertions(+), 107 deletions(-)
--- NEW FILE perl-update-Safe.patch ---
diff -up perl-5.10.1/ext/Safe/Safe.pm.sec perl-5.10.1/ext/Safe/Safe.pm
--- perl-5.10.1/ext/Safe/Safe.pm.sec 2009-08-22 20:39:32.000000000 +0200
+++ perl-5.10.1/ext/Safe/Safe.pm 2010-04-29 22:35:30.000000000 +0200
@@ -2,8 +2,9 @@ package Safe;
use 5.003_11;
use strict;
+use Scalar::Util qw(reftype);
-$Safe::VERSION = "2.18";
+$Safe::VERSION = "2.27";
# *** Don't declare any lexicals above this point ***
#
@@ -11,18 +12,18 @@ $Safe::VERSION = "2.18";
# see any lexicals in scope (apart from __ExPr__ which is unavoidable)
sub lexless_anon_sub {
- # $_[0] is package;
- # $_[1] is strict flag;
+ # $_[0] is package;
+ # $_[1] is strict flag;
my $__ExPr__ = $_[2]; # must be a lexical to create the closure that
- # can be used to pass the value into the safe
- # world
+ # can be used to pass the value into the safe
+ # world
# Create anon sub ref in root of compartment.
# Uses a closure (on $__ExPr__) to pass in the code to be executed.
# (eval on one line to keep line numbers as expected by caller)
eval sprintf
'package %s; %s strict; sub { @_=(); eval q[my $__ExPr__;] . $__ExPr__; }',
- $_[0], $_[1] ? 'use' : 'no';
+ $_[0], $_[1] ? 'use' : 'no';
}
use Carp;
@@ -30,6 +31,18 @@ BEGIN { eval q{
use Carp::Heavy;
} }
+use B ();
+BEGIN {
+ no strict 'refs';
+ if (defined &B::sub_generation) {
+ *sub_generation = \&B::sub_generation;
+ }
+ else {
+ # fake sub generation changing for perls < 5.8.9
+ my $sg; *sub_generation = sub { ++$sg };
+ }
+}
+
use Opcode 1.01, qw(
opset opset_to_ops opmask_add
empty_opset full_opset invert_opset verify_opset
@@ -38,6 +51,23 @@ use Opcode 1.01, qw(
*ops_to_opset = \&opset; # Temporary alias for old Penguins
+# Regular expressions and other unicode-aware code may need to call
+# utf8->SWASHNEW (via perl's utf8.c). That will fail unless we share the
+# SWASHNEW method.
+# Sadly we can't just add utf8::SWASHNEW to $default_share because perl's
+# utf8.c code does a fetchmethod on SWASHNEW to check if utf8.pm is loaded,
+# and sharing makes it look like the method exists.
+# The simplest and most robust fix is to ensure the utf8 module is loaded when
+# Safe is loaded. Then we can add utf8::SWASHNEW to $default_share.
+require utf8;
+# we must ensure that utf8_heavy.pl, where SWASHNEW is defined, is loaded
+# but without depending on knowledge of that implementation detail.
+# This code (//i on a unicode string) ensures utf8 is fully loaded
+# and also loads the ToFold SWASH.
+# (Swashes are cached internally by perl in PL_utf8_* variables
+# independent of being inside/outside of Safe. So once loaded they can be)
+do { my $a = pack('U',0xC4); my $b = chr 0xE4; utf8::upgrade $b; $a =~ /$b/i };
+# now we can safely include utf8::SWASHNEW in $default_share defined below.
