packages/perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:ad42734f6b0b60fc61e5bcb8ef6e9a2db932e44a
Branches Tags
packages:main
..
compare: packages:b58c66a4462bb81606f192eb5d2fa53617c76468
Branches Tags
packages:main

No commits in common. "ad42734f6b0b60fc61e5bcb8ef6e9a2db932e44a" and "b58c66a4462bb81606f192eb5d2fa53617c76468" have entirely different histories.
ad42734f6b ... b58c66a446

4 changed files with 8 additions and 145 deletions
Show Stats Expand all files Collapse all files

6
backport-CVE-2023-47100-CVE-2023-47038.patch → backport-CVE-2023-47038.patch
View File

@ -42,10 +42,6 @@ This commit also does white-space adjustment so that things align
vertically for readability. vertically for readability.
This can be easily backported to earlier Perl releases. This can be easily backported to earlier Perl releases.
Reference:https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664
Conflict:NA
--- ---
regcomp.c | 17 +++++++++++------ regcomp.c | 17 +++++++++++------
t/re/pat_advanced.t | 8 ++++++++ t/re/pat_advanced.t | 8 ++++++++
@ -96,7 +92,7 @@ index d3c135f..67aa03e 100644
if (cur == '_') { if (cur == '_') {
if ( stricter if ( stricter
- && ( i == 0 || (int) i == equals_pos || i == name_len- 1 - && ( i == 0 || (int) i == equals_pos || i == name_len- 1
+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 + && ( i == i_zero || (int) i == equals_pos || i == name_len- 1
|| ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1])))
{ {
lookup_name[j++] = '_'; lookup_name[j++] = '_';

26
backport-CVE-2024-56406.patch
View File

@ -1,26 +0,0 @@
From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Wed, 18 Dec 2024 18:25:29 -0700
Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr//
This was due to underallocating needed space. If the translation forces
something to become UTF-8 that is initially bytes, that UTF-8 could
now require two bytes where previously a single one would do.
(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
---
op.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/op.c b/op.c
index 69ff030e88eb..298b2926338a 100644
--- a/op.c
+++ b/op.c
@@ -6520,6 +6520,7 @@
* same time. But otherwise one crosses before the other */
if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
can_force_utf8 = TRUE;
+ max_expansion = MAX(2, max_expansion);
}
}

92
perl-5.38.0-Link-XS-modules-to-libperl.so-with-EU-MM.patch
View File

@ -1,92 +0,0 @@
From fbdb9a76798ae34a7b53f664e77aaaf1f4040f2f Mon Sep 17 00:00:00 2001
From: zhangzikang <zhangzikang@kylinos.cn>
Date: Wed, 20 Mar 2024 17:44:51 +0800
Subject: [PATCH] perl-5.38.0-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux
---
MANIFEST | 1 +
.../lib/ExtUtils/MM_Unix.pm | 8 +++++-
.../lib/ExtUtils/CBuilder/Platform/linux.pm | 26 +++++++++++++++++++
3 files changed, 34 insertions(+), 1 deletion(-)
create mode 100644 dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/linux.pm
diff --git a/MANIFEST b/MANIFEST
index 6bc115b..0775b2f 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -3855,6 +3855,7 @@ dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/android.pm CBuilder method
dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/cygwin.pm CBuilder methods for cygwin
dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/darwin.pm CBuilder methods for darwin
dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/dec_osf.pm CBuilder methods for OSF
+dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/linux.pm CBuilder methods for Linux
dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/os2.pm CBuilder methods for OS/2
dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/Unix.pm CBuilder methods for Unix
dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/VMS.pm CBuilder methods for VMS
diff --git a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
index 1761380..4e82dda 100644
--- a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
+++ b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
@@ -32,6 +32,7 @@ BEGIN {
$Is{IRIX} = $^O eq 'irix';
$Is{NetBSD} = $^O eq 'netbsd';
$Is{Interix} = $^O eq 'interix';
+ $Is{Linux} = $^O eq 'linux';
$Is{SunOS4} = $^O eq 'sunos';
$Is{Solaris} = $^O eq 'solaris';
$Is{SunOS} = $Is{SunOS4} || $Is{Solaris};
@@ -1074,7 +1075,7 @@ sub xs_make_dynamic_lib {
push(@m," \$(RM_F) \$\@\n");
my $libs = '$(LDLOADLIBS)';
- if (($Is{NetBSD} || $Is{Interix} || $Is{Android}) && $Config{'useshrplib'} eq 'true') {
+ if (($Is{Linux} || $Is{NetBSD} || $Is{Interix} || $Is{Android}) && $Config{'useshrplib'} eq 'true') {
# Use nothing on static perl platforms, and to the flags needed
# to link against the shared libperl library on shared perl
# platforms. We peek at lddlflags to see if we need -Wl,-R
@@ -1087,6 +1088,11 @@ sub xs_make_dynamic_lib {
# The Android linker will not recognize symbols from
# libperl unless the module explicitly depends on it.
$libs .= ' "-L$(PERL_INC)" -lperl';
+ } else {
+ if ($ENV{PERL_CORE}) {
+ $libs .= ' "-L$(PERL_INC)"';
+ }
+ $libs .= ' -lperl';
}
}
diff --git a/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/linux.pm b/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/linux.pm
new file mode 100644
index 0000000..582339b
--- /dev/null
+++ b/dist/ExtUtils-CBuilder/lib/ExtUtils/CBuilder/Platform/linux.pm
@@ -0,0 +1,26 @@
+package ExtUtils::CBuilder::Platform::linux;
+
+use strict;
+use ExtUtils::CBuilder::Platform::Unix;
+use File::Spec;
+
+use vars qw($VERSION @ISA);
+$VERSION = '0.280230';
+our @ISA = qw(ExtUtils::CBuilder::Platform::Unix);
+
+sub link {
+ my ($self, %args) = @_;
+ my $cf = $self->{config};
+
+ # Link XS modules to libperl.so explicitly because multiple
+ # dlopen(, RTLD_LOCAL) hides libperl symbols from XS module.
+ local $cf->{lddlflags} = $cf->{lddlflags};
+ if ($ENV{PERL_CORE}) {
+ $cf->{lddlflags} .= ' -L' . $self->perl_inc();
+ }
+ $cf->{lddlflags} .= ' -lperl';
+
+ return $self->SUPER::link(%args);
+}
+
+1;
--
2.33.0

