diff options
| author | Soumya <soumya.sambu@windriver.com> | 2023-06-12 03:47:36 +0000 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-06-15 09:53:38 +0100 |
| commit | ce01aa37bfb1efc0fbed084af071531b2d3aa80c (patch) | |
| tree | 621ba30bbda8717e35b73ecc7233733847712588 | |
| parent | c26f00fdfa296db92f8a4e3e9e3cd28604d1e93f (diff) | |
| download | poky-ce01aa37bfb1efc0fbed084af071531b2d3aa80c.tar.gz | |
perl: fix CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
(From OE-Core rev: c87f6b088105676cd2e6216b1a9c62e7e754347c)
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/perl/files/CVE-2023-31484.patch | 29 | ||||
| -rw-r--r-- | meta/recipes-devtools/perl/perl_5.36.1.bb | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch new file mode 100644 index 0000000000..9a9117c53a --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Stig Palmquist <git@stig.io> | ||
| 3 | Date: Tue, 28 Feb 2023 11:54:06 +0100 | ||
| 4 | Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server | ||
| 5 | identity | ||
| 6 | |||
| 7 | CVE: CVE-2023-31484 | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0] | ||
| 10 | |||
| 11 | Signed-off-by: Soumya <soumya.sambu@windriver.com> | ||
| 12 | --- | ||
| 13 | cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 + | ||
| 14 | 1 file changed, 1 insertion(+) | ||
| 15 | |||
| 16 | diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm | ||
| 17 | index 4fc792c..a616fee 100644 | ||
| 18 | --- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm | ||
| 19 | +++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm | ||
| 20 | @@ -32,6 +32,7 @@ sub mirror { | ||
| 21 | |||
| 22 | my $want_proxy = $self->_want_proxy($uri); | ||
| 23 | my $http = HTTP::Tiny->new( | ||
| 24 | + verify_SSL => 1, | ||
| 25 | $want_proxy ? (proxy => $self->{proxy}) : () | ||
| 26 | ); | ||
| 27 | |||
| 28 | -- | ||
| 29 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/perl/perl_5.36.1.bb b/meta/recipes-devtools/perl/perl_5.36.1.bb index f7d66e6ed9..3db1d9c6ae 100644 --- a/meta/recipes-devtools/perl/perl_5.36.1.bb +++ b/meta/recipes-devtools/perl/perl_5.36.1.bb | |||
| @@ -17,6 +17,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ | |||
| 17 | file://0002-Constant-Fix-up-shebang.patch \ | 17 | file://0002-Constant-Fix-up-shebang.patch \ |
| 18 | file://determinism.patch \ | 18 | file://determinism.patch \ |
| 19 | file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ | 19 | file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ |
| 20 | file://CVE-2023-31484.patch \ | ||
| 20 | " | 21 | " |
| 21 | SRC_URI:append:class-native = " \ | 22 | SRC_URI:append:class-native = " \ |
| 22 | file://perl-configpm-switch.patch \ | 23 | file://perl-configpm-switch.patch \ |