perl: Backport 2 CVE Patches

These patches are backported from upstream since it might be risky to update right now They address the following CVEs CVE-2012-6329 CVE-2013-1667 (From OE-Core rev: b6c286c447e50fe499f03b64c6be80ac18504265) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Saul Wold <sgw@linux.intel.com> 2013-08-29 13:21:57 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-08-30 18:06:32 +0100
commit: 116441d6dcd6ab3d044de84e7f0e85b6b50bfb2a (patch)
tree: ce5f19a034598dd0423f262f8aeb29cce46cbb0c
parent: 25b8cc840976d2082f643f6c8c6cd0db21bdc811 (diff)
download: poky-116441d6dcd6ab3d044de84e7f0e85b6b50bfb2a.tar.gz
3 files changed, 267 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch b/meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch
new file mode 100644
index 0000000000..89ec6eff0f
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch
@@ -0,0 +1,86 @@
+From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001
+From: Brian Carlson <brian.carlson@cpanel.net>
+Date: Wed, 28 Nov 2012 08:54:33 -0500
+Subject: [PATCH] Fix misparsing of maketext strings.
+Case 61251: This commit fixes a misparse of maketext strings that could
+lead to arbitrary code execution.  Basically, maketext was compiling
+bracket notation into functions, but neglected to escape backslashes
+inside the content or die on fully-qualified method names when
+generating the code.  This change escapes all such backslashes and dies
+when a method name with a colon or apostrophe is specified.
+---
+ AUTHORS                                     |  1 +
+ dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++----------------
+ 2 files changed, 9 insertions(+), 16 deletions(-)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+diff --git a/AUTHORS b/AUTHORS
+index 70734b0..009dea0 100644
+--- a/AUTHORS
+++ b/AUTHORS
+@@ -154,6 +154,7 @@ Breno G. de Oliveira                <garu@cpan.org>
+ Brent Dax                      <brentdax@cpan.org>
+ Brooks D Boyd
+ Brian Callaghan                        <callagh@itginc.com>
+Brian Carlson                  <brian.carlson@cpanel.net>
+ Brian Clarke                   <clarke@appliedmeta.com>
+ brian d foy                    <brian.d.foy@gmail.com>
+ Brian Fraser                   <fraserbn@gmail.com>
+diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+index 4822027..63e5fba 100644
+--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
+++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
+@@ -625,21 +625,9 @@ sub _compile {
+                         # 0-length method name means to just interpolate:
+                         push @code, ' (';
+                     }
+-                    elsif($m =~ /^\w+(?:\:\:\w+)*$/s
+-                            and $m !~ m/(?:^|\:)\d/s
+-                        # exclude starting a (sub)package or symbol with a digit
+                    elsif($m =~ /^\w+$/s
+                        # exclude anything fancy, especially fully-qualified module names
+                     ) {
+-                        # Yes, it even supports the demented (and undocumented?)
+-                        #  $obj->Foo::bar(...) syntax.
+-                        $target->_die_pointing(
+-                            $string_to_compile, q{Can't use "SUPER::" in a bracket-group method},
+-                            2 + length($c[-1])
+-                        )
+-                        if $m =~ m/^SUPER::/s;
+-                        # Because for SUPER:: to work, we'd have to compile this into
+-                        #  the right package, and that seems just not worth the bother,
+-                        #  unless someone convinces me otherwise.
+-
+                         push @code, ' $_[0]->' . $m . '(';
+                     }
+                     else {
+@@ -693,7 +681,9 @@ sub _compile {
+             elsif(substr($1,0,1) ne '~') {
+                 # it's stuff not containing "~" or "[" or "]"
+                 # i.e., a literal blob
+-                $c[-1] .= $1;
+                my $text = $1;
+                $text =~ s/\\/\\\\/g;
+                $c[-1] .= $text;
+ 
+             }
+             elsif($1 eq '~~') { # "~~"
+@@ -731,7 +721,9 @@ sub _compile {
+             else {
+                 # It's a "~X" where X is not a special character.
+                 # Consider it a literal ~ and X.
