[Medium] Patch perl for CVE-2026-8376 (microsoft#17591)

Author: v-sushilsati

SPECS/perl/CVE-2026-8376.patch

@@ -0,0 +1,93 @@
+From 5e7f119eb2bb1181be908701f22bf7068e722f1c Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 12 May 2026 14:51:00 +1000
+Subject: [PATCH] perl/perl-security#147: test against the actual character lengths
+
+Upstream Patch Reference: https://patch-diff.githubusercontent.com/raw/Perl/perl5/pull/24433.patch
+---
+ pod/perldelta.pod |  7 +++++++
+ regcomp_study.c   |  7 +++++++
+ t/re/pat_psycho.t | 17 +++++++++++++++--
+ 3 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/pod/perldelta.pod b/pod/perldelta.pod
+index c7d7a64..1c1d33b 100644
+--- a/pod/perldelta.pod
++++ b/pod/perldelta.pod
+@@ -45,6 +45,13 @@ C<C:\ProgramData>. By doing so, when an administrator attempts to use
+ this executable from these compromised locations, arbitrary code can
+ be executed.
+ 
++=head2 CVE-2026-8376 - Buffer overflow in Perl_study_chunk
++
++Repeated fixed string buffer overflow check counted characters not
++bytes.
++
++CVE-2026-8376
++
+ =head1 Acknowledgements
+ 
+ Perl 5.38.2 represents approximately 5 months of development since Perl
+diff --git a/regcomp_study.c b/regcomp_study.c
+index db7ab3a..9248e1d 100644
+--- a/regcomp_study.c
++++ b/regcomp_study.c
+@@ -2862,6 +2862,13 @@ Perl_study_chunk(pTHX_
+                                                (U8 *) SvEND(data->last_found))
+                                 - (U8*)s;
+                         l -= old;
++
++                        if (l > 0 &&
++                            (mincount >= SSize_t_MAX / (SSize_t)l
++                             || old > SSize_t_MAX - mincount * (SSize_t)l)) {
++                            FAIL("Regexp out of space");
++                        }
++
+                         /* Get the added string: */
+                         last_str = newSVpvn_utf8(s  + old, l, UTF);
+                         last_chrs = UTF ? utf8_length((U8*)(s + old),
+diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t
+index 3360395..9fd764f 100644
+--- a/t/re/pat_psycho.t
++++ b/t/re/pat_psycho.t
+@@ -10,7 +10,7 @@
+ use strict;
+ use warnings;
+ use 5.010;
+-
++use Config;
+ 
+ sub run_tests;
+ 
+@@ -31,7 +31,7 @@ BEGIN {
+ 
+ skip_all('$PERL_SKIP_PSYCHO_TEST set') if $ENV{PERL_SKIP_PSYCHO_TEST};
+ 
+-plan tests => 15;  # Update this when adding/deleting tests.
++plan tests => 17;  # Update this when adding/deleting tests.
+ 
+ run_tests() unless caller;
+ 
+@@ -211,6 +211,19 @@ EOF
+ 
+ 
+     }
++
++  SKIP:
++    { # sec #147
++        $Config{ptrsize} == 4
++          or skip "these only fail on x32 and use too much memory on x64", 2;
++        # original case
++        fresh_perl_like('/\x{10000}{1073741824}/',
++                        qr/Regexp out of space/, {}, "ssize_t overflow");
++
