2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
new file mode 100644
index 0000000000..9a9117c53a
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
@@ -0,0 +1,29 @@
+From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist <git@stig.io>
+Date: Tue, 28 Feb 2023 11:54:06 +0100
+Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
+ identity
+CVE: CVE-2023-31484
+Upstream-Status: Backport [https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0]
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ cpan/CPAN/lib/CPAN/HTTP/Client.pm | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+index 4fc792c..a616fee 100644
+--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
+@@ -32,6 +32,7 @@ sub mirror {
+     my $want_proxy = $self->_want_proxy($uri);
+     my $http = HTTP::Tiny->new(
+        verify_SSL => 1,
+         $want_proxy ? (proxy => $self->{proxy}) : ()
+     );
+--
+2.40.0
diff --git a/meta/recipes-devtools/perl/perl_5.36.1.bb b/meta/recipes-devtools/perl/perl_5.36.1.bb
index f7d66e6ed9..3db1d9c6ae 100644
--- a/meta/recipes-devtools/perl/perl_5.36.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.36.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
           file://0002-Constant-Fix-up-shebang.patch \
           file://determinism.patch \
           file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
+           file://CVE-2023-31484.patch \
           "
 SRC_URI:append:class-native = " \
           file://perl-configpm-switch.patch \

diff --git a/meta/recipes-devtools/perl/files/CVE-2023-31484.patch b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch new file mode 100644 index 0000000000..9a9117c53a --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2023-31484.patch
@@ -0,0 +1,29 @@
		1	From a625ec2cc3a0b6116c1f8b831d3480deb621c245 Mon Sep 17 00:00:00 2001
		2	From: Stig Palmquist <git@stig.io>
		3	Date: Tue, 28 Feb 2023 11:54:06 +0100
		4	Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
		5	identity
		6
		7	CVE: CVE-2023-31484
		8
		9	Upstream-Status: Backport [https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0]
		10
		11	Signed-off-by: Soumya <soumya.sambu@windriver.com>
		12	---
		13	cpan/CPAN/lib/CPAN/HTTP/Client.pm \| 1 +
		14	1 file changed, 1 insertion(+)
		15
		16	diff --git a/cpan/CPAN/lib/CPAN/HTTP/Client.pm b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
		17	index 4fc792c..a616fee 100644
		18	--- a/cpan/CPAN/lib/CPAN/HTTP/Client.pm
		19	+++ b/cpan/CPAN/lib/CPAN/HTTP/Client.pm
		20	@@ -32,6 +32,7 @@ sub mirror {
		21
		22	my $want_proxy = $self->_want_proxy($uri);
		23	my $http = HTTP::Tiny->new(
		24	+ verify_SSL => 1,
		25	$want_proxy ? (proxy => $self->{proxy}) : ()
		26	);
		27
		28	--
		29	2.40.0


diff --git a/meta/recipes-devtools/perl/perl_5.36.1.bb b/meta/recipes-devtools/perl/perl_5.36.1.bb index f7d66e6ed9..3db1d9c6ae 100644 --- a/meta/recipes-devtools/perl/perl_5.36.1.bb +++ b/meta/recipes-devtools/perl/perl_5.36.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
17	file://0002-Constant-Fix-up-shebang.patch \	17	file://0002-Constant-Fix-up-shebang.patch \
18	file://determinism.patch \	18	file://determinism.patch \
19	file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \	19	file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
		20	file://CVE-2023-31484.patch \
20	"	21	"
21	SRC_URI:append:class-native = " \	22	SRC_URI:append:class-native = " \
22	file://perl-configpm-switch.patch \	23	file://perl-configpm-switch.patch \