1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
new file mode 100644
index 0000000000..da96f9c494
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Backport
+This patch is from perl mainline:
+http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+---
+From b675304e3fdbcce3ef853b06b6ebe870d99faa7e Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <doughera@lafayette.edu>
+Date: Thu, 27 Sep 2012 09:52:18 -0400
+Subject: [PATCH] avoid calling memset with a negative count
+Poorly written perl code that allows an attacker to specify the count to
+perl's 'x' string repeat operator can already cause a memory exhaustion
+denial-of-service attack. A flaw in versions of perl before 5.15.5 can
+escalate that into a heap buffer overrun; coupled with versions of glibc
+before 2.16, it possibly allows the execution of arbitrary code.
+The flaw addressed to this commit has been assigned identifier
+CVE-2012-5195.
+---
+ util.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+diff --git a/util.c b/util.c
+index 0ea39c6..230211e 100644
+--- a/util.c
+++ b/util.c
+@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
+ {
+     PERL_ARGS_ASSERT_REPEATCPY;
+ 
+    if (count < 0)
+       Perl_croak_nocontext("%s",PL_memory_wrap);
+
+     if (len == 1)
+        memset(to, *from, count);
+     else if (count) {
+-- 
+1.7.4.1

diff --git a/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch new file mode 100644 index 0000000000..da96f9c494 --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch
@@ -0,0 +1,41 @@
	1	Upstream-Status: Backport
	2
	3	This patch is from perl mainline:
	4	http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
	5
	6	Signed-off-by: Kang Kai <kai.kang@windriver.com>
	7
	8	---
	9	From b675304e3fdbcce3ef853b06b6ebe870d99faa7e Mon Sep 17 00:00:00 2001
	10	From: Andy Dougherty <doughera@lafayette.edu>
	11	Date: Thu, 27 Sep 2012 09:52:18 -0400
	12	Subject: [PATCH] avoid calling memset with a negative count
	13
	14	Poorly written perl code that allows an attacker to specify the count to
	15	perl's 'x' string repeat operator can already cause a memory exhaustion
	16	denial-of-service attack. A flaw in versions of perl before 5.15.5 can
	17	escalate that into a heap buffer overrun; coupled with versions of glibc
	18	before 2.16, it possibly allows the execution of arbitrary code.
	19
	20	The flaw addressed to this commit has been assigned identifier
	21	CVE-2012-5195.
	22	---
	23	util.c \| 3 +++
	24	1 files changed, 3 insertions(+), 0 deletions(-)
	25
	26	diff --git a/util.c b/util.c
	27	index 0ea39c6..230211e 100644
	28	--- a/util.c
	29	+++ b/util.c
	30	@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char to, register const char from, I32 len, register I
	31	{
	32	PERL_ARGS_ASSERT_REPEATCPY;
	33
	34	+ if (count < 0)
	35	+ Perl_croak_nocontext("%s",PL_memory_wrap);
	36	+
	37	if (len == 1)
	38	memset(to, *from, count);
	39	else if (count) {
	40	--
	41	1.7.4.1