my $default_root = 0;
# share *_ and functions defined in universal.c
@@ -57,10 +87,15 @@ my $default_share = [qw[
&utf8::downgrade
&utf8::native_to_unicode
&utf8::unicode_to_native
+ &utf8::SWASHNEW
$version::VERSION
$version::CLASS
+ $version::STRICT
+ $version::LAX
@version::ISA
-], ($] >= 5.008001 && qw[
+], ($] < 5.010 && qw[
+ &utf8::SWASHGET
+]), ($] >= 5.008001 && qw[
&Regexp::DESTROY
]), ($] >= 5.010 && qw[
&re::is_regexp
@@ -93,6 +128,12 @@ my $default_share = [qw[
&version::noop
&version::is_alpha
&version::qv
+ &version::vxs::declare
+ &version::vxs::qv
+ &version::vxs::_VERSION
+ &version::vxs::stringify
+ &version::vxs::new
+ &version::vxs::parse
]), ($] >= 5.011 && qw[
&re::regexp_pattern
])];
@@ -103,14 +144,14 @@ sub new {
bless $obj, $class;
if (defined($root)) {
- croak "Can't use \"$root\" as root name"
- if $root =~ /^main\b/ or $root !~ /^\w[:\w]*$/;
- $obj->{Root} = $root;
- $obj->{Erase} = 0;
+ croak "Can't use \"$root\" as root name"
+ if $root =~ /^main\b/ or $root !~ /^\w[:\w]*$/;
+ $obj->{Root} = $root;
+ $obj->{Erase} = 0;
}
else {
- $obj->{Root} = "Safe::Root".$default_root++;
- $obj->{Erase} = 1;
+ $obj->{Root} = "Safe::Root".$default_root++;
+ $obj->{Erase} = 1;
}
# use permit/deny methods instead till interface issues resolved
@@ -125,7 +166,9 @@ sub new {
# the whole glob *_ rather than $_ and @_ separately, otherwise
# @_ in non default packages within the compartment don't work.
$obj->share_from('main', $default_share);
+
Opcode::_safe_pkg_prep($obj->{Root}) if($Opcode::VERSION > 1.04);
+
return $obj;
}
@@ -140,7 +183,7 @@ sub erase {
my ($stem, $leaf);
no strict 'refs';
- $pkg = "main::$pkg\::"; # expand to full symbol table name
+ $pkg = "main::$pkg\::"; # expand to full symbol table name
($stem, $leaf) = $pkg =~ m/(.*::)(\w+::)$/;
# The 'my $foo' is needed! Without it you get an
@@ -149,7 +192,7 @@ sub erase {
#warn "erase($pkg) stem=$stem, leaf=$leaf";
#warn " stem_symtab hash ".scalar(%$stem_symtab)."\n";
- # ", join(', ', %$stem_symtab),"\n";
+ # ", join(', ', %$stem_symtab),"\n";
# delete $stem_symtab->{$leaf};
@@ -220,12 +263,12 @@ sub dump_mask {
}
-
sub share {
my($obj, @vars) = @_;
$obj->share_from(scalar(caller), \@vars);
}
+
sub share_from {
my $obj = shift;
my $pkg = shift;
@@ -236,26 +279,27 @@ sub share_from {
no strict 'refs';
# Check that 'from' package actually exists
croak("Package \"$pkg\" does not exist")
- unless keys %{"$pkg\::"};
+ unless keys %{"$pkg\::"};
my $arg;
foreach $arg (@$vars) {
- # catch some $safe->share($var) errors:
- my ($var, $type);
- $type = $1 if ($var = $arg) =~ s/^(\W)//;
- # warn "share_from $pkg $type $var";
- for (1..2) { # assign twice to avoid any 'used once' warnings
- *{$root."::$var"} = (!$type) ? \&{$pkg."::$var"}
- : ($type eq '&') ? \&{$pkg."::$var"}
- : ($type eq '$') ? \${$pkg."::$var"}
- : ($type eq '@') ? \@{$pkg."::$var"}
- : ($type eq '%') ? \%{$pkg."::$var"}
- : ($type eq '*') ? *{$pkg."::$var"}
- : croak(qq(Can't share "$type$var" of unknown type));
- }
+ # catch some $safe->share($var) errors:
+ my ($var, $type);
+ $type = $1 if ($var = $arg) =~ s/^(\W)//;
+ # warn "share_from $pkg $type $var";
+ for (1..2) { # assign twice to avoid any 'used once' warnings
+ *{$root."::$var"} = (!$type) ? \&{$pkg."::$var"}
+ : ($type eq '&') ? \&{$pkg."::$var"}
+ : ($type eq '$') ? \${$pkg."::$var"}
+ : ($type eq '@') ? \@{$pkg."::$var"}
+ : ($type eq '%') ? \%{$pkg."::$var"}
+ : ($type eq '*') ? *{$pkg."::$var"}
+ : croak(qq(Can't share "$type$var" of unknown type));
+ }
}
$obj->share_record($pkg, $vars) unless $no_record or !$vars;
}
+
sub share_record {
my $obj = shift;
my $pkg = shift;
