diff options
| author | Aníbal Limón <anibal.limon@linux.intel.com> | 2016-11-24 15:06:04 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-30 15:48:08 +0000 |
| commit | 066ac716e397e685e429095e2899227c89852122 (patch) | |
| tree | 090b2c3b91bcf69d85e281ed7072c0554a282515 /meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch | |
| parent | 50f5c4e9113513bf63e5adf77f091d8bf5831fc4 (diff) | |
| download | poky-066ac716e397e685e429095e2899227c89852122.tar.gz | |
perl: Upgrade to 5.24.0
Configuration changes,
Simple changes was made to bump version and api version, related to
floating point handling now the configuration needs the inf, mantisa
and nan bytes.
The new version comes with the support of API calls like memmem and
{new,free,use}locale also structure for handle siginfo supported by
glibc and musl.
Finally use64bit{int, all} was disable because the previous
configure_args don't come with them and cases some tests to fail
related to bignum's and shared memory respectively. This doesn't
means that perl couldn't use 64-bit data types, it means that don't
stores by default into a 64 bit that is good for embedded space
purposes.
Modules changes,
Some core modules are now deprecated in order to use the core ones
like version-vpp and version-regex inside module-extutils-makemaker.
For full review see perl-rdepends.inc file.
Patches rebased,
- perl/debian/errno_ver.diff
- perl/dynaloaderhack.patch
- perl/Makefile.SH.patch
- perl/config.s
- perl/dynaloaderhack.patch
- perl/perl-test-customized.patch
Patches removed, comes with the upgrade now:
- perl/perl-remove-nm-from-libswanted.patch
- perl/perl-fix-CVE-2015-8607.patch
- perl/perl-fix-CVE-2016-2381.patch
Test,
The upgrade was test using ptest the suite is fixed now.
The pod2man and pod2text installation required now for some tests.
Buildhistory was use to review the changes and only diff changes
related to modules commented above.
(From OE-Core rev: add5e5982f010e13e3ad25690f01d5e4e391daf9)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch')
| -rw-r--r-- | meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch deleted file mode 100644 index 7b4a0015cb..0000000000 --- a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch +++ /dev/null | |||
| @@ -1,74 +0,0 @@ | |||
| 1 | From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Tony Cook <tony@develop-help.com> | ||
| 3 | Date: Tue, 15 Dec 2015 10:56:54 +1100 | ||
| 4 | Subject: [PATCH] perl: fix CVE-2015-8607 | ||
| 5 | |||
| 6 | ensure File::Spec::canonpath() preserves taint | ||
| 7 | |||
| 8 | Previously the unix specific XS implementation of canonpath() would | ||
| 9 | return an untainted path when supplied a tainted path. | ||
| 10 | |||
| 11 | For the empty string case, newSVpvs() already sets taint as needed on | ||
| 12 | its result. | ||
| 13 | |||
| 14 | This issue was assigned CVE-2015-8607. [perl #126862] | ||
| 15 | |||
| 16 | Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd | ||
| 17 | |||
| 18 | Upstream-Status: Backport | ||
| 19 | CVE: CVE-2015-8607 | ||
| 20 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> | ||
| 21 | --- | ||
| 22 | dist/PathTools/Cwd.xs | 1 + | ||
| 23 | dist/PathTools/t/taint.t | 19 ++++++++++++++++++- | ||
| 24 | 2 files changed, 19 insertions(+), 1 deletion(-) | ||
| 25 | |||
| 26 | diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs | ||
| 27 | index 9d4dcf0..3d018dc 100644 | ||
| 28 | --- a/dist/PathTools/Cwd.xs | ||
| 29 | +++ b/dist/PathTools/Cwd.xs | ||
| 30 | @@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) | ||
| 31 | *o = 0; | ||
| 32 | SvPOK_on(retval); | ||
| 33 | SvCUR_set(retval, o - SvPVX(retval)); | ||
| 34 | + SvTAINT(retval); | ||
| 35 | return retval; | ||
| 36 | } | ||
| 37 | |||
| 38 | diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t | ||
| 39 | index 309b3e5..48f8c5b 100644 | ||
| 40 | --- a/dist/PathTools/t/taint.t | ||
| 41 | +++ b/dist/PathTools/t/taint.t | ||
| 42 | @@ -12,7 +12,7 @@ use Test::More; | ||
| 43 | BEGIN { | ||
| 44 | plan( | ||
| 45 | ${^TAINT} | ||
| 46 | - ? (tests => 17) | ||
| 47 | + ? (tests => 21) | ||
| 48 | : (skip_all => "A perl without taint support") | ||
| 49 | ); | ||
| 50 | } | ||
| 51 | @@ -34,3 +34,20 @@ foreach my $func (@Functions) { | ||
| 52 | |||
| 53 | # Previous versions of Cwd tainted $^O | ||
| 54 | is !tainted($^O), 1, "\$^O should not be tainted"; | ||
| 55 | + | ||
| 56 | +{ | ||
| 57 | + # [perl #126862] canonpath() loses taint | ||
| 58 | + my $tainted = substr($ENV{PATH}, 0, 0); | ||
| 59 | + # yes, getcwd()'s result should be tainted, and is tested above | ||
| 60 | + # but be sure | ||
| 61 | + ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), | ||
| 62 | + "canonpath() keeps taint on non-empty string"; | ||
| 63 | + ok tainted(File::Spec->canonpath($tainted)), | ||
| 64 | + "canonpath() keeps taint on empty string"; | ||
| 65 | + | ||
| 66 | + (Cwd::getcwd() =~ /^(.*)/); | ||
| 67 | + my $untainted = $1; | ||
| 68 | + ok !tainted($untainted), "make sure our untainted value is untainted"; | ||
| 69 | + ok !tainted(File::Spec->canonpath($untainted)), | ||
| 70 | + "canonpath() doesn't add taint to untainted string"; | ||
| 71 | +} | ||
| 72 | -- | ||
| 73 | 2.8.1 | ||
| 74 | |||