From 2b30cebace0ffa21d6b664a82926b4bbc0e33382 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Fri, 19 Sep 2025 23:30:44 +0800
Subject: [PATCH] fix CVE-2025-40928

---
 CVE-2025-40928-r1.patch | 31 +++++++++++++++++++++++++++++++
 perl-JSON-XS.spec       | 11 ++++++++---
 2 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 CVE-2025-40928-r1.patch

diff --git a/CVE-2025-40928-r1.patch b/CVE-2025-40928-r1.patch
new file mode 100644
index 0000000..f1d258c
--- /dev/null
+++ b/CVE-2025-40928-r1.patch
@@ -0,0 +1,31 @@
+--- a/XS.xs	2025-09-06 08:34:51.376455632 -0300
++++ b/XS.xs	2025-09-06 08:35:30.725873619 -0300
+@@ -253,16 +253,16 @@
+   // if we recurse too deep, skip all remaining digits
+   // to avoid a stack overflow attack
+   if (expect_false (--maxdepth <= 0))
+-    while (((U8)*s - '0') < 10)
++    while ((U8)(*s - '0') < 10)
+       ++s;
+ 
+   for (;;)
+     {
+-      U8 dig = (U8)*s - '0';
++      U8 dig = *s - '0';
+ 
+       if (expect_false (dig >= 10))
+         {
+-          if (dig == (U8)((U8)'.' - (U8)'0'))
++          if (dig == (U8)('.' - '0'))
+             {
+               ++s;
+               json_atof_scan1 (s, accum, expo, 1, maxdepth);
+@@ -282,7 +282,7 @@
+               else if (*s == '+')
+                 ++s;
+ 
+-              while ((dig = (U8)*s - '0') < 10)
++              while ((dig = (U8)(*s - '0')) < 10)
+                 exp2 = exp2 * 10 + *s++ - '0';
+ 
+               *expo += neg ? -exp2 : exp2;
diff --git a/perl-JSON-XS.spec b/perl-JSON-XS.spec
index 1be70b2..f7f802b 100644
--- a/perl-JSON-XS.spec
+++ b/perl-JSON-XS.spec
@@ -2,11 +2,13 @@ Name:           perl-JSON-XS
 Summary:        JSON serializing/de-serializing, done correctly and fast
 Epoch:          1
 Version:        4.03
-Release:        1
+Release:        2
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            https://metacpan.org/release/JSON-XS
 Source0:        https://cpan.metacpan.org/authors/id/M/ML/MLEHMANN/JSON-XS-%{version}.tar.gz
+# https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch
+Patch0:         CVE-2025-40928-r1.patch
 
 BuildRequires:  coreutils gcc make perl-devel perl-generators perl-interpreter
 BuildRequires:  perl(Canary::Stability) perl(ExtUtils::MakeMaker) >= 6.76
@@ -55,8 +57,11 @@ make test
 %{_mandir}/man[13]/*
 
 %changelog
-* Fri Jan 29 2021 yuanxin <yuanxin24@huawei.com> - 4.03-1
+* Fri Sep 19 2025 Funda Wang <fundawang@yeah.net> - 1:4.03-2
+- fix CVE-2025-40928
+
+* Fri Jan 29 2021 yuanxin <yuanxin24@huawei.com> - 1:4.03-1
 - upgrade version to 4.03
 
-* Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.04-6
+* Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:3.04-6
 - Package init
-- 
Gitee