From 82ce24065a989303066c844d3f4d3d38e6f17d10 Mon Sep 17 00:00:00 2001 From: h30032433 Date: Mon, 11 Dec 2023 16:57:30 +0800 Subject: [PATCH] Fix CVE-2023-47100 (cherry picked from commit e14d76707a1cf90a5fe5294bfb8081e2b964e6ca) --- ... => backport-CVE-2023-47100-CVE-2023-47038.patch | 13 +++++++++---- perl.spec | 7 +++++-- 2 files changed, 14 insertions(+), 6 deletions(-) rename backport-CVE-2023-47038.patch => backport-CVE-2023-47100-CVE-2023-47038.patch (91%) diff --git a/backport-CVE-2023-47038.patch b/backport-CVE-2023-47100-CVE-2023-47038.patch similarity index 91% rename from backport-CVE-2023-47038.patch rename to backport-CVE-2023-47100-CVE-2023-47038.patch index 0e979a9..65c596c 100644 --- a/backport-CVE-2023-47038.patch +++ b/backport-CVE-2023-47100-CVE-2023-47038.patch @@ -42,10 +42,14 @@ This commit also does white-space adjustment so that things align vertically for readability. This can be easily backported to earlier Perl releases. + +Reference:https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 +Conflict:Context adaptation + --- regcomp.c | 17 +++++++++++------ - t/re/pat_advanced.t | 7 +++++++ - 2 files changed, 18 insertions(+), 6 deletions(-) + t/re/pat_advanced.t | 8 ++++++++ + 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/regcomp.c b/regcomp.c index f5e5f58..0d3e9a9 100644 @@ -92,7 +96,7 @@ index f5e5f58..0d3e9a9 100644 if (cur == '_') { if ( stricter - && ( i == 0 || (int) i == equals_pos || i == name_len- 1 -+ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 ++ && ( i == i_zero || (int) i == equals_pos || i == name_len- 1 || ! isDIGIT_A(name[i-1]) || ! isDIGIT_A(name[i+1]))) { lookup_name[j++] = '_'; @@ -100,7 +104,7 @@ diff --git a/t/re/pat_advanced.t b/t/re/pat_advanced.t index d679870..3b79eec 100644 --- a/t/re/pat_advanced.t +++ b/t/re/pat_advanced.t -@@ -2565,6 +2565,13 @@ EOF +@@ -2565,6 +2565,14 @@ EOF {}, "GH #17278"); } @@ -111,6 +115,7 @@ index d679870..3b79eec 100644 + fresh_perl_is('qr/\p{utf8::_perl_surrogate}/', "", + {}, "perl-security#140"); + } ++ # !!! NOTE that tests that aren't at all likely to crash perl should go # a ways above, above these last ones. There's a comment there that, like diff --git a/perl.spec b/perl.spec index 7c62f66..3884284 100644 --- a/perl.spec +++ b/perl.spec @@ -22,7 +22,7 @@ Name: perl License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD Epoch: 4 Version: %{perl_version} -Release: 11 +Release: 12 Summary: A highly capable, feature-rich programming language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz @@ -40,7 +40,7 @@ Patch6000: backport-CVE-2021-36770.patch Patch6001: backport-CVE-2023-31484.patch Patch6002: backport-CVE-2023-31486.patch Patch6003: backport-CVE-2022-48522.patch -Patch6004: backport-CVE-2023-47038.patch +Patch6004: backport-CVE-2023-47100-CVE-2023-47038.patch Patch6005: backport-CVE-2023-47039.patch BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find @@ -492,6 +492,9 @@ make test_harness %{_mandir}/man3/* %changelog +* Mon Dec 11 2023 huyubiao - 4:5.34.0-12 +- Fix CVE-2023-47100 + * Fri Dec 8 2023 hongjinghao - 4:5.34.0-11 - fix CVE-2023-47039 -- Gitee