Skip to content

Commit ca2c577

Browse files
CBL-Mariner-BotCBL-Mariner-Bot
authored
[AUTO-CHERRYPICK] [AUTO-PR] azure-core/azurelinux:anphel/2-perl-cve - branch main (#13492)
1 parent b678a30 commit ca2c577

6 files changed

Lines changed: 525 additions & 495 deletions

File tree

SPECS/perl/CVE-2024-56406.patch

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
commit 4ff211d2bd05db0ba9e18faf1ff8bd3dab128c5a
2+
Author: Karl Williamson khw@cpan.org
3+
AuthorDate: 2024-12-18 18:25:29 -0700
4+
Commit: Steve Hay steve.m.hay@googlemail.com
5+
CommitDate: 2025-03-30 11:58:35 +0100
6+
7+
CVE-2024-56406: Heap-buffer-overflow with tr//
8+
9+
This was due to underallocating needed space. If the translation forces
10+
something to become UTF-8 that is initially bytes, that UTF-8 could
11+
now require two bytes where previously a single one would do.
12+
13+
(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
14+
15+
diff --git a/op.c b/op.c
16+
index 330a30153fe..0dc6a8350d3 100644
17+
--- a/op.c
18+
+++ b/op.c
19+
@@ -7515,6 +7515,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
20+
* same time. But otherwise one crosses before the other */
21+
if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
22+
can_force_utf8 = TRUE;
23+
+ max_expansion = MAX(2, max_expansion);
24+
}
25+
}

SPECS/perl/perl.spec

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ License: GPL+ or Artistic
127127
Epoch: %{perl_epoch}
128128
Version: %{perl_version}
129129
# release number must be even higher, because dual-lived modules will be broken otherwise
130-
Release: 489%{?dist}
130+
Release: 490%{?dist}
131131
Summary: Practical Extraction and Report Language
132132
Url: https://www.perl.org/
133133
Vendor: Microsoft Corporation
@@ -177,6 +177,7 @@ Patch201: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux.pa
177177
Patch202: CVE-2023-47100.patch
178178
Patch203: CVE-2023-31486.patch
179179
Patch204: CVE-2023-31484.patch
180+
Patch205: CVE-2024-56406.patch
180181

181182
# Update some of the bundled modules
182183
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -4080,6 +4081,7 @@ you're not running VMS, this module does nothing.
40804081
%patch202 -p1
40814082
%patch203 -p1
40824083
%patch204 -p1
4084+
%patch205 -p1
40834085

40844086
#copy Pod-Html license clarification
40854087
cp %{SOURCE6} .
@@ -6820,6 +6822,9 @@ popd
68206822

68216823
# Old changelog entries are preserved in CVS.
68226824
%changelog
6825+
* Tue Apr 08 2025 Andrew Phelps <anphel@microsoft.com> - 4:5.34.1-490
6826+
- Add patch for CVE-2024-56406
6827+
68236828
* Thu Apr 04 2024 Andrew Phelps <anphel@microsoft.com> - 4:5.34.1-489
68246829
- Add patch for CVE-2023-47100
68256830