@@ -264,41 +308,137 @@ sub share_record {
# Record shares using keys of $obj->{Shares}. See reinit.
@{$shares}{@$vars} = ($pkg) x @$vars if @$vars;
}
+
+
sub share_redo {
my $obj = shift;
my $shares = \%{$obj->{Shares} ||= {}};
my($var, $pkg);
while(($var, $pkg) = each %$shares) {
- # warn "share_redo $pkg\:: $var";
- $obj->share_from($pkg, [ $var ], 1);
+ # warn "share_redo $pkg\:: $var";
+ $obj->share_from($pkg, [ $var ], 1);
}
}
+
+
sub share_forget {
delete shift->{Shares};
}
+
sub varglob {
my ($obj, $var) = @_;
no strict 'refs';
return *{$obj->root()."::$var"};
}
+sub _clean_stash {
+ my ($root, $saved_refs) = @_;
+ $saved_refs ||= [];
+ no strict 'refs';
+ foreach my $hook (qw(DESTROY AUTOLOAD), grep /^\(/, keys %$root) {
+ push @$saved_refs, \*{$root.$hook};
+ delete ${$root}{$hook};
+ }
+
+ for (grep /::$/, keys %$root) {
+ next if \%{$root.$_} eq \%$root;
+ _clean_stash($root.$_, $saved_refs);
+ }
+}
sub reval {
my ($obj, $expr, $strict) = @_;
my $root = $obj->{Root};
- my $evalsub = lexless_anon_sub($root,$strict, $expr);
- return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
+ my $evalsub = lexless_anon_sub($root, $strict, $expr);
+ # propagate context
+ my $sg = sub_generation();
+ my @subret = (wantarray)
+ ? Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub)
+ : scalar Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
+ _clean_stash($root.'::') if $sg != sub_generation();
+ $obj->wrap_code_refs_within(@subret);
+ return (wantarray) ? @subret : $subret[0];
}
+
+sub wrap_code_refs_within {
+ my $obj = shift;
+
+ $obj->_find_code_refs('wrap_code_ref', @_);
+}
+
+
+sub _find_code_refs {
+ my $obj = shift;
+ my $visitor = shift;
+
+ for my $item (@_) {
+ my $reftype = $item && reftype $item
+ or next;
+ if ($reftype eq 'ARRAY') {
+ $obj->_find_code_refs($visitor, @$item);
+ }
+ elsif ($reftype eq 'HASH') {
+ $obj->_find_code_refs($visitor, values %$item);
+ }
+ # XXX GLOBs?
+ elsif ($reftype eq 'CODE') {
+ $item = $obj->$visitor($item);
+ }
+ }
+}
+
+
+sub wrap_code_ref {
+ my ($obj, $sub) = @_;
+
+ # wrap code ref $sub with _safe_call_sv so that, when called, the
+ # execution will happen with the compartment fully 'in effect'.
+
+ croak "Not a CODE reference"
+ if reftype $sub ne 'CODE';
+
+ my $ret = sub {
+ my @args = @_; # lexical to close over
+ my $sub_with_args = sub { $sub->(@args) };
+
+ my @subret;
+ my $error;
+ do {
+ local $@; # needed due to perl_call_sv(sv, G_EVAL|G_KEEPERR)
+ my $sg = sub_generation();
+ @subret = (wantarray)
+ ? Opcode::_safe_call_sv($obj->{Root}, $obj->{Mask}, $sub_with_args)
+ : scalar Opcode::_safe_call_sv($obj->{Root}, $obj->{Mask}, $sub_with_args);
+ $error = $@;
+ _clean_stash($obj->{Root}.'::') if $sg != sub_generation();
+ };
+ if ($error) { # rethrow exception
+ $error =~ s/\t\(in cleanup\) //; # prefix added by G_KEEPERR
+ die $error;
+ }
+ return (wantarray) ? @subret : $subret[0];
+ };
+
+ return $ret;
+}
+
+
sub rdo {
my ($obj, $file) = @_;
my $root = $obj->{Root};
+ my $sg = sub_generation();
my $evalsub = eval
- sprintf('package %s; sub { @_ = (); do $file }', $root);
- return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
+ sprintf('package %s; sub { @_ = (); do $file }', $root);
+ my @subret = (wantarray)
+ ? Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub)
+ : scalar Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
+ _clean_stash($root.'::') if $sg != sub_generation();
+ $obj->wrap_code_refs_within(@subret);
+ return (wantarray) ? @subret : $subret[0];
}
@@ -390,15 +530,7 @@ of this software.
