summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMingli Yu <Mingli.Yu@windriver.com>2016-09-21 09:47:32 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-10-06 07:51:17 (GMT)
commit84997c7f212ec63f7368707354f16c74cecf9e1a (patch)
tree9bc8e3e628ad73979fa90c71a7c9165e94ce3e40
parente26f842287026e70ac0f3b2f6ef1ff447243274a (diff)
downloadpoky-84997c7f212ec63f7368707354f16c74cecf9e1a.tar.gz
perl: fix CVE-2015-8607
Backport patch to fix CVE-2015-8607 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd (From OE-Core rev: e2289647ace9ef96e6a7e4aae201fd9149e56678) (From OE-Core rev: d0451b2ed92867a0a2c37baded45cff997739153) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> fixed up to apply to 5.22.0 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch74
-rw-r--r--meta/recipes-devtools/perl/perl_5.22.0.bb1
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch
new file mode 100644
index 0000000..7b4a001
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch
@@ -0,0 +1,74 @@
1From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001
2From: Tony Cook <tony@develop-help.com>
3Date: Tue, 15 Dec 2015 10:56:54 +1100
4Subject: [PATCH] perl: fix CVE-2015-8607
5
6ensure File::Spec::canonpath() preserves taint
7
8Previously the unix specific XS implementation of canonpath() would
9return an untainted path when supplied a tainted path.
10
11For the empty string case, newSVpvs() already sets taint as needed on
12its result.
13
14This issue was assigned CVE-2015-8607. [perl #126862]
15
16Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
17
18Upstream-Status: Backport
19CVE: CVE-2015-8607
20Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
21---
22 dist/PathTools/Cwd.xs | 1 +
23 dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
24 2 files changed, 19 insertions(+), 1 deletion(-)
25
26diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
27index 9d4dcf0..3d018dc 100644
28--- a/dist/PathTools/Cwd.xs
29+++ b/dist/PathTools/Cwd.xs
30@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
31 *o = 0;
32 SvPOK_on(retval);
33 SvCUR_set(retval, o - SvPVX(retval));
34+ SvTAINT(retval);
35 return retval;
36 }
37
38diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
39index 309b3e5..48f8c5b 100644
40--- a/dist/PathTools/t/taint.t
41+++ b/dist/PathTools/t/taint.t
42@@ -12,7 +12,7 @@ use Test::More;
43 BEGIN {
44 plan(
45 ${^TAINT}
46- ? (tests => 17)
47+ ? (tests => 21)
48 : (skip_all => "A perl without taint support")
49 );
50 }
51@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
52
53 # Previous versions of Cwd tainted $^O
54 is !tainted($^O), 1, "\$^O should not be tainted";
55+
56+{
57+ # [perl #126862] canonpath() loses taint
58+ my $tainted = substr($ENV{PATH}, 0, 0);
59+ # yes, getcwd()'s result should be tainted, and is tested above
60+ # but be sure
61+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
62+ "canonpath() keeps taint on non-empty string";
63+ ok tainted(File::Spec->canonpath($tainted)),
64+ "canonpath() keeps taint on empty string";
65+
66+ (Cwd::getcwd() =~ /^(.*)/);
67+ my $untainted = $1;
68+ ok !tainted($untainted), "make sure our untainted value is untainted";
69+ ok !tainted(File::Spec->canonpath($untainted)),
70+ "canonpath() doesn't add taint to untainted string";
71+}
72--
732.8.1
74
diff --git a/meta/recipes-devtools/perl/perl_5.22.0.bb b/meta/recipes-devtools/perl/perl_5.22.0.bb
index 08159b1..ff82b80 100644
--- a/meta/recipes-devtools/perl/perl_5.22.0.bb
+++ b/meta/recipes-devtools/perl/perl_5.22.0.bb
@@ -36,6 +36,7 @@ SRC_URI += " \
36 file://debian/regen-skip.diff \ 36 file://debian/regen-skip.diff \
37 file://perl-fix-CVE-2016-2381.patch \ 37 file://perl-fix-CVE-2016-2381.patch \
38 file://perl-fix-CVE-2016-6185.patch \ 38 file://perl-fix-CVE-2016-6185.patch \
39 file://perl-fix-CVE-2015-8607.patch \
39" 40"
40 41
41SRC_URI += " \ 42SRC_URI += " \