perl: Security fix CVE-2017-12883

Affects: Perl < 5.24.3-rc1 and 5.26.x before 5.26.1-RC1 (From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2018-04-21 15:14:05 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-03 09:53:49 +0100
commit: 701cc0009f690a4d1eb12a47e3116f81d0c4b732 (patch)
tree: f214153f6227af2245a16235c6048f40062f691b /meta/recipes-devtools
parent: 0d0ca4211e500a292bc8908d18b658b7bb310e05 (diff)
download: poky-701cc0009f690a4d1eb12a47e3116f81d0c4b732.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
new file mode 100644
index 0000000000..5c1805f9e7
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
@@ -0,0 +1,44 @@
+From 40b3cdad3649334585cee8f4630ec9a025e62be6 Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Fri, 25 Aug 2017 11:33:58 -0600
+Subject: [PATCH] PATCH: [perl #131598]
+The cause of this is that the vFAIL macro uses RExC_parse, and that
+variable has just been changed in preparation for code after the vFAIL.
+The solution is to not change RExC_parse until after the vFAIL.
+This is a case where the macro hides stuff that can bite you.
+(cherry picked from commit 2be4edede4ae226e2eebd4eff28cedd2041f300f)
+Upstream-Status: Backport
+CVE: CVE-2017-12833
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ regcomp.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+Index: perl-5.24.1/regcomp.c
+===================================================================
+--- perl-5.24.1.orig/regcomp.c
+++ perl-5.24.1/regcomp.c
+@@ -11918,14 +11918,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
+        }
+         sv_catpv(substitute_parse, ")");
+ 
+-        RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse,
+-                                                             len);
+        len = SvCUR(substitute_parse);
+ 
+        /* Don't allow empty number */
+        if (len < (STRLEN) 8) {
+             RExC_parse = endbrace;
+            vFAIL("Invalid hexadecimal number in \\N{U+...}");
+        }
+
+        RExC_parse = RExC_start = RExC_adjusted_start
+                                              = SvPV_nolen(substitute_parse);
+        RExC_end = RExC_parse + len;
+ 
+         /* The values are Unicode, and therefore not subject to recoding, but
diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb
index 8c5dd82207..243422fcfb 100644
--- a/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,7 @@ SRC_URI += " \
        file://perl-fix-conflict-between-skip_all-and-END.patch \
        file://perl-test-customized.patch \
        file://perl-5.26.1-guard_old_libcrypt_fix.patch \
+        file://CVE-2017-12883.patch \
 "
 # Fix test case issues
author	Armin Kuster <akuster808@gmail.com>	2018-04-21 15:14:05 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-05-03 09:53:49 +0100
commit	701cc0009f690a4d1eb12a47e3116f81d0c4b732 (patch)
tree	f214153f6227af2245a16235c6048f40062f691b /meta/recipes-devtools
parent	0d0ca4211e500a292bc8908d18b658b7bb310e05 (diff)
download	poky-701cc0009f690a4d1eb12a47e3116f81d0c4b732.tar.gz

diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch new file mode 100644 index 0000000000..5c1805f9e7 --- /dev/null +++ b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
@@ -0,0 +1,44 @@
		1	From 40b3cdad3649334585cee8f4630ec9a025e62be6 Mon Sep 17 00:00:00 2001
		2	From: Karl Williamson <khw@cpan.org>
		3	Date: Fri, 25 Aug 2017 11:33:58 -0600
		4	Subject: [PATCH] PATCH: [perl #131598]
		5
		6	The cause of this is that the vFAIL macro uses RExC_parse, and that
		7	variable has just been changed in preparation for code after the vFAIL.
		8	The solution is to not change RExC_parse until after the vFAIL.
		9
		10	This is a case where the macro hides stuff that can bite you.
		11
		12	(cherry picked from commit 2be4edede4ae226e2eebd4eff28cedd2041f300f)
		13
		14	Upstream-Status: Backport
		15	CVE: CVE-2017-12833
		16	Signed-off-by: Armin Kuster <akuster@mvista.com>
		17
		18	---
		19	regcomp.c \| 6 ++++--
		20	1 file changed, 4 insertions(+), 2 deletions(-)
		21
		22	Index: perl-5.24.1/regcomp.c
		23	===================================================================
		24	--- perl-5.24.1.orig/regcomp.c
		25	+++ perl-5.24.1/regcomp.c
		26	@@ -11918,14 +11918,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
		27	}
		28	sv_catpv(substitute_parse, ")");
		29
		30	- RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse,
		31	- len);
		32	+ len = SvCUR(substitute_parse);
		33
		34	/* Don't allow empty number */
		35	if (len < (STRLEN) 8) {
		36	RExC_parse = endbrace;
		37	vFAIL("Invalid hexadecimal number in \\N{U+...}");
		38	}
		39	+
		40	+ RExC_parse = RExC_start = RExC_adjusted_start
		41	+ = SvPV_nolen(substitute_parse);
		42	RExC_end = RExC_parse + len;
		43
		44	/* The values are Unicode, and therefore not subject to recoding, but


diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb index 8c5dd82207..243422fcfb 100644 --- a/meta/recipes-devtools/perl/perl_5.24.1.bb +++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,7 @@ SRC_URI += " \
66	file://perl-fix-conflict-between-skip_all-and-END.patch \	66	file://perl-fix-conflict-between-skip_all-and-END.patch \
67	file://perl-test-customized.patch \	67	file://perl-test-customized.patch \
68	file://perl-5.26.1-guard_old_libcrypt_fix.patch \	68	file://perl-5.26.1-guard_old_libcrypt_fix.patch \
		69	file://CVE-2017-12883.patch \
69	"	70	"
70		71
71	# Fix test case issues	72	# Fix test case issues