3 files changed, 49 insertions, 2 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch b/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch
new file mode 100644
index 0000000000..e0dcf412bb
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch
@@ -0,0 +1,45 @@
+perl:fix for CVE-2010-4777
+Upstream-Status: Backport
+    
+The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
+5.14.0, and other versions, when running with debugging enabled,
+allows context-dependent attackers to cause a denial of service
+(assertion failure and application exit) via crafted input that
+is not properly handled when using certain regular expressions,
+as demonstrated by causing SpamAssassin and OCSInventory to
+crash.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+--- a/regcomp.c
+++ b/regcomp.c
+@@ -11868,8 +11868,25 @@ Perl_save_re_context(pTHX)
+ 
+                if (gvp) {
+                    GV * const gv = *gvp;
+-                   if (SvTYPE(gv) == SVt_PVGV && GvSV(gv))
+-                       save_scalar(gv);
+                   if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) {
+                       /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */
+                       SV ** const sptr = &GvSVn(gv);
+                       SV * osv = *sptr;
+                       SV * nsv = newSV(0);
+                       save_pushptrptr(SvREFCNT_inc_simple(gv),
+                       SvREFCNT_inc(osv), SAVEt_SV);
+                       if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) &&
+                           SvTYPE(osv) != SVt_PVGV) {
+                           if (SvGMAGICAL(osv)) {
+                               const bool oldtainted = PL_tainted;
+                               SvFLAGS(osv) |= (SvFLAGS(osv) &
+                                   (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT;
+                               PL_tainted = oldtainted;
+                           }
+                           mg_localize(osv, nsv, 1);
+                       }
+                       *sptr = nsv;
+                   }
+                }
+            }
+        }
diff --git a/meta/recipes-devtools/perl/perl-native_5.14.3.bb b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
index 2ef0a5135c..c38be41d49 100644
--- a/meta/recipes-devtools/perl/perl-native_5.14.3.bb
+++ b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
@@ -17,7 +17,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
           file://MM_Unix.pm.patch \
           file://debian/errno_ver.diff \
           file://dynaloaderhack.patch \
-           file://perl-build-in-t-dir.patch"
+           file://perl-build-in-t-dir.patch \
+           file://perl-5.14.3-fix-CVE-2010-4777.patch "
 SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"
 SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"
diff --git a/meta/recipes-devtools/perl/perl_5.14.3.bb b/meta/recipes-devtools/perl/perl_5.14.3.bb
index 09a3f3b531..6816382345 100644
--- a/meta/recipes-devtools/perl/perl_5.14.3.bb
+++ b/meta/recipes-devtools/perl/perl_5.14.3.bb
@@ -74,7 +74,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
        file://config.sh-32-be \
        file://config.sh-64 \
        file://config.sh-64-le \
-        file://config.sh-64-be"
+        file://config.sh-64-be \
+        file://perl-5.14.3-fix-CVE-2010-4777.patch "
 #       file://debian/fakeroot.diff
 SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"

diff --git a/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch b/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch new file mode 100644 index 0000000000..e0dcf412bb --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch
@@ -0,0 +1,45 @@
		1	perl:fix for CVE-2010-4777
		2
		3	Upstream-Status: Backport
		4
		5	The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
		6	5.14.0, and other versions, when running with debugging enabled,
		7	allows context-dependent attackers to cause a denial of service
		8	(assertion failure and application exit) via crafted input that
		9	is not properly handled when using certain regular expressions,
		10	as demonstrated by causing SpamAssassin and OCSInventory to
		11	crash.
		12
		13	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
		14
		15	Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
		16	--- a/regcomp.c
		17	+++ b/regcomp.c
		18	@@ -11868,8 +11868,25 @@ Perl_save_re_context(pTHX)
		19
		20	if (gvp) {
		21	GV * const gv = *gvp;
		22	- if (SvTYPE(gv) == SVt_PVGV && GvSV(gv))
		23	- save_scalar(gv);
		24	+ if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) {
		25	+ /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */
		26	+ SV ** const sptr = &GvSVn(gv);
		27	+ SV * osv = *sptr;
		28	+ SV * nsv = newSV(0);
		29	+ save_pushptrptr(SvREFCNT_inc_simple(gv),
		30	+ SvREFCNT_inc(osv), SAVEt_SV);
		31	+ if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) &&
		32	+ SvTYPE(osv) != SVt_PVGV) {
		33	+ if (SvGMAGICAL(osv)) {
		34	+ const bool oldtainted = PL_tainted;
		35	+ SvFLAGS(osv) \|= (SvFLAGS(osv) &
		36	+ (SVp_IOK\|SVp_NOK\|SVp_POK)) >> PRIVSHIFT;
		37	+ PL_tainted = oldtainted;
		38	+ }
		39	+ mg_localize(osv, nsv, 1);
		40	+ }
		41	+ *sptr = nsv;
		42	+ }
		43	}
		44	}
		45	}


diff --git a/meta/recipes-devtools/perl/perl-native_5.14.3.bb b/meta/recipes-devtools/perl/perl-native_5.14.3.bb index 2ef0a5135c..c38be41d49 100644 --- a/meta/recipes-devtools/perl/perl-native_5.14.3.bb +++ b/meta/recipes-devtools/perl/perl-native_5.14.3.bb
@@ -17,7 +17,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
17	file://MM_Unix.pm.patch \	17	file://MM_Unix.pm.patch \
18	file://debian/errno_ver.diff \	18	file://debian/errno_ver.diff \
19	file://dynaloaderhack.patch \	19	file://dynaloaderhack.patch \
20	file://perl-build-in-t-dir.patch"	20	file://perl-build-in-t-dir.patch \
		21	file://perl-5.14.3-fix-CVE-2010-4777.patch "
21		22
22	SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"	23	SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"
23	SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"	24	SRC_URI[sha256sum] = "03638a4f01bc26b81231233671524b4163849a3a9ea5cc2397293080c4ea339f"


diff --git a/meta/recipes-devtools/perl/perl_5.14.3.bb b/meta/recipes-devtools/perl/perl_5.14.3.bb index 09a3f3b531..6816382345 100644 --- a/meta/recipes-devtools/perl/perl_5.14.3.bb +++ b/meta/recipes-devtools/perl/perl_5.14.3.bb
@@ -74,7 +74,8 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
74	file://config.sh-32-be \	74	file://config.sh-32-be \
75	file://config.sh-64 \	75	file://config.sh-64 \
76	file://config.sh-64-le \	76	file://config.sh-64-le \
77	file://config.sh-64-be"	77	file://config.sh-64-be \
		78	file://perl-5.14.3-fix-CVE-2010-4777.patch "
78	# file://debian/fakeroot.diff	79	# file://debian/fakeroot.diff
79		80
80	SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"	81	SRC_URI[md5sum] = "f6a3d878c688d111b495c87db56c5be5"