diff options
author | Mingli Yu <Mingli.Yu@windriver.com> | 2016-09-21 17:47:32 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-22 11:13:24 +0100 |
commit | f5b1cd0e820cda688c217321822c3259f1d0a7d5 (patch) | |
tree | 78db54ef2b16556200b5f94cb581a951b4501deb | |
parent | c27660df4038a82d5174f1120e3cac45a1db67ea (diff) | |
download | poky-f5b1cd0e820cda688c217321822c3259f1d0a7d5.tar.gz |
perl: fix CVE-2015-8607
Backport patch to fix CVE-2015-8607 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
(From OE-Core rev: e2289647ace9ef96e6a7e4aae201fd9149e56678)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch | 74 | ||||
-rw-r--r-- | meta/recipes-devtools/perl/perl_5.22.1.bb | 1 |
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch new file mode 100644 index 0000000000..7b4a0015cb --- /dev/null +++ b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch | |||
@@ -0,0 +1,74 @@ | |||
1 | From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001 | ||
2 | From: Tony Cook <tony@develop-help.com> | ||
3 | Date: Tue, 15 Dec 2015 10:56:54 +1100 | ||
4 | Subject: [PATCH] perl: fix CVE-2015-8607 | ||
5 | |||
6 | ensure File::Spec::canonpath() preserves taint | ||
7 | |||
8 | Previously the unix specific XS implementation of canonpath() would | ||
9 | return an untainted path when supplied a tainted path. | ||
10 | |||
11 | For the empty string case, newSVpvs() already sets taint as needed on | ||
12 | its result. | ||
13 | |||
14 | This issue was assigned CVE-2015-8607. [perl #126862] | ||
15 | |||
16 | Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | CVE: CVE-2015-8607 | ||
20 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> | ||
21 | --- | ||
22 | dist/PathTools/Cwd.xs | 1 + | ||
23 | dist/PathTools/t/taint.t | 19 ++++++++++++++++++- | ||
24 | 2 files changed, 19 insertions(+), 1 deletion(-) | ||
25 | |||
26 | diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs | ||
27 | index 9d4dcf0..3d018dc 100644 | ||
28 | --- a/dist/PathTools/Cwd.xs | ||
29 | +++ b/dist/PathTools/Cwd.xs | ||
30 | @@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) | ||
31 | *o = 0; | ||
32 | SvPOK_on(retval); | ||
33 | SvCUR_set(retval, o - SvPVX(retval)); | ||
34 | + SvTAINT(retval); | ||
35 | return retval; | ||
36 | } | ||
37 | |||
38 | diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t | ||
39 | index 309b3e5..48f8c5b 100644 | ||
40 | --- a/dist/PathTools/t/taint.t | ||
41 | +++ b/dist/PathTools/t/taint.t | ||
42 | @@ -12,7 +12,7 @@ use Test::More; | ||
43 | BEGIN { | ||
44 | plan( | ||
45 | ${^TAINT} | ||
46 | - ? (tests => 17) | ||
47 | + ? (tests => 21) | ||
48 | : (skip_all => "A perl without taint support") | ||
49 | ); | ||
50 | } | ||
51 | @@ -34,3 +34,20 @@ foreach my $func (@Functions) { | ||
52 | |||
53 | # Previous versions of Cwd tainted $^O | ||
54 | is !tainted($^O), 1, "\$^O should not be tainted"; | ||
55 | + | ||
56 | +{ | ||
57 | + # [perl #126862] canonpath() loses taint | ||
58 | + my $tainted = substr($ENV{PATH}, 0, 0); | ||
59 | + # yes, getcwd()'s result should be tainted, and is tested above | ||
60 | + # but be sure | ||
61 | + ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), | ||
62 | + "canonpath() keeps taint on non-empty string"; | ||
63 | + ok tainted(File::Spec->canonpath($tainted)), | ||
64 | + "canonpath() keeps taint on empty string"; | ||
65 | + | ||
66 | + (Cwd::getcwd() =~ /^(.*)/); | ||
67 | + my $untainted = $1; | ||
68 | + ok !tainted($untainted), "make sure our untainted value is untainted"; | ||
69 | + ok !tainted(File::Spec->canonpath($untainted)), | ||
70 | + "canonpath() doesn't add taint to untainted string"; | ||
71 | +} | ||
72 | -- | ||
73 | 2.8.1 | ||
74 | |||
diff --git a/meta/recipes-devtools/perl/perl_5.22.1.bb b/meta/recipes-devtools/perl/perl_5.22.1.bb index 33cad9efec..b904674d69 100644 --- a/meta/recipes-devtools/perl/perl_5.22.1.bb +++ b/meta/recipes-devtools/perl/perl_5.22.1.bb | |||
@@ -67,6 +67,7 @@ SRC_URI += " \ | |||
67 | file://perl-test-customized.patch \ | 67 | file://perl-test-customized.patch \ |
68 | file://perl-fix-CVE-2016-2381.patch \ | 68 | file://perl-fix-CVE-2016-2381.patch \ |
69 | file://perl-fix-CVE-2016-6185.patch \ | 69 | file://perl-fix-CVE-2016-6185.patch \ |
70 | file://perl-fix-CVE-2015-8607.patch \ | ||
70 | " | 71 | " |
71 | 72 | ||
72 | # Fix test case issues | 73 | # Fix test case issues |