summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKang Kai <kai.kang@windriver.com>2013-01-24 08:58:15 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-03-01 15:38:48 (GMT)
commita54d4ae89e0b92c413de7e8e1f52eb50ccdf192b (patch)
tree2e63ec3524df948ecd141bb2920bd4cc45aa16c0
parent8cb87526627b9820a9be5698c084df788a433a7b (diff)
downloadpoky-a54d4ae89e0b92c413de7e8e1f52eb50ccdf192b.tar.gz
perl: fix security issue
Add perl-fix-CVE-2012-5195.patch to fix perl memory exhaustion denial-of-service attack issue. And patch is from perl 5.14.3 branch: http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e [Yocto 3701] (From OE-Core rev: b4799833d26eacf60a7590bc5770b3715389fe66) Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch41
-rw-r--r--meta/recipes-devtools/perl/perl_5.14.2.bb3
2 files changed, 43 insertions, 1 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
new file mode 100644
index 0000000..da96f9c
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
@@ -0,0 +1,41 @@
1Upstream-Status: Backport
2
3This patch is from perl mainline:
4http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
5
6Signed-off-by: Kang Kai <kai.kang@windriver.com>
7
8---
9From b675304e3fdbcce3ef853b06b6ebe870d99faa7e Mon Sep 17 00:00:00 2001
10From: Andy Dougherty <doughera@lafayette.edu>
11Date: Thu, 27 Sep 2012 09:52:18 -0400
12Subject: [PATCH] avoid calling memset with a negative count
13
14Poorly written perl code that allows an attacker to specify the count to
15perl's 'x' string repeat operator can already cause a memory exhaustion
16denial-of-service attack. A flaw in versions of perl before 5.15.5 can
17escalate that into a heap buffer overrun; coupled with versions of glibc
18before 2.16, it possibly allows the execution of arbitrary code.
19
20The flaw addressed to this commit has been assigned identifier
21CVE-2012-5195.
22---
23 util.c | 3 +++
24 1 files changed, 3 insertions(+), 0 deletions(-)
25
26diff --git a/util.c b/util.c
27index 0ea39c6..230211e 100644
28--- a/util.c
29+++ b/util.c
30@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
31 {
32 PERL_ARGS_ASSERT_REPEATCPY;
33
34+ if (count < 0)
35+ Perl_croak_nocontext("%s",PL_memory_wrap);
36+
37 if (len == 1)
38 memset(to, *from, count);
39 else if (count) {
40--
411.7.4.1
diff --git a/meta/recipes-devtools/perl/perl_5.14.2.bb b/meta/recipes-devtools/perl/perl_5.14.2.bb
index d9206d8..d3f6ffd 100644
--- a/meta/recipes-devtools/perl/perl_5.14.2.bb
+++ b/meta/recipes-devtools/perl/perl_5.14.2.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=2b4c6ffbcfcbdee469f02565f253d81a \
7# We need gnugrep (for -I) 7# We need gnugrep (for -I)
8DEPENDS = "virtual/db grep-native" 8DEPENDS = "virtual/db grep-native"
9DEPENDS += "gdbm zlib" 9DEPENDS += "gdbm zlib"
10PR = "r11" 10PR = "r12"
11 11
12# 5.10.1 has Module::Build built-in 12# 5.10.1 has Module::Build built-in
13PROVIDES += "libmodule-build-perl" 13PROVIDES += "libmodule-build-perl"
@@ -67,6 +67,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
67 file://fix_bad_rpath.patch \ 67 file://fix_bad_rpath.patch \
68 file://perl-build-in-t-dir.patch \ 68 file://perl-build-in-t-dir.patch \
69 file://perl-archlib-exp.patch \ 69 file://perl-archlib-exp.patch \
70 file://perl-fix-CVE-2012-5195.patch \
70 \ 71 \
71 file://config.sh \ 72 file://config.sh \
72 file://config.sh-32 \ 73 file://config.sh-32 \