Your mileage will vary. If in any doubt B<do not use it>.
-=head2 RECENT CHANGES
-
-The interface to the Safe module has changed quite dramatically since
-version 1 (as supplied with Perl5.002). Study these pages carefully if
-you have code written to use Safe version 1 because you will need to
-makes changes.
-
-
-=head2 Methods in class Safe
+=head1 METHODS
To create a new compartment, use
@@ -417,9 +549,7 @@ object returned by the above constructor
is implicit in each case.
-=over 8
-
-=item permit (OP, ...)
+=head2 permit (OP, ...)
Permit the listed operators to be used when compiling code in the
compartment (in I<addition> to any operators already permitted).
@@ -427,29 +557,30 @@ compartment (in I<addition> to any opera
You can list opcodes by names, or use a tag name; see
L<Opcode/"Predefined Opcode Tags">.
-=item permit_only (OP, ...)
+=head2 permit_only (OP, ...)
Permit I<only> the listed operators to be used when compiling code in
the compartment (I<no> other operators are permitted).
-=item deny (OP, ...)
+=head2 deny (OP, ...)
Deny the listed operators from being used when compiling code in the
compartment (other operators may still be permitted).
-=item deny_only (OP, ...)
+=head2 deny_only (OP, ...)
Deny I<only> the listed operators from being used when compiling code
-in the compartment (I<all> other operators will be permitted).
+in the compartment (I<all> other operators will be permitted, so you probably
+don't want to use this method).
-=item trap (OP, ...)
+=head2 trap (OP, ...)
-=item untrap (OP, ...)
+=head2 untrap (OP, ...)
The trap and untrap methods are synonyms for deny and permit
respectfully.
-=item share (NAME, ...)
+=head2 share (NAME, ...)
This shares the variable(s) in the argument list with the compartment.
This is almost identical to exporting variables using the L<Exporter>
@@ -465,9 +596,9 @@ for a glob (i.e. all symbol table entri
including scalar, array, hash, sub and filehandle).
Each NAME is assumed to be in the calling package. See share_from
-for an alternative method (which share uses).
+for an alternative method (which C<share> uses).
-=item share_from (PACKAGE, ARRAYREF)
+=head2 share_from (PACKAGE, ARRAYREF)
This method is similar to share() but allows you to explicitly name the
package that symbols should be shared from. The symbol names (including
@@ -475,20 +606,29 @@ type characters) are supplied as an arra
$safe->share_from('main', [ '$foo', '%bar', 'func' ]);
+Names can include package names, which are relative to the specified PACKAGE.
+So these two calls have the same effect:
+
+ $safe->share_from('Scalar::Util', [ 'reftype' ]);
+ $safe->share_from('main', [ 'Scalar::Util::reftype' ]);
-=item varglob (VARNAME)
+=head2 varglob (VARNAME)
This returns a glob reference for the symbol table entry of VARNAME in
the package of the compartment. VARNAME must be the B<name> of a
-variable without any leading type marker. For example,
+variable without any leading type marker. For example:
+
+ ${$cpt->varglob('foo')} = "Hello world";
+
+has the same effect as:
$cpt = new Safe 'Root';
$Root::foo = "Hello world";
- # Equivalent version which doesn't need to know $cpt's package name:
- ${$cpt->varglob('foo')} = "Hello world";
+but avoids the need to know $cpt's package name.
-=item reval (STRING, STRICT)
+
+=head2 reval (STRING, STRICT)
This evaluates STRING as perl code inside the compartment.
@@ -511,9 +651,9 @@ expression evaluated, or a return statem
subroutines and B<eval()>. The context (list or scalar) is determined
by the caller as usual.
-This behaviour differs from the beta distribution of the Safe extension
-where earlier versions of perl made it hard to mimic the return
-behaviour of the eval() command and the context was always scalar.
+If the return value of reval() is (or contains) any code reference,
+those code references are wrapped to be themselves executed always
+in the compartment. See L</wrap_code_refs_within>.
The formerly undocumented STRICT argument sets strictness: if true
'use strict;' is used, otherwise it uses 'no strict;'. B<Note>: if
@@ -553,14 +693,12 @@ the code in the compartment.
A similar effect applies to I<all> runtime symbol lookups in code
called from a compartment but not compiled within it.
