mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-05-05 04:16:46 +02:00
main/perl: patch CVE-2024-56406
This commit is contained in:
Celeste
parent
a5293a6fb8
commit
343693da33
@ -3,7 +3,7 @@
|
||||
# Contributor: Valery Kartel <valery.kartel@gmail.com>
|
||||
pkgname=perl
|
||||
pkgver=5.38.3
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="Larry Wall's Practical Extraction and Report Language"
|
||||
url="https://www.perl.org/"
|
||||
arch="all"
|
||||
@ -16,6 +16,7 @@ source="https://www.cpan.org/src/5.0/perl-$pkgver.tar.xz
|
||||
musl-skip-dst-test.patch
|
||||
skip-test-due-to-busybox-ps.patch
|
||||
musl-stack-size.patch
|
||||
CVE-2024-56406.patch
|
||||
"
|
||||
# creates empty usr/local/{lib,share} for local sitedirs
|
||||
options="!fhs"
|
||||
@ -26,6 +27,8 @@ provides="
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 5.38.3-r1:
|
||||
# - CVE-2024-56406
|
||||
# 5.38.1-r0:
|
||||
# - CVE-2023-47038
|
||||
# 5.34.0-r1:
|
||||
@ -192,4 +195,5 @@ sha512sums="
|
||||
3eaec691bc38e208ba4f34130ae45e50b6c339fa50093d0b0f6d7f24cb5b7c2a3734ca714a279c4b51173f82e46a8e7a3e70bfc7d7471a18c55a2102140e4186 musl-skip-dst-test.patch
|
||||
ba9cb1ff4a6e8e4c31bf4ef132c071ac919ffe45842cf5e98c8ca72d78ef4803883b57a0e7b8037da0079561a6ce9e6bd8d127892ac1bcb047638cb3ba3157f6 skip-test-due-to-busybox-ps.patch
|
||||
c004d6612ec754e5947255a2e2d15b5581f187c32495aeeec9f4fa286919bd9f40c72b63db61e3f4004b09288af2063a6a14b67e5c289e9a8b23ebd7c216e16f musl-stack-size.patch
|
||||
45bc05ea9efa9e527ecff4a4796b97fa34cbdf86e736d968c7cca90b372f2b7f4f351b577e4d61d71d6250088735bbf193e757467dc29c568fbc4c15baef9aba CVE-2024-56406.patch
|
||||
"
|
||||
|
||||
26
main/perl/CVE-2024-56406.patch
Normal file
26
main/perl/CVE-2024-56406.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Wed, 18 Dec 2024 18:25:29 -0700
|
||||
Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr//
|
||||
|
||||
This was due to underallocating needed space. If the translation forces
|
||||
something to become UTF-8 that is initially bytes, that UTF-8 could
|
||||
now require two bytes where previously a single one would do.
|
||||
|
||||
(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
|
||||
---
|
||||
op.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/op.c b/op.c
|
||||
index 69ff030e88eb..298b2926338a 100644
|
||||
--- a/op.c
|
||||
+++ b/op.c
|
||||
@@ -6881,6 +6881,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
|
||||
* same time. But otherwise one crosses before the other */
|
||||
if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
|
||||
can_force_utf8 = TRUE;
|
||||
+ max_expansion = MAX(2, max_expansion);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user