修复漏洞：CVE-2014-10402

debian/changelog

@@ -1,3 +1,9 @@
+libdbi-perl (1.643-ok2) yangtze; urgency=medium
+
+  * 修复漏洞：CVE-2014-10402
+
+ -- lvzhaoxuan <lvzhaoxuan@bupt.edu.cn>  Thu, 16 Mar 2023 16:35:18 +0800
+
 libdbi-perl (1.643-ok1) yangtze; urgency=medium
 
   * Build for openkylin.

debian/patches/0001-CVE-2014-10402.patch

@@ -0,0 +1,33 @@
+From: kuaileqi <jianghongpu1029@bupt.edu.cn>
+Date: Thu, 16 Mar 2023 16:36:22 +0800
+Subject: =?utf-8?b?5L+u5aSN5ryP5rSe77yaQ1ZFLTIwMTQtMTA0MDI=?=
+
+---
+ lib/DBD/File.pm | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm
+index dd4312b..f53c3c3 100644
+--- a/lib/DBD/File.pm
++++ b/lib/DBD/File.pm
+@@ -109,7 +109,11 @@ sub connect
+     # We do not (yet) care about conflicting attributes here
+     # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" });
+     # will test here that both test and text should exist
+-    if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) {
++    #
++    # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter.
++    if ($dbname) {
++	my @attrs = split /;/ => $dbname;
++	my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs };
+ 	if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) {
+ 	    my $msg = "No such directory '$attr_hash->{f_dir}";
+ 	    $drh->set_err (2, $msg);
+@@ -120,7 +124,6 @@ sub connect
+     if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) {
+ 	my $msg = "No such directory '$attr->{f_dir}";
+ 	$drh->set_err (2, $msg);
+-	$attr->{RaiseError} and croak $msg;
+ 	return;
+ 	}
+ 

debian/patches/series

@@ -0,0 +1 @@
+0001-CVE-2014-10402.patch