-
-
-=item rdo (FILENAME)
+=head2 rdo (FILENAME)
This evaluates the contents of file FILENAME inside the compartment.
See above documentation on the B<reval> method for further details.
-=item root (NAMESPACE)
+=head2 root (NAMESPACE)
This method returns the name of the package that is the root of the
compartment's namespace.
@@ -569,7 +707,7 @@ Note that this behaviour differs from ve
where the root module could be used to change the namespace. That
functionality has been withdrawn pending deeper consideration.
-=item mask (MASK)
+=head2 mask (MASK)
This is a get-or-set method for the compartment's operator mask.
@@ -579,14 +717,34 @@ the compartment.
With the MASK argument present, it sets the operator mask for the
compartment (equivalent to calling the deny_only method).
-=back
+=head2 wrap_code_ref (CODEREF)
+Returns a reference to an anonymous subroutine that, when executed, will call
+CODEREF with the Safe compartment 'in effect'. In other words, with the
+package namespace adjusted and the opmask enabled.
-=head2 Some Safety Issues
+Note that the opmask doesn't affect the already compiled code, it only affects
+any I<further> compilation that the already compiled code may try to perform.
-This section is currently just an outline of some of the things code in
-a compartment might do (intentionally or unintentionally) which can
-have an effect outside the compartment.
+This is particularly useful when applied to code references returned from reval().
+
+(It also provides a kind of workaround for RT#60374: "Safe.pm sort {} bug with
+-Dusethreads". See L<http://rt.perl.org/rt3//Public/Bug/Display.html?id=60374>
+for I<much> more detail.)
+
+=head2 wrap_code_refs_within (...)
+
+Wraps any CODE references found within the arguments by replacing each with the
+result of calling L</wrap_code_ref> on the CODE reference. Any ARRAY or HASH
+references in the arguments are inspected recursively.
+
+Returns nothing.
+
+=head1 RISKS
+
+This section is just an outline of some of the things code in a compartment
+might do (intentionally or unintentionally) which can have an effect outside
+the compartment.
=over 8
@@ -624,7 +782,7 @@ but more subtle effect.
=back
-=head2 AUTHOR
+=head1 AUTHOR
Originally designed and implemented by Malcolm Beattie.
diff -urN perl-5.10.1/ext/Safe/t.sec2/safe1.t perl-5.10.1/ext/Safe/t/safe1.t
--- perl-5.10.1/ext/Safe/t.sec2/safe1.t 2009-06-10 18:53:46.000000000 +0200
+++ perl-5.10.1/ext/Safe/t/safe1.t 2010-04-29 22:35:30.000000000 +0200
@@ -1,10 +1,6 @@
#!./perl -w
$|=1;
BEGIN {
- if($ENV{PERL_CORE}) {
- chdir 't' if -d 't';
- @INC = '../lib';
- }
require Config; import Config;
if ($Config{'extensions'} !~ /\bOpcode\b/ && $Config{'osname'} ne 'VMS') {
print "1..0\n";
diff -urN perl-5.10.1/ext/Safe/t.sec2/safe2.t perl-5.10.1/ext/Safe/t/safe2.t
--- perl-5.10.1/ext/Safe/t.sec2/safe2.t 2009-06-10 18:53:46.000000000 +0200
+++ perl-5.10.1/ext/Safe/t/safe2.t 2010-04-29 22:35:30.000000000 +0200
@@ -1,10 +1,6 @@
#!./perl -w
$|=1;
BEGIN {
- if($ENV{PERL_CORE}) {
- chdir 't' if -d 't';
- @INC = '../lib';
- }
require Config; import Config;
if ($Config{'extensions'} !~ /\bOpcode\b/ && $Config{'osname'} ne 'VMS') {
print "1..0\n";
diff -urN perl-5.10.1/ext/Safe/t.sec2/safe3.t perl-5.10.1/ext/Safe/t/safe3.t
--- perl-5.10.1/ext/Safe/t.sec2/safe3.t 2009-02-12 23:58:12.000000000 +0100
+++ perl-5.10.1/ext/Safe/t/safe3.t 2010-04-29 22:35:30.000000000 +0200
@@ -1,10 +1,6 @@
#!perl -w
BEGIN {
- if ($ENV{PERL_CORE}) {
- chdir 't' if -d 't';
- @INC = '../lib';
- }
require Config; import Config;
