microsoft · jslobodzian · Apr 21, 2025 · Apr 18, 2025
@@ -0,0 +1,25 @@
+commit 4ff211d2bd05db0ba9e18faf1ff8bd3dab128c5a
+Author:     Karl Williamson khw@cpan.org
+AuthorDate: 2024-12-18 18:25:29 -0700
+Commit:     Steve Hay steve.m.hay@googlemail.com
+CommitDate: 2025-03-30 11:58:35 +0100
+
+    CVE-2024-56406: Heap-buffer-overflow with tr//
+
+    This was due to underallocating needed space.  If the translation forces
+    something to become UTF-8 that is initially bytes, that UTF-8 could
+    now require two bytes where previously a single one would do.
+
+    (cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
+
+diff --git a/op.c b/op.c
+index 330a30153fe..0dc6a8350d3 100644
+--- a/op.c
++++ b/op.c
+@@ -7515,6 +7515,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+                  * same time.  But otherwise one crosses before the other */
+                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+                     can_force_utf8 = TRUE;
++                    max_expansion = MAX(2, max_expansion);
+                 }
+             }
@@ -127,7 +127,7 @@ License:        GPL+ or Artistic
 Epoch:          %{perl_epoch}
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        489%{?dist}
+Release:        490%{?dist}
 Summary:        Practical Extraction and Report Language
 Url:            https://www.perl.org/
 Vendor:         Microsoft Corporation
@@ -177,6 +177,7 @@ Patch201:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux.pa
 Patch202:       CVE-2023-47100.patch
 Patch203:       CVE-2023-31486.patch
 Patch204:       CVE-2023-31484.patch
+Patch205:       CVE-2024-56406.patch
 
 # Update some of the bundled modules
 # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -4080,6 +4081,7 @@ you're not running VMS, this module does nothing.
 %patch202 -p1
 %patch203 -p1
 %patch204 -p1
+%patch205 -p1
 
 #copy Pod-Html license clarification
 cp %{SOURCE6} .
@@ -6820,6 +6822,9 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Tue Apr 08 2025 Andrew Phelps <anphel@microsoft.com> - 4:5.34.1-490
+- Add patch for CVE-2024-56406
+
 * Thu Apr 04 2024 Andrew Phelps <anphel@microsoft.com> - 4:5.34.1-489
 - Add patch for CVE-2023-47100
 

@@ -103,64 +103,64 @@ libpipeline-devel-1.5.5-3.cm2.aarch64.rpm
 gdbm-1.21-1.cm2.aarch64.rpm
 gdbm-devel-1.21-1.cm2.aarch64.rpm
 gdbm-lang-1.21-1.cm2.aarch64.rpm
-perl-B-1.82-489.cm2.aarch64.rpm
