fix CVE-2024-56406
(cherry picked from commit 3c060f5b93f66d72e6d6325d20a7fdfbaa87b28b)
This commit is contained in:
Funda Wang
openeuler-sync-bot
parent
0fcb340d04
commit
7671ab4726
26
backport-CVE-2024-56406.patch
Normal file
26
backport-CVE-2024-56406.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Wed, 18 Dec 2024 18:25:29 -0700
|
||||
Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr//
|
||||
|
||||
This was due to underallocating needed space. If the translation forces
|
||||
something to become UTF-8 that is initially bytes, that UTF-8 could
|
||||
now require two bytes where previously a single one would do.
|
||||
|
||||
(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
|
||||
---
|
||||
op.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/op.c b/op.c
|
||||
index 69ff030e88eb..298b2926338a 100644
|
||||
--- a/op.c
|
||||
+++ b/op.c
|
||||
@@ -6520,6 +6520,7 @@
|
||||
* same time. But otherwise one crosses before the other */
|
||||
if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
|
||||
can_force_utf8 = TRUE;
|
||||
+ max_expansion = MAX(2, max_expansion);
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,7 +24,7 @@ Name: perl
|
||||
License: (GPL-1.0-or-later or Artistic-1.0-perl) and (GPL-2.0-or-later or Artistic-1.0-perl) and MIT and UCD and Public Domain and BSD
|
||||
Epoch: 4
|
||||
Version: %{perl_version}
|
||||
Release: 8
|
||||
Release: 9
|
||||
Summary: A highly capable, feature-rich programming language
|
||||
Url: https://www.perl.org/
|
||||
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
|
||||
@ -38,6 +38,7 @@ Patch6: disable-rpath-by-default.patch
|
||||
Patch7: backport-CVE-2023-47100-CVE-2023-47038.patch
|
||||
Patch8: backport-CVE-2023-47039.patch
|
||||
Patch9: perl-5.38.0-Link-XS-modules-to-libperl.so-with-EU-MM.patch
|
||||
Patch10: backport-CVE-2024-56406.patch
|
||||
|
||||
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
|
||||
BuildRequires: zlib-devel perl-interpreter perl-generators
|
||||
@ -497,6 +498,9 @@ make test_harness
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon Apr 14 2025 Funda Wang <fundawang@yeah.net> - 4:5.38.0-9
|
||||
- fix CVE-2024-56406
|
||||
|
||||
* Tue Sep 3 2024 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0-8
|
||||
- Delete the man of File::Compare and File::Find from the main package.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user