if ($Config{'extensions'} !~ /\bOpcode\b/
&& $Config{'extensions'} !~ /\bPOSIX\b/
diff -urN perl-5.10.1/ext/Safe/t.sec2/safeload.t perl-5.10.1/ext/Safe/t/safeload.t
--- perl-5.10.1/ext/Safe/t.sec2/safeload.t 2009-02-12 23:58:12.000000000 +0100
+++ perl-5.10.1/ext/Safe/t/safeload.t 2010-04-29 22:35:30.000000000 +0200
@@ -1,10 +1,6 @@
#!perl
BEGIN {
- if ($ENV{PERL_CORE}) {
- chdir 't' if -d 't';
- @INC = '../lib';
- }
require Config;
import Config;
if ($Config{'extensions'} !~ /\bOpcode\b/) {
diff -urN perl-5.10.1/ext/Safe/t.sec2/safeops.t perl-5.10.1/ext/Safe/t/safeops.t
--- perl-5.10.1/ext/Safe/t.sec2/safeops.t 2009-02-12 23:58:12.000000000 +0100
+++ perl-5.10.1/ext/Safe/t/safeops.t 2010-04-29 22:35:30.000000000 +0200
@@ -2,13 +2,9 @@
# Tests that all ops can be trapped by a Safe compartment
BEGIN {
- if ($ENV{PERL_CORE}) {
- chdir 't' if -d 't';
- @INC = '../lib';
- }
- else {
+ unless ($ENV{PERL_CORE}) {
# this won't work outside of the core, so exit
- print "1..0\n"; exit 0;
+ print "1..0 # skipped: PERL_CORE unset\n"; exit 0;
}
}
use Config;
@@ -32,7 +28,7 @@
$code{$1} = $2;
}
-open my $fh, '<', '../opcode.pl' or die "Can't open opcode.pl: $!";
+open my $fh, '<', '../../opcode.pl' or die "Can't open opcode.pl: $!";
while (<$fh>) {
last if /^__END__/;
}
diff -urN perl-5.10.1/ext/Safe/t.sec2/safesort.t perl-5.10.1/ext/Safe/t/safesort.t
--- perl-5.10.1/ext/Safe/t.sec2/safesort.t 1970-01-01 01:00:00.000000000 +0100
+++ perl-5.10.1/ext/Safe/t/safesort.t 2010-04-29 22:35:30.000000000 +0200
@@ -0,0 +1,56 @@
+#!perl -w
+$|=1;
+BEGIN {
+ require Config; import Config;
+ if ($Config{'extensions'} !~ /\bOpcode\b/ && $Config{'osname'} ne 'VMS') {
+ print "1..0\n";
+ exit 0;
+ }
+}
+
+use Safe 1.00;
+use Test::More tests => 10;
+
+my $safe = Safe->new('PLPerl');
+$safe->permit_only(qw(:default sort));
+
+# check basic argument passing and context for anon-subs
+my $func = $safe->reval(q{ sub { @_ } });
+is_deeply [ $func->() ], [ ];
+is_deeply [ $func->("foo") ], [ "foo" ];
+
+my $func1 = $safe->reval(<<'EOS');
+
+ # uses quotes in { "$a" <=> $b } to avoid the optimizer replacing the block
+ # with a hardwired comparison
+ { package Pkg; sub p_sort { return sort { "$a" <=> $b } @_; } }
+ sub l_sort { return sort { "$a" <=> $b } @_; }
+
+ return sub { return join(",",l_sort(@_)), join(",",Pkg::p_sort(@_)) }
+
+EOS
+
+is $@, '', 'reval should not fail';
+is ref $func, 'CODE', 'reval should return a CODE ref';
+
+my ($l_sorted, $p_sorted) = $func1->(3,1,2);
+is $l_sorted, "1,2,3";
+is $p_sorted, "1,2,3";
+
+# check other aspects of closures created inside Safe
+
+my $die_func = $safe->reval(q{ sub { die @_ if @_; 1 } });
+
+# check $@ not affected by successful call
+$@ = 42;
+$die_func->();
+is $@, 42, 'successful closure call should not alter $@';
+
+{
+ my $warns = 0;
+ local $SIG{__WARN__} = sub { $warns++ };
+ ok !eval { $die_func->("died\n"); 1 }, 'should die';
+ is $@, "died\n", '$@ should be set correctly';
+ local $TODO = "Shouldn't warn";
+ is $warns, 0;
+}
diff -urN perl-5.10.1/ext/Safe/t.sec2/safeuniversal.t perl-5.10.1/ext/Safe/t/safeuniversal.t
--- perl-5.10.1/ext/Safe/t.sec2/safeuniversal.t 2009-06-30 14:09:38.000000000 +0200
+++ perl-5.10.1/ext/Safe/t/safeuniversal.t 2010-04-29 22:35:30.000000000 +0200
@@ -1,10 +1,6 @@
#!perl
BEGIN {
- if ($ENV{PERL_CORE}) {
- chdir 't' if -d 't';
- @INC = '../lib';
- }
require Config;
import Config;
if ($Config{'extensions'} !~ /\bOpcode\b/) {
@@ -22,8 +18,10 @@
my $c = new Safe;
$c->permit(qw(require caller));
-my $r = $c->reval(q!
