From nobody Tue Apr 15 05:32:45 2025 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZcCV64XLqz5syLR; Tue, 15 Apr 2025 05:32:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZcCV562TQz3mT1; Tue, 15 Apr 2025 05:32:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744695165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AC11+UiSgtjmP3GmVBdjXBkepMMhKxJb3JQ1IXj1L40=; b=PI2pc1N8+3hXga8FvUtLFD7teB3Xo08eIW20ELU1NymzJwnfX9go0OaTAlTeFX9306l7Jc gDZ/usINLvY9XSezq7v+J23vImQiJ3aZl47cksGM4y9e2SYPuR7SIPYQIoUIDRYaj4Iue1 k2FmkFTr7ZeX/d/SvrFEWjLh+Wdv/1eGvMYd2rGAg1iDT9TfElssxuzyjMfkojFygSSC0s FBJP+xaH6s5AsfY0NLAeMby70OuUq6zULzLXAnU6RxnHCvSbBHtCt72vQC5UQ0mD85//7N Y0XrVsbw3rC5cXQtx3qUV9huWAYiCgXusrqGC+JyXLfr6mYtzz/dbX3TMexqbA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744695165; a=rsa-sha256; cv=none; b=v6FttYEKh+K/TXLKRBhGl7t4Yd9SpYvow6rUD8dj4OPjdvwKwb/vAEwoXlD+JjCAkPBHKf zYopTawg6JTUrkcxdculPddYpN8CFDZct/sQZKnllDQzOmesylxdKUSgw4SOgf9FtT7kD2 WGUfCAOgFnzXD10lUMz7NhCEDz11HUNExbE1W8Io4xRlVoPQ0iWRkBwbe2Ziuv0pREeDXz yG7yWfsxUV2ab9zxewuKb8nJofl5heM+B8Gn6zTjnxu2iXxWNNh0QqdnJscXau2VIbf2oa HDfRKyYG9Nd61+ZwYHnAoeYqGd6BQx6E9sCHqwAe/IyvHcvDUMbthF329amYxQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744695165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AC11+UiSgtjmP3GmVBdjXBkepMMhKxJb3JQ1IXj1L40=; b=KBmj4a6X4pGzsh3FF4Chxwdn9Oj6HU162GtXFdh5d7nXuZ5iVbTqu2QnGOrJbZTWK0jCa7 ZuJSDXZNokIkD1nUKYaSFtWRQDWSP27R7A0QXBmC3W73oxwVrNMQtUIawJJAO4BBC166ds NyI+/E9F1IDvLa4j0lI9wokSY3qDL5SwuhUpZQT9as6Ib8GupMM3I1G6LIlyqccg3zVVZO 1AdBO/3BZf2ZeIc6n/wGd2vLf7wGqF3mrirsIA0464td7Knp1I8qtBCCnA6/x6vUIkKbCA A09Iw8LHkj+P+oBntYfzb8qhbEXtvyZzqKSoCZ15N/scYQ0kcuMZ1My7MjrY6g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZcCV55XtNz4Pc; Tue, 15 Apr 2025 05:32:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53F5WjBs071419; Tue, 15 Apr 2025 05:32:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53F5WjgC071416; Tue, 15 Apr 2025 05:32:45 GMT (envelope-from git) Date: Tue, 15 Apr 2025 05:32:45 GMT Message-Id: <202504150532.53F5WjgC071416@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Mathieu Arnold Subject: git: 070255657e2b - main - lang/perl5.36: fix CVE-2024-56406 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mat X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 070255657e2b0b6eeeaf2fa755e390cddbd635f9 Auto-Submitted: auto-generated The branch main has been updated by mat: URL: https://cgit.FreeBSD.org/ports/commit/?id=070255657e2b0b6eeeaf2fa755e390cddbd635f9 commit 070255657e2b0b6eeeaf2fa755e390cddbd635f9 Author: Mathieu Arnold AuthorDate: 2025-04-15 05:29:35 +0000 Commit: Mathieu Arnold CommitDate: 2025-04-15 05:29:35 +0000 lang/perl5.36: fix CVE-2024-56406 --- lang/perl5.36/Makefile | 2 +- lang/perl5.36/files/patch-op.c | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/lang/perl5.36/Makefile b/lang/perl5.36/Makefile index 2584900944ad..8b892008deac 100644 --- a/lang/perl5.36/Makefile +++ b/lang/perl5.36/Makefile @@ -1,6 +1,6 @@ PORTNAME= perl DISTVERSION= ${PERL_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang devel perl5 MASTER_SITES= CPAN/../../src/5.0 DIST_SUBDIR= perl diff --git a/lang/perl5.36/files/patch-op.c b/lang/perl5.36/files/patch-op.c new file mode 100644 index 000000000000..3ea7692acb5c --- /dev/null +++ b/lang/perl5.36/files/patch-op.c @@ -0,0 +1,20 @@ +From 87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd Mon Sep 17 00:00:00 2001 +From: Karl Williamson +Date: Wed, 18 Dec 2024 18:25:29 -0700 +Subject: [PATCH] CVE-2024-56406: Heap-buffer-overflow with tr// + +This was due to underallocating needed space. If the translation forces +something to become UTF-8 that is initially bytes, that UTF-8 could +now require two bytes where previously a single one would do. + +(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686) +--- op.c.orig 2023-11-28 11:57:24 UTC ++++ op.c +@@ -7605,6 +7605,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl) + * same time. But otherwise one crosses before the other */ + if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) { + can_force_utf8 = TRUE; ++ max_expansion = MAX(2, max_expansion); + } + } +