git: 070255657e2b - main - lang/perl5.36: fix CVE-2024-56406
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 15 Apr 2025 05:32:45 UTC
The branch main has been updated by mat:
URL: https://cgit.FreeBSD.org/ports/commit/?id=070255657e2b0b6eeeaf2fa755e390cddbd635f9
commit 070255657e2b0b6eeeaf2fa755e390cddbd635f9
Author: Mathieu Arnold <mat@FreeBSD.org>
AuthorDate: 2025-04-15 05:29:35 +0000
Commit: Mathieu Arnold <mat@FreeBSD.org>
CommitDate: 2025-04-15 05:29:35 +0000
lang/perl5.36: fix CVE-2024-56406
---
lang/perl5.36/Makefile | 2 +-
lang/perl5.36/files/patch-op.c | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/lang/perl5.36/Makefile b/lang/perl5.36/Makefile
index 2584900944ad..8b892008deac 100644
--- a/lang/perl5.36/Makefile
+++ b/lang/perl5.36/Makefile
@@ -1,6 +1,6 @@
PORTNAME= perl
DISTVERSION= ${PERL_VERSION}
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= lang devel perl5
MASTER_SITES= CPAN/../../src/5.0
DIST_SUBDIR= perl
diff --git a/lang/perl5.36/files/patch-op.c b/lang/perl5.36/files/patch-op.c
new file mode 100644
index 000000000000..3ea7692acb5c
--- /dev/null
+++ b/lang/perl5.36/files/patch-op.c
@@ -0,0 +1,20 @@
+From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Wed, 18 Dec 2024 18:25:29 -0700
+Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr//
+
+This was due to underallocating needed space. If the translation forces
+something to become UTF-8 that is initially bytes, that UTF-8 could
+now require two bytes where previously a single one would do.
+
+(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
+--- op.c.orig 2023-11-28 11:57:24 UTC
++++ op.c
+@@ -7605,6 +7605,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+ * same time. But otherwise one crosses before the other */
+ if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+ can_force_utf8 = TRUE;
++ max_expansion = MAX(2, max_expansion);
+ }
+ }
+