packages/perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!110 Fix CVE-2023-47100

Browse Source 
From: @huyubiao 
Reviewed-by: @openeuler-basic 
Signed-off-by: @openeuler-basic
This commit is contained in:
openeuler-ci-bot 2023-12-11 13:03:53 +00:00 committed by Gitee
commit 89d3c4771c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backport-CVE-2023-47038.patch → backport-CVE-2023-47100-CVE-2023-47038.patch
View File

@ -42,6 +42,10 @@ This commit also does white-space adjustment so that things align
vertically for readability.
This can be easily backported to earlier Perl releases.
Reference:https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664
Conflict:NA
---
regcomp.c | 17 +++++++++++------
t/re/pat_advanced.t | 8 ++++++++
@ -92,7 +96,7 @@ index d3c135f..67aa03e 100644
if (cur == '_') {
if ( stricter
- && ( i == 0 || (int) i == equals_pos || i == name_len- 1
+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1
+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1
|| ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1])))
{
lookup_name[j++] = '_';

7
perl.spec
View File

@ -24,7 +24,7 @@ Name: perl
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
Epoch: 4
Version: %{perl_version}
Release: 4
Release: 5
Summary: A highly capable, feature-rich programming language
Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@ -35,7 +35,7 @@ Patch3: perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch
Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch
Patch5: change-lib-to-lib64.patch
Patch6: disable-rpath-by-default.patch
Patch7: backport-CVE-2023-47038.patch
Patch7: backport-CVE-2023-47100-CVE-2023-47038.patch
Patch8: backport-CVE-2023-47039.patch
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
@ -498,6 +498,9 @@ make test_harness
%{_mandir}/man3/*
%changelog
* Mon Dec 11 2023 huyubiao <huyubiao@huawei.com> - 4:5.38.0.5
- Fix CVE-2023-47100
* Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0.4
- Fix CVE-2023-48039