diff options
| author |   Kang Kai <kai.kang@windriver.com> | 2013-01-24 16:58:15 +0800 |
|---|---|---|
| committer |   Ross Burton <ross.burton@intel.com> | 2013-02-19 12:19:06 +0000 |
| commit | b4799833d26eacf60a7590bc5770b3715389fe66 (patch) | |
| tree | 455d2110c99eadb3e6c2240ef3498434d1dacff3 | |
| parent | 11544f573bc94ce69a8a76d645e46ab6359dee78 (diff) | |
| download | openembedded-core-b4799833d26eacf60a7590bc5770b3715389fe66.tar.gz | |
perl: fix security issue
Add perl-fix-CVE-2012-5195.patch to fix perl memory exhaustion
denial-of-service attack issue.
And patch is from perl 5.14.3 branch:
http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
[Yocto 3701]
Signed-off-by: Kang Kai <kai.kang@windriver.com>
| -rw-r--r-- | meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch | 41 | ||||
| -rw-r--r-- | meta/recipes-devtools/perl/perl_5.14.2.bb | 3 |
2 files changed, 43 insertions, 1 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch new file mode 100644 index 0000000000..da96f9c494 --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.2/perl-fix-CVE-2012-5195.patch @@ -0,0 +1,41 @@ +Upstream-Status: Backport + +This patch is from perl mainline: +http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e + +Signed-off-by: Kang Kai <kai.kang@windriver.com> + +--- +From b675304e3fdbcce3ef853b06b6ebe870d99faa7e Mon Sep 17 00:00:00 2001 +From: Andy Dougherty <doughera@lafayette.edu> +Date: Thu, 27 Sep 2012 09:52:18 -0400 +Subject: [PATCH] avoid calling memset with a negative count + +Poorly written perl code that allows an attacker to specify the count to +perl's 'x' string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can +escalate that into a heap buffer overrun; coupled with versions of glibc +before 2.16, it possibly allows the execution of arbitrary code. + +The flaw addressed to this commit has been assigned identifier +CVE-2012-5195. +--- + util.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/util.c b/util.c +index 0ea39c6..230211e 100644 +--- a/util.c ++++ b/util.c +@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I + { + PERL_ARGS_ASSERT_REPEATCPY; + ++ if (count < 0) ++ Perl_croak_nocontext("%s",PL_memory_wrap); ++ + if (len == 1) + memset(to, *from, count); + else if (count) { +-- +1.7.4.1 diff --git a/meta/recipes-devtools/perl/perl_5.14.2.bb b/meta/recipes-devtools/perl/perl_5.14.2.bb index d9206d86d3..d3f6ffdb17 100644 --- a/meta/recipes-devtools/perl/perl_5.14.2.bb +++ b/meta/recipes-devtools/perl/perl_5.14.2.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://Copying;md5=2b4c6ffbcfcbdee469f02565f253d81a \ # We need gnugrep (for -I) DEPENDS = "virtual/db grep-native" DEPENDS += "gdbm zlib" -PR = "r11" +PR = "r12" # 5.10.1 has Module::Build built-in PROVIDES += "libmodule-build-perl" @@ -67,6 +67,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \ file://fix_bad_rpath.patch \ file://perl-build-in-t-dir.patch \ file://perl-archlib-exp.patch \ + file://perl-fix-CVE-2012-5195.patch \ \ file://config.sh \ file://config.sh-32 \ |