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

Lines changed: 58 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -103,64 +103,64 @@ libpipeline-devel-1.5.5-3.cm2.aarch64.rpm
103103
gdbm-1.21-1.cm2.aarch64.rpm
104104
gdbm-devel-1.21-1.cm2.aarch64.rpm
105105
gdbm-lang-1.21-1.cm2.aarch64.rpm
106-
perl-B-1.82-489.cm2.aarch64.rpm
107-
perl-Carp-1.52-489.cm2.noarch.rpm
108-
perl-Class-Struct-0.66-489.cm2.noarch.rpm
109-
perl-Data-Dumper-2.179-489.cm2.aarch64.rpm
110-
perl-DynaLoader-1.50-489.cm2.aarch64.rpm
111-
perl-Encode-3.08-489.cm2.aarch64.rpm
112-
perl-Errno-1.33-489.cm2.aarch64.rpm
113-
perl-Exporter-5.76-489.cm2.noarch.rpm
114-
perl-Fcntl-1.14-489.cm2.aarch64.rpm
115-
perl-File-Basename-2.85-489.cm2.noarch.rpm
116-
perl-File-Compare-1.100.600-489.cm2.noarch.rpm
117-
perl-File-Copy-2.35-489.cm2.noarch.rpm
118-
perl-File-Path-2.18-489.cm2.noarch.rpm
119-
perl-File-Temp-0.231.100-489.cm2.noarch.rpm
120-
perl-File-stat-1.09-489.cm2.noarch.rpm
121-
perl-FileHandle-2.03-489.cm2.noarch.rpm
122-
perl-Getopt-Long-2.52-489.cm2.noarch.rpm
123-
perl-Getopt-Std-1.13-489.cm2.noarch.rpm
124-
perl-HTTP-Tiny-0.076-489.cm2.noarch.rpm
125-
perl-I18N-Langinfo-0.19-489.cm2.aarch64.rpm
126-
perl-IO-1.46-489.cm2.aarch64.rpm
127-
perl-IPC-Open3-1.21-489.cm2.noarch.rpm
128-
perl-MIME-Base64-3.16-489.cm2.aarch64.rpm
129-
perl-POSIX-1.97-489.cm2.aarch64.rpm
130-
perl-PathTools-3.80-489.cm2.aarch64.rpm
131-
perl-Pod-Escapes-1.07-489.cm2.noarch.rpm
132-
perl-Pod-Perldoc-3.28.01-489.cm2.noarch.rpm
133-
perl-Pod-Simple-3.42-489.cm2.noarch.rpm
134-
perl-Pod-Usage-2.01-489.cm2.noarch.rpm
135-
perl-Scalar-List-Utils-1.55-489.cm2.aarch64.rpm
136-
perl-SelectSaver-1.02-489.cm2.noarch.rpm
137-
perl-Socket-2.031-489.cm2.aarch64.rpm
138-
perl-Storable-3.23-489.cm2.aarch64.rpm
139-
perl-Symbol-1.09-489.cm2.noarch.rpm
140-
perl-Term-ANSIColor-5.01-489.cm2.noarch.rpm
141-
perl-Term-Cap-1.17-489.cm2.noarch.rpm
142-
perl-Text-ParseWords-3.30-489.cm2.noarch.rpm
143-
perl-Text-Tabs+Wrap-2013.0523-489.cm2.noarch.rpm
144-
perl-Thread-Queue-3.14-489.cm2.noarch.rpm
145-
perl-Time-Local-1.300-489.cm2.noarch.rpm
146-
perl-Unicode-Normalize-1.28-489.cm2.aarch64.rpm
147-
perl-base-2.27-489.cm2.noarch.rpm
148-
perl-constant-1.33-489.cm2.noarch.rpm
149-
perl-if-0.60.900-489.cm2.noarch.rpm
150-
perl-interpreter-5.34.1-489.cm2.aarch64.rpm
151-
perl-libs-5.34.1-489.cm2.aarch64.rpm
152-
perl-locale-1.10-489.cm2.noarch.rpm
153-
perl-macros-5.34.1-489.cm2.noarch.rpm
154-
perl-mro-1.25-489.cm2.aarch64.rpm
155-
perl-overload-1.33-489.cm2.noarch.rpm
156-
perl-overloading-0.02-489.cm2.noarch.rpm
157-
perl-parent-0.238-489.cm2.noarch.rpm
158-
perl-podlators-4.14-489.cm2.noarch.rpm
159-
perl-subs-1.04-489.cm2.noarch.rpm
160-
perl-threads-2.26-489.cm2.aarch64.rpm
161-
perl-threads-shared-1.62-489.cm2.aarch64.rpm
162-