29
perl.spec
View File

@ -21,10 +21,10 @@
%bcond_without systemtap %bcond_without systemtap
Name: perl Name: perl
License: (GPL-1.0-or-later or Artistic-1.0-perl) and (GPL-2.0-or-later or Artistic-1.0-perl) and MIT and UCD and Public Domain and BSD License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
Epoch: 4 Epoch: 4
Version: %{perl_version} Version: %{perl_version}
Release: 9 Release: 4
Summary: A highly capable, feature-rich programming language Summary: A highly capable, feature-rich programming language
Url: https://www.perl.org/ Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@ -35,10 +35,8 @@ Patch3: perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch
Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch
Patch5: change-lib-to-lib64.patch Patch5: change-lib-to-lib64.patch
Patch6: disable-rpath-by-default.patch Patch6: disable-rpath-by-default.patch
Patch7: backport-CVE-2023-47100-CVE-2023-47038.patch Patch7: backport-CVE-2023-47038.patch
Patch8: backport-CVE-2023-47039.patch Patch8: backport-CVE-2023-47039.patch
Patch9: perl-5.38.0-Link-XS-modules-to-libperl.so-with-EU-MM.patch
Patch10: backport-CVE-2024-56406.patch
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
BuildRequires: zlib-devel perl-interpreter perl-generators BuildRequires: zlib-devel perl-interpreter perl-generators
@ -83,7 +81,7 @@ prototyping and large scale development projects.
%package libs %package libs
Summary: The libraries for the perl Summary: The libraries for the perl
License: (GPL-1.0-or-later or Artistic-1.0-perl) and MIT and UCD License: (GPL+ or Artistic) and HSRL and MIT and UCD
Provides: %perl_compat Provides: %perl_compat
Provides: perl(:VERSION) = %{perl_version} Provides: perl(:VERSION) = %{perl_version}
Provides: perl(:WITH_64BIT) perl(:WITH_ITHREADS) perl(:WITH_THREADS) Provides: perl(:WITH_64BIT) perl(:WITH_ITHREADS) perl(:WITH_THREADS)
@ -96,7 +94,7 @@ This package is the shared library for perl.
%package devel %package devel
Summary: Development files for %{name} Summary: Development files for %{name}
License: (GPL-1.0-or-later or Artistic-1.0-perl) and UCD License: (GPL+ or Artistic) and UCD
Requires: perl = %{epoch}:%{version}-%{release} system-rpm-config Requires: perl = %{epoch}:%{version}-%{release} system-rpm-config
%if %{with systemtap} %if %{with systemtap}
@ -419,7 +417,9 @@ make test_harness
%exclude %dir %{perl_vendor_datadir} %exclude %dir %{perl_vendor_datadir}
%dir %{perl_datadir}/File %dir %{perl_datadir}/File
%{perl_datadir}/File/Compare.pm %{perl_datadir}/File/Compare.pm
%{_mandir}/man3/File::Compare.3*
%{perl_datadir}/File/Find.pm %{perl_datadir}/File/Find.pm
%{_mandir}/man3/File::Find.3*
%license Artistic Copying %license Artistic Copying
%doc AUTHORS %doc AUTHORS
@ -498,21 +498,6 @@ make test_harness
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Mon Apr 14 2025 Funda Wang <fundawang@yeah.net> - 4:5.38.0-9
- fix CVE-2024-56406
* Tue Sep 3 2024 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0-8
- Delete the man of File::Compare and File::Find from the main package.
* Wed Aug 14 2024 gengqihu <gengqihu2@h-partners.com> - 4:5.38.0-7
- License info rectification
* Wed Mar 20 2024 zhangzikang <zhangzikang@kylinos.cn> - 4:5.38.0-6
- Fix perl re.so undefined symbol error
* Mon Dec 11 2023 huyubiao <huyubiao@huawei.com> - 4:5.38.0.5
- Fix CVE-2023-47100
* Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0.4 * Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.38.0.4
- Fix CVE-2023-48039 - Fix CVE-2023-48039