From d010be008318aaef5948d46f115d04955182a055 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Tue, 9 Sep 2025 09:59:59 +0800
Subject: [PATCH] Fix CVE-2025-40929

(cherry picked from commit 6ad0681fba1faa0dcf4429a8ba70f81e921f9f52)
---
 CVE-2025-40929.patch     | 44 ++++++++++++++++++++++++++++++++++++++++
 perl-Cpanel-JSON-XS.spec |  8 ++++++--
 2 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2025-40929.patch

diff --git a/CVE-2025-40929.patch b/CVE-2025-40929.patch
new file mode 100644
index 0000000..a495c14
--- /dev/null
+++ b/CVE-2025-40929.patch
@@ -0,0 +1,44 @@
+From 378236219eaa35742c3962ecbdee364903b0a1f2 Mon Sep 17 00:00:00 2001
+From: Marc Lehmann <schmorp@schmorp.de>
+Date: Sat, 6 Sep 2025 11:31:36 +0200
+Subject: [PATCH] fix json_atof_scan1 overflows
+
+with fuzzed overlong numbers. CVE-2025-40928
+Really the comparisons were wrong.
+---
+ XS.xs | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/XS.xs b/XS.xs
+index 9b1ce2b..2b9900f 100755
+--- a/XS.xs
++++ b/XS.xs
+@@ -710,16 +710,16 @@ json_atof_scan1 (const char *s, NV *accum, int *expo, int postdp, int maxdepth)
+   /* if we recurse too deep, skip all remaining digits */
+   /* to avoid a stack overflow attack */
+   if (UNLIKELY(--maxdepth <= 0))
+-    while (((U8)*s - '0') < 10)
++    while (*s >= '0' && *s <= '9')
+       ++s;
+ 
+   for (;;)
+     {
+-      U8 dig = (U8)*s - '0';
++      U8 dig = (U8)(*s - '0');
+ 
+       if (UNLIKELY(dig >= 10))
+         {
+-          if (dig == (U8)((U8)'.' - (U8)'0'))
++          if (dig == (U8)('.' - '0'))
+             {
+               ++s;
+               json_atof_scan1 (s, accum, expo, 1, maxdepth);
+@@ -739,7 +739,7 @@ json_atof_scan1 (const char *s, NV *accum, int *expo, int postdp, int maxdepth)
+               else if (*s == '+')
+                 ++s;
+ 
+-              while ((dig = (U8)*s - '0') < 10)
++              while (*s >= '0' && *s <= '9')
+                 exp2 = exp2 * 10 + *s++ - '0';
+ 
+               *expo += neg ? -exp2 : exp2;
diff --git a/perl-Cpanel-JSON-XS.spec b/perl-Cpanel-JSON-XS.spec
index 2d0e2ca..afa064d 100644
--- a/perl-Cpanel-JSON-XS.spec
+++ b/perl-Cpanel-JSON-XS.spec
@@ -1,12 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:           perl-Cpanel-JSON-XS
 Version:        4.37
-Release:        1
+Release:        2
 Summary:        CPanel fork of JSON::XS, fast and correct serializing
 License:        GPL-1.0-or-later or Artistic-1.0-Perl
 Group:          Development/Libraries
 URL:            https://metacpan.org/release/Cpanel-JSON-XS/
 Source0:        https://cpan.metacpan.org/authors/id/R/RU/RURBAN/Cpanel-JSON-XS-%{version}.tar.gz
+Patch0:         CVE-2025-40929.patch
 BuildRequires:  perl-generators
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Data::Dumper)
@@ -50,7 +51,7 @@ reach the latter goal it was written in C.
 
 
 %prep
-%setup -q -n Cpanel-JSON-XS-%{version}
+%autosetup -n Cpanel-JSON-XS-%{version} -p1
 
 
 %build
@@ -107,6 +108,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*
 
 %changelog
+* Tue Sep 09 2025 yaoxin <1024769339@qq.com> - 4.37-2
+- Fix CVE-2025-40929
+
 * Wed Jul 12 2023 leeffo <liweiganga@uniontech.com> - 4.37-1
 - upgrade to version 4.37
 
-- 
Gitee