diff --git a/backport-CVE-2023-47038.patch b/backport-CVE-2023-47100-CVE-2023-47038.patch similarity index 91% rename from backport-CVE-2023-47038.patch rename to backport-CVE-2023-47100-CVE-2023-47038.patch index 0e979a994688884e02dc63ddec58d515c0a45c10..65c596c414a293d579a69faf171d12df1bc02773 100644 --- a/backport-CVE-2023-47038.patch +++ b/backport-CVE-2023-47100-CVE-2023-47038.patch @@ -42,10 +42,14 @@ This commit also does white-space adjustment so that things align vertically for readability. This can be easily backported to earlier Perl releases. + +Reference:https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 +Conflict:Context adaptation + --- regcomp.c | 17 +++++++++++------ - t/re/pat_advanced.t | 7 +++++++ - 2 files changed, 18 insertions(+), 6 deletions(-) + t/re/pat_advanced.t | 8 ++++++++ + 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/regcomp.c b/regcomp.c index f5e5f58..0d3e9a9 100644 @@ -92,7 +96,7 @@ index f5e5f58..0d3e9a9 100644 if (cur == '_') { if ( stricter - && ( i == 0 || (int) i == equals_pos || i == name_len- 1 -+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 ++ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) { lookup_name[j++] = '_'; @@ -100,7 +104,7 @@ diff --git a/t/re/pat_advanced.t b/t/re/pat_advanced.t index d679870..3b79eec 100644 --- a/t/re/pat_advanced.t +++ b/t/re/pat_advanced.t -@@ -2565,6 +2565,13 @@ EOF +@@ -2565,6 +2565,14 @@ EOF {}, "GH #17278"); } @@ -111,6 +115,7 @@ index d679870..3b79eec 100644 + fresh_perl_is('qr/\p{utf8::_perl_surrogate}/', "", + {}, "perl-security#140"); + } ++ # !!! NOTE that tests that aren't at all likely to crash perl should go # a ways above, above these last ones. There's a comment there that, like diff --git a/perl.spec b/perl.spec index 7c62f66dcbbd375aa1f4a5f0ef59c26253b95d98..3884284ce14ce24a59213e3b2379bb32ba620695 100644 --- a/perl.spec +++ b/perl.spec @@ -22,7 +22,7 @@ Name: perl License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD Epoch: 4 Version: %{perl_version} -Release: 11 +Release: 12 Summary: A highly capable, feature-rich programming language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz @@ -40,7 +40,7 @@ Patch6000: backport-CVE-2021-36770.patch Patch6001: backport-CVE-2023-31484.patch Patch6002: backport-CVE-2023-31486.patch Patch6003: backport-CVE-2022-48522.patch -Patch6004: backport-CVE-2023-47038.patch +Patch6004: backport-CVE-2023-47100-CVE-2023-47038.patch Patch6005: backport-CVE-2023-47039.patch BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find @@ -492,6 +492,9 @@ make test_harness %{_mandir}/man3/* %changelog +* Mon Dec 11 2023 huyubiao - 4:5.34.0-12 +- Fix CVE-2023-47100 + * Fri Dec 8 2023 hongjinghao - 4:5.34.0-11 - fix CVE-2023-47039