perl: fix for CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 (From OE-Core rev: 368df9f13ddf124e6aaaec06c02ab698c9e0b6c3) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: yanjun.zhu <yanjun.zhu@windriver.com> 2014-05-20 09:27:47 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-05-27 16:11:54 +0100
commit: 284a9b5f6bd35fec5db8854ca1c8af52e02a1542 (patch)
tree: 28376807016a4c00cbfcc4a894d6753f61770e0a /meta/recipes-devtools/perl/perl-native_5.14.3.bb
parent: c8645caf56228da1bd4f448dbf90066911a1c59d (diff)
download: poky-284a9b5f6bd35fec5db8854ca1c8af52e02a1542.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-devtools/perl/perl-native_5.14.3.bb b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
index 2ef0a5135c..c38be41d49 100644
--- a/meta/recipes-devtools/perl/perl-native_5.14.3.bb
+++ b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
@@ -17,7 +17,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
           file://MM_Unix.pm.patch \
           file://debian/errno_ver.diff \
           file://dynaloaderhack.patch \
-           file://perl-build-in-t-dir.patch"
+           file://perl-build-in-t-dir.patch \
+           file://perl-5.14.3-fix-CVE-2010-4777.patch "
 SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"
 SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"
author	yanjun.zhu <yanjun.zhu@windriver.com>	2014-05-20 09:27:47 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-27 16:11:54 +0100
commit	284a9b5f6bd35fec5db8854ca1c8af52e02a1542 (patch)
tree	28376807016a4c00cbfcc4a894d6753f61770e0a /meta/recipes-devtools/perl/perl-native_5.14.3.bb
parent	c8645caf56228da1bd4f448dbf90066911a1c59d (diff)
download	poky-284a9b5f6bd35fec5db8854ca1c8af52e02a1542.tar.gz

diff --git a/meta/recipes-devtools/perl/perl-native_5.14.3.bb b/meta/recipes-devtools/perl/perl-native_5.14.3.bb index 2ef0a5135c..c38be41d49 100644 --- a/meta/recipes-devtools/perl/perl-native_5.14.3.bb +++ b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
@@ -17,7 +17,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
17	file://MM_Unix.pm.patch \	17	file://MM_Unix.pm.patch \
18	file://debian/errno_ver.diff \	18	file://debian/errno_ver.diff \
19	file://dynaloaderhack.patch \	19	file://dynaloaderhack.patch \
20	file://perl-build-in-t-dir.patch"	20	file://perl-build-in-t-dir.patch \
		21	file://perl-5.14.3-fix-CVE-2010-4777.patch "
21		22
22	SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"	23	SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"
23	SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"	24	SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"