[oe-commits] [openembedded-core] 02/07: libpcre2: fix CVE-2019-20454

git at git.openembedded.org git at git.openembedded.org
Thu Mar 19 10:05:47 UTC 2020 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch zeus
in repository openembedded-core.

commit 8ec7a51da26f07fd43b5e6787b15c8636009b183
Author: Lee Chee Yang <chee.yang.lee at intel.com>
AuthorDate: Wed Mar 11 14:47:36 2020 +0800

    libpcre2: fix CVE-2019-20454
    
    Signed-off-by: Lee Chee Yang <chee.yang.lee at intel.com>
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
 .../libpcre/libpcre2/CVE-2019-20454.patch             | 19 +++++++++++++++++++
 meta/recipes-support/libpcre/libpcre2_10.33.bb        |  1 +
 2 files changed, 20 insertions(+)

diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
new file mode 100644
index 0000000..51f95a7
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
@@ -0,0 +1,19 @@
+Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092]
+CVE: CVE-2020-8002
+Signed-off-by: Lee Chee Yang <chee.yang.lee at intel.com>
+
+--- pcre2-10.30/src/pcre2_jit_compile.c	2019/05/13 16:26:17	1091
++++ pcre2-10.30/src/pcre2_jit_compile.c	2019/05/13 16:38:18	1092
+@@ -8571,7 +8571,10 @@
+ PCRE2_SPTR bptr;
+ uint32_t c;
+ 
+-GETCHARINC(c, cc);
++/* Patch by PH */
++/* GETCHARINC(c, cc); */
++
++c = *cc++;
+ #if PCRE2_CODE_UNIT_WIDTH == 32
+ if (c >= 0x110000)
+   return NULL;
+
diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb
index 50b2675..1020df9 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.33.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
 
 SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
            file://pcre-cross.patch \
+           file://CVE-2019-20454.patch \
 "
 
 SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list