[OE-core] [PATCH V2 2/2] perl: fix CVE-2017-12837
Hongxu Jia
hongxu.jia at windriver.com
Tue Oct 17 06:31:30 UTC 2017
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
.../perl/perl/perl-fix-CVE-2017-12837.patch | 32 ++++++++++++++++++++++
meta/recipes-devtools/perl/perl_5.24.1.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-devtools/perl/perl/perl-fix-CVE-2017-12837.patch
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2017-12837.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2017-12837.patch
new file mode 100644
index 0000000..2bf71f1
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2017-12837.patch
@@ -0,0 +1,32 @@
+From 73d7247ecab863ef26b5687a37ccc75d6144ad0f Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw at cpan.org>
+Date: Tue, 17 Oct 2017 13:49:14 +0800
+Subject: [PATCH] fix CVE-2017-12837
+
+Signed-off-by: Karl Williamson <khw at cpan.org>
+Signed-off-by: Steve Hay <steve.m.hay at googlemail.com>
+
+CVE-id: CVE-2017-12837
+Upstream-Status: Backport
+https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
+
+Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
+---
+ regcomp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 5498d14..31ec383 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13021,6 +13021,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+ goto loopdone;
+ }
+ p = RExC_parse;
++ RExC_parse = parse_start;
+ if (ender > 0xff) {
+ REQUIRE_UTF8(flagp);
+ }
+--
+1.8.3.1
+
diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb
index 93420f1..363bc94 100644
--- a/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,7 @@ SRC_URI += " \
file://perl-fix-conflict-between-skip_all-and-END.patch \
file://perl-test-customized.patch \
file://perl-fix-CVE-2017-12883.patch \
+ file://perl-fix-CVE-2017-12837.patch \
"
# Fix test case issues
--
2.8.1
More information about the Openembedded-core
mailing list