++        # synthesized but similar case
++        fresh_perl_like('/(?:\x{10001}\x{10000}){536870912}/',
++                        qr/Regexp out of space/, {}, "ssize_t overflow again");
++    }
+ } # End of sub run_tests
+ 
+ 1;
+-- 
+2.45.4
+

SPECS/perl/perl.spec

@@ -127,7 +127,7 @@ License:        GPL+ or Artistic
 Epoch:          %{perl_epoch}
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        510%{?dist}
+Release:        511%{?dist}
 Summary:        Practical Extraction and Report Language
 Url:            https://www.perl.org/
 Vendor:         Microsoft Corporation
@@ -194,6 +194,7 @@ Patch205:       CVE-2025-15649.patch
 Patch206:       CVE-2026-42496.patch
 Patch207:       CVE-2026-48959.patch
 Patch208:       CVE-2026-48962.patch
+Patch209:       CVE-2026-8376.patch
 
 # Update some of the bundled modules
 # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -6850,6 +6851,9 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Wed Jun 17 2026 Sushil Sati <v-sushilsati@microsoft.com> - 4:5.38.2-511
+- Patch for CVE-2026-8376
+
 * Tue Jun 02 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4:5.38.2-510
 - Patch for CVE-2026-48962, CVE-2026-48959, CVE-2026-42496, CVE-2025-15649
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -107,64 +107,64 @@ libpipeline-devel-1.5.7-1.azl3.aarch64.rpm
 gdbm-1.23-1.azl3.aarch64.rpm
 gdbm-devel-1.23-1.azl3.aarch64.rpm
 gdbm-lang-1.23-1.azl3.aarch64.rpm
-perl-B-1.88-510.azl3.aarch64.rpm
-perl-Carp-1.54-510.azl3.noarch.rpm
-perl-Class-Struct-0.68-510.azl3.noarch.rpm
-perl-Data-Dumper-2.188-510.azl3.aarch64.rpm
-perl-DynaLoader-1.54-510.azl3.aarch64.rpm
-perl-Encode-3.19-510.azl3.aarch64.rpm
-perl-Errno-1.37-510.azl3.aarch64.rpm
-perl-Exporter-5.77-510.azl3.noarch.rpm
-perl-Fcntl-1.15-510.azl3.aarch64.rpm
-perl-File-Basename-2.86-510.azl3.noarch.rpm
-perl-File-Compare-1.100.700-510.azl3.noarch.rpm
-perl-File-Copy-2.41-510.azl3.noarch.rpm
-perl-File-Path-2.18-510.azl3.noarch.rpm
-perl-File-Temp-0.231.100-510.azl3.noarch.rpm
-perl-File-stat-1.13-510.azl3.noarch.rpm
-perl-FileHandle-2.05-510.azl3.noarch.rpm
-perl-Getopt-Long-2.54-510.azl3.noarch.rpm
-perl-Getopt-Std-1.13-510.azl3.noarch.rpm
-perl-HTTP-Tiny-0.086-510.azl3.noarch.rpm
-perl-I18N-Langinfo-0.22-510.azl3.aarch64.rpm
-perl-IO-1.52-510.azl3.aarch64.rpm
-perl-IPC-Open3-1.22-510.azl3.noarch.rpm
-perl-MIME-Base64-3.16-510.azl3.aarch64.rpm
-perl-POSIX-2.13-510.azl3.aarch64.rpm
-perl-PathTools-3.89-510.azl3.aarch64.rpm
-perl-Pod-Escapes-1.07-510.azl3.noarch.rpm
-perl-Pod-Perldoc-3.28.01-510.azl3.noarch.rpm
-perl-Pod-Simple-3.43-510.azl3.noarch.rpm
-perl-Pod-Usage-2.03-510.azl3.noarch.rpm
-perl-Scalar-List-Utils-1.63-510.azl3.aarch64.rpm
-perl-SelectSaver-1.02-510.azl3.noarch.rpm
-perl-Socket-2.036-510.azl3.aarch64.rpm
-perl-Storable-3.32-510.azl3.aarch64.rpm
-perl-Symbol-1.09-510.azl3.noarch.rpm