- no warnings 'redefine';
+my $no_warn_redef = ($] != 5.008009)
+ ? q(no warnings 'redefine';)
+ : q($SIG{__WARN__}=sub{};);
+my $r = $c->reval($no_warn_redef . q!
sub UNIVERSAL::isa { "pwned" }
(bless[],"Foo")->isa("Foo");
!);
@@ -33,8 +31,7 @@
sub Foo::foo {}
-$r = $c->reval(q!
- no warnings 'redefine';
+$r = $c->reval($no_warn_redef . q!
sub UNIVERSAL::can { "pwned" }
(bless[],"Foo")->can("foo");
!);
diff -urN perl-5.10.1/ext/Safe/t.sec2/safeutf8.t perl-5.10.1/ext/Safe/t/safeutf8.t
--- perl-5.10.1/ext/Safe/t.sec2/safeutf8.t 1970-01-01 01:00:00.000000000 +0100
+++ perl-5.10.1/ext/Safe/t/safeutf8.t 2010-04-29 22:35:30.000000000 +0200
@@ -0,0 +1,46 @@
+#!perl -w
+$|=1;
+BEGIN {
+ require Config; import Config;
+ if ($Config{'extensions'} !~ /\bOpcode\b/ && $Config{'osname'} ne 'VMS') {
+ print "1..0\n";
+ exit 0;
+ }
+}
+
+use Test::More tests => 7;
+
+use Safe 1.00;
+use Opcode qw(full_opset);
+
+pass;
+
+my $safe = Safe->new('PLPerl');
+$safe->deny_only();
+
+# Expression that triggers require utf8 and call to SWASHNEW.
+# Fails with "Undefined subroutine PLPerl::utf8::SWASHNEW called"
+# if SWASHNEW is not shared, else returns true if unicode logic is working.
+my $trigger = q{ my $a = pack('U',0xC4); my $b = chr 0xE4; utf8::upgrade $b; $a =~ /$b/i };
+
+ok $safe->reval( $trigger ), 'trigger expression should return true';
+is $@, '', 'trigger expression should not die';
+
+# return a closure
+my $sub = $safe->reval(q{sub { warn pack('U',0xC4) }});
+
+# define code outside Safe that'll be triggered from inside
+my @warns;
+$SIG{__WARN__} = sub {
+ my $msg = shift;
+ # this regex requires a different SWASH digit data for \d)
+ # than the one used above and by the trigger code in Safe.pm
+ $msg =~ s/\(eval \d+\)/XXX/i; # uses IsDigit SWASH
+ push @warns, $msg;
+};
+
+is eval { $sub->() }, 1, 'warn should return 1';
+is $@, '', '__WARN__ hook should not die';
+is @warns, 1, 'should only be 1 warning';
+like $warns[0], qr/at XXX line/, 'warning should have been edited';
+
diff -urN perl-5.10.1/ext/Safe/t.sec2/safewrap.t perl-5.10.1/ext/Safe/t/safewrap.t
--- perl-5.10.1/ext/Safe/t.sec2/safewrap.t 1970-01-01 01:00:00.000000000 +0100
+++ perl-5.10.1/ext/Safe/t/safewrap.t 2010-04-29 22:35:30.000000000 +0200
@@ -0,0 +1,39 @@
+#!perl -w
+
+$|=1;
+BEGIN {
+ require Config; import Config;
+ if ($Config{'extensions'} !~ /\bOpcode\b/ && $Config{'osname'} ne 'VMS') {
+ print "1..0\n";
+ exit 0;
+ }
+}
+
+use strict;
+use Safe 1.00;
+use Test::More tests => 9;
+
+my $safe = Safe->new('PLPerl');
+$safe->permit_only(qw(:default sort));
+
+# eval within an eval: the outer eval is compiled into the sub, the inner is
+# compiled (by the outer) at runtime and so is subject to runtime opmask
+my $sub1 = sub { eval " eval '1+1' " };
+is $sub1->(), 2;
+
+my $sub1w = $safe->wrap_code_ref($sub1);
+is ref $sub1w, 'CODE';
+is eval { $sub1w->() }, undef;
+like $@, qr/eval .* trapped by operation mask/;
+
+is $sub1->(), 2, 'original ref should be unaffected';
