packages/perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-47100

Browse Source 
(cherry picked from commit 0c055dc9cd9a9f25686a3d74a703830002fbc396)
This commit is contained in:
h30032433 2023-12-11 19:34:18 +08:00 committed by openeuler-sync-bot
parent c3c3a145b9
commit 045ec5d148
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
backport-CVE-2023-47038.patch → backport-CVE-2023-47100-CVE-2023-47038.patch
View File

@ -42,10 +42,14 @@ This commit also does white-space adjustment so that things align
vertically for readability. vertically for readability.
This can be easily backported to earlier Perl releases. This can be easily backported to earlier Perl releases.
Reference:https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010
Conflict:Context adaptation
--- ---
regcomp.c | 17 +++++++++++------ regcomp.c | 17 +++++++++++------
t/re/pat_advanced.t | 7 +++++++ t/re/pat_advanced.t | 8 ++++++++
2 files changed, 18 insertions(+), 6 deletions(-) 2 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/regcomp.c b/regcomp.c diff --git a/regcomp.c b/regcomp.c
index f5e5f58..0d3e9a9 100644 index f5e5f58..0d3e9a9 100644
@ -92,7 +96,7 @@ index f5e5f58..0d3e9a9 100644
if (cur == '_') { if (cur == '_') {
if ( stricter if ( stricter
- && ( i == 0 || (int) i == equals_pos || i == name_len- 1 - && ( i == 0 || (int) i == equals_pos || i == name_len- 1
+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 + && ( i == i_zero || (int) i == equals_pos || i == name_len- 1
|| ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1])))
{ {
lookup_name[j++] = '_'; lookup_name[j++] = '_';
@ -100,7 +104,7 @@ diff --git a/t/re/pat_advanced.t b/t/re/pat_advanced.t
index d679870..3b79eec 100644 index d679870..3b79eec 100644
--- a/t/re/pat_advanced.t --- a/t/re/pat_advanced.t
+++ b/t/re/pat_advanced.t +++ b/t/re/pat_advanced.t
@@ -2565,6 +2565,13 @@ EOF @@ -2565,6 +2565,14 @@ EOF
{}, "GH #17278"); {}, "GH #17278");
} }
@ -111,8 +115,10 @@ index d679870..3b79eec 100644
+ fresh_perl_is('qr/\p{utf8::_perl_surrogate}/', "", + fresh_perl_is('qr/\p{utf8::_perl_surrogate}/', "",
+ {}, "perl-security#140"); + {}, "perl-security#140");
+ } + }
+
# !!! NOTE that tests that aren't at all likely to crash perl should go # !!! NOTE that tests that aren't at all likely to crash perl should go
# a ways above, above these last ones. There's a comment there that, like # a ways above, above these last ones. There's a comment there that, like
-- --
2.33.0 2.33.0

7
perl.spec
View File

@ -22,7 +22,7 @@ Name: perl
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
Epoch: 4 Epoch: 4
Version: %{perl_version} Version: %{perl_version}
Release: 12 Release: 13
Summary: A highly capable, feature-rich programming language Summary: A highly capable, feature-rich programming language
Url: https://www.perl.org/ Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@ -41,7 +41,7 @@ Patch6000: backport-CVE-2021-36770.patch
Patch6001: backport-CVE-2023-31484.patch Patch6001: backport-CVE-2023-31484.patch
Patch6002: backport-CVE-2023-31486.patch Patch6002: backport-CVE-2023-31486.patch
Patch6003: backport-CVE-2022-48522.patch Patch6003: backport-CVE-2022-48522.patch
Patch6004: backport-CVE-2023-47038.patch Patch6004: backport-CVE-2023-47100-CVE-2023-47038.patch
Patch6005: backport-CVE-2023-47039.patch Patch6005: backport-CVE-2023-47039.patch
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
@ -493,6 +493,9 @@ make test_harness
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Mon Dec 11 2023 huyubiao <huyubiao@huawei.com> - 4:5.34.0-13
- Fix CVE-2023-47100
* Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.34.0-12 * Fri Dec 8 2023 hongjinghao <hongjinghao@huawei.com> - 4:5.34.0-12
- Fix CVE-2023-47039 - Fix CVE-2023-47039