perl/perl-5.18.2-overflow.diff

14 lines
596 B
Diff
Raw Normal View History

Accepting request 494775 from home:coolo:branches:openSUSE:Factory - Fix building with zlib-1.2.10 (RT#119762): * Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch - Update to perl-5.24.1 -Di switch is now required for PerlIO debugging output Previously PerlIO debugging output would be sent to the file specified by the "PERLIO_DEBUG" environment variable if perl wasn't running setuid and the -T or -t switches hadn't been parsed yet. If perl performed output at a point where it hadn't yet parsed its switches this could result in perl creating or overwriting the file named by "PERLIO_DEBUG" even when the -T switch had been supplied. Perl now requires the -Di switch to produce PerlIO debugging output. By default this is written to "stderr", but can optionally be redirected to a file by setting the "PERLIO_DEBUG" environment variable. If perl is running setuid or the -T switch was supplied "PERLIO_DEBUG" is ignored and the debugging output is sent to "stderr" as for any other -D switch. Core modules and tools no longer search "." for optional modules The tools and many modules supplied in core no longer search the default current directory entry in @INC for optional modules. For example, Storable will remove the final "." from @INC before trying to load Log::Agent. This prevents an attacker injecting an optional module into a process run by another user where the current directory is writable by the attacker, e.g. the /tmp directory. - Refresh patches OBS-URL: https://build.opensuse.org/request/show/494775 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=148
2017-05-17 12:00:29 +02:00
Index: sv.c
===================================================================
--- sv.c.orig
+++ sv.c
@@ -2153,7 +2153,7 @@ S_sv_2iuv_common(pTHX_ SV *const sv)
#ifndef NV_PRESERVES_UV
&& SvIVX(sv) != IV_MIN /* avoid negating IV_MIN below */
&& (((UV)1 << NV_PRESERVES_UV_BITS) >
- (UV)(SvIVX(sv) > 0 ? SvIVX(sv) : -SvIVX(sv)))
+ (UV)(SvIVX(sv) > 0 ? (UV)SvIVX(sv) : -(UV)SvIVX(sv)))
/* Don't flag it as "accurately an integer" if the number
came from a (by definition imprecise) NV operation, and
we're outside the range of NV integer precision */