packages/perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-47100

Browse Source
This commit is contained in:
h30032433 2023-12-11 16:48:25 +08:00
parent b58c66a446
commit 50674f8259
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backport-CVE-2023-47038.patch → backport-CVE-2023-47100-CVE-2023-47038.patch
View File

@ -42,6 +42,10 @@ This commit also does white-space adjustment so that things align
vertically for readability. vertically for readability.
This can be easily backported to earlier Perl releases. This can be easily backported to earlier Perl releases.
Reference:https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664
Conflict:NA
--- ---
regcomp.c | 17 +++++++++++------ regcomp.c | 17 +++++++++++------
t/re/pat_advanced.t | 8 ++++++++ t/re/pat_advanced.t | 8 ++++++++
@ -92,7 +96,7 @@ index d3c135f..67aa03e 100644
if (cur == '_') { if (cur == '_') {
if ( stricter if ( stricter
- && ( i == 0 || (int) i == equals_pos || i == name_len- 1 - && ( i == 0 || (int) i == equals_pos || i == name_len- 1
+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 + && ( i == i_zero || (int) i == equals_pos || i == name_len- 1
|| ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1])))
{ {
lookup_name[j++] = '_'; lookup_name[j++] = '_';

7
perl.spec
View File

@ -24,7 +24,7 @@ Name: perl
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
Epoch: 4 Epoch: 4
Version: %{perl_version} Version: %{perl_version}
Release: 4 Release: 5
Summary: A highly capable, feature-rich programming language Summary: A highly capable, feature-rich programming language
Url: https://www.perl.org/ Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@ -35,7 +35,7 @@ Patch3: perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch
Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch
Patch5: change-lib-to-lib64.patch Patch5: change-lib-to-lib64.patch
Patch6: disable-rpath-by-default.patch Patch6: disable-rpath-by-default.patch
Patch7: backport-CVE-2023-47038.patch Patch7: backport-CVE-2023-47100-CVE-2023-47038.patch
Patch8: backport-CVE-2023-47039.patch Patch8: backport-CVE-2023-47039.patch
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
@ -498,6 +498,9 @@ make test_harness
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Mon Dec 11 2023 huyubiao <huyubiao@huawei.com> - 4:5.38.0.5
- Fix CVE-2023-47100
* Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0.4 * Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0.4
- Fix CVE-2023-48039 - Fix CVE-2023-48039