-perl-Term-ANSIColor-5.01-510.azl3.noarch.rpm
-perl-Term-Cap-1.18-510.azl3.noarch.rpm
-perl-Text-ParseWords-3.31-510.azl3.noarch.rpm
-perl-Text-Tabs+Wrap-2021.0814-510.azl3.noarch.rpm
-perl-Thread-Queue-3.14-510.azl3.noarch.rpm
-perl-Time-Local-1.300-510.azl3.noarch.rpm
-perl-Unicode-Normalize-1.32-510.azl3.aarch64.rpm
-perl-base-2.27-510.azl3.noarch.rpm
-perl-constant-1.33-510.azl3.noarch.rpm
-perl-if-0.61.000-510.azl3.noarch.rpm
-perl-interpreter-5.38.2-510.azl3.aarch64.rpm
-perl-libs-5.38.2-510.azl3.aarch64.rpm
-perl-locale-1.10-510.azl3.noarch.rpm
-perl-macros-5.38.2-510.azl3.noarch.rpm
-perl-mro-1.28-510.azl3.aarch64.rpm
-perl-overload-1.37-510.azl3.noarch.rpm
-perl-overloading-0.02-510.azl3.noarch.rpm
-perl-parent-0.241-510.azl3.noarch.rpm
-perl-podlators-5.01-510.azl3.noarch.rpm
-perl-subs-1.04-510.azl3.noarch.rpm
-perl-threads-2.36-510.azl3.aarch64.rpm
-perl-threads-shared-1.68-510.azl3.aarch64.rpm
-perl-vars-1.05-510.azl3.noarch.rpm
-perl-5.38.2-510.azl3.aarch64.rpm
+perl-B-1.88-511.azl3.aarch64.rpm
+perl-Carp-1.54-511.azl3.noarch.rpm
+perl-Class-Struct-0.68-511.azl3.noarch.rpm
+perl-Data-Dumper-2.188-511.azl3.aarch64.rpm
+perl-DynaLoader-1.54-511.azl3.aarch64.rpm
+perl-Encode-3.19-511.azl3.aarch64.rpm
+perl-Errno-1.37-511.azl3.aarch64.rpm
+perl-Exporter-5.77-511.azl3.noarch.rpm
+perl-Fcntl-1.15-511.azl3.aarch64.rpm
+perl-File-Basename-2.86-511.azl3.noarch.rpm
+perl-File-Compare-1.100.700-511.azl3.noarch.rpm
+perl-File-Copy-2.41-511.azl3.noarch.rpm
+perl-File-Path-2.18-511.azl3.noarch.rpm
+perl-File-Temp-0.231.100-511.azl3.noarch.rpm
+perl-File-stat-1.13-511.azl3.noarch.rpm
+perl-FileHandle-2.05-511.azl3.noarch.rpm
+perl-Getopt-Long-2.54-511.azl3.noarch.rpm
+perl-Getopt-Std-1.13-511.azl3.noarch.rpm
+perl-HTTP-Tiny-0.086-511.azl3.noarch.rpm
+perl-I18N-Langinfo-0.22-511.azl3.aarch64.rpm
+perl-IO-1.52-511.azl3.aarch64.rpm
+perl-IPC-Open3-1.22-511.azl3.noarch.rpm
+perl-MIME-Base64-3.16-511.azl3.aarch64.rpm
+perl-POSIX-2.13-511.azl3.aarch64.rpm
+perl-PathTools-3.89-511.azl3.aarch64.rpm
+perl-Pod-Escapes-1.07-511.azl3.noarch.rpm
+perl-Pod-Perldoc-3.28.01-511.azl3.noarch.rpm
+perl-Pod-Simple-3.43-511.azl3.noarch.rpm
+perl-Pod-Usage-2.03-511.azl3.noarch.rpm
+perl-Scalar-List-Utils-1.63-511.azl3.aarch64.rpm
+perl-SelectSaver-1.02-511.azl3.noarch.rpm
+perl-Socket-2.036-511.azl3.aarch64.rpm
+perl-Storable-3.32-511.azl3.aarch64.rpm
+perl-Symbol-1.09-511.azl3.noarch.rpm
+perl-Term-ANSIColor-5.01-511.azl3.noarch.rpm
+perl-Term-Cap-1.18-511.azl3.noarch.rpm
+perl-Text-ParseWords-3.31-511.azl3.noarch.rpm
+perl-Text-Tabs+Wrap-2021.0814-511.azl3.noarch.rpm
+perl-Thread-Queue-3.14-511.azl3.noarch.rpm
+perl-Time-Local-1.300-511.azl3.noarch.rpm
+perl-Unicode-Normalize-1.32-511.azl3.aarch64.rpm
+perl-base-2.27-511.azl3.noarch.rpm
+perl-constant-1.33-511.azl3.noarch.rpm
+perl-if-0.61.000-511.azl3.noarch.rpm
+perl-interpreter-5.38.2-511.azl3.aarch64.rpm
