From: Changqing Li <[email protected]> * License-Update: Update years * Remove CVE-2014-10402.patch since it is not need for this version, refer [1] * Backport a patch
[1] https://metacpan.org/dist/DBI/view/Changes#Changes-in-DBI-1.632-9th-Nov-2014 Signed-off-by: Changqing Li <[email protected]> --- ...uilding-on-Fedora-40-with-GCC-14.2.1.patch | 28 ++++++++++ .../perl/libdbi-perl/CVE-2014-10402.patch | 56 ------------------- ...dbi-perl_1.643.bb => libdbi-perl_1.644.bb} | 9 ++- 3 files changed, 32 insertions(+), 61 deletions(-) create mode 100644 meta-oe/recipes-devtools/perl/libdbi-perl/0001-Fix-building-on-Fedora-40-with-GCC-14.2.1.patch delete mode 100644 meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch rename meta-oe/recipes-devtools/perl/{libdbi-perl_1.643.bb => libdbi-perl_1.644.bb} (83%) diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl/0001-Fix-building-on-Fedora-40-with-GCC-14.2.1.patch b/meta-oe/recipes-devtools/perl/libdbi-perl/0001-Fix-building-on-Fedora-40-with-GCC-14.2.1.patch new file mode 100644 index 000000000..f29d6c4d8 --- /dev/null +++ b/meta-oe/recipes-devtools/perl/libdbi-perl/0001-Fix-building-on-Fedora-40-with-GCC-14.2.1.patch @@ -0,0 +1,28 @@ +From dc970a868a4c2d7e2051b533e0a3588ef1d35530 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <[email protected]> +Date: Mon, 26 Aug 2024 10:17:01 +0200 +Subject: [PATCH] Fix building on Fedora 40 with GCC 14.2.1 + +Upstream-Status: Backport [https://github.com/perl5-dbi/dbi/commit/d6e2bf13ac6043f5b0a9a147805b4915bd70e631] + +Signed-off-by: Changqing Li <[email protected]> +--- + DBI.xs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/DBI.xs b/DBI.xs +index 747e341..9b1d136 100644 +--- a/DBI.xs ++++ b/DBI.xs +@@ -1106,7 +1106,7 @@ dbih_inner(pTHX_ SV *orv, const char *what) + if (!SvMAGICAL(ohv)) { + if (!what) + return NULL; +- if (!hv_fetch(ohv,"_NO_DESTRUCT_WARN",17,0)) ++ if (!hv_fetch((HV*)ohv,"_NO_DESTRUCT_WARN",17,0)) + sv_dump(orv); + croak("%s handle %s is not a DBI handle (has no magic)", + what, neatsvpv(orv,0)); +-- +2.46.0 + diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch b/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch deleted file mode 100644 index b41bbe0a5..000000000 --- a/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch +++ /dev/null @@ -1,56 +0,0 @@ -Backport patch to fix CVE-2014-10402. - -CVE: CVE-2014-10402 -Upstream-Status: Backport [https://github.com/rehsack/dbi/commit/19d0fb1] - -Ref: -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 - -Signed-off-by: Kai Kang <[email protected]> - - -From 19d0fb169eed475e1c053e99036b8668625cfa94 Mon Sep 17 00:00:00 2001 -From: Jens Rehsack <[email protected]> -Date: Tue, 6 Oct 2020 10:22:17 +0200 -Subject: [PATCH] lib/DBD/File.pm: fix CVE-2014-10401 - -Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and -figure out that DBI->parse_dsn is the wrong helper to parse our attributes in -DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes -parse_dsn to bailout. - -Parsing on our own similar to parse_dsn shows the way out. - -Signed-off-by: Jens Rehsack <[email protected]> ---- - lib/DBD/File.pm | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm -index fb14e9a..f55076f 100644 ---- a/lib/DBD/File.pm -+++ b/lib/DBD/File.pm -@@ -109,7 +109,11 @@ sub connect - # We do not (yet) care about conflicting attributes here - # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" }); - # will test here that both test and text should exist -- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) { -+ # -+ # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter. -+ if ($dbname) { -+ my @attrs = split /;/ => $dbname; -+ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs }; - if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) { - my $msg = "No such directory '$attr_hash->{f_dir}"; - $drh->set_err (2, $msg); -@@ -120,7 +124,6 @@ sub connect - if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) { - my $msg = "No such directory '$attr->{f_dir}"; - $drh->set_err (2, $msg); -- $attr->{RaiseError} and croak $msg; - return; - } - --- -2.17.1 - diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb b/meta-oe/recipes-devtools/perl/libdbi-perl_1.644.bb similarity index 83% rename from meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb rename to meta-oe/recipes-devtools/perl/libdbi-perl_1.644.bb index 1fee83a8f..7f6c9059d 100644 --- a/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb +++ b/meta-oe/recipes-devtools/perl/libdbi-perl_1.644.bb @@ -7,13 +7,12 @@ database interface independent of the actual database being used. \ HOMEPAGE = "http://search.cpan.org/dist/DBI/"; SECTION = "libs" LICENSE = "Artistic-1.0 | GPL-1.0-or-later" -LIC_FILES_CHKSUM = "file://LICENSE;md5=10982c7148e0a012c0fd80534522f5c5" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8097b88c6165f0d43949441e6ea581cd" -SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz \ - file://CVE-2014-10402.patch \ +SRC_URI = "https://cpan.metacpan.org/authors/id/H/HM/HMBRAND/DBI-${PV}.tar.gz \ + file://0001-Fix-building-on-Fedora-40-with-GCC-14.2.1.patch \ " -SRC_URI[md5sum] = "352f80b1e23769c116082a90905d7398" -SRC_URI[sha256sum] = "8a2b993db560a2c373c174ee976a51027dd780ec766ae17620c20393d2e836fa" +SRC_URI[sha256sum] = "2297b99de09e67086640b590699e0e982fb469da63a93fe28dc14782db7a53c8" S = "${WORKDIR}/DBI-${PV}" -- 2.46.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#112077): https://lists.openembedded.org/g/openembedded-devel/message/112077 Mute This Topic: https://lists.openembedded.org/mt/108238192/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