perl-vars-1.05-489.cm2.noarch.rpm
163-
perl-5.34.1-489.cm2.aarch64.rpm
106+
perl-B-1.82-490.cm2.aarch64.rpm
107+
perl-Carp-1.52-490.cm2.noarch.rpm
108+
perl-Class-Struct-0.66-490.cm2.noarch.rpm
109+
perl-Data-Dumper-2.179-490.cm2.aarch64.rpm
110+
perl-DynaLoader-1.50-490.cm2.aarch64.rpm
111+
perl-Encode-3.08-490.cm2.aarch64.rpm
112+
perl-Errno-1.33-490.cm2.aarch64.rpm
113+
perl-Exporter-5.76-490.cm2.noarch.rpm
114+
perl-Fcntl-1.14-490.cm2.aarch64.rpm
115+
perl-File-Basename-2.85-490.cm2.noarch.rpm
116+
perl-File-Compare-1.100.600-490.cm2.noarch.rpm
117+
perl-File-Copy-2.35-490.cm2.noarch.rpm
118+
perl-File-Path-2.18-490.cm2.noarch.rpm
119+
perl-File-Temp-0.231.100-490.cm2.noarch.rpm
120+
perl-File-stat-1.09-490.cm2.noarch.rpm
121+
perl-FileHandle-2.03-490.cm2.noarch.rpm
122+
perl-Getopt-Long-2.52-490.cm2.noarch.rpm
123+
perl-Getopt-Std-1.13-490.cm2.noarch.rpm
124+
perl-HTTP-Tiny-0.076-490.cm2.noarch.rpm
125+
perl-I18N-Langinfo-0.19-490.cm2.aarch64.rpm
126+
perl-IO-1.46-490.cm2.aarch64.rpm
127+
perl-IPC-Open3-1.21-490.cm2.noarch.rpm
128+
perl-MIME-Base64-3.16-490.cm2.aarch64.rpm
129+
perl-POSIX-1.97-490.cm2.aarch64.rpm
130+
perl-PathTools-3.80-490.cm2.aarch64.rpm
131+
perl-Pod-Escapes-1.07-490.cm2.noarch.rpm
132+
perl-Pod-Perldoc-3.28.01-490.cm2.noarch.rpm
133+
perl-Pod-Simple-3.42-490.cm2.noarch.rpm
134+
perl-Pod-Usage-2.01-490.cm2.noarch.rpm
135+
perl-Scalar-List-Utils-1.55-490.cm2.aarch64.rpm
136+
perl-SelectSaver-1.02-490.cm2.noarch.rpm
137+
perl-Socket-2.031-490.cm2.aarch64.rpm
138+
perl-Storable-3.23-490.cm2.aarch64.rpm
139+
perl-Symbol-1.09-490.cm2.noarch.rpm
140+
perl-Term-ANSIColor-5.01-490.cm2.noarch.rpm
141+
perl-Term-Cap-1.17-490.cm2.noarch.rpm
142+
perl-Text-ParseWords-3.30-490.cm2.noarch.rpm
143+
perl-Text-Tabs+Wrap-2013.0523-490.cm2.noarch.rpm
144+
perl-Thread-Queue-3.14-490.cm2.noarch.rpm
145+
perl-Time-Local-1.300-490.cm2.noarch.rpm
146+
perl-Unicode-Normalize-1.28-490.cm2.aarch64.rpm
147+
perl-base-2.27-490.cm2.noarch.rpm
148+
perl-constant-1.33-490.cm2.noarch.rpm
149+
perl-if-0.60.900-490.cm2.noarch.rpm
150+
perl-interpreter-5.34.1-490.cm2.aarch64.rpm
151+
perl-libs-5.34.1-490.cm2.aarch64.rpm
152+
perl-locale-1.10-490.cm2.noarch.rpm
153+
perl-macros-5.34.1-490.cm2.noarch.rpm
154+
perl-mro-1.25-490.cm2.aarch64.rpm
155+
perl-overload-1.33-490.cm2.noarch.rpm
156+
perl-overloading-0.02-490.cm2.noarch.rpm
157+
perl-parent-0.238-490.cm2.noarch.rpm
158+
perl-podlators-4.14-490.cm2.noarch.rpm
159+
perl-subs-1.04-490.cm2.noarch.rpm
160+
perl-threads-2.26-490.cm2.aarch64.rpm
161+
perl-threads-shared-1.62-490.cm2.aarch64.rpm
162+
perl-vars-1.05-490.cm2.noarch.rpm
163+
perl-5.34.1-490.cm2.aarch64.rpm
164164
texinfo-6.8-1.cm2.aarch64.rpm
165165
gtk-doc-1.33.2-1.cm2.noarch.rpm
166166
autoconf-2.71-3.cm2.noarch.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