+perl-libs-5.38.2-511.azl3.aarch64.rpm
+perl-locale-1.10-511.azl3.noarch.rpm
+perl-macros-5.38.2-511.azl3.noarch.rpm
+perl-mro-1.28-511.azl3.aarch64.rpm
+perl-overload-1.37-511.azl3.noarch.rpm
+perl-overloading-0.02-511.azl3.noarch.rpm
+perl-parent-0.241-511.azl3.noarch.rpm
+perl-podlators-5.01-511.azl3.noarch.rpm
+perl-subs-1.04-511.azl3.noarch.rpm
+perl-threads-2.36-511.azl3.aarch64.rpm
+perl-threads-shared-1.68-511.azl3.aarch64.rpm
+perl-vars-1.05-511.azl3.noarch.rpm
+perl-5.38.2-511.azl3.aarch64.rpm
 texinfo-7.0.3-1.azl3.aarch64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-2.azl3.noarch.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -107,64 +107,64 @@ libpipeline-devel-1.5.7-1.azl3.x86_64.rpm
 gdbm-1.23-1.azl3.x86_64.rpm
 gdbm-devel-1.23-1.azl3.x86_64.rpm
 gdbm-lang-1.23-1.azl3.x86_64.rpm
-perl-B-1.88-510.azl3.x86_64.rpm
-perl-Carp-1.54-510.azl3.noarch.rpm
-perl-Class-Struct-0.68-510.azl3.noarch.rpm
-perl-Data-Dumper-2.188-510.azl3.x86_64.rpm
-perl-DynaLoader-1.54-510.azl3.x86_64.rpm
-perl-Encode-3.19-510.azl3.x86_64.rpm
-perl-Errno-1.37-510.azl3.x86_64.rpm
-perl-Exporter-5.77-510.azl3.noarch.rpm
-perl-Fcntl-1.15-510.azl3.x86_64.rpm
-perl-File-Basename-2.86-510.azl3.noarch.rpm
-perl-File-Compare-1.100.700-510.azl3.noarch.rpm
-perl-File-Copy-2.41-510.azl3.noarch.rpm
-perl-File-Path-2.18-510.azl3.noarch.rpm
-perl-File-Temp-0.231.100-510.azl3.noarch.rpm
-perl-File-stat-1.13-510.azl3.noarch.rpm
-perl-FileHandle-2.05-510.azl3.noarch.rpm
-perl-Getopt-Long-2.54-510.azl3.noarch.rpm
-perl-Getopt-Std-1.13-510.azl3.noarch.rpm
-perl-HTTP-Tiny-0.086-510.azl3.noarch.rpm
-perl-I18N-Langinfo-0.22-510.azl3.x86_64.rpm
-perl-IO-1.52-510.azl3.x86_64.rpm
-perl-IPC-Open3-1.22-510.azl3.noarch.rpm
-perl-MIME-Base64-3.16-510.azl3.x86_64.rpm
-perl-POSIX-2.13-510.azl3.x86_64.rpm
-perl-PathTools-3.89-510.azl3.x86_64.rpm
-perl-Pod-Escapes-1.07-510.azl3.noarch.rpm
-perl-Pod-Perldoc-3.28.01-510.azl3.noarch.rpm
-perl-Pod-Simple-3.43-510.azl3.noarch.rpm
-perl-Pod-Usage-2.03-510.azl3.noarch.rpm
-perl-Scalar-List-Utils-1.63-510.azl3.x86_64.rpm
-perl-SelectSaver-1.02-510.azl3.noarch.rpm
-perl-Socket-2.036-510.azl3.x86_64.rpm
-perl-Storable-3.32-510.azl3.x86_64.rpm
-perl-Symbol-1.09-510.azl3.noarch.rpm
-perl-Term-ANSIColor-5.01-510.azl3.noarch.rpm
-perl-Term-Cap-1.18-510.azl3.noarch.rpm
-perl-Text-ParseWords-3.31-510.azl3.noarch.rpm
-perl-Text-Tabs+Wrap-2021.0814-510.azl3.noarch.rpm
-perl-Thread-Queue-3.14-510.azl3.noarch.rpm
-perl-Time-Local-1.300-510.azl3.noarch.rpm
-perl-Unicode-Normalize-1.32-510.azl3.x86_64.rpm
-perl-base-2.27-510.azl3.noarch.rpm
-perl-constant-1.33-510.azl3.noarch.rpm
-perl-if-0.61.000-510.azl3.noarch.rpm
-perl-interpreter-5.38.2-510.azl3.x86_64.rpm
-perl-libs-5.38.2-510.azl3.x86_64.rpm
-perl-locale-1.10-510.azl3.noarch.rpm
-perl-macros-5.38.2-510.azl3.noarch.rpm
-perl-mro-1.28-510.azl3.x86_64.rpm
