1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch b/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
new file mode 100644
index 0000000000..45452be389
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
@@ -0,0 +1,36 @@
+From a22785783b17cbaa28afaee4a024d81a1903701d
+From: Stig Palmquist <git@stig.io>
+Date: Sun Jun 18 11:36:05 2023 +0200
+Subject: [PATCH] Fix incorrect env var name for verify_SSL default
+The variable to override the verify_SSL default differed slightly in the
+documentation from what was checked for in the code.
+This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT`
+as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was
+missing `SSL_`
+CVE: CVE-2023-31486
+Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d]
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+index ebc34a1..65ac8ff 100644
+--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+@@ -148,7 +148,7 @@ sub _verify_SSL_default {
+     my ($self) = @_;
+     # Check if insecure default certificate verification behaviour has been
+     # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
+-    return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
+    return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
+ }
+ sub _set_proxies {
+--
+2.40.0

diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch b/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch new file mode 100644 index 0000000000..45452be389 --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2023-31486-0002.patch
@@ -0,0 +1,36 @@
	1	From a22785783b17cbaa28afaee4a024d81a1903701d
	2	From: Stig Palmquist <git@stig.io>
	3	Date: Sun Jun 18 11:36:05 2023 +0200
	4	Subject: [PATCH] Fix incorrect env var name for verify_SSL default
	5
	6	The variable to override the verify_SSL default differed slightly in the
	7	documentation from what was checked for in the code.
	8
	9	This commit makes the code use `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT`
	10	as documented, instead of `PERL_HTTP_TINY_INSECURE_BY_DEFAULT` which was
	11	missing `SSL_`
	12
	13	CVE: CVE-2023-31486
	14
	15	Upstream-Status: Backport [https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d]
	16
	17	Signed-off-by: Soumya <soumya.sambu@windriver.com>
	18	---
	19	cpan/HTTP-Tiny/lib/HTTP/Tiny.pm \| 2 +-
	20	1 file changed, 1 insertion(+), 1 deletion(-)
	21
	22	diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
	23	index ebc34a1..65ac8ff 100644
	24	--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
	25	+++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
	26	@@ -148,7 +148,7 @@ sub _verify_SSL_default {
	27	my ($self) = @_;
	28	# Check if insecure default certificate verification behaviour has been
	29	# changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
	30	- return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} \|\| '') eq '1') ? 0 : 1;
	31	+ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} \|\| '') eq '1') ? 0 : 1;
	32	}
	33
	34	sub _set_proxies {
	35	--
	36	2.40.0