libpcre2: fix CVE-2019-20454

(From OE-Core rev: 8ec7a51da26f07fd43b5e6787b15c8636009b183) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2020-03-11 14:47:36 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-03-19 09:57:50 +0000
commit: 983a51fd1d8b8fe97f4486c58713a1af39cdfc56 (patch)
tree: a0e4f7f7be936a843f981ba603a8d5098180f4ed /meta/recipes-support
parent: 70686ed9aac23a48a3a825297e2fe4c73b678e9d (diff)
download: poky-983a51fd1d8b8fe97f4486c58713a1af39cdfc56.tar.gz
2 files changed, 20 insertions, 0 deletions
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
new file mode 100644
index 0000000000..51f95a7097
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
@@ -0,0 +1,19 @@
+Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092]
+CVE: CVE-2020-8002
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+--- pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:26:17     1091
+++ pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:38:18     1092
+@@ -8571,7 +8571,10 @@
+ PCRE2_SPTR bptr;
+ uint32_t c;
+ 
+-GETCHARINC(c, cc);
+/* Patch by PH */
+/* GETCHARINC(c, cc); */
+
+c = *cc++;
+ #if PCRE2_CODE_UNIT_WIDTH == 32
+ if (c >= 0x110000)
+   return NULL;
diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb
index 50b26753b4..1020df99b8 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.33.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
 SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
           file://pcre-cross.patch \
+           file://CVE-2019-20454.patch \
 "
 SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44"
author	Lee Chee Yang <chee.yang.lee@intel.com>	2020-03-11 14:47:36 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-03-19 09:57:50 +0000
commit	983a51fd1d8b8fe97f4486c58713a1af39cdfc56 (patch)
tree	a0e4f7f7be936a843f981ba603a8d5098180f4ed /meta/recipes-support
parent	70686ed9aac23a48a3a825297e2fe4c73b678e9d (diff)
download	poky-983a51fd1d8b8fe97f4486c58713a1af39cdfc56.tar.gz

diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch new file mode 100644 index 0000000000..51f95a7097 --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
@@ -0,0 +1,19 @@
		1	Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092]
		2	CVE: CVE-2020-8002
		3	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
		4
		5	--- pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:26:17 1091
		6	+++ pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:38:18 1092
		7	@@ -8571,7 +8571,10 @@
		8	PCRE2_SPTR bptr;
		9	uint32_t c;
		10
		11	-GETCHARINC(c, cc);
		12	+/* Patch by PH */
		13	+/* GETCHARINC(c, cc); */
		14	+
		15	+c = *cc++;
		16	#if PCRE2_CODE_UNIT_WIDTH == 32
		17	if (c >= 0x110000)
		18	return NULL;
		19


diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb index 50b26753b4..1020df99b8 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.33.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
12		12
13	SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \	13	SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
14	file://pcre-cross.patch \	14	file://pcre-cross.patch \
		15	file://CVE-2019-20454.patch \
15	"	16	"
16		17
17	SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44"	18	SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44"