-perl-Carp-1.52-489.cm2.noarch.rpm
-perl-Class-Struct-0.66-489.cm2.noarch.rpm
-perl-Data-Dumper-2.179-489.cm2.aarch64.rpm
-perl-DynaLoader-1.50-489.cm2.aarch64.rpm
-perl-Encode-3.08-489.cm2.aarch64.rpm
-perl-Errno-1.33-489.cm2.aarch64.rpm
-perl-Exporter-5.76-489.cm2.noarch.rpm
-perl-Fcntl-1.14-489.cm2.aarch64.rpm
-perl-File-Basename-2.85-489.cm2.noarch.rpm
-perl-File-Compare-1.100.600-489.cm2.noarch.rpm
-perl-File-Copy-2.35-489.cm2.noarch.rpm
-perl-File-Path-2.18-489.cm2.noarch.rpm
-perl-File-Temp-0.231.100-489.cm2.noarch.rpm
-perl-File-stat-1.09-489.cm2.noarch.rpm
-perl-FileHandle-2.03-489.cm2.noarch.rpm
-perl-Getopt-Long-2.52-489.cm2.noarch.rpm
-perl-Getopt-Std-1.13-489.cm2.noarch.rpm
-perl-HTTP-Tiny-0.076-489.cm2.noarch.rpm
-perl-I18N-Langinfo-0.19-489.cm2.aarch64.rpm
-perl-IO-1.46-489.cm2.aarch64.rpm
-perl-IPC-Open3-1.21-489.cm2.noarch.rpm
-perl-MIME-Base64-3.16-489.cm2.aarch64.rpm
-perl-POSIX-1.97-489.cm2.aarch64.rpm
-perl-PathTools-3.80-489.cm2.aarch64.rpm
-perl-Pod-Escapes-1.07-489.cm2.noarch.rpm
-perl-Pod-Perldoc-3.28.01-489.cm2.noarch.rpm
-perl-Pod-Simple-3.42-489.cm2.noarch.rpm
-perl-Pod-Usage-2.01-489.cm2.noarch.rpm
-perl-Scalar-List-Utils-1.55-489.cm2.aarch64.rpm
-perl-SelectSaver-1.02-489.cm2.noarch.rpm
-perl-Socket-2.031-489.cm2.aarch64.rpm
-perl-Storable-3.23-489.cm2.aarch64.rpm
-perl-Symbol-1.09-489.cm2.noarch.rpm
-perl-Term-ANSIColor-5.01-489.cm2.noarch.rpm
-perl-Term-Cap-1.17-489.cm2.noarch.rpm
-perl-Text-ParseWords-3.30-489.cm2.noarch.rpm
-perl-Text-Tabs+Wrap-2013.0523-489.cm2.noarch.rpm
-perl-Thread-Queue-3.14-489.cm2.noarch.rpm
-perl-Time-Local-1.300-489.cm2.noarch.rpm
-perl-Unicode-Normalize-1.28-489.cm2.aarch64.rpm
-perl-base-2.27-489.cm2.noarch.rpm
-perl-constant-1.33-489.cm2.noarch.rpm
-perl-if-0.60.900-489.cm2.noarch.rpm
-perl-interpreter-5.34.1-489.cm2.aarch64.rpm
-perl-libs-5.34.1-489.cm2.aarch64.rpm
-perl-locale-1.10-489.cm2.noarch.rpm
-perl-macros-5.34.1-489.cm2.noarch.rpm
-perl-mro-1.25-489.cm2.aarch64.rpm
-perl-overload-1.33-489.cm2.noarch.rpm
-perl-overloading-0.02-489.cm2.noarch.rpm
-perl-parent-0.238-489.cm2.noarch.rpm
-perl-podlators-4.14-489.cm2.noarch.rpm
-perl-subs-1.04-489.cm2.noarch.rpm
-perl-threads-2.26-489.cm2.aarch64.rpm
-perl-threads-shared-1.62-489.cm2.aarch64.rpm
-perl-vars-1.05-489.cm2.noarch.rpm
-perl-5.34.1-489.cm2.aarch64.rpm
+perl-B-1.82-490.cm2.aarch64.rpm
+perl-Carp-1.52-490.cm2.noarch.rpm
+perl-Class-Struct-0.66-490.cm2.noarch.rpm
