diff options
author | Shinu Chandran <shinucha@cisco.com> | 2023-10-07 00:43:45 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-13 05:47:07 -1000 |
commit | e4d507b93bece23276bd7785c5fad26ffc1a5cb0 (patch) | |
tree | 9934908b80ed03e61a898452999175e23353ec20 /meta/recipes-support/libpcre/libpcre2 | |
parent | d01194c739beebdbf658ab9f71001439598f0e18 (diff) | |
download | poky-e4d507b93bece23276bd7785c5fad26ffc1a5cb0.tar.gz |
libpcre2 : Follow up fix CVE-2022-1586
CVE-2022-1586 was originally fixed by OE commit
https://github.com/openembedded/openembedded-core/commit/7f4daf88b71f
through libpcre2 commit
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e672
The follow up patch is required to resolve a bug in the initial fix[50a51cb7e672]
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
https://security-tracker.debian.org/tracker/CVE-2022-1586
(From OE-Core rev: 7e2fe508b456207fd991ece7621ef8ba24b89e59)
Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-support/libpcre/libpcre2')
-rw-r--r-- | meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch new file mode 100644 index 0000000000..42ee417fe7 --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From 5d1e62b0155292b994aa1c96d4ed8ce4346ef4c2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Zoltan Herczeg <hzmester@freemail.hu> | ||
3 | Date: Thu, 24 Mar 2022 05:34:42 +0000 | ||
4 | Subject: [PATCH] Fix incorrect value reading in JIT. | ||
5 | |||
6 | CVE: CVE-2022-1586 | ||
7 | Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3] | ||
8 | |||
9 | (cherry picked from commit d4fa336fbcc388f89095b184ba6d99422cfc676c) | ||
10 | Signed-off-by: Shinu Chandran <shinucha@cisco.com> | ||
11 | --- | ||
12 | src/pcre2_jit_compile.c | 2 +- | ||
13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c | ||
16 | index 493c96d..fa57942 100644 | ||
17 | --- a/src/pcre2_jit_compile.c | ||
18 | +++ b/src/pcre2_jit_compile.c | ||
19 | @@ -7188,7 +7188,7 @@ while (*cc != XCL_END) | ||
20 | { | ||
21 | SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); | ||
22 | cc++; | ||
23 | - if (*cc == PT_CLIST && *cc == XCL_PROP) | ||
24 | + if (*cc == PT_CLIST && cc[-1] == XCL_PROP) | ||
25 | { | ||
26 | other_cases = PRIV(ucd_caseless_sets) + cc[1]; | ||
27 | while (*other_cases != NOTACHAR) | ||
28 | -- | ||
29 | 2.25.1 | ||
30 | |||