From c142f829c0c8e0530ecd084e04d3308150f98a8c7b2b293ee0d47b0eb8bb718b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Mon, 27 Nov 2023 09:52:39 +0000 Subject: [PATCH 1/4] Update to perl 5.38.1 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=238 --- perl-5.38.0.tar.xz | 3 --- perl-5.38.1.tar.xz | 3 +++ perl.changes | 9 +++++++++ perl.spec | 6 +++--- 4 files changed, 15 insertions(+), 6 deletions(-) delete mode 100644 perl-5.38.0.tar.xz create mode 100644 perl-5.38.1.tar.xz diff --git a/perl-5.38.0.tar.xz b/perl-5.38.0.tar.xz deleted file mode 100644 index 206aa3a..0000000 --- a/perl-5.38.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eca551caec3bc549a4e590c0015003790bdd1a604ffe19cc78ee631d51f7072e -size 13565448 diff --git a/perl-5.38.1.tar.xz b/perl-5.38.1.tar.xz new file mode 100644 index 0000000..52199cd --- /dev/null +++ b/perl-5.38.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a82c7930563086e78cb84d9c265e6b212ee65d509d19eedcd23ab8c1ba3f046 +size 13683376 diff --git a/perl.changes b/perl.changes index 3b4c8a6..7b82bd1 100644 --- a/perl.changes +++ b/perl.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Nov 27 10:50:24 CET 2023 - mls@suse.de + +- Update to perl 5.38.1 + * fixes [CVE-2023-47038] Write past buffer end via illegal + user-defined Unicode property + * fixes [CVE-2023-47039] Perl for Windows binary hijacking + vulnerability + ------------------------------------------------------------------- Thu Sep 21 10:51:15 UTC 2023 - Neal Gompa diff --git a/perl.spec b/perl.spec index 699e232..4e0dcc6 100644 --- a/perl.spec +++ b/perl.spec @@ -23,11 +23,11 @@ %define name_suffix %{nil} %endif -%define pversion 5.38.0 +%define pversion 5.38.1 # set to nil when equal to pversion -%global versionlist %nil +%global versionlist 5.38.0 Name: perl%{?name_suffix} -Version: 5.38.0 +Version: 5.38.1 Release: 0 Summary: The Perl interpreter License: Artistic-1.0 OR GPL-1.0-or-later From 797589aae38e9727a16769354d03ecab6f8bd0300e4d7d4c8343954678002bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Mon, 27 Nov 2023 13:06:49 +0000 Subject: [PATCH 2/4] - new patch: perl-metajson.diff OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=239 --- perl-metajson.diff | 11 +++++++++++ perl.changes | 1 + perl.spec | 2 ++ 3 files changed, 14 insertions(+) create mode 100644 perl-metajson.diff diff --git a/perl-metajson.diff b/perl-metajson.diff new file mode 100644 index 0000000..b14af75 --- /dev/null +++ b/perl-metajson.diff @@ -0,0 +1,11 @@ +--- META.json.orig 2023-11-27 13:04:25.730596900 +0000 ++++ META.json 2023-11-27 13:04:51.242555736 +0000 +@@ -106,7 +106,7 @@ + "vxs.inc" + ] + }, +- "release_status" : "testing", ++ "release_status" : "stable", + "resources" : { + "bugtracker" : { + "web" : "https://github.com/Perl/perl5/issues" diff --git a/perl.changes b/perl.changes index 7b82bd1..195c632 100644 --- a/perl.changes +++ b/perl.changes @@ -6,6 +6,7 @@ Mon Nov 27 10:50:24 CET 2023 - mls@suse.de user-defined Unicode property * fixes [CVE-2023-47039] Perl for Windows binary hijacking vulnerability +- new patch: perl-metajson.diff ------------------------------------------------------------------- Thu Sep 21 10:51:15 UTC 2023 - Neal Gompa diff --git a/perl.spec b/perl.spec index 4e0dcc6..63521c3 100644 --- a/perl.spec +++ b/perl.spec @@ -54,6 +54,7 @@ Patch12: perl-reproducible.patch Patch13: perl_skip_flaky_tests_powerpc.patch # PATCH-FIX-UPSTREAM unmerged https://www.nntp.perl.org/group/perl.perl5.porters/2018/12/msg253240.html Patch18: perl-reproducible2.patch +Patch19: perl-metajson.diff BuildRequires: db-devel BuildRequires: gdbm-devel BuildRequires: libbz2-devel @@ -190,6 +191,7 @@ cp -p %{SOURCE3} . %patch11 %patch12 -p1 %patch18 +%patch19 %build %define _lto_cflags %{nil} From 