Lines changed: 58 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -103,64 +103,64 @@ libpipeline-devel-1.5.5-3.cm2.x86_64.rpm
103103
gdbm-1.21-1.cm2.x86_64.rpm
104104
gdbm-devel-1.21-1.cm2.x86_64.rpm
105105
gdbm-lang-1.21-1.cm2.x86_64.rpm
106-
perl-B-1.82-489.cm2.x86_64.rpm
107-
perl-Carp-1.52-489.cm2.noarch.rpm
108-
perl-Class-Struct-0.66-489.cm2.noarch.rpm
109-
perl-Data-Dumper-2.179-489.cm2.x86_64.rpm
110-
perl-DynaLoader-1.50-489.cm2.x86_64.rpm
111-
perl-Encode-3.08-489.cm2.x86_64.rpm
112-
perl-Errno-1.33-489.cm2.x86_64.rpm
113-
perl-Exporter-5.76-489.cm2.noarch.rpm
114-
perl-Fcntl-1.14-489.cm2.x86_64.rpm
115-
perl-File-Basename-2.85-489.cm2.noarch.rpm
116-
perl-File-Compare-1.100.600-489.cm2.noarch.rpm
117-
perl-File-Copy-2.35-489.cm2.noarch.rpm
118-
perl-File-Path-2.18-489.cm2.noarch.rpm
119-
perl-File-Temp-0.231.100-489.cm2.noarch.rpm
120-
perl-File-stat-1.09-489.cm2.noarch.rpm
121-
perl-FileHandle-2.03-489.cm2.noarch.rpm
122-
perl-Getopt-Long-2.52-489.cm2.noarch.rpm
123-
perl-Getopt-Std-1.13-489.cm2.noarch.rpm
124-
perl-HTTP-Tiny-0.076-489.cm2.noarch.rpm
125-
perl-I18N-Langinfo-0.19-489.cm2.x86_64.rpm
126-
perl-IO-1.46-489.cm2.x86_64.rpm
127-
perl-IPC-Open3-1.21-489.cm2.noarch.rpm
128-
perl-MIME-Base64-3.16-489.cm2.x86_64.rpm
129-
perl-POSIX-1.97-489.cm2.x86_64.rpm
130-
perl-PathTools-3.80-489.cm2.x86_64.rpm
131-
perl-Pod-Escapes-1.07-489.cm2.noarch.rpm
132-
perl-Pod-Perldoc-3.28.01-489.cm2.noarch.rpm
133-
perl-Pod-Simple-3.42-489.cm2.noarch.rpm
134-
perl-Pod-Usage-2.01-489.cm2.noarch.rpm
135-
perl-Scalar-List-Utils-1.55-489.cm2.x86_64.rpm
136-
perl-SelectSaver-1.02-489.cm2.noarch.rpm
137-
perl-Socket-2.031-489.cm2.x86_64.rpm
138-
perl-Storable-3.23-489.cm2.x86_64.rpm
139-
perl-Symbol-1.09-489.cm2.noarch.rpm
140-
perl-Term-ANSIColor-5.01-489.cm2.noarch.rpm
141-
perl-Term-Cap-1.17-489.cm2.noarch.rpm
142-
perl-Text-ParseWords-3.30-489.cm2.noarch.rpm
143-
perl-Text-Tabs+Wrap-2013.0523-489.cm2.noarch.rpm
144-
perl-Thread-Queue-3.14-489.cm2.noarch.rpm
145-
perl-Time-Local-1.300-489.cm2.noarch.rpm
146-
perl-Unicode-Normalize-1.28-489.cm2.x86_64.rpm
147-
perl-base-2.27-489.cm2.noarch.rpm
148-
perl-constant-1.33-489.cm2.noarch.rpm
149-
perl-if-0.60.900-489.cm2.noarch.rpm
150-
perl-interpreter-5.34.1-489.cm2.x86_64.rpm
151-
perl-libs-5.34.1-489.cm2.x86_64.rpm
152-
perl-locale-1.10-489.cm2.noarch.rpm
153-
perl-macros-5.34.1-489.cm2.noarch.rpm
154-
perl-mro-1.25-489.cm2.x86_64.rpm
155-
perl-overload-1.33-489.cm2.noarch.rpm
156-
perl-overloading-0.02-489.cm2.noarch.rpm
157-
perl-parent-0.238-489.cm2.noarch.rpm
158-
perl-podlators-4.14-489.cm2.noarch.rpm
159-
perl-subs-1.04-489.cm2.noarch.rpm
160-
perl-threads-2.26-489.cm2.x86_64.rpm
161-
perl-threads-shared-1.62-489.cm2.x86_64.rpm
162-
perl-vars-1.05-489.cm2.noarch.rpm
