From d9ff869c375cd10ae3dfbd5b8e96780df30bad83 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Fri, 31 May 2024 17:00:35 +0000
Subject: [PATCH] Import from AlmaLinux stable repository

---
 .perl-Convert-ASN1.metadata                   |  1 -
 SOURCES/Convert-ASN1-0.27-CVE-2013-7488.patch | 45 +++++++++++++++++++
 SPECS/perl-Convert-ASN1.spec                  | 24 +++++++---
 3 files changed, 64 insertions(+), 6 deletions(-)
 delete mode 100644 .perl-Convert-ASN1.metadata
 create mode 100644 SOURCES/Convert-ASN1-0.27-CVE-2013-7488.patch

diff --git a/.perl-Convert-ASN1.metadata b/.perl-Convert-ASN1.metadata
deleted file mode 100644
index 1c65f52..0000000
--- a/.perl-Convert-ASN1.metadata
+++ /dev/null
@@ -1 +0,0 @@
-ec10266c0737a2ba9fa42196ab9c13e28ae11bb4 SOURCES/Convert-ASN1-0.27.tar.gz
diff --git a/SOURCES/Convert-ASN1-0.27-CVE-2013-7488.patch b/SOURCES/Convert-ASN1-0.27-CVE-2013-7488.patch
new file mode 100644
index 0000000..4bc9a6f
--- /dev/null
+++ b/SOURCES/Convert-ASN1-0.27-CVE-2013-7488.patch
@@ -0,0 +1,45 @@
+From ce148a2e0872b708450005cf0b3a944014aae990 Mon Sep 17 00:00:00 2001
+From: Dana Jacobsen <dana@acm.org>
+Date: Tue, 29 Oct 2013 08:37:48 -0700
+Subject: [PATCH 1/2] Fix unsafe decoding in indef case
+
+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
+---
+ lib/Convert/ASN1/_decode.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
+index e811e8d..eb2b584 100644
+--- a/lib/Convert/ASN1/_decode.pm
++++ b/lib/Convert/ASN1/_decode.pm
+@@ -685,6 +685,7 @@ sub _scan_indef {
+     if((unpack("C",$tag) & 0x1f) == 0x1f) {
+       my $b;
+       do {
++	return if $pos >= $end;
+ 	$tag .= substr($_[0],$pos++,1);
+ 	$b = ord substr($tag,-1);
+       } while($b & 0x80);
+
+From 8125d99e15596fee1b5f904ed74a76bccf54082d Mon Sep 17 00:00:00 2001
+From: Dana Jacobsen <dana@acm.org>
+Date: Tue, 29 Oct 2013 08:53:09 -0700
+Subject: [PATCH 2/2] Add second part of position check
+
+Bug: https://github.com/gbarr/perl-Convert-ASN1/pull/15
+---
+ lib/Convert/ASN1/_decode.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/Convert/ASN1/_decode.pm b/lib/Convert/ASN1/_decode.pm
+index eb2b584..67b95aa 100644
+--- a/lib/Convert/ASN1/_decode.pm
++++ b/lib/Convert/ASN1/_decode.pm
+@@ -679,6 +679,7 @@ sub _scan_indef {
+       $pos += 2;
+       next;
+     }
++    return if $pos >= $end;
+ 
+     my $tag = substr($_[0], $pos++, 1);
+ 
diff --git a/SPECS/perl-Convert-ASN1.spec b/SPECS/perl-Convert-ASN1.spec
index 47bc29b..ce3ee09 100644
--- a/SPECS/perl-Convert-ASN1.spec
+++ b/SPECS/perl-Convert-ASN1.spec
@@ -4,7 +4,7 @@
 Summary:        ASN.1 encode/decode library
 Name:           perl-Convert-ASN1
 Version:        0.27
-Release:        17%{?dist}
+Release:        18%{?dist}
 License:        GPL+ or Artistic
 URL:            https://metacpan.org/release/Convert-ASN1
 Source0:        https://cpan.metacpan.org/authors/id/G/GB/GBARR/Convert-ASN1-%{version}.tar.gz
@@ -13,6 +13,9 @@ Patch0:         Convert-ASN1-0.27-Correct-shebangs-in-tests.patch
 # Allow running tests from a read-only location,
 # <https://github.com/gbarr/perl-Convert-ASN1/pull/40>
 Patch1:         Convert-ASN1-0.27-Use-temporary-output-files-for-tests.patch
+# Fix unsafe decoding in indef case,
+# <https://github.com/gbarr/perl-Convert-ASN1/pull/15>
+Patch2:         Convert-ASN1-0.27-CVE-2013-7488.patch
 BuildArch:      noarch
 BuildRequires:  coreutils
 BuildRequires:  make
@@ -38,6 +41,7 @@ BuildRequires:  perl(bytes)
 BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(IO::Socket)
 BuildRequires:  perl(Math::BigInt) >= 1.997
+BuildRequires:  perl(Test::More) >= 0.90
 %if %{with perl_Convert_ASN1_enables_optional_test}
 # Optional tests:
 BuildRequires:  perl(Data::Dumper)
@@ -72,9 +76,15 @@ with "%{_libexecdir}/%{name}/test".
 
 %prep
 %setup -q -n Convert-ASN1-%{version}
-%patch0 -p1
-%patch1 -p1
-chmod +x t/*.t
+%patch -P0 -p1
+%patch -P1 -p1
+%patch -P2 -p1
+
+# Help file to recognise the Perl scripts
+for F in t/*.t; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
@@ -86,13 +96,14 @@ mkdir -p %{buildroot}/%{_libexecdir}/%{name}
 cp -a t %{buildroot}/%{_libexecdir}/%{name}
 cat > %{buildroot}/%{_libexecdir}/%{name}/test << 'EOF'
 #!/bin/sh
-cd %{_libexecdir}/%{name} && exec prove -I . -j $(getconf _NPROCESSORS_ONLN)
+cd %{_libexecdir}/%{name} && exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
 EOF
 chmod +x %{buildroot}/%{_libexecdir}/%{name}/test
 %{_fixperms} %{buildroot}/*
 
 %check
 unset YYDEBUG
+export HARNESS_OPTIONS=j$(perl -e 'if ($ARGV[0] =~ /.*-j([0-9][0-9]*).*/) {print $1} else {print 1}' -- '%{?_smp_mflags}')
 make test
 
 %files
@@ -105,6 +116,9 @@ make test
 %{_libexecdir}/%{name}
 
 %changelog
+* Thu Dec 14 2023 Jitka Plesnikova <jplesnik@redhat.com> - 0.27-18
+- Fix unsafe decoding in indef case (CVE-2013-7488)
+
 * Tue Sep 17 2019 Petr Pisar <ppisar@redhat.com> - 0.27-17
 - Bump a release to replace the EPEL package (bug #1746898)