0842f6d30c1eb21356110c42281e0100422209b81ee7a45fa84daa641d2c9f1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Wed, 29 Nov 2023 10:38:25 +0000 Subject: [PATCH 3/4] Update to perl 5.38.2 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=240 --- perl-5.38.1.tar.xz | 3 --- perl-5.38.2.tar.xz | 3 +++ perl-metajson.diff | 11 ----------- perl.changes | 3 +-- perl.spec | 6 ++---- 5 files changed, 6 insertions(+), 20 deletions(-) delete mode 100644 perl-5.38.1.tar.xz create mode 100644 perl-5.38.2.tar.xz delete mode 100644 perl-metajson.diff diff --git a/perl-5.38.1.tar.xz b/perl-5.38.1.tar.xz deleted file mode 100644 index 52199cd..0000000 --- a/perl-5.38.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6a82c7930563086e78cb84d9c265e6b212ee65d509d19eedcd23ab8c1ba3f046 -size 13683376 diff --git a/perl-5.38.2.tar.xz b/perl-5.38.2.tar.xz new file mode 100644 index 0000000..b6a8799 --- /dev/null +++ b/perl-5.38.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d91115e90b896520e83d4de6b52f8254ef2b70a8d545ffab33200ea9f1cf29e8 +size 13679524 diff --git a/perl-metajson.diff b/perl-metajson.diff deleted file mode 100644 index b14af75..0000000 --- a/perl-metajson.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- META.json.orig 2023-11-27 13:04:25.730596900 +0000 -+++ META.json 2023-11-27 13:04:51.242555736 +0000 -@@ -106,7 +106,7 @@ - "vxs.inc" - ] - }, -- "release_status" : "testing", -+ "release_status" : "stable", - "resources" : { - "bugtracker" : { - "web" : "https://github.com/Perl/perl5/issues" diff --git a/perl.changes b/perl.changes index 195c632..60174a5 100644 --- a/perl.changes +++ b/perl.changes @@ -1,12 +1,11 @@ ------------------------------------------------------------------- Mon Nov 27 10:50:24 CET 2023 - mls@suse.de -- Update to perl 5.38.1 +- Update to perl 5.38.2 * fixes [CVE-2023-47038] Write past buffer end via illegal user-defined Unicode property * fixes [CVE-2023-47039] Perl for Windows binary hijacking vulnerability -- new patch: perl-metajson.diff ------------------------------------------------------------------- Thu Sep 21 10:51:15 UTC 2023 - Neal Gompa diff --git a/perl.spec b/perl.spec index 63521c3..be151b3 100644 --- a/perl.spec +++ b/perl.spec @@ -23,11 +23,11 @@ %define name_suffix %{nil} %endif -%define pversion 5.38.1 +%define pversion 5.38.2 # set to nil when equal to pversion %global versionlist 5.38.0 Name: perl%{?name_suffix} -Version: 5.38.1 +Version: 5.38.2 Release: 0 Summary: The Perl interpreter License: Artistic-1.0 OR GPL-1.0-or-later @@ -54,7 +54,6 @@ Patch12: perl-reproducible.patch Patch13: perl_skip_flaky_tests_powerpc.patch # PATCH-FIX-UPSTREAM unmerged https://www.nntp.perl.org/group/perl.perl5.porters/2018/12/msg253240.html Patch18: perl-reproducible2.patch -Patch19: perl-metajson.diff BuildRequires: db-devel BuildRequires: gdbm-devel BuildRequires: libbz2-devel @@ -191,7 +190,6 @@ cp -p %{SOURCE3} . %patch11 %patch12 -p1 %patch18 -%patch19 %build %define _lto_cflags %{nil} From ce5997746ecb38afd47d48cb0b99673855a1b138b128a18a2a5b8cdb34cfea93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Thu, 30 Nov 2023 09:49:03 +0000 Subject: [PATCH 4/4] add bugzilla refs OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=241 --- perl.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/perl.changes b/perl.changes index 60174a5..69f1697 100644 --- a/perl.changes +++ b/perl.changes @@ -3,9 +3,9 @@ Mon Nov 27 10:50:24 CET 2023 - mls@suse.de - Update to perl 5.38.2 * fixes [CVE-2023-47038] Write past buffer end via illegal - user-defined Unicode property + user-defined Unicode property [bnc#1217084] * fixes [CVE-2023-47039] Perl for Windows binary hijacking - vulnerability + vulnerability [bnc#1217085] ------------------------------------------------------------------- Thu Sep 21 10:51:15 UTC 2023 - Neal Gompa