diff options
author | Ross Burton <ross.burton@intel.com> | 2013-04-29 15:25:02 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-29 18:00:00 +0100 |
commit | 23f366384277cb2cdd5ce952cb0af44c54179a1d (patch) | |
tree | 160678c5f9d21736550edda605e036e31e89f32b /meta/recipes-devtools/perl | |
parent | 2cc162ac12db6f5c36e3bed96de87f12b4a6e22a (diff) | |
download | poky-23f366384277cb2cdd5ce952cb0af44c54179a1d.tar.gz |
perl: fix CVE-2012-6329
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6329:
"The _compile function in Maketext.pm in the Locale::Maketext implementation in
Perl before 5.17.7 does not properly handle backslashes and fully qualified
method names during compilation of bracket notation, which allows
context-dependent attackers to execute arbitrary commands via crafted input to
an application."
Patches taken from upstream git.
(From OE-Core rev: b585a50b7bd735c3092af9477af263c13c853d32)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/perl')
-rw-r--r-- | meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch | 71 | ||||
-rw-r--r-- | meta/recipes-devtools/perl/perl_5.14.2.bb | 1 |
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch b/meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch new file mode 100644 index 0000000000..b9e2a4379b --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | Upstream-Status: Backport | ||
2 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
3 | |||
4 | From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001 | ||
5 | From: Brian Carlson <brian.carlson@cpanel.net> | ||
6 | Date: Wed, 28 Nov 2012 08:54:33 -0500 | ||
7 | Subject: [PATCH] Fix misparsing of maketext strings. | ||
8 | |||
9 | Case 61251: This commit fixes a misparse of maketext strings that could | ||
10 | lead to arbitrary code execution. Basically, maketext was compiling | ||
11 | bracket notation into functions, but neglected to escape backslashes | ||
12 | inside the content or die on fully-qualified method names when | ||
13 | generating the code. This change escapes all such backslashes and dies | ||
14 | when a method name with a colon or apostrophe is specified. | ||
15 | --- | ||
16 | AUTHORS | 1 + | ||
17 | dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++---------------- | ||
18 | 2 files changed, 9 insertions(+), 16 deletions(-) | ||
19 | |||
20 | diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm | ||
21 | index 4822027..63e5fba 100644 | ||
22 | --- a/dist/Locale-Maketext/lib/Locale/Maketext.pm | ||
23 | +++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm | ||
24 | @@ -625,21 +625,9 @@ sub _compile { | ||
25 | # 0-length method name means to just interpolate: | ||
26 | push @code, ' ('; | ||
27 | } | ||
28 | - elsif($m =~ /^\w+(?:\:\:\w+)*$/s | ||
29 | - and $m !~ m/(?:^|\:)\d/s | ||
30 | - # exclude starting a (sub)package or symbol with a digit | ||
31 | + elsif($m =~ /^\w+$/s | ||
32 | + # exclude anything fancy, especially fully-qualified module names | ||
33 | ) { | ||
34 | - # Yes, it even supports the demented (and undocumented?) | ||
35 | - # $obj->Foo::bar(...) syntax. | ||
36 | - $target->_die_pointing( | ||
37 | - $string_to_compile, q{Can't use "SUPER::" in a bracket-group method}, | ||
38 | - 2 + length($c[-1]) | ||
39 | - ) | ||
40 | - if $m =~ m/^SUPER::/s; | ||
41 | - # Because for SUPER:: to work, we'd have to compile this into | ||
42 | - # the right package, and that seems just not worth the bother, | ||
43 | - # unless someone convinces me otherwise. | ||
44 | - | ||
45 | push @code, ' $_[0]->' . $m . '('; | ||
46 | } | ||
47 | else { | ||
48 | @@ -693,7 +681,9 @@ sub _compile { | ||
49 | elsif(substr($1,0,1) ne '~') { | ||
50 | # it's stuff not containing "~" or "[" or "]" | ||
51 | # i.e., a literal blob | ||
52 | - $c[-1] .= $1; | ||
53 | + my $text = $1; | ||
54 | + $text =~ s/\\/\\\\/g; | ||
55 | + $c[-1] .= $text; | ||
56 | |||
57 | } | ||
58 | elsif($1 eq '~~') { # "~~" | ||
59 | @@ -731,7 +721,9 @@ sub _compile { | ||
60 | else { | ||
61 | # It's a "~X" where X is not a special character. | ||
62 | # Consider it a literal ~ and X. | ||
63 | - $c[-1] .= $1; | ||
64 | + my $text = $1; | ||
65 | + $text =~ s/\\/\\\\/g; | ||
66 | + $c[-1] .= $text; | ||
67 | } | ||
68 | } | ||
69 | } | ||
70 | -- | ||
71 | 1.7.4.1 | ||
diff --git a/meta/recipes-devtools/perl/perl_5.14.2.bb b/meta/recipes-devtools/perl/perl_5.14.2.bb index dc45bca52e..5e17661507 100644 --- a/meta/recipes-devtools/perl/perl_5.14.2.bb +++ b/meta/recipes-devtools/perl/perl_5.14.2.bb | |||
@@ -68,6 +68,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \ | |||
68 | file://perl-build-in-t-dir.patch \ | 68 | file://perl-build-in-t-dir.patch \ |
69 | file://perl-archlib-exp.patch \ | 69 | file://perl-archlib-exp.patch \ |
70 | file://perl-fix-CVE-2012-5195.patch \ | 70 | file://perl-fix-CVE-2012-5195.patch \ |
71 | file://cve-2012-6329.patch \ | ||
71 | \ | 72 | \ |
72 | file://config.sh \ | 73 | file://config.sh \ |
73 | file://config.sh-32 \ | 74 | file://config.sh-32 \ |