mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 00:20:08 +00:00
Code Issues Projects Releases Wiki Activity

perl: Security fix CVE-2017-12883

Browse Source 
Affects: Perl  < 5.24.3-rc1 and  5.26.x before 5.26.1-RC1

(From OE-Core rev: 60ebf7fcb7bfcef8a8e0cd52e737b082623ff109)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
2018-04-21 18:00:30 -07:00
committed by Richard Purdie
parent df08ba32a6
commit b90e694017
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
+44
View File
@@ -0,0 +1,44 @@
From 40b3cdad3649334585cee8f4630ec9a025e62be6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Fri, 25 Aug 2017 11:33:58 -0600
Subject: [PATCH] PATCH: [perl #131598]
The cause of this is that the vFAIL macro uses RExC_parse, and that
variable has just been changed in preparation for code after the vFAIL.
The solution is to not change RExC_parse until after the vFAIL.
This is a case where the macro hides stuff that can bite you.
(cherry picked from commit 2be4edede4ae226e2eebd4eff28cedd2041f300f)
Upstream-Status: Backport
CVE: CVE-2017-12833
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
regcomp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: perl-5.24.1/regcomp.c
===================================================================
--- perl-5.24.1.orig/regcomp.c
+++ perl-5.24.1/regcomp.c
@@ -11918,14 +11918,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
}
sv_catpv(substitute_parse, ")");
- RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse,
- len);
+ len = SvCUR(substitute_parse);
/* Don't allow empty number */
if (len < (STRLEN) 8) {
RExC_parse = endbrace;
vFAIL("Invalid hexadecimal number in \\N{U+...}");
}
+
+ RExC_parse = RExC_start = RExC_adjusted_start
+ = SvPV_nolen(substitute_parse);
RExC_end = RExC_parse + len;
/* The values are Unicode, and therefore not subject to recoding, but
meta/recipes-devtools/perl/perl_5.24.1.bb
+1
View File
@@ -64,6 +64,7 @@ SRC_URI += " \
file://perl-fix-conflict-between-skip_all-and-END.patch \ file://perl-fix-conflict-between-skip_all-and-END.patch \
file://perl-test-customized.patch \ file://perl-test-customized.patch \
file://perl-5.26.1-guard_old_libcrypt_fix.patch \ file://perl-5.26.1-guard_old_libcrypt_fix.patch \
file://CVE-2017-12883.patch \
" "
# Fix test case issues # Fix test case issues