From 7273f1183faee42e2da82ecdb3056312043e01a0 Mon Sep 17 00:00:00 2001
From: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Date: Wed, 22 Aug 2018 17:11:43 +0530
Subject: perl: CVE-2018-6798

* CVE-2018-6798-1
 The proximal cause is several instances in regexec.c of the code
 assuming that the input was valid UTF-8, whereas the input was too short
 for what the start byte claimed it would be.

 I grepped through the core for any other similar uses, and did not find
 any.

 (cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84)

* CVE-2018-6798-2
 The first patch for 132063 prevented the buffer read overflow when
 dumping the warning but didn't fix the underlying problem.

 The next change treats the supplied buffer correctly, preventing the
 non-UTF-8 SV from being treated as UTF-8, preventing the warning.

 (cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f)

Affects perl >= 5.22 && perl <= 5.26

(From OE-Core rev: 4aaf09b9d657b1c2df85bf509008beacd6a00342)

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../perl/perl/CVE-2018-6798-2.patch                | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch

(limited to 'meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch')

diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch b/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
new file mode 100644
index 0000000000..fb9b41a5ed
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
@@ -0,0 +1,37 @@
+From f65da1ca2eee74696d9c120e9d69af37b4fa1920 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 19 Feb 2018 15:11:42 +1100
+Subject: [PATCH] (perl #132063) we should no longer warn for this code
+
+The first patch for 132063 prevented the buffer read overflow when
+dumping the warning but didn't fix the underlying problem.
+
+The next change treats the supplied buffer correctly, preventing the
+non-UTF-8 SV from being treated as UTF-8, preventing the warning.
+
+(cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ t/lib/warnings/regexec | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 6635142dea..c370ddc3c7 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -262,8 +262,5 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ EXPECT
+ ########
+ # NAME perl #132063, read beyond buffer end
+-# OPTION fatal
+ "\xff" =~ /(?il)\x{100}|\x{100}/;
+ EXPECT
+-Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
+-Malformed UTF-8 character (fatal) at - line 2.
+-- 
+2.15.1-424-g9478a660812
+
-- 
cgit v1.2.3-54-g00ecf