diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD index 946d6b48a0e..bc9063e4c0e 100644 --- a/main/perl/APKBUILD +++ b/main/perl/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Leonardo Arena # Contributor: Valery Kartel pkgname=perl -pkgver=5.38.3 -pkgrel=1 +pkgver=5.38.5 +pkgrel=0 pkgdesc="Larry Wall's Practical Extraction and Report Language" url="https://www.perl.org/" arch="all" @@ -11,12 +11,12 @@ license="Artistic-1.0-Perl OR GPL-1.0-or-later" depends_dev="perl-utils=$pkgver-r$pkgrel" makedepends="bzip2-dev zlib-dev" subpackages="$pkgname-doc $pkgname-dev $pkgname-utils::noarch miniperl" -source="https://www.cpan.org/src/5.0/perl-$pkgver.tar.xz +#source="https://www.cpan.org/src/5.0/perl-$pkgver.tar.xz +source="https://cpan.metacpan.org/authors/id/S/SH/SHAY/perl-$pkgver.tar.xz digest-sha-cflags.patch musl-skip-dst-test.patch skip-test-due-to-busybox-ps.patch musl-stack-size.patch - CVE-2024-56406.patch " # creates empty usr/local/{lib,share} for local sitedirs options="!fhs" @@ -190,10 +190,9 @@ utils() { } sha512sums=" -4c81d34589e560dae8740cbdd8e29f103ba2c297a5c1d6196f78967f89d1a786d0ee5075e0eac9825c0d5130078803b39ffbde2cec4540f3d4f76530f3bf53b7 perl-5.38.3.tar.xz +d95c7d2dcd275db127e1da32ee105cbb7d944aa9d6e61c994ef7af6afdb3d0445af564b93a0df4adeb599a97efb4491488e448b149512beb3c1954306ed29ca3 perl-5.38.5.tar.xz 59afa4c166e4808d355e19cd70748540ffce9da5c6919c71648be7678de328409f9121ddea33415add73fc01a22e95ed9d9629f31b8ba20b3bbfc04dab926c63 digest-sha-cflags.patch 3eaec691bc38e208ba4f34130ae45e50b6c339fa50093d0b0f6d7f24cb5b7c2a3734ca714a279c4b51173f82e46a8e7a3e70bfc7d7471a18c55a2102140e4186 musl-skip-dst-test.patch ba9cb1ff4a6e8e4c31bf4ef132c071ac919ffe45842cf5e98c8ca72d78ef4803883b57a0e7b8037da0079561a6ce9e6bd8d127892ac1bcb047638cb3ba3157f6 skip-test-due-to-busybox-ps.patch c004d6612ec754e5947255a2e2d15b5581f187c32495aeeec9f4fa286919bd9f40c72b63db61e3f4004b09288af2063a6a14b67e5c289e9a8b23ebd7c216e16f musl-stack-size.patch -45bc05ea9efa9e527ecff4a4796b97fa34cbdf86e736d968c7cca90b372f2b7f4f351b577e4d61d71d6250088735bbf193e757467dc29c568fbc4c15baef9aba CVE-2024-56406.patch " diff --git a/main/perl/CVE-2024-56406.patch b/main/perl/CVE-2024-56406.patch deleted file mode 100644 index a1b9add3744..00000000000 --- a/main/perl/CVE-2024-56406.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001 -From: Karl Williamson -Date: Wed, 18 Dec 2024 18:25:29 -0700 -Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr// - -This was due to underallocating needed space. If the translation forces -something to become UTF-8 that is initially bytes, that UTF-8 could -now require two bytes where previously a single one would do. - -(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686) ---- - op.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/op.c b/op.c -index 69ff030e88eb..298b2926338a 100644 ---- a/op.c -+++ b/op.c -@@ -6881,6 +6881,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl) - * same time. But otherwise one crosses before the other */ - if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) { - can_force_utf8 = TRUE; -+ max_expansion = MAX(2, max_expansion); - } - } -