From 164c84ee9b820f5b21e79b4d52c07a613925d3f2 Mon Sep 17 00:00:00 2001 From: Francois Perrad Date: Tue, 15 Apr 2025 11:06:37 +0200 Subject: [PATCH] package/perl: security bump to version 5.40.2 fix CVE-2024-56406: A heap buffer overflow vulnerability Signed-off-by: Francois Perrad [Julien: fix check-package error in hash file] Signed-off-by: Julien Olivain --- package/perl/perl.hash | 12 ++++++------ package/perl/perl.mk | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package/perl/perl.hash b/package/perl/perl.hash index 04ebf83b33..d581054bb5 100644 --- a/package/perl/perl.hash +++ b/package/perl/perl.hash @@ -1,10 +1,10 @@ -# Hashes from: https://www.cpan.org/src/5.0/perl-5.40.1.tar.xz.{md5,sha1,sha256}.txt -md5 bab3547a5cdf2302ee0396419d74a42e perl-5.40.1.tar.xz -sha1 4ffe5246c791df884363aed05ba81ba41cb02084 perl-5.40.1.tar.xz -sha256 dfa20c2eef2b4af133525610bbb65dd13777ecf998c9c5b1ccf0d308e732ee3f perl-5.40.1.tar.xz +# Hashes from: https://www.cpan.org/src/5.0/perl-5.40.2.tar.xz.{md5,sha1,sha256}.txt +md5 9ad7a269dc4053cdbeecd4fde444291b perl-5.40.2.tar.xz +sha1 661fe9ee085ca0aec8ddd65e055bee922af12663 perl-5.40.2.tar.xz +sha256 0551c717458e703ef7972307ab19385edfa231198d88998df74e12226abf563b perl-5.40.2.tar.xz -# Hash from: https://github.com/arsv/perl-cross/releases/download/1.6.1/perl-cross-1.6.1.hash -sha256 b5f4b4457bbd7be37adac8ee423beedbcdba8963a85f79770f5e701dabc5550f perl-cross-1.6.1.tar.gz +# Hash from: https://github.com/arsv/perl-cross/releases/download/1.6.2/perl-cross-1.6.2.hash +sha256 131f7496152ee32067dbac2bc9b44b2f582fc778140e545701b3b2faee782f1d perl-cross-1.6.2.tar.gz # Locally calculated sha256 dd90d4f42e4dcadf5a7c09eea0189d93c7b37ae560c91f0f6d5233ed3b9292a2 Artistic diff --git a/package/perl/perl.mk b/package/perl/perl.mk index 37b9fe185d..34abb734d6 100644 --- a/package/perl/perl.mk +++ b/package/perl/perl.mk @@ -6,7 +6,7 @@ # When updating the version here, also update utils/scancpan PERL_VERSION_MAJOR = 40 -PERL_VERSION = 5.$(PERL_VERSION_MAJOR).1 +PERL_VERSION = 5.$(PERL_VERSION_MAJOR).2 PERL_SITE = https://www.cpan.org/src/5.0 PERL_SOURCE = perl-$(PERL_VERSION).tar.xz PERL_LICENSE = Artistic or GPL-1.0+ @@ -15,7 +15,7 @@ PERL_CPE_ID_VENDOR = perl PERL_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) PERL_INSTALL_STAGING = YES -PERL_CROSS_VERSION = 1.6.1 +PERL_CROSS_VERSION = 1.6.2 # DO NOT refactor with the github helper (the result is not the same) PERL_CROSS_SITE = https://github.com/arsv/perl-cross/releases/download/$(PERL_CROSS_VERSION) PERL_CROSS_SOURCE = perl-cross-$(PERL_CROSS_VERSION).tar.gz