+-                $c[-1] .= $1;
+                my $text = $1;
+                $text =~ s/\\/\\\\/g;
+                $c[-1] .= $text;
+             }
+         }
+     }
+-- 
+1.8.3.1
diff --git a/meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch b/meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch
new file mode 100644
index 0000000000..4357c2ef58
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch
@@ -0,0 +1,178 @@
+From d59e31fc729d8a39a774f03bc6bc457029a7aef2 Mon Sep 17 00:00:00 2001
+From: Yves Orton <demerphq@gmail.com>
+Date: Tue, 12 Feb 2013 10:53:05 +0100
+Subject: [PATCH] Prevent premature hsplit() calls, and only trigger REHASH
+ after hsplit()
+Triggering a hsplit due to long chain length allows an attacker
+to create a carefully chosen set of keys which can cause the hash
+to use 2 * (2**32) * sizeof(void *) bytes ram. AKA a DOS via memory
+exhaustion. Doing so also takes non trivial time.
+Eliminating this check, and only inspecting chain length after a
+normal hsplit() (triggered when keys>buckets) prevents the attack
+entirely, and makes such attacks relatively benign.
+(cherry picked from commit f1220d61455253b170e81427c9d0357831ca0fac)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+---
+ ext/Hash-Util-FieldHash/t/10_hash.t | 18 ++++++++++++++++--
+ hv.c                                | 35 ++++++++---------------------------
+ t/op/hash.t                         | 20 +++++++++++++++++---
+ 3 files changed, 41 insertions(+), 32 deletions(-)
+diff --git a/ext/Hash-Util-FieldHash/t/10_hash.t b/ext/Hash-Util-FieldHash/t/10_hash.t
+index 2cfb4e8..d58f053 100644
+--- a/ext/Hash-Util-FieldHash/t/10_hash.t
+++ b/ext/Hash-Util-FieldHash/t/10_hash.t
+@@ -38,15 +38,29 @@ use constant START     => "a";
+ 
+ # some initial hash data
+ fieldhash my %h2;
+-%h2 = map {$_ => 1} 'a'..'cc';
+my $counter= "a";
+$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
+my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
+    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
+
+# returns the number of buckets in a hash
+sub buckets {
+    my $hr = shift;
+    my $keys_buckets= scalar(%$hr);
+    if ($keys_buckets=~m!/([0-9]+)\z!) {
+        return 0+$1;
+    } else {
+        return 8;
+    }
+}
+ 
+ sub get_keys {
+     my $hr = shift;
+diff --git a/hv.c b/hv.c
+index 2be1feb..abb9d76 100644
+--- a/hv.c
+++ b/hv.c
+@@ -35,7 +35,8 @@ holds the key and hash value.
+ #define PERL_HASH_INTERNAL_ACCESS
+ #include "perl.h"
+ 
+-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
+#define HV_MAX_LENGTH_BEFORE_REHASH 14
+#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
+ 
+ static const char S_strtab_error[]
+     = "Cannot modify shared string table in hv_%s";
+@@ -794,29 +795,9 @@ Perl_hv_common(pTHX_ HV *hv, SV *keysv, const char *key, STRLEN klen,
+     if (masked_flags & HVhek_ENABLEHVKFLAGS)
+        HvHASKFLAGS_on(hv);
+ 
+-    {
+-       const HE *counter = HeNEXT(entry);
+-
+-       xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+-       if (!counter) {                         /* initial entry? */
+-       } else if (xhv->xhv_keys > xhv->xhv_max) {
+-               /* Use only the old HvKEYS(hv) > HvMAX(hv) condition to limit
+-                  bucket splits on a rehashed hash, as we're not going to
+-                  split it again, and if someone is lucky (evil) enough to
+-                  get all the keys in one list they could exhaust our memory
+-                  as we repeatedly double the number of buckets on every
+-                  entry. Linear search feels a less worse thing to do.  */
+-           hsplit(hv);
+-       } else if(!HvREHASH(hv)) {
+-           U32 n_links = 1;
+-
+-           while ((counter = HeNEXT(counter)))
+-               n_links++;
+-
+-           if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
+-               hsplit(hv);
+-           }
+-       }
+    xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+    if ( SHOULD_DO_HSPLIT(xhv) ) {
+        hsplit(hv);
