From 23f366384277cb2cdd5ce952cb0af44c54179a1d Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Mon, 29 Apr 2013 15:25:02 +0100
Subject: perl: fix CVE-2012-6329

From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6329:
"The _compile function in Maketext.pm in the Locale::Maketext implementation in
Perl before 5.17.7 does not properly handle backslashes and fully qualified
method names during compilation of bracket notation, which allows
context-dependent attackers to execute arbitrary commands via crafted input to
an application."

Patches taken from upstream git.

(From OE-Core rev: b585a50b7bd735c3092af9477af263c13c853d32)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/perl/perl_5.14.2.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-devtools/perl/perl_5.14.2.bb')

diff --git a/meta/recipes-devtools/perl/perl_5.14.2.bb b/meta/recipes-devtools/perl/perl_5.14.2.bb
index dc45bca52e..5e17661507 100644
--- a/meta/recipes-devtools/perl/perl_5.14.2.bb
+++ b/meta/recipes-devtools/perl/perl_5.14.2.bb
@@ -68,6 +68,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \
 	file://perl-build-in-t-dir.patch \
 	file://perl-archlib-exp.patch \
 	file://perl-fix-CVE-2012-5195.patch \
+	file://cve-2012-6329.patch \
 	\
         file://config.sh \
         file://config.sh-32 \
-- 
cgit v1.2.3-54-g00ecf