+perl-Data-Dumper-2.179-490.cm2.aarch64.rpm
+perl-DynaLoader-1.50-490.cm2.aarch64.rpm
+perl-Encode-3.08-490.cm2.aarch64.rpm
+perl-Errno-1.33-490.cm2.aarch64.rpm
+perl-Exporter-5.76-490.cm2.noarch.rpm
+perl-Fcntl-1.14-490.cm2.aarch64.rpm
+perl-File-Basename-2.85-490.cm2.noarch.rpm
+perl-File-Compare-1.100.600-490.cm2.noarch.rpm
+perl-File-Copy-2.35-490.cm2.noarch.rpm
+perl-File-Path-2.18-490.cm2.noarch.rpm
+perl-File-Temp-0.231.100-490.cm2.noarch.rpm
+perl-File-stat-1.09-490.cm2.noarch.rpm
+perl-FileHandle-2.03-490.cm2.noarch.rpm
+perl-Getopt-Long-2.52-490.cm2.noarch.rpm
+perl-Getopt-Std-1.13-490.cm2.noarch.rpm
+perl-HTTP-Tiny-0.076-490.cm2.noarch.rpm
+perl-I18N-Langinfo-0.19-490.cm2.aarch64.rpm
+perl-IO-1.46-490.cm2.aarch64.rpm
+perl-IPC-Open3-1.21-490.cm2.noarch.rpm
+perl-MIME-Base64-3.16-490.cm2.aarch64.rpm
+perl-POSIX-1.97-490.cm2.aarch64.rpm
+perl-PathTools-3.80-490.cm2.aarch64.rpm
+perl-Pod-Escapes-1.07-490.cm2.noarch.rpm
+perl-Pod-Perldoc-3.28.01-490.cm2.noarch.rpm
+perl-Pod-Simple-3.42-490.cm2.noarch.rpm
+perl-Pod-Usage-2.01-490.cm2.noarch.rpm
+perl-Scalar-List-Utils-1.55-490.cm2.aarch64.rpm
+perl-SelectSaver-1.02-490.cm2.noarch.rpm
+perl-Socket-2.031-490.cm2.aarch64.rpm
+perl-Storable-3.23-490.cm2.aarch64.rpm
+perl-Symbol-1.09-490.cm2.noarch.rpm
+perl-Term-ANSIColor-5.01-490.cm2.noarch.rpm
+perl-Term-Cap-1.17-490.cm2.noarch.rpm
+perl-Text-ParseWords-3.30-490.cm2.noarch.rpm
+perl-Text-Tabs+Wrap-2013.0523-490.cm2.noarch.rpm
+perl-Thread-Queue-3.14-490.cm2.noarch.rpm
+perl-Time-Local-1.300-490.cm2.noarch.rpm
+perl-Unicode-Normalize-1.28-490.cm2.aarch64.rpm
+perl-base-2.27-490.cm2.noarch.rpm
+perl-constant-1.33-490.cm2.noarch.rpm
+perl-if-0.60.900-490.cm2.noarch.rpm
+perl-interpreter-5.34.1-490.cm2.aarch64.rpm
+perl-libs-5.34.1-490.cm2.aarch64.rpm
+perl-locale-1.10-490.cm2.noarch.rpm
+perl-macros-5.34.1-490.cm2.noarch.rpm
+perl-mro-1.25-490.cm2.aarch64.rpm
+perl-overload-1.33-490.cm2.noarch.rpm
+perl-overloading-0.02-490.cm2.noarch.rpm
+perl-parent-0.238-490.cm2.noarch.rpm
+perl-podlators-4.14-490.cm2.noarch.rpm
+perl-subs-1.04-490.cm2.noarch.rpm
+perl-threads-2.26-490.cm2.aarch64.rpm
+perl-threads-shared-1.62-490.cm2.aarch64.rpm
+perl-vars-1.05-490.cm2.noarch.rpm
+perl-5.34.1-490.cm2.aarch64.rpm
 texinfo-6.8-1.cm2.aarch64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm

@@ -103,64 +103,64 @@ libpipeline-devel-1.5.5-3.cm2.x86_64.rpm
 gdbm-1.21-1.cm2.x86_64.rpm