-perl-overload-1.37-510.azl3.noarch.rpm
-perl-overloading-0.02-510.azl3.noarch.rpm
-perl-parent-0.241-510.azl3.noarch.rpm
-perl-podlators-5.01-510.azl3.noarch.rpm
-perl-subs-1.04-510.azl3.noarch.rpm
-perl-threads-2.36-510.azl3.x86_64.rpm
-perl-threads-shared-1.68-510.azl3.x86_64.rpm
-perl-vars-1.05-510.azl3.noarch.rpm
-perl-5.38.2-510.azl3.x86_64.rpm
+perl-B-1.88-511.azl3.x86_64.rpm
+perl-Carp-1.54-511.azl3.noarch.rpm
+perl-Class-Struct-0.68-511.azl3.noarch.rpm
+perl-Data-Dumper-2.188-511.azl3.x86_64.rpm
+perl-DynaLoader-1.54-511.azl3.x86_64.rpm
+perl-Encode-3.19-511.azl3.x86_64.rpm
+perl-Errno-1.37-511.azl3.x86_64.rpm
+perl-Exporter-5.77-511.azl3.noarch.rpm
+perl-Fcntl-1.15-511.azl3.x86_64.rpm
+perl-File-Basename-2.86-511.azl3.noarch.rpm
+perl-File-Compare-1.100.700-511.azl3.noarch.rpm
+perl-File-Copy-2.41-511.azl3.noarch.rpm
+perl-File-Path-2.18-511.azl3.noarch.rpm
+perl-File-Temp-0.231.100-511.azl3.noarch.rpm
+perl-File-stat-1.13-511.azl3.noarch.rpm
+perl-FileHandle-2.05-511.azl3.noarch.rpm
+perl-Getopt-Long-2.54-511.azl3.noarch.rpm
+perl-Getopt-Std-1.13-511.azl3.noarch.rpm
+perl-HTTP-Tiny-0.086-511.azl3.noarch.rpm
+perl-I18N-Langinfo-0.22-511.azl3.x86_64.rpm
+perl-IO-1.52-511.azl3.x86_64.rpm
+perl-IPC-Open3-1.22-511.azl3.noarch.rpm
+perl-MIME-Base64-3.16-511.azl3.x86_64.rpm
+perl-POSIX-2.13-511.azl3.x86_64.rpm
+perl-PathTools-3.89-511.azl3.x86_64.rpm
+perl-Pod-Escapes-1.07-511.azl3.noarch.rpm
+perl-Pod-Perldoc-3.28.01-511.azl3.noarch.rpm
+perl-Pod-Simple-3.43-511.azl3.noarch.rpm
+perl-Pod-Usage-2.03-511.azl3.noarch.rpm
+perl-Scalar-List-Utils-1.63-511.azl3.x86_64.rpm
+perl-SelectSaver-1.02-511.azl3.noarch.rpm
+perl-Socket-2.036-511.azl3.x86_64.rpm
+perl-Storable-3.32-511.azl3.x86_64.rpm
+perl-Symbol-1.09-511.azl3.noarch.rpm
+perl-Term-ANSIColor-5.01-511.azl3.noarch.rpm
+perl-Term-Cap-1.18-511.azl3.noarch.rpm
+perl-Text-ParseWords-3.31-511.azl3.noarch.rpm
+perl-Text-Tabs+Wrap-2021.0814-511.azl3.noarch.rpm
+perl-Thread-Queue-3.14-511.azl3.noarch.rpm
+perl-Time-Local-1.300-511.azl3.noarch.rpm
+perl-Unicode-Normalize-1.32-511.azl3.x86_64.rpm
+perl-base-2.27-511.azl3.noarch.rpm
+perl-constant-1.33-511.azl3.noarch.rpm
+perl-if-0.61.000-511.azl3.noarch.rpm
+perl-interpreter-5.38.2-511.azl3.x86_64.rpm
+perl-libs-5.38.2-511.azl3.x86_64.rpm
+perl-locale-1.10-511.azl3.noarch.rpm
+perl-macros-5.38.2-511.azl3.noarch.rpm
+perl-mro-1.28-511.azl3.x86_64.rpm
+perl-overload-1.37-511.azl3.noarch.rpm
+perl-overloading-0.02-511.azl3.noarch.rpm
+perl-parent-0.241-511.azl3.noarch.rpm
+perl-podlators-5.01-511.azl3.noarch.rpm
+perl-subs-1.04-511.azl3.noarch.rpm
+perl-threads-2.36-511.azl3.x86_64.rpm
+perl-threads-shared-1.68-511.azl3.x86_64.rpm
+perl-vars-1.05-511.azl3.noarch.rpm
+perl-5.38.2-511.azl3.x86_64.rpm
 texinfo-7.0.3-1.azl3.x86_64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-2.azl3.noarch.rpm