summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>2018-08-22 17:11:52 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-29 15:23:51 +0100
commit90cb0ee1c217a8eeaeccb237541dcc6fda057efc (patch)
tree4caaa5ad3d15dfd856f2619ff19510fb0df8c395
parent4f6ff3e60c132a5bf3633b8222ba2a9e003f8ebe (diff)
downloadpoky-90cb0ee1c217a8eeaeccb237541dcc6fda057efc.tar.gz
perl: CVE-2018-12015
Remove existing files before overwriting them Archive should extract only the latest same-named entry. Extracted regular file should not be writtent into existing block device (or any other one). https://rt.cpan.org/Ticket/Display.html?id=125523 Affects perl <= 5.26.2 (From OE-Core rev: ca005cd857f8e79b135c43526d5b792478a07eb3) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/perl/perl/CVE-2018-12015.patch48
-rw-r--r--meta/recipes-devtools/perl/perl_5.24.1.bb1
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch b/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
new file mode 100644
index 0000000000..a33deaff6a
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
@@ -0,0 +1,48 @@
1From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
3Date: Fri, 8 Jun 2018 11:45:40 +0100
4Subject: [PATCH] [PATCH] Remove existing files before overwriting them
5
6Archive should extract only the latest same-named entry.
7Extracted regular file should not be writtent into existing block
8device (or any other one).
9
10https://rt.cpan.org/Ticket/Display.html?id=125523
11
12CVE: CVE-2018-12015
13Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5]
14
15Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
16Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
17---
18 lib/Archive/Tar.pm | 14 ++++++++++++++
19 1 file changed, 14 insertions(+)
20
21diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
22index 6244369..a83975f 100644
23--- a/cpan/Archive-Tar/lib/Archive/Tar.pm
24+++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
25@@ -845,6 +845,20 @@ sub _extract_file {
26 return;
27 }
28
29+ ### If a file system already contains a block device with the same name as
30+ ### the being extracted regular file, we would write the file's content
31+ ### to the block device. So remove the existing file (block device) now.
32+ ### If an archive contains multiple same-named entries, the last one
33+ ### should replace the previous ones. So remove the old file now.
34+ ### If the old entry is a symlink to a file outside of the CWD, the new
35+ ### entry would create a file there. This is CVE-2018-12015
36+ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
37+ if (-l $full || -e _) {
38+ if (!unlink $full) {
39+ $self->_error( qq[Could not remove old file '$full': $!] );
40+ return;
41+ }
42+ }
43 if( length $entry->type && $entry->is_file ) {
44 my $fh = IO::File->new;
45 $fh->open( '>' . $full ) or (
46--
472.13.3
48
diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb
index bb18c6a36d..5fed8965c0 100644
--- a/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -70,6 +70,7 @@ SRC_URI += " \
70 file://CVE-2018-6798-2.patch \ 70 file://CVE-2018-6798-2.patch \
71 file://CVE-2018-6797.patch \ 71 file://CVE-2018-6797.patch \
72 file://CVE-2018-6913.patch \ 72 file://CVE-2018-6913.patch \
73 file://CVE-2018-12015.patch \
73" 74"
74 75
75# Fix test case issues 76# Fix test case issues