 gdbm-devel-1.21-1.cm2.x86_64.rpm
 gdbm-lang-1.21-1.cm2.x86_64.rpm
-perl-B-1.82-489.cm2.x86_64.rpm
-perl-Carp-1.52-489.cm2.noarch.rpm
-perl-Class-Struct-0.66-489.cm2.noarch.rpm
-perl-Data-Dumper-2.179-489.cm2.x86_64.rpm
-perl-DynaLoader-1.50-489.cm2.x86_64.rpm
-perl-Encode-3.08-489.cm2.x86_64.rpm
-perl-Errno-1.33-489.cm2.x86_64.rpm
-perl-Exporter-5.76-489.cm2.noarch.rpm
-perl-Fcntl-1.14-489.cm2.x86_64.rpm
-perl-File-Basename-2.85-489.cm2.noarch.rpm
-perl-File-Compare-1.100.600-489.cm2.noarch.rpm
-perl-File-Copy-2.35-489.cm2.noarch.rpm
-perl-File-Path-2.18-489.cm2.noarch.rpm
-perl-File-Temp-0.231.100-489.cm2.noarch.rpm
-perl-File-stat-1.09-489.cm2.noarch.rpm
-perl-FileHandle-2.03-489.cm2.noarch.rpm
-perl-Getopt-Long-2.52-489.cm2.noarch.rpm
-perl-Getopt-Std-1.13-489.cm2.noarch.rpm
-perl-HTTP-Tiny-0.076-489.cm2.noarch.rpm
-perl-I18N-Langinfo-0.19-489.cm2.x86_64.rpm
-perl-IO-1.46-489.cm2.x86_64.rpm
-perl-IPC-Open3-1.21-489.cm2.noarch.rpm
-perl-MIME-Base64-3.16-489.cm2.x86_64.rpm
-perl-POSIX-1.97-489.cm2.x86_64.rpm
-perl-PathTools-3.80-489.cm2.x86_64.rpm
-perl-Pod-Escapes-1.07-489.cm2.noarch.rpm
-perl-Pod-Perldoc-3.28.01-489.cm2.noarch.rpm
-perl-Pod-Simple-3.42-489.cm2.noarch.rpm
-perl-Pod-Usage-2.01-489.cm2.noarch.rpm
-perl-Scalar-List-Utils-1.55-489.cm2.x86_64.rpm
-perl-SelectSaver-1.02-489.cm2.noarch.rpm
-perl-Socket-2.031-489.cm2.x86_64.rpm
-perl-Storable-3.23-489.cm2.x86_64.rpm
-perl-Symbol-1.09-489.cm2.noarch.rpm
-perl-Term-ANSIColor-5.01-489.cm2.noarch.rpm
-perl-Term-Cap-1.17-489.cm2.noarch.rpm
-perl-Text-ParseWords-3.30-489.cm2.noarch.rpm
-perl-Text-Tabs+Wrap-2013.0523-489.cm2.noarch.rpm
-perl-Thread-Queue-3.14-489.cm2.noarch.rpm
-perl-Time-Local-1.300-489.cm2.noarch.rpm
-perl-Unicode-Normalize-1.28-489.cm2.x86_64.rpm
-perl-base-2.27-489.cm2.noarch.rpm
-perl-constant-1.33-489.cm2.noarch.rpm
-perl-if-0.60.900-489.cm2.noarch.rpm
-perl-interpreter-5.34.1-489.cm2.x86_64.rpm
-perl-libs-5.34.1-489.cm2.x86_64.rpm
-perl-locale-1.10-489.cm2.noarch.rpm
-perl-macros-5.34.1-489.cm2.noarch.rpm
-perl-mro-1.25-489.cm2.x86_64.rpm
-perl-overload-1.33-489.cm2.noarch.rpm
-perl-overloading-0.02-489.cm2.noarch.rpm
-perl-parent-0.238-489.cm2.noarch.rpm
-perl-podlators-4.14-489.cm2.noarch.rpm
-perl-subs-1.04-489.cm2.noarch.rpm
-perl-threads-2.26-489.cm2.x86_64.rpm
-perl-threads-shared-1.62-489.cm2.x86_64.rpm
-perl-vars-1.05-489.cm2.noarch.rpm
-perl-5.34.1-489.cm2.x86_64.rpm
