thread results from the CPAN

App-perlall
package Devel::PatchPerl::Plugin::Asan;
use base 'Devel::PatchPerl';

=head1 DESCRIPTION

Plugin for Devel::PatchPerl to fix several buffer overflows and use-after-free
bugs in production perls which prevent compilations with C<clang AddressSanitizer>,
aka I<asan>.

Note that F<buildperl.pl> from L<Devel::PPPerl> and L<Devel::PatchPerl> do
not provide such security patches, only configure and make patches.

Most fixes have very low security impact. No known exploits do exist.

You need to run C<perlall build --allpatches> or C<perlall build --patches=Asan>
to apply these.

=head1 PATCHES

The list is complete for non-threaded perls. 
For threaded perls some more patches need to be added.

    5.8.2-5.16.2: CVE-2013-1667 prevent hsplit DOS attacks
    5.10-5.15.9:  RT#111586 sdbm.c off-by-one access to global .dir
    5.12-5.16.0:  RT#72700 List::Util boot Fix off-by-two on string literal length
    5.15.4-9, 5.17.0-6: RT#115702 overlapping memcpy in to_utf8_case
    5.6-5.16.0:   RT#111594 Socket::unpack_sockaddr_un heap-buffer-overflow
    5.8-5.14.3:   RT#115992 PL_eval_start use-after-free
    5.10-5.14.3:  RT#115994 S_join_exact global-buffer-overflow
    5.17.7-8:     RT#82119 Socket::inet_ntop heap-buffer-overflow
    5.14.0-3:     RT#91678 S_anonymise_cv_maybe UTF8 cleanup
    5.17,18.0,19  RT#118525 Return B::HEK for B::CV::GV of lexical subs

=head2 Devel::PatchPerl::Plugin::Asan::patchperl($class, {version,source,patchexe})

Apply patches in Devel::PatchPerl::Plugin::Asan depending on the
perl version. See L<Devel::PatchPerl::Plugin>.

Every patch is recorded in patchlevel.h, visible in myconfig.
If a patch fails the script dies.

=cut

sub patchperl {
  my $class = shift;
  my %args = @_;
  my ($vers, $source, $patch_exe) = @args{qw(version source patchexe)};
  for my $p ( grep { Devel::PatchPerl::_is( $_->{perl}, $vers ) } @Devel::PatchPerl::patch ) {
    for my $s (@{$p->{subs}}) {
      my ($sub, @args) = @$s;
      push @args, $vers unless scalar @args;
      $sub->(@args);
    }
  }
}


package
  Devel::PatchPerl;

use File::Copy;
use vars '@patch';

@patch = (
  {
    perl => [ qr/^5\.1[01]\.\d$/ ],
    # fixed in 5.16.0
    subs => [ [ \&_patch_sdbm] ],
  },
  {
    perl => [ qr/^5\.12\.[0-5]$/,
              qr/^5\.1[35]\.\d$/,
              qr/^5\.14\.[0-3]$/,
            ],
    subs => [ [ \&_patch_listutil_boot ], [ \&_patch_sdbm] ],
  },
  {
    perl => [ qr/^5\.16\.0$/ ],
    # fixed in 5.16.1
    subs => [ [ \&_patch_listutil_boot ] ],
  },
( run in 1.996 second using v1.01-cache-2.11-cpan-39bf76dae61 )