From 8efd61ccb1964360444ed6eba9b88e20e2ee5953 Mon Sep 17 00:00:00 2001
From: Lee Chee Yang <chee.yang.lee@intel.com>
Date: Thu, 14 Dec 2023 20:32:51 +0800
Subject: perl: fix CVE-2023-31484/47038/47100

import patch from ubuntu
http://archive.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.30.0-9ubuntu0.5.debian.tar.xz

fix:
CVE-2023-31484
CVE-2023-47038
CVE-2023-47100

as per https://ubuntu.com/security/CVE-2023-47100 ,
CVE-2023-47100 is duplicate of CVE-2023-47038.

perl import entire CPAN in single commit,
hence backport fix from their upstream cpan instead.

(From OE-Core rev: 74861848ba0d3ba920ef54f016240807ba42682a)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../perl/files/CVE-2023-31484.patch                | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/files/CVE-2023-31484.patch

(limited to 'meta/recipes-devtools/perl/files/CVE-2023-31484.patch')

diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
new file mode 100644
index 0000000000..0fea7bf8a8
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
@@ -0,0 +1,27 @@
+CVE: CVE-2023-31484
+Upstream-Status: Backport [  import from Ubuntu  perl_5.30.0-9ubuntu0.5
+upstream  https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+
+From 9c98370287f4e709924aee7c58ef21c85289a7f0 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist <git@stig.io>
+Date: Tue, 28 Feb 2023 11:54:06 +0100
+Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
+ identity
+
+---
+ lib/CPAN/HTTP/Client.pm | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+index 4fc792c26..a616fee20 100644
+--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
++++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+@@ -32,6 +32,7 @@ sub mirror {
+ 
+     my $want_proxy = $self->_want_proxy($uri);
+     my $http = HTTP::Tiny->new(
++        verify_SSL => 1,
+         $want_proxy ? (proxy => $self->{proxy}) : ()
+     );
+ 
-- 
cgit v1.2.3-54-g00ecf