From 090377c19bf3c9d6c40b5ce74ebb1000df360c1a Mon Sep 17 00:00:00 2001 From: Celeste <20312-Celeste@users.gitlab.alpinelinux.org> Date: Tue, 15 Apr 2025 15:50:09 +0000 Subject: [PATCH] main/perl: upgrade to 5.40.2 --- main/perl/APKBUILD | 8 +++----- main/perl/CVE-2024-56406.patch | 26 -------------------------- 2 files changed, 3 insertions(+), 31 deletions(-) delete mode 100644 main/perl/CVE-2024-56406.patch diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD index 8ffc6efacb7..a6beca6b611 100644 --- a/main/perl/APKBUILD +++ b/main/perl/APKBUILD @@ -3,8 +3,8 @@ # Maintainer: Celeste maintainer="Celeste " pkgname=perl -pkgver=5.40.1 -pkgrel=1 +pkgver=5.40.2 +pkgrel=0 pkgdesc="Larry Wall's Practical Extraction and Report Language" url="https://www.perl.org/" arch="all" @@ -19,7 +19,6 @@ source="https://www.cpan.org/src/5.0/perl-$pkgver.tar.xz musl-skip-dst-test.patch musl-stack-size.patch skip-test-due-to-busybox-ps.patch - CVE-2024-56406.patch " # creates empty usr/local/{lib,share} for local sitedirs options="!fhs" @@ -197,12 +196,11 @@ utils() { } sha512sums=" -3ff16b3462ce43ff38dab21b3dfc20f81772b8c9eac19ab96ba2d5e6cbb390e2302fa76c4879f915249357cd11c7ec0d548bcbf3ab2c156df1b9fca95da3f545 perl-5.40.1.tar.xz +1324b119e4370bbeb47a343d152f46c637addb0373ff07f0e214aa9d5912c03cd2bd23987a6e86d43453166412d3a03a52e780201941f679ef4186df16590e41 perl-5.40.2.tar.xz 59afa4c166e4808d355e19cd70748540ffce9da5c6919c71648be7678de328409f9121ddea33415add73fc01a22e95ed9d9629f31b8ba20b3bbfc04dab926c63 digest-sha-cflags.patch abae709290306a8fbc96b604b9b38fc09a46ae178f3e77944813f1b46c78e2e3654e5c3b3a6aca96684a2d1061e2871376d508fbe82604864055309156b4d0d8 dont-write-packlist.patch 4e8a655160e54a151e0bc4819fd1cd69e43c1e36844bcefbb9734f36130a2d9e1700b1aa64153a9d20a8deb875e904876dbe7b14dd278266b21a86a33d91eebd json-pp-options.patch 3eaec691bc38e208ba4f34130ae45e50b6c339fa50093d0b0f6d7f24cb5b7c2a3734ca714a279c4b51173f82e46a8e7a3e70bfc7d7471a18c55a2102140e4186 musl-skip-dst-test.patch c004d6612ec754e5947255a2e2d15b5581f187c32495aeeec9f4fa286919bd9f40c72b63db61e3f4004b09288af2063a6a14b67e5c289e9a8b23ebd7c216e16f musl-stack-size.patch ba9cb1ff4a6e8e4c31bf4ef132c071ac919ffe45842cf5e98c8ca72d78ef4803883b57a0e7b8037da0079561a6ce9e6bd8d127892ac1bcb047638cb3ba3157f6 skip-test-due-to-busybox-ps.patch -45bc05ea9efa9e527ecff4a4796b97fa34cbdf86e736d968c7cca90b372f2b7f4f351b577e4d61d71d6250088735bbf193e757467dc29c568fbc4c15baef9aba CVE-2024-56406.patch " diff --git a/main/perl/CVE-2024-56406.patch b/main/perl/CVE-2024-56406.patch deleted file mode 100644 index a1b9add3744..00000000000 --- a/main/perl/CVE-2024-56406.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001 -From: Karl Williamson -Date: Wed, 18 Dec 2024 18:25:29 -0700 -Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr// - -This was due to underallocating needed space. If the translation forces -something to become UTF-8 that is initially bytes, that UTF-8 could -now require two bytes where previously a single one would do. - -(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686) ---- - op.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/op.c b/op.c -index 69ff030e88eb..298b2926338a 100644 ---- a/op.c -+++ b/op.c -@@ -6881,6 +6881,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl) - * same time. But otherwise one crosses before the other */ - if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) { - can_force_utf8 = TRUE; -+ max_expansion = MAX(2, max_expansion); - } - } -