+     }
+ 
+     if (return_svp) {
+@@ -1192,7 +1173,7 @@ S_hsplit(pTHX_ HV *hv)
+ 
+ 
+     /* Pick your policy for "hashing isn't working" here:  */
+-    if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked?  */
+    if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked?  */
+        || HvREHASH(hv)) {
+        return;
+     }
+@@ -2831,8 +2812,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
+ 
+        xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
+        if (!next) {                    /* initial entry? */
+-       } else if (xhv->xhv_keys > xhv->xhv_max /* HvKEYS(hv) > HvMAX(hv) */) {
+-               hsplit(PL_strtab);
+       } else if ( SHOULD_DO_HSPLIT(xhv) ) {
+            hsplit(PL_strtab);
+        }
+     }
+ 
+diff --git a/t/op/hash.t b/t/op/hash.t
+index 278bea7..201260a 100644
+--- a/t/op/hash.t
+++ b/t/op/hash.t
+@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
+ use constant START     => "a";
+ 
+ # some initial hash data
+-my %h2 = map {$_ => 1} 'a'..'cc';
+my %h2;
+my $counter= "a";
+$h2{$counter++}++ while $counter ne 'cd';
+ 
+ ok (!Internals::HvREHASH(%h2), 
+     "starting with pre-populated non-pathological hash (rehash flag if off)");
+ 
+ my @keys = get_keys(\%h2);
+my $buckets= buckets(\%h2);
+ $h2{$_}++ for @keys;
+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
+ ok (Internals::HvREHASH(%h2), 
+-    scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
+    scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
+
+# returns the number of buckets in a hash
+sub buckets {
+    my $hr = shift;
+    my $keys_buckets= scalar(%$hr);
+    if ($keys_buckets=~m!/([0-9]+)\z!) {
+        return 0+$1;
+    } else {
+        return 8;
+    }
+}
+ 
+ sub get_keys {
+     my $hr = shift;
+ 
+     # the minimum of bits required to mount the attack on a hash
+     my $min_bits = log(THRESHOLD)/log(2);
+-
+     # if the hash has already been populated with a significant amount
+     # of entries the number of mask bits can be higher
+     my $keys = scalar keys %$hr;
+-- 
+1.8.3.1
diff --git a/meta/recipes-devtools/perl/perl_5.14.3.bb b/meta/recipes-devtools/perl/perl_5.14.3.bb
index 99150422fe..1e14e17020 100644
--- a/meta/recipes-devtools/perl/perl_5.14.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.14.3.bb
@@ -65,6 +65,9 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
        file://perl-archlib-exp.patch \
        file://dynaloaderhack.patch \
        \
+        file://0001-Fix-misparsing-of-maketext-strings.patch \
+        file://0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch \
+        \
        file://config.sh \
        file://config.sh-32 \
        file://config.sh-32-le \
author	Saul Wold <sgw@linux.intel.com>	2013-08-29 13:21:57 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-08-30 18:06:32 +0100
commit	116441d6dcd6ab3d044de84e7f0e85b6b50bfb2a (patch)
tree	ce5f19a034598dd0423f262f8aeb29cce46cbb0c
parent	25b8cc840976d2082f643f6c8c6cd0db21bdc811 (diff)
download	poky-116441d6dcd6ab3d044de84e7f0e85b6b50bfb2a.tar.gz

diff --git a/meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch b/meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch new file mode 100644 index 0000000000..89ec6eff0f --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.3/0001-Fix-misparsing-of-maketext-strings.patch
@@ -0,0 +1,86 @@
		1	From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001
		2	From: Brian Carlson <brian.carlson@cpanel.net>
		3	Date: Wed, 28 Nov 2012 08:54:33 -0500
		4	Subject: [PATCH] Fix misparsing of maketext strings.
		5
		6	Case 61251: This commit fixes a misparse of maketext strings that could
		7	lead to arbitrary code execution. Basically, maketext was compiling
		8	bracket notation into functions, but neglected to escape backslashes
		9	inside the content or die on fully-qualified method names when
		10	generating the code. This change escapes all such backslashes and dies
		11	when a method name with a colon or apostrophe is specified.