+perl-B-1.82-490.cm2.x86_64.rpm
+perl-Carp-1.52-490.cm2.noarch.rpm
+perl-Class-Struct-0.66-490.cm2.noarch.rpm
+perl-Data-Dumper-2.179-490.cm2.x86_64.rpm
+perl-DynaLoader-1.50-490.cm2.x86_64.rpm
+perl-Encode-3.08-490.cm2.x86_64.rpm
+perl-Errno-1.33-490.cm2.x86_64.rpm
+perl-Exporter-5.76-490.cm2.noarch.rpm
+perl-Fcntl-1.14-490.cm2.x86_64.rpm
+perl-File-Basename-2.85-490.cm2.noarch.rpm
+perl-File-Compare-1.100.600-490.cm2.noarch.rpm
+perl-File-Copy-2.35-490.cm2.noarch.rpm
+perl-File-Path-2.18-490.cm2.noarch.rpm
+perl-File-Temp-0.231.100-490.cm2.noarch.rpm
+perl-File-stat-1.09-490.cm2.noarch.rpm
+perl-FileHandle-2.03-490.cm2.noarch.rpm
+perl-Getopt-Long-2.52-490.cm2.noarch.rpm
+perl-Getopt-Std-1.13-490.cm2.noarch.rpm
+perl-HTTP-Tiny-0.076-490.cm2.noarch.rpm
+perl-I18N-Langinfo-0.19-490.cm2.x86_64.rpm
+perl-IO-1.46-490.cm2.x86_64.rpm
+perl-IPC-Open3-1.21-490.cm2.noarch.rpm
+perl-MIME-Base64-3.16-490.cm2.x86_64.rpm
+perl-POSIX-1.97-490.cm2.x86_64.rpm
+perl-PathTools-3.80-490.cm2.x86_64.rpm
+perl-Pod-Escapes-1.07-490.cm2.noarch.rpm
+perl-Pod-Perldoc-3.28.01-490.cm2.noarch.rpm
+perl-Pod-Simple-3.42-490.cm2.noarch.rpm
+perl-Pod-Usage-2.01-490.cm2.noarch.rpm
+perl-Scalar-List-Utils-1.55-490.cm2.x86_64.rpm
+perl-SelectSaver-1.02-490.cm2.noarch.rpm
+perl-Socket-2.031-490.cm2.x86_64.rpm
+perl-Storable-3.23-490.cm2.x86_64.rpm
+perl-Symbol-1.09-490.cm2.noarch.rpm
+perl-Term-ANSIColor-5.01-490.cm2.noarch.rpm
+perl-Term-Cap-1.17-490.cm2.noarch.rpm
+perl-Text-ParseWords-3.30-490.cm2.noarch.rpm
+perl-Text-Tabs+Wrap-2013.0523-490.cm2.noarch.rpm
+perl-Thread-Queue-3.14-490.cm2.noarch.rpm
+perl-Time-Local-1.300-490.cm2.noarch.rpm
+perl-Unicode-Normalize-1.28-490.cm2.x86_64.rpm
+perl-base-2.27-490.cm2.noarch.rpm
+perl-constant-1.33-490.cm2.noarch.rpm
+perl-if-0.60.900-490.cm2.noarch.rpm
+perl-interpreter-5.34.1-490.cm2.x86_64.rpm
+perl-libs-5.34.1-490.cm2.x86_64.rpm
+perl-locale-1.10-490.cm2.noarch.rpm
+perl-macros-5.34.1-490.cm2.noarch.rpm
+perl-mro-1.25-490.cm2.x86_64.rpm
+perl-overload-1.33-490.cm2.noarch.rpm
+perl-overloading-0.02-490.cm2.noarch.rpm
+perl-parent-0.238-490.cm2.noarch.rpm
+perl-podlators-4.14-490.cm2.noarch.rpm
+perl-subs-1.04-490.cm2.noarch.rpm
+perl-threads-2.26-490.cm2.x86_64.rpm
+perl-threads-shared-1.62-490.cm2.x86_64.rpm
+perl-vars-1.05-490.cm2.noarch.rpm
+perl-5.34.1-490.cm2.x86_64.rpm
 texinfo-6.8-1.cm2.x86_64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm