From 50674f825978bda20f33b70209b541088c2af117 Mon Sep 17 00:00:00 2001 From: h30032433 Date: Mon, 11 Dec 2023 16:48:25 +0800 Subject: [PATCH] Fix CVE-2023-47100 --- ...8.patch => backport-CVE-2023-47100-CVE-2023-47038.patch | 6 +++++- perl.spec | 7 +++++-- 2 files changed, 10 insertions(+), 3 deletions(-) rename backport-CVE-2023-47038.patch => backport-CVE-2023-47100-CVE-2023-47038.patch (94%) diff --git a/backport-CVE-2023-47038.patch b/backport-CVE-2023-47100-CVE-2023-47038.patch similarity index 94% rename from backport-CVE-2023-47038.patch rename to backport-CVE-2023-47100-CVE-2023-47038.patch index 28bfc46..662020e 100644 --- a/backport-CVE-2023-47038.patch +++ b/backport-CVE-2023-47100-CVE-2023-47038.patch @@ -42,6 +42,10 @@ This commit also does white-space adjustment so that things align vertically for readability. This can be easily backported to earlier Perl releases. + +Reference:https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664 +Conflict:NA + --- regcomp.c | 17 +++++++++++------ t/re/pat_advanced.t | 8 ++++++++ @@ -92,7 +96,7 @@ index d3c135f..67aa03e 100644 if (cur == '_') { if ( stricter - && ( i == 0 || (int) i == equals_pos || i == name_len- 1 -+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 ++ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) { lookup_name[j++] = '_'; diff --git a/perl.spec b/perl.spec index 4db81f4..918b7dc 100644 --- a/perl.spec +++ b/perl.spec @@ -24,7 +24,7 @@ Name: perl License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD Epoch: 4 Version: %{perl_version} -Release: 4 +Release: 5 Summary: A highly capable, feature-rich programming language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz @@ -35,7 +35,7 @@ Patch3: perl-5.22.0-Install-libperl.so-to-shrpdir-on-Linux.patch Patch4: perl-5.34.0-Destroy-GDBM-NDBM-ODBM-SDBM-_File-objects-only-from-.patch Patch5: change-lib-to-lib64.patch Patch6: disable-rpath-by-default.patch -Patch7: backport-CVE-2023-47038.patch +Patch7: backport-CVE-2023-47100-CVE-2023-47038.patch Patch8: backport-CVE-2023-47039.patch BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find @@ -498,6 +498,9 @@ make test_harness %{_mandir}/man3/* %changelog +* Mon Dec 11 2023 huyubiao - 4:5.38.0.5 +- Fix CVE-2023-47100 + * Fri Dec 8 2023 hongjinghao - 4:5.38.0.4 - Fix CVE-2023-48039 -- Gitee