summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2018-04-21 15:14:05 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-05-03 09:53:49 +0100
commit701cc0009f690a4d1eb12a47e3116f81d0c4b732 (patch)
treef214153f6227af2245a16235c6048f40062f691b /meta/recipes-devtools
parent0d0ca4211e500a292bc8908d18b658b7bb310e05 (diff)
downloadpoky-701cc0009f690a4d1eb12a47e3116f81d0c4b732.tar.gz
perl: Security fix CVE-2017-12883
Affects: Perl < 5.24.3-rc1 and 5.26.x before 5.26.1-RC1 (From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/perl/perl/CVE-2017-12883.patch44
-rw-r--r--meta/recipes-devtools/perl/perl_5.24.1.bb1
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
new file mode 100644
index 0000000000..5c1805f9e7
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
@@ -0,0 +1,44 @@
1From 40b3cdad3649334585cee8f4630ec9a025e62be6 Mon Sep 17 00:00:00 2001
2From: Karl Williamson <khw@cpan.org>
3Date: Fri, 25 Aug 2017 11:33:58 -0600
4Subject: [PATCH] PATCH: [perl #131598]
5
6The cause of this is that the vFAIL macro uses RExC_parse, and that
7variable has just been changed in preparation for code after the vFAIL.
8The solution is to not change RExC_parse until after the vFAIL.
9
10This is a case where the macro hides stuff that can bite you.
11
12(cherry picked from commit 2be4edede4ae226e2eebd4eff28cedd2041f300f)
13
14Upstream-Status: Backport
15CVE: CVE-2017-12833
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 regcomp.c | 6 ++++--
20 1 file changed, 4 insertions(+), 2 deletions(-)
21
22Index: perl-5.24.1/regcomp.c
23===================================================================
24--- perl-5.24.1.orig/regcomp.c
25+++ perl-5.24.1/regcomp.c
26@@ -11918,14 +11918,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
27 }
28 sv_catpv(substitute_parse, ")");
29
30- RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse,
31- len);
32+ len = SvCUR(substitute_parse);
33
34 /* Don't allow empty number */
35 if (len < (STRLEN) 8) {
36 RExC_parse = endbrace;
37 vFAIL("Invalid hexadecimal number in \\N{U+...}");
38 }
39+
40+ RExC_parse = RExC_start = RExC_adjusted_start
41+ = SvPV_nolen(substitute_parse);
42 RExC_end = RExC_parse + len;
43
44 /* The values are Unicode, and therefore not subject to recoding, but
diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb
index 8c5dd82207..243422fcfb 100644
--- a/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,7 @@ SRC_URI += " \
66 file://perl-fix-conflict-between-skip_all-and-END.patch \ 66 file://perl-fix-conflict-between-skip_all-and-END.patch \
67 file://perl-test-customized.patch \ 67 file://perl-test-customized.patch \
68 file://perl-5.26.1-guard_old_libcrypt_fix.patch \ 68 file://perl-5.26.1-guard_old_libcrypt_fix.patch \
69 file://CVE-2017-12883.patch \
69" 70"
70 71
71# Fix test case issues 72# Fix test case issues