From 3152a421b85afd807064e009aa4633178b128c04 Mon Sep 17 00:00:00 2001
From: lzq11122 <lzq02303433@alibaba-inc.com>
Date: Tue, 24 Jun 2025 06:42:47 -0400
Subject: [PATCH] test-per

Signed-off-by: lzq11122 <lzq02303433@alibaba-inc.com>
---
 1000-CVE-2024-56406.patch | 24 ++++++++++++++++++++++++
 perl.spec                 |  8 ++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 1000-CVE-2024-56406.patch

diff --git a/1000-CVE-2024-56406.patch b/1000-CVE-2024-56406.patch
new file mode 100644
index 0000000..288c7d2
--- /dev/null
+++ b/1000-CVE-2024-56406.patch
@@ -0,0 +1,24 @@
+From e0bce716273d941537771637ef077ff397a06f9b Mon Sep 17 00:00:00 2001
+From: mgb01105731 <mgb01105731@alibaba-inc.com>
+Date: Mon, 23 Jun 2025 23:52:12 -0400
+Subject: [PATCH 1/1] fix CVE-2024-56406
+
+---
+ op.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/op.c b/op.c
+index 748a268..65bfaee 100644
+--- a/op.c
++++ b/op.c
+@@ -7605,6 +7605,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+                  * same time.  But otherwise one crosses before the other */
+                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+                     can_force_utf8 = TRUE;
++                    max_expansion = MAX(2, max_expansion);
+                 }
+             }
+ 
+-- 
+2.41.0
+
diff --git a/perl.spec b/perl.spec
index 8bab934..fd4730d 100644
--- a/perl.spec
+++ b/perl.spec
@@ -1,5 +1,5 @@
 # anolis_release number must be even higher, because dual-lived modules will be broken otherwise
-%define anolis_release 16
+%define anolis_release 17
 
 %global perl_version    5.36.3
 %global perl_epoch      4
@@ -66,7 +66,8 @@ Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li
 Patch201:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux.patch
 Patch202:       perl-5.36.0-Add-definition-of-OPTIMIZE-to-.ph-files.patch
 Patch203:       perl-5.36.3-add-Perl_my_strlcat-and-Perl_my_strlcpy-symbol.patch
-
+# From https://kkgithub.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd
+Patch204:       1000-CVE-2024-56406.patch
 BuildRequires:  bash bzip2-devel coreutils findutils gcc glibc-common make
 BuildRequires:  sed tar zlib-devel
 BuildRequires:  gcc
@@ -2580,6 +2581,9 @@ LC_ALL=C TEST_JOBS=$JOBS make test_harness
 %{_mandir}/man3/vmsish.*
 
 %changelog
+* Mon Jun 24 2025 lzq11122 <lzq02303433@alibaba-inc.com> - 5.36.3-17
+- add patch to fix CVE-2024-56406
+
 * Wed Apr 2 2025 Kaiqiang Wang <wangkaiqiang@ieisystem.com> - 5.36.3-16
 - add Perl_my_strlcat and Perl_my_strlcpy symbol
 
-- 
Gitee