<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/perl, branch kirkstone</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-05-16T15:58:06+00:00</updated>
<entry>
<title>perl: enable _GNU_SOURCE define via d_gnulibc</title>
<updated>2025-05-16T15:58:06+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2025-05-12T21:37:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d6a242831e78fae1a5cfcf8a6bdf5137a2422a28'/>
<id>urn:sha1:d6a242831e78fae1a5cfcf8a6bdf5137a2422a28</id>
<content type='text'>
This is needed to properly support memmem() and friends under musl
as musl guards the declarations with _GNU_SOURCE define, and if the
declarations are not present, gcc will issue warnings and generate
assembly that assumes the functions return int (instead of e.g.
void*), with catastrophic consequences at runtime.

(From OE-Core rev: 79dc3f42958bfefe03a8240e2a57501c38d2bd3c)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Luca Ceresoli &lt;luca.ceresoli@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 6422e62fbc5c65a2165a72c97c880cfa9a80e957)
Signed-off-by: Peter Hurley &lt;peter@meraki.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: patch CVE-2024-56406</title>
<updated>2025-05-16T15:58:06+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-05-11T20:50:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b497f2caf78f21b12927c76967921c84c1f134e5'/>
<id>urn:sha1:b497f2caf78f21b12927c76967921c84c1f134e5</id>
<content type='text'>
Pick patch mentioned in NVD links for this CVE.
Tested by runniing ptest and CVE reproducer (before&amp;after).
Ptest fails on test dist/threads/t/join, however the same test also
fails without this patch.

(From OE-Core rev: 8e3c821e9ce8f3a9667847a284bc5a6f4973ea13)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: ignore CVE-2023-47038</title>
<updated>2025-04-04T15:42:47+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-03-28T18:05:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d7e6e73ba1323f1604fb487b118e25b40eb88af6'/>
<id>urn:sha1:d7e6e73ba1323f1604fb487b118e25b40eb88af6</id>
<content type='text'>
Fix for this CVE was backported to 5.34.2 in
https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010

This commit is listed in
https://security-tracker.debian.org/tracker/CVE-2023-47038

(From OE-Core rev: 46fd9acd6b0e418009f4cec747ae82af60acbc6b)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: ignore CVE-2023-47100</title>
<updated>2024-04-19T11:50:38+00:00</updated>
<author>
<name>Alex Stewart</name>
<email>alex.stewart@ni.com</email>
</author>
<published>2024-04-03T19:32:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f2bfbbdcea5c0dd8859244bca746a0dbf6e4878d'/>
<id>urn:sha1:f2bfbbdcea5c0dd8859244bca746a0dbf6e4878d</id>
<content type='text'>
CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.

(From OE-Core rev: 8df158f39f1eed1e3ae88ddf935c67e067b72525)

Signed-off-by: Alex Stewart &lt;alex.stewart@ni.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: update 5.34.1 -&gt; 5.34.3</title>
<updated>2023-12-23T02:36:55+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2023-12-13T04:33:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1b0b487dccd1fe7cac96a2094e8de4690ba95f7f'/>
<id>urn:sha1:1b0b487dccd1fe7cac96a2094e8de4690ba95f7f</id>
<content type='text'>
This includes security fix for CVE-2023-47038

Changes:
https://metacpan.org/release/PEVANS/perl-5.34.3/changes

(From OE-Core rev: d1bc5fb1d090cf93b9014a050b418499c0209080)

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: Fix CVE-2023-31486</title>
<updated>2023-07-21T16:27:34+00:00</updated>
<author>
<name>Soumya</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2023-07-14T03:21:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8'/>
<id>urn:sha1:80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8</id>
<content type='text'>
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486

Upstream patches:
https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d
https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d

(From OE-Core rev: 5819c839e1de92ab7669a0d4997886d0306c4cc1)

Signed-off-by: Soumya &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: fix CVE-2023-31484</title>
<updated>2023-06-14T14:16:59+00:00</updated>
<author>
<name>Soumya</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2023-06-06T09:25:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=875400f96f1e3d9f240cd02a781c79efa4d2233f'/>
<id>urn:sha1:875400f96f1e3d9f240cd02a781c79efa4d2233f</id>
<content type='text'>
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.

(From OE-Core rev: b093db144b35e7c140ac830dbe67cabfaac69f73)

Signed-off-by: Soumya &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>perl: don't install Makefile.old into perl-ptest</title>
<updated>2022-07-25T14:11:46+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2022-07-11T13:19:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ae5fb5a00dc9d05edc3c92af9b859b7cb1383e5f'/>
<id>urn:sha1:ae5fb5a00dc9d05edc3c92af9b859b7cb1383e5f</id>
<content type='text'>
We already exclude Makefile, makefile, and makefile.old from copy of the
perl source tree that is used by perl-ptest, but Makefile.old is not
being excluded.  In a rebuild of perl with an existing source tree these
files now exist but have build paths in. As they're backup files, they
can just be excluded from the packages.

Use range globs to clean up the expressions, and exclude Makefile.old.

(From OE-Core rev: d6ec3784c530714182a1cf1ac693ca35ef0b4f57)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 30a99affca7930f7fe0ddeb016b6183240b5f13c)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libmodule-build-perl: Use env utility to find perl interpreter</title>
<updated>2022-07-25T14:11:46+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2022-07-07T03:14:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=78b9ca277cef9c7814f93ca7d20089ac92c6513a'/>
<id>urn:sha1:78b9ca277cef9c7814f93ca7d20089ac92c6513a</id>
<content type='text'>
Fixes
ERROR: QA Issue: : /work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/sysroot-destdir/work/x86_64-linux/libmodule-build-perl-native/0.4231-r0/recipe-sysroot-native/usr/bin/config_data maximum shebang size exceeded, the maximum size is 128. [shebang-size]

(From OE-Core rev: 3829ac3bca34a1aa5c54ba1d24d23af7a6630215)

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 54ecb2d3f2523293383103cbe590ebdd037ee483)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>liberror-perl: Update sstate/equiv versions to clean cache</title>
<updated>2022-06-22T22:46:29+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2022-05-08T18:25:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0c3b92901cedab926f313a2b783ff2e8833c95cf'/>
<id>urn:sha1:0c3b92901cedab926f313a2b783ff2e8833c95cf</id>
<content type='text'>
There are cached reproducibility issues on the autobuilder due to the PRServ
sstate checksum issues, flush the bad data out the system by bumping the
versions.

(From OE-Core rev: b2d10487f80deb04a0893325a1ae79c8629a7655)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit b12e6cfe3bb34e426c8bb74183d041948cb2ed89)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
