[perl.git] branch blead, updated. v5.21.2-94-g205b814

Tue, 05 Aug 2014 00:30:08 -0700 

In perl.git, the branch blead has been updated

<http://perl5.git.perl.org/perl.git/commitdiff/205b8145e88fdb6ead534ed102faa8b6aecbe085?hp=883f220b1a9552b53f705c439a73a5c235feaedc>

- Log -----------------------------------------------------------------
commit 205b8145e88fdb6ead534ed102faa8b6aecbe085
Author: Rafael Garcia-Suarez <r...@consttype.org>
Date:   Tue Aug 5 09:27:29 2014 +0200

    Fix MANIFEST and Safe's changelog

M       MANIFEST
M       dist/Safe/Changes
M       dist/Safe/t/safesecurity.t

commit 23c3e71c90a1dea6c17d193db263796876d2ac52
Author: syber <sy...@crazypanda.ru>
Date:   Mon Aug 4 23:47:23 2014 +0400

    Critical bugfix in module Safe (Opcode). Version increased, changelog and 
test added.
    
    This example hacks outside environment:
    
    package My::Controller;
    use strict;
    
    sub jopa { return "jopa\n"; }
    
    package main;
    use Safe;
    
    my $s = new Safe;
    
    my $ok = $s->reval(q{
        package My::Controller;
        sub jopa { return "hacked\n"; }
    
        My::Controller->jopa();
    });
    
    print My::Controller->jopa();

M       dist/Safe/Changes
M       dist/Safe/Safe.pm
A       dist/Safe/t/safesecurity.t
M       ext/Opcode/Opcode.pm
M       ext/Opcode/Opcode.xs
-----------------------------------------------------------------------

Summary of changes:
 MANIFEST                   |  3 ++-
 dist/Safe/Changes          | 11 ++++++++++-
 dist/Safe/Safe.pm          |  2 +-
 dist/Safe/t/safesecurity.t | 32 ++++++++++++++++++++++++++++++++
 ext/Opcode/Opcode.pm       |  2 +-
 ext/Opcode/Opcode.xs       |  6 +++++-
 6 files changed, 51 insertions(+), 5 deletions(-)
 create mode 100644 dist/Safe/t/safesecurity.t

diff --git a/MANIFEST b/MANIFEST
index 6e86383..e1ac8bc 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -3217,7 +3217,8 @@ dist/Safe/t/safe3.t               See if Safe works
 dist/Safe/t/safeload.t         Tests that some modules can be loaded by Safe
 dist/Safe/t/safenamedcap.t     Tests that Tie::Hash::NamedCapture can be loaded
 dist/Safe/t/safeops.t          Tests that all ops can be trapped by Safe
-dist/Safe/t/saferegexp.t
+dist/Safe/t/saferegexp.t       Tests Safe with regular expressions
+dist/Safe/t/safesecurity.t     Tests misc. security fixes in Safe
 dist/Safe/t/safesort.t         Tests Safe with sort
 dist/Safe/t/safeuniversal.t    Tests Safe with functions from universal.c
 dist/Safe/t/safeutf8.t         Tests Safe with utf8.pm
diff --git a/dist/Safe/Changes b/dist/Safe/Changes
index 8cde1db..a48058a 100644
--- a/dist/Safe/Changes
+++ b/dist/Safe/Changes
@@ -1,3 +1,12 @@
+2.38 Mon Aug 04 2014
+    - critical bugfix: outside packages could be replaced (fix in Opcode)
+
+2.37 Sat Jun 22 2013
+    - Doc and presentation nits
+
+2.36 Thu May 23 18:08:48 2013
+    - Doc and test fixes for newer perls
+
 2.35 Thu Feb 21 2013
     - localize %SIG in the Safe compartment
     - actually check that we call execution methods on a Safe object
@@ -7,7 +16,7 @@
       cf Perl 5 change 42440e3c68e8bafb7e2a74763360939de0fad6be
 
 2.33 Tue Apr  3 2012
-    - Don’t eval code under ‘no strict’ (Father Chrysostomos)
+      Don't eval code under "no strict" (Father Chrysostomos)
       cf. Perl 5 change 25dc25e774abbe993644899cf4d9f9925a9fb9a8
 
 2.32 Sat Mar 31 2012
diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm
index 4db116d..2c0d56a 100644
--- a/dist/Safe/Safe.pm
+++ b/dist/Safe/Safe.pm
@@ -3,7 +3,7 @@ package Safe;
 use 5.003_11;
 use Scalar::Util qw(reftype refaddr);
 
-$Safe::VERSION = "2.37";
+$Safe::VERSION = "2.38";
 
 # *** Don't declare any lexicals above this point ***
 #
diff --git a/dist/Safe/t/safesecurity.t b/dist/Safe/t/safesecurity.t
new file mode 100644
index 0000000..7cb9712
--- /dev/null
+++ b/dist/Safe/t/safesecurity.t
@@ -0,0 +1,32 @@
+#!perl
+
+BEGIN {
+    require Config;
+    import Config;
+    if ($Config{'extensions'} !~ /\bOpcode\b/) {
+       print "1..0\n";
+       exit 0;
+    }
+}
+
+use strict;
+use warnings;
+use Test::More;
+use Safe;
+plan(tests => 1);
+
+my $c = new Safe;
+
+{
+    package My::Controller;
+    sub jopa { return "jopa" }
+}
+
+$c->reval(q{
+    package My::Controller;
+    sub jopa { return "hacked" }
+
+    My::Controller->jopa; # let it cache package
+});
+
+is(My::Controller->jopa, "jopa", "outside packages cannot be overriden");
diff --git a/ext/Opcode/Opcode.pm b/ext/Opcode/Opcode.pm
index a48b01d..3da8d94 100644
--- a/ext/Opcode/Opcode.pm
+++ b/ext/Opcode/Opcode.pm
@@ -6,7 +6,7 @@ use strict;
 
 our($VERSION, @ISA, @EXPORT_OK);
 
-$VERSION = "1.27";
+$VERSION = "1.28";
 
 use Carp;
 use Exporter ();
diff --git a/ext/Opcode/Opcode.xs b/ext/Opcode/Opcode.xs
index 386dddf..594f5b2 100644
--- a/ext/Opcode/Opcode.xs
+++ b/ext/Opcode/Opcode.xs
@@ -310,7 +310,7 @@ PPCODE:
     dummy_hv = save_hash(PL_incgv);
     GvHV(PL_incgv) = 
(HV*)SvREFCNT_inc(GvHV(gv_HVadd(gv_fetchpvs("INC",GV_ADD,SVt_PVHV))));
 
-    /* Invalidate ISA and method caches */
+    /* Invalidate class and method caches */
     ++PL_sub_generation;
     hv_clear(PL_stashcache);
 
@@ -320,6 +320,10 @@ PPCODE:
     SPAGAIN; /* for the PUTBACK added by xsubpp */
     LEAVE;
 
+    /* Invalidate again */
+    ++PL_sub_generation;
+    hv_clear(PL_stashcache);
+
 
 int
 verify_opset(opset, fatal = 0)

--
Perl5 Master Repository

Reply via email to