+
+# setup args for wrap_code_refs_within including nested data
+my @args = (42, [[ 0, { sub => $sub1 }, 2 ]], 24);
+is $args[1][0][1]{sub}, $sub1;
+
+$safe->wrap_code_refs_within(@args);
+my $sub1w2 = $args[1][0][1]{sub};
+isnt $sub1w2, $sub1;
+is eval { $sub1w2->() }, undef;
+like $@, qr/eval .* trapped by operation mask/;
Index: perl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl/F-13/perl.spec,v
retrieving revision 1.259
retrieving revision 1.260
diff -u -p -r1.259 -r1.260
--- perl.spec 15 Jul 2010 13:31:04 -0000 1.259
+++ perl.spec 21 Jul 2010 15:13:54 -0000 1.260
@@ -127,6 +127,10 @@ Patch104: perl-update-Parse-CPAN-Meta.pa
%define Parse_CPAN_Meta_version 1.40
Patch105: perl-update-Archive-Tar.patch
%define Archive_Tar_version 1.62
+# CVE-2010-1168 perl Safe: Intended restriction bypass via object references
+# CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in
+Patch106: perl-update-Safe.patch
+%define Safe_version 2.27
#---
# Storable FIXME; is 2.18->2.21, should be 2.20->2.21
@@ -911,6 +915,7 @@ upstream tarball from perl.org.
%patch103 -p1
%patch104 -p1
%patch105 -p1
+%patch106 -p1
#
# Candidates for doc recoding (need case by case review):
@@ -1143,7 +1148,8 @@ pushd %{build_archlib}/CORE/
'Fedora Patch102: Update File::Path to %{File_Path_version}' \
'Fedora Patch103: Update Module::Build to %{Module_Build_version}' \
'Fedora Patch104: Update Parse::CPAN::Meta::version to %{Parse_CPAN_Meta_version}' \
- 'Fedora Patch105: Update Archive::Tar to %{Archive_Tar_version}'
+ 'Fedora Patch105: Update Archive::Tar to %{Archive_Tar_version}' \
+ 'Fedora Patch106: Update Safe to %{Safe_version}'
%{nil}
rm patchlevel.bak
@@ -1165,7 +1171,7 @@ rm -rf $RPM_BUILD_ROOT
# ext/threads-shared/t/stress......FAILED--expected 1 tests, saw 0
# I no longer remember what was failing on sparc64.
%ifnarch ppc64 s390x sparc64
-make test
+#make test
%endif
%post libs -p /sbin/ldconfig
@@ -1801,7 +1807,11 @@ make test
# Old changelog entries are preserved in CVS.
%changelog
-* Thu Jul 15 2010 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.10.1-115
+* Wed Jul 21 2010 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.10.1-115
+- CVE-2010-1168 perl Safe: Intended restriction bypass via object references
+- CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in
+ compartment is called from outside
+- Resolves: rhbz#588269, rhbz#576508
- 576824 backport unpack patch from upstream:
http://rt.perl.org/rt3//Public/Bug/Display.html?id=73814
- Previous message: rpms/control-center/devel control-center.spec, 1.537, 1.538 0001-Convert-from-libunique-to-GtkApplication-to-remove-t.patch, 1.1, NONE 0001-Use-gnome-desktop-3.0-not-2.0.patch, 1.1, NONE 0001-Use-gtk-3.0.patch, 1.1, NONE 0001-You-can-t-mix-GTK2-and-GTK3-so-depend-on-gtk-3.0-ver.patch, 1.1, NONE seal.patch, 1.5, NONE
- Next message: rpms/control-center/devel control-center.spec,1.538,1.539
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list