		12	---
		13	AUTHORS \| 1 +
		14	dist/Locale-Maketext/lib/Locale/Maketext.pm \| 24 ++++++++----------------
		15	2 files changed, 9 insertions(+), 16 deletions(-)
		16
		17	Upstream-Status: Backport
		18
		19	Signed-off-by: Saul Wold <sgw@linux.intel.com>
		20
		21
		22	diff --git a/AUTHORS b/AUTHORS
		23	index 70734b0..009dea0 100644
		24	--- a/AUTHORS
		25	+++ b/AUTHORS
		26	@@ -154,6 +154,7 @@ Breno G. de Oliveira <garu@cpan.org>
		27	Brent Dax <brentdax@cpan.org>
		28	Brooks D Boyd
		29	Brian Callaghan <callagh@itginc.com>
		30	+Brian Carlson <brian.carlson@cpanel.net>
		31	Brian Clarke <clarke@appliedmeta.com>
		32	brian d foy <brian.d.foy@gmail.com>
		33	Brian Fraser <fraserbn@gmail.com>
		34	diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm
		35	index 4822027..63e5fba 100644
		36	--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm
		37	+++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm
		38	@@ -625,21 +625,9 @@ sub _compile {
		39	# 0-length method name means to just interpolate:
		40	push @code, ' (';
		41	}
		42	- elsif($m =~ /^\w+(?:\:\:\w+)*$/s
		43	- and $m !~ m/(?:^\|\:)\d/s
		44	- # exclude starting a (sub)package or symbol with a digit
		45	+ elsif($m =~ /^\w+$/s
		46	+ # exclude anything fancy, especially fully-qualified module names
		47	) {
		48	- # Yes, it even supports the demented (and undocumented?)
		49	- # $obj->Foo::bar(...) syntax.
		50	- $target->_die_pointing(
		51	- $string_to_compile, q{Can't use "SUPER::" in a bracket-group method},
		52	- 2 + length($c[-1])
		53	- )
		54	- if $m =~ m/^SUPER::/s;
		55	- # Because for SUPER:: to work, we'd have to compile this into
		56	- # the right package, and that seems just not worth the bother,
		57	- # unless someone convinces me otherwise.
		58	-
		59	push @code, ' $_[0]->' . $m . '(';
		60	}
		61	else {
		62	@@ -693,7 +681,9 @@ sub _compile {
		63	elsif(substr($1,0,1) ne '~') {
		64	# it's stuff not containing "~" or "[" or "]"
		65	# i.e., a literal blob
		66	- $c[-1] .= $1;
		67	+ my $text = $1;
		68	+ $text =~ s/\\/\\\\/g;
		69	+ $c[-1] .= $text;
		70
		71	}
		72	elsif($1 eq '~~') { # "~~"
		73	@@ -731,7 +721,9 @@ sub _compile {
		74	else {
		75	# It's a "~X" where X is not a special character.
		76	# Consider it a literal ~ and X.
		77	- $c[-1] .= $1;
		78	+ my $text = $1;
		79	+ $text =~ s/\\/\\\\/g;
		80	+ $c[-1] .= $text;
		81	}
		82	}
		83	}
		84	--
		85	1.8.3.1
		86


diff --git a/meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch b/meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch new file mode 100644 index 0000000000..4357c2ef58 --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.3/0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch
@@ -0,0 +1,178 @@
		1	From d59e31fc729d8a39a774f03bc6bc457029a7aef2 Mon Sep 17 00:00:00 2001
		2	From: Yves Orton <demerphq@gmail.com>
		3	Date: Tue, 12 Feb 2013 10:53:05 +0100
		4	Subject: [PATCH] Prevent premature hsplit() calls, and only trigger REHASH
		5	after hsplit()
		6
		7	Triggering a hsplit due to long chain length allows an attacker
		8	to create a carefully chosen set of keys which can cause the hash
		9	to use 2 * (2*32) sizeof(void *) bytes ram. AKA a DOS via memory
		10	exhaustion. Doing so also takes non trivial time.
		11
		12	Eliminating this check, and only inspecting chain length after a
		13	normal hsplit() (triggered when keys>buckets) prevents the attack
		14	entirely, and makes such attacks relatively benign.
