diff options
| author | Hongxu Jia <hongxu.jia@windriver.com> | 2014-07-01 15:51:53 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-07-08 11:20:12 +0100 |
| commit | e73deac6dc7861c64ced49d2a35f781d655db79a (patch) | |
| tree | df7352dd791d9714ef62d4a6a87b64e2a90903e2 /meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch | |
| parent | 93d77b6ca83e55f3ecbc09f5502d8ae928f2bd91 (diff) | |
| download | poky-e73deac6dc7861c64ced49d2a35f781d655db79a.tar.gz | |
perl, perl-native, perl-ptest: upgrade from 5.14.3 to 5.20.0
Changed:
- The Copying has no change, except the company address.
- pick patches from debian
http://ftp.de.debian.org/debian/pool/main/p/perl/perl_5.20.0-1.debian.tar.xz
- Not used by oe:
deprecate-with-apt.diff
patchlevel.diff
fakeroot.diff
- Create/Update perl-rdepends_${PV}.inc by the hardcode script;
- Update config.sh by:
1) Copy the Perl 5.20.0 source code onto your TARGET machine
linux qemuarm 3.14.5-yocto-standard from OE-Core rev:
f506d0660c9949485268a92724ac770b5457b0ca
2) Execute sh Configure as normal and configure as required,
do not "make";
3) Compare with the old config.sh files, and update;
- perl-ptest.inc
1) Copy the souce code to ptest since almost 112 test cases
failed with the reason that no souce code found;
2) Add two patches to fix test case issue;
- perl-native
Reference perl (5.20.0-1) in debian to update perl shared library headers
https://packages.debian.org/experimental/i386/perl/filelist
Obsolete:
- 09_fix_installperl.patch
The dead code was removed from installperl
http://perl5.git.perl.org/perl.git/commit/236818e0b9d9fe874831086b4d0b94dc6f245dfd
- perl-build-in-t-dir.patch
The upstream has fix it. The issue description:
Perl cannot cross build in a path containing a directory that has the
name of "t". As an example, you can make the perl build fail with
"mkdir -p /tmp/build/t", go to the directory, unpack the sources,
configure and cross build.
- 0001-Fix-misparsing-of-maketext-strings.patch
as they are part of the upstream code now:
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
- 0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch
the hash function changed:
http://perl5.git.perl.org/perl.git/commit/7dc8663964c66a698d31bbdc8e8abed69bddeec3
(From OE-Core rev: c7ac82415efc42ff7a93c6df163f88f2dde00d26)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch')
| -rw-r--r-- | meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch b/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch new file mode 100644 index 0000000000..e0dcf412bb --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | perl:fix for CVE-2010-4777 | ||
| 2 | |||
| 3 | Upstream-Status: Backport | ||
| 4 | |||
| 5 | The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, | ||
| 6 | 5.14.0, and other versions, when running with debugging enabled, | ||
| 7 | allows context-dependent attackers to cause a denial of service | ||
| 8 | (assertion failure and application exit) via crafted input that | ||
| 9 | is not properly handled when using certain regular expressions, | ||
| 10 | as demonstrated by causing SpamAssassin and OCSInventory to | ||
| 11 | crash. | ||
| 12 | |||
| 13 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 | ||
| 14 | |||
| 15 | Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> | ||
| 16 | --- a/regcomp.c | ||
| 17 | +++ b/regcomp.c | ||
| 18 | @@ -11868,8 +11868,25 @@ Perl_save_re_context(pTHX) | ||
| 19 | |||
| 20 | if (gvp) { | ||
| 21 | GV * const gv = *gvp; | ||
| 22 | - if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) | ||
| 23 | - save_scalar(gv); | ||
| 24 | + if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) { | ||
| 25 | + /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */ | ||
| 26 | + SV ** const sptr = &GvSVn(gv); | ||
| 27 | + SV * osv = *sptr; | ||
| 28 | + SV * nsv = newSV(0); | ||
| 29 | + save_pushptrptr(SvREFCNT_inc_simple(gv), | ||
| 30 | + SvREFCNT_inc(osv), SAVEt_SV); | ||
| 31 | + if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) && | ||
| 32 | + SvTYPE(osv) != SVt_PVGV) { | ||
| 33 | + if (SvGMAGICAL(osv)) { | ||
| 34 | + const bool oldtainted = PL_tainted; | ||
| 35 | + SvFLAGS(osv) |= (SvFLAGS(osv) & | ||
| 36 | + (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT; | ||
| 37 | + PL_tainted = oldtainted; | ||
| 38 | + } | ||
| 39 | + mg_localize(osv, nsv, 1); | ||
| 40 | + } | ||
| 41 | + *sptr = nsv; | ||
| 42 | + } | ||
| 43 | } | ||
| 44 | } | ||
| 45 | } | ||