pyrox.dev / nixpkgs
lol
fork atom

perl: apply patch for CVE-2024-56406

Stig Palmquist 821d2fe8 ab12ae90

options
unified split
Changed files
+29 -1
pkgs
development
interpreters
perl
CVE-2024-56406.patch
interpreter.nix
+26
pkgs/development/interpreters/perl/CVE-2024-56406.patch 
···

       

       
1

       
+

       
commit 385e8759c3ff1e7f7f996bd4ea391074d61d48c1


     

       

       
2

       
+

       
Author:     Karl Williamson <khw@cpan.org>


     

       

       
3

       
+

       
AuthorDate: 2024-12-18 18:25:29 -0700


     

       

       
4

       
+

       
Commit:     Steve Hay <steve.m.hay@googlemail.com>


     

       

       
5

       
+

       
CommitDate: 2025-03-30 11:59:51 +0100


     

       

       
6

       
+

       



     

       

       
7

       
+

       
    CVE-2024-56406: Heap-buffer-overflow with tr//


     

       

       
8

       
+

       



     

       

       
9

       
+

       
    This was due to underallocating needed space.  If the translation forces


     

       

       
10

       
+

       
    something to become UTF-8 that is initially bytes, that UTF-8 could


     

       

       
11

       
+

       
    now require two bytes where previously a single one would do.


     

       

       
12

       
+

       



     

       

       
13

       
+

       
    (cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)


     

       

       
14

       
+

       



     

       

       
15

       
+

       
diff --git a/op.c b/op.c


     

       

       
16

       
+

       
index 3fc23eca49a..aeee88e0335 100644


     

       

       
17

       
+

       
--- a/op.c


     

       

       
18

       
+

       
+++ b/op.c


     

       

       
19

       
+

       
@@ -6649,6 +6649,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)


     

       

       
20

       
+

       
                  * same time.  But otherwise one crosses before the other */


     

       

       
21

       
+

       
                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {


     

       

       
22

       
+

       
                     can_force_utf8 = TRUE;


     

       

       
23

       
+

       
+                    max_expansion = MAX(2, max_expansion);


     

       

       
24

       
+

       
                 }


     

       

       
25

       
+

       
             }


     

       

       
26

       
+
+3 -1
pkgs/development/interpreters/perl/interpreter.nix 
···

       
71

       
71

       
 

       
    disallowedReferences = [ stdenv.cc ];


     

       
72

       
72

       
 

       



     

       
73

       
73

       
 

       
    patches =


     

       
74

       

       
-

       
      [ ]


     

       

       
74

       
+

       
      [


     

       

       
75

       
+

       
        ./CVE-2024-56406.patch


     

       

       
76

       
+

       
      ]


     

       
75

       
77

       
 

       
      # Do not look in /usr etc. for dependencies.


     

       
76

       
78

       
 

       
      ++ lib.optional ((lib.versions.majorMinor version) == "5.38") ./no-sys-dirs-5.38.0.patch


     

       
77

       
79

       
 

       
      ++ lib.optional ((lib.versions.majorMinor version) == "5.40") ./no-sys-dirs-5.40.0.patch