		15
		16	(cherry picked from commit f1220d61455253b170e81427c9d0357831ca0fac)
		17
		18	Upstream-Status: Backport
		19
		20	Signed-off-by: Saul Wold <sgw@linux.intel.com>
		21
		22
		23	---
		24	ext/Hash-Util-FieldHash/t/10_hash.t \| 18 ++++++++++++++++--
		25	hv.c \| 35 ++++++++---------------------------
		26	t/op/hash.t \| 20 +++++++++++++++++---
		27	3 files changed, 41 insertions(+), 32 deletions(-)
		28
		29	diff --git a/ext/Hash-Util-FieldHash/t/10_hash.t b/ext/Hash-Util-FieldHash/t/10_hash.t
		30	index 2cfb4e8..d58f053 100644
		31	--- a/ext/Hash-Util-FieldHash/t/10_hash.t
		32	+++ b/ext/Hash-Util-FieldHash/t/10_hash.t
		33	@@ -38,15 +38,29 @@ use constant START => "a";
		34
		35	# some initial hash data
		36	fieldhash my %h2;
		37	-%h2 = map {$_ => 1} 'a'..'cc';
		38	+my $counter= "a";
		39	+$h2{$counter++}++ while $counter ne 'cd';
		40
		41	ok (!Internals::HvREHASH(%h2),
		42	"starting with pre-populated non-pathological hash (rehash flag if off)");
		43
		44	my @keys = get_keys(\%h2);
		45	+my $buckets= buckets(\%h2);
		46	$h2{$_}++ for @keys;
		47	+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
		48	ok (Internals::HvREHASH(%h2),
		49	- scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
		50	+ scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
		51	+
		52	+# returns the number of buckets in a hash
		53	+sub buckets {
		54	+ my $hr = shift;
		55	+ my $keys_buckets= scalar(%$hr);
		56	+ if ($keys_buckets=~m!/([0-9]+)\z!) {
		57	+ return 0+$1;
		58	+ } else {
		59	+ return 8;
		60	+ }
		61	+}
		62
		63	sub get_keys {
		64	my $hr = shift;
		65	diff --git a/hv.c b/hv.c
		66	index 2be1feb..abb9d76 100644
		67	--- a/hv.c
		68	+++ b/hv.c
		69	@@ -35,7 +35,8 @@ holds the key and hash value.
		70	#define PERL_HASH_INTERNAL_ACCESS
		71	#include "perl.h"
		72
		73	-#define HV_MAX_LENGTH_BEFORE_SPLIT 14
		74	+#define HV_MAX_LENGTH_BEFORE_REHASH 14
		75	+#define SHOULD_DO_HSPLIT(xhv) ((xhv)->xhv_keys > (xhv)->xhv_max) /* HvTOTALKEYS(hv) > HvMAX(hv) */
		76
		77	static const char S_strtab_error[]
		78	= "Cannot modify shared string table in hv_%s";
		79	@@ -794,29 +795,9 @@ Perl_hv_common(pTHX_ HV hv, SV keysv, const char *key, STRLEN klen,
		80	if (masked_flags & HVhek_ENABLEHVKFLAGS)
		81	HvHASKFLAGS_on(hv);
		82
		83	- {
		84	- const HE *counter = HeNEXT(entry);
		85	-
		86	- xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
		87	- if (!counter) { /* initial entry? */
		88	- } else if (xhv->xhv_keys > xhv->xhv_max) {
		89	- /* Use only the old HvKEYS(hv) > HvMAX(hv) condition to limit
		90	- bucket splits on a rehashed hash, as we're not going to
		91	- split it again, and if someone is lucky (evil) enough to
		92	- get all the keys in one list they could exhaust our memory
		93	- as we repeatedly double the number of buckets on every
		94	- entry. Linear search feels a less worse thing to do. */
		95	- hsplit(hv);
		96	- } else if(!HvREHASH(hv)) {
		97	- U32 n_links = 1;
		98	-
		99	- while ((counter = HeNEXT(counter)))
		100	- n_links++;
		101	-
		102	- if (n_links > HV_MAX_LENGTH_BEFORE_SPLIT) {
		103	- hsplit(hv);
		104	- }
		105	- }
