1 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff b/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff
new file mode 100644
index 0000000000..ee00ca3cdf
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff
@@ -0,0 +1,74 @@
+Upstream-Status:Inappropriate [debian patches]
+From e25298a339dd6679f1b080f0125ac1b237b87950 Mon Sep 17 00:00:00 2001
+From: David Mitchell <davem@iabyn.com>
+Date: Tue, 28 Jun 2011 17:04:40 +0100
+Subject: RT 64804: tainting with index() of a constant
+Bug: http://rt.perl.org/rt3/Public/Bug/Display.html?id=64804
+Bug-Debian: http://bugs.debian.org/291450
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/3b36395d31cf0a2f3a017505cd0ea857a7acb5d1
+At compile time, ck_index with a tainted constant set PL_tainted,
+which remained on during the rest of compilation, tainting all other
+constants.
+Fix this by saving and restoring PL_tainted across the call to
+fbm_compile, which is what sets PL_tainted.
+Patch-Name: fixes/index-tainting.diff
+---
+ op.c         |    5 ++++-
+ t/op/taint.t |   16 +++++++++++++++-
+ 2 files changed, 19 insertions(+), 2 deletions(-)
+diff --git a/op.c b/op.c
+index e21b9a4..973df13 100644
+--- a/op.c
+++ b/op.c
+@@ -7780,8 +7780,11 @@ Perl_ck_index(pTHX_ OP *o)
+        OP *kid = cLISTOPo->op_first->op_sibling;       /* get past pushmark */
+        if (kid)
+            kid = kid->op_sibling;                      /* get past "big" */
+-       if (kid && kid->op_type == OP_CONST)
+       if (kid && kid->op_type == OP_CONST) {
+           const bool save_taint = PL_tainted;
+            fbm_compile(((SVOP*)kid)->op_sv, 0);
+           PL_tainted = save_taint;
+       }
+     }
+     return ck_fun(o);
+ }
+diff --git a/t/op/taint.t b/t/op/taint.t
+index 9df6fee..a300b9b 100644
+--- a/t/op/taint.t
+++ b/t/op/taint.t
+@@ -17,7 +17,7 @@ BEGIN {
+ use strict;
+ use Config;
+ 
+-plan tests => 774;
+plan tests => 778;
+ 
+ $| = 1;
+ 
+@@ -2144,6 +2144,20 @@ end
+     is_tainted $dest, "ucfirst(tainted) taints its return value";
+ }
+ 
+
+# tainted constants and index()
+#  RT 64804; http://bugs.debian.org/291450
+{
+    ok(tainted $old_env_path, "initial taintedness");
+    BEGIN { no strict 'refs'; my $v = $old_env_path; *{"::C"} = sub () { $v }; }
+    ok(tainted C, "constant is tainted properly");
+    ok(!tainted "", "tainting not broken yet");
+    index(undef, C);
+    ok(!tainted "", "tainting still works after index() of the constant");
+}
+
+
+
+ # This may bomb out with the alarm signal so keep it last
+ SKIP: {
+     skip "No alarm()"  unless $Config{d_alarm};

diff --git a/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff b/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff new file mode 100644 index 0000000000..ee00ca3cdf --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.3/debian/fixes/index-tainting.diff
@@ -0,0 +1,74 @@
	1	Upstream-Status:Inappropriate [debian patches]
	2	From e25298a339dd6679f1b080f0125ac1b237b87950 Mon Sep 17 00:00:00 2001
	3	From: David Mitchell <davem@iabyn.com>
	4	Date: Tue, 28 Jun 2011 17:04:40 +0100
	5	Subject: RT 64804: tainting with index() of a constant
	6
	7	Bug: http://rt.perl.org/rt3/Public/Bug/Display.html?id=64804
	8	Bug-Debian: http://bugs.debian.org/291450
	9	Origin: upstream, http://perl5.git.perl.org/perl.git/commit/3b36395d31cf0a2f3a017505cd0ea857a7acb5d1
	10
	11	At compile time, ck_index with a tainted constant set PL_tainted,
	12	which remained on during the rest of compilation, tainting all other
	13	constants.
	14
	15	Fix this by saving and restoring PL_tainted across the call to
	16	fbm_compile, which is what sets PL_tainted.
	17
	18	Patch-Name: fixes/index-tainting.diff
	19	---
	20	op.c \| 5 ++++-
	21	t/op/taint.t \| 16 +++++++++++++++-
	22	2 files changed, 19 insertions(+), 2 deletions(-)
	23
	24	diff --git a/op.c b/op.c
	25	index e21b9a4..973df13 100644
	26	--- a/op.c
	27	+++ b/op.c
	28	@@ -7780,8 +7780,11 @@ Perl_ck_index(pTHX_ OP *o)
	29	OP kid = cLISTOPo->op_first->op_sibling; / get past pushmark */
	30	if (kid)
	31	kid = kid->op_sibling; /* get past "big" */
	32	- if (kid && kid->op_type == OP_CONST)
	33	+ if (kid && kid->op_type == OP_CONST) {
	34	+ const bool save_taint = PL_tainted;
	35	fbm_compile(((SVOP*)kid)->op_sv, 0);
	36	+ PL_tainted = save_taint;
	37	+ }
	38	}
	39	return ck_fun(o);
	40	}
	41	diff --git a/t/op/taint.t b/t/op/taint.t
	42	index 9df6fee..a300b9b 100644
	43	--- a/t/op/taint.t
	44	+++ b/t/op/taint.t
	45	@@ -17,7 +17,7 @@ BEGIN {
	46	use strict;
	47	use Config;
	48
	49	-plan tests => 774;
	50	+plan tests => 778;
	51
	52	$\| = 1;
	53
	54	@@ -2144,6 +2144,20 @@ end
	55	is_tainted $dest, "ucfirst(tainted) taints its return value";
	56	}
	57
	58	+
	59	+# tainted constants and index()
	60	+# RT 64804; http://bugs.debian.org/291450
	61	+{
	62	+ ok(tainted $old_env_path, "initial taintedness");
	63	+ BEGIN { no strict 'refs'; my $v = $old_env_path; *{"::C"} = sub () { $v }; }
	64	+ ok(tainted C, "constant is tainted properly");
	65	+ ok(!tainted "", "tainting not broken yet");
	66	+ index(undef, C);
	67	+ ok(!tainted "", "tainting still works after index() of the constant");
	68	+}
	69	+
	70	+
	71	+
	72	# This may bomb out with the alarm signal so keep it last
	73	SKIP: {
	74	skip "No alarm()" unless $Config{d_alarm};