163-
perl-5.34.1-489.cm2.x86_64.rpm
106+
perl-B-1.82-490.cm2.x86_64.rpm
107+
perl-Carp-1.52-490.cm2.noarch.rpm
108+
perl-Class-Struct-0.66-490.cm2.noarch.rpm
109+
perl-Data-Dumper-2.179-490.cm2.x86_64.rpm
110+
perl-DynaLoader-1.50-490.cm2.x86_64.rpm
111+
perl-Encode-3.08-490.cm2.x86_64.rpm
112+
perl-Errno-1.33-490.cm2.x86_64.rpm
113+
perl-Exporter-5.76-490.cm2.noarch.rpm
114+
perl-Fcntl-1.14-490.cm2.x86_64.rpm
115+
perl-File-Basename-2.85-490.cm2.noarch.rpm
116+
perl-File-Compare-1.100.600-490.cm2.noarch.rpm
117+
perl-File-Copy-2.35-490.cm2.noarch.rpm
118+
perl-File-Path-2.18-490.cm2.noarch.rpm
119+
perl-File-Temp-0.231.100-490.cm2.noarch.rpm
120+
perl-File-stat-1.09-490.cm2.noarch.rpm
121+
perl-FileHandle-2.03-490.cm2.noarch.rpm
122+
perl-Getopt-Long-2.52-490.cm2.noarch.rpm
123+
perl-Getopt-Std-1.13-490.cm2.noarch.rpm
124+
perl-HTTP-Tiny-0.076-490.cm2.noarch.rpm
125+
perl-I18N-Langinfo-0.19-490.cm2.x86_64.rpm
126+
perl-IO-1.46-490.cm2.x86_64.rpm
127+
perl-IPC-Open3-1.21-490.cm2.noarch.rpm
128+
perl-MIME-Base64-3.16-490.cm2.x86_64.rpm
129+
perl-POSIX-1.97-490.cm2.x86_64.rpm
130+
perl-PathTools-3.80-490.cm2.x86_64.rpm
131+
perl-Pod-Escapes-1.07-490.cm2.noarch.rpm
132+
perl-Pod-Perldoc-3.28.01-490.cm2.noarch.rpm
133+
perl-Pod-Simple-3.42-490.cm2.noarch.rpm
134+
perl-Pod-Usage-2.01-490.cm2.noarch.rpm
135+
perl-Scalar-List-Utils-1.55-490.cm2.x86_64.rpm
136+
perl-SelectSaver-1.02-490.cm2.noarch.rpm
137+
perl-Socket-2.031-490.cm2.x86_64.rpm
138+
perl-Storable-3.23-490.cm2.x86_64.rpm
139+
perl-Symbol-1.09-490.cm2.noarch.rpm
140+
perl-Term-ANSIColor-5.01-490.cm2.noarch.rpm
141+
perl-Term-Cap-1.17-490.cm2.noarch.rpm
142+
perl-Text-ParseWords-3.30-490.cm2.noarch.rpm
143+
perl-Text-Tabs+Wrap-2013.0523-490.cm2.noarch.rpm
144+
perl-Thread-Queue-3.14-490.cm2.noarch.rpm
145+
perl-Time-Local-1.300-490.cm2.noarch.rpm
146+
perl-Unicode-Normalize-1.28-490.cm2.x86_64.rpm
147+
perl-base-2.27-490.cm2.noarch.rpm
148+
perl-constant-1.33-490.cm2.noarch.rpm
149+
perl-if-0.60.900-490.cm2.noarch.rpm
150+
perl-interpreter-5.34.1-490.cm2.x86_64.rpm
151+
perl-libs-5.34.1-490.cm2.x86_64.rpm
152+
perl-locale-1.10-490.cm2.noarch.rpm
153+
perl-macros-5.34.1-490.cm2.noarch.rpm
154+
perl-mro-1.25-490.cm2.x86_64.rpm
155+
perl-overload-1.33-490.cm2.noarch.rpm
156+
perl-overloading-0.02-490.cm2.noarch.rpm
157+
perl-parent-0.238-490.cm2.noarch.rpm
158+
perl-podlators-4.14-490.cm2.noarch.rpm
159+
perl-subs-1.04-490.cm2.noarch.rpm
160+
perl-threads-2.26-490.cm2.x86_64.rpm
161+
perl-threads-shared-1.62-490.cm2.x86_64.rpm
162+
perl-vars-1.05-490.cm2.noarch.rpm
163+
perl-5.34.1-490.cm2.x86_64.rpm
164164
texinfo-6.8-1.cm2.x86_64.rpm
165165
gtk-doc-1.33.2-1.cm2.noarch.rpm
166166
autoconf-2.71-3.cm2.noarch.rpm

0 commit comments

Comments
 (0)