		106	+ xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
		107	+ if ( SHOULD_DO_HSPLIT(xhv) ) {
		108	+ hsplit(hv);
		109	}
		110
		111	if (return_svp) {
		112	@@ -1192,7 +1173,7 @@ S_hsplit(pTHX_ HV *hv)
		113
		114
		115	/* Pick your policy for "hashing isn't working" here: */
		116	- if (longest_chain <= HV_MAX_LENGTH_BEFORE_SPLIT /* split worked? */
		117	+ if (longest_chain <= HV_MAX_LENGTH_BEFORE_REHASH /* split worked? */
		118	\|\| HvREHASH(hv)) {
		119	return;
		120	}
		121	@@ -2831,8 +2812,8 @@ S_share_hek_flags(pTHX_ const char *str, I32 len, register U32 hash, int flags)
		122
		123	xhv->xhv_keys++; /* HvTOTALKEYS(hv)++ */
		124	if (!next) { /* initial entry? */
		125	- } else if (xhv->xhv_keys > xhv->xhv_max /* HvKEYS(hv) > HvMAX(hv) */) {
		126	- hsplit(PL_strtab);
		127	+ } else if ( SHOULD_DO_HSPLIT(xhv) ) {
		128	+ hsplit(PL_strtab);
		129	}
		130	}
		131
		132	diff --git a/t/op/hash.t b/t/op/hash.t
		133	index 278bea7..201260a 100644
		134	--- a/t/op/hash.t
		135	+++ b/t/op/hash.t
		136	@@ -39,22 +39,36 @@ use constant THRESHOLD => 14;
		137	use constant START => "a";
		138
		139	# some initial hash data
		140	-my %h2 = map {$_ => 1} 'a'..'cc';
		141	+my %h2;
		142	+my $counter= "a";
		143	+$h2{$counter++}++ while $counter ne 'cd';
		144
		145	ok (!Internals::HvREHASH(%h2),
		146	"starting with pre-populated non-pathological hash (rehash flag if off)");
		147
		148	my @keys = get_keys(\%h2);
		149	+my $buckets= buckets(\%h2);
		150	$h2{$_}++ for @keys;
		151	+$h2{$counter++}++ while buckets(\%h2) == $buckets; # force a split
		152	ok (Internals::HvREHASH(%h2),
		153	- scalar(@keys) . " colliding into the same bucket keys are triggering rehash");
		154	+ scalar(@keys) . " colliding into the same bucket keys are triggering rehash after split");
		155	+
		156	+# returns the number of buckets in a hash
		157	+sub buckets {
		158	+ my $hr = shift;
		159	+ my $keys_buckets= scalar(%$hr);
		160	+ if ($keys_buckets=~m!/([0-9]+)\z!) {
		161	+ return 0+$1;
		162	+ } else {
		163	+ return 8;
		164	+ }
		165	+}
		166
		167	sub get_keys {
		168	my $hr = shift;
		169
		170	# the minimum of bits required to mount the attack on a hash
		171	my $min_bits = log(THRESHOLD)/log(2);
		172	-
		173	# if the hash has already been populated with a significant amount
		174	# of entries the number of mask bits can be higher
		175	my $keys = scalar keys %$hr;
		176	--
		177	1.8.3.1
		178


diff --git a/meta/recipes-devtools/perl/perl_5.14.3.bb b/meta/recipes-devtools/perl/perl_5.14.3.bb index 99150422fe..1e14e17020 100644 --- a/meta/recipes-devtools/perl/perl_5.14.3.bb +++ b/meta/recipes-devtools/perl/perl_5.14.3.bb
@@ -65,6 +65,9 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
65	file://perl-archlib-exp.patch \	65	file://perl-archlib-exp.patch \
66	file://dynaloaderhack.patch \	66	file://dynaloaderhack.patch \
67	\	67	\
		68	file://0001-Fix-misparsing-of-maketext-strings.patch \
		69	file://0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch \
		70	\
68	file://config.sh \	71	file://config.sh \
69	file://config.sh-32 \	72	file://config.sh-32 \
70	file://config.sh-32-le \	73	file://config.sh-32-le \