summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMingli Yu <Mingli.Yu@windriver.com>2016-09-21 17:47:32 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-09-22 11:08:22 +0100
commite2289647ace9ef96e6a7e4aae201fd9149e56678 (patch)
tree374ac0ac0583282e3db670a979a01125680b7a21
parent81e550d0c23c9842b85207cdfa73bbe9102e01fb (diff)
downloadopenembedded-core-e2289647ace9ef96e6a7e4aae201fd9149e56678.tar.gz
openembedded-core-e2289647ace9ef96e6a7e4aae201fd9149e56678.tar.bz2
openembedded-core-e2289647ace9ef96e6a7e4aae201fd9149e56678.zip
perl: fix CVE-2015-8607
Backport patch to fix CVE-2015-8607 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r--meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch74
-rw-r--r--meta/recipes-devtools/perl/perl_5.22.1.bb1
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch
new file mode 100644
index 0000000000..7b4a0015cb
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch
@@ -0,0 +1,74 @@
+From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 15 Dec 2015 10:56:54 +1100
+Subject: [PATCH] perl: fix CVE-2015-8607
+
+ensure File::Spec::canonpath() preserves taint
+
+Previously the unix specific XS implementation of canonpath() would
+return an untainted path when supplied a tainted path.
+
+For the empty string case, newSVpvs() already sets taint as needed on
+its result.
+
+This issue was assigned CVE-2015-8607. [perl #126862]
+
+Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
+
+Upstream-Status: Backport
+CVE: CVE-2015-8607
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ dist/PathTools/Cwd.xs | 1 +
+ dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
+index 9d4dcf0..3d018dc 100644
+--- a/dist/PathTools/Cwd.xs
++++ b/dist/PathTools/Cwd.xs
+@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
+ *o = 0;
+ SvPOK_on(retval);
+ SvCUR_set(retval, o - SvPVX(retval));
++ SvTAINT(retval);
+ return retval;
+ }
+
+diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
+index 309b3e5..48f8c5b 100644
+--- a/dist/PathTools/t/taint.t
++++ b/dist/PathTools/t/taint.t
+@@ -12,7 +12,7 @@ use Test::More;
+ BEGIN {
+ plan(
+ ${^TAINT}
+- ? (tests => 17)
++ ? (tests => 21)
+ : (skip_all => "A perl without taint support")
+ );
+ }
+@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
+
+ # Previous versions of Cwd tainted $^O
+ is !tainted($^O), 1, "\$^O should not be tainted";
++
++{
++ # [perl #126862] canonpath() loses taint
++ my $tainted = substr($ENV{PATH}, 0, 0);
++ # yes, getcwd()'s result should be tainted, and is tested above
++ # but be sure
++ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
++ "canonpath() keeps taint on non-empty string";
++ ok tainted(File::Spec->canonpath($tainted)),
++ "canonpath() keeps taint on empty string";
++
++ (Cwd::getcwd() =~ /^(.*)/);
++ my $untainted = $1;
++ ok !tainted($untainted), "make sure our untainted value is untainted";
++ ok !tainted(File::Spec->canonpath($untainted)),
++ "canonpath() doesn't add taint to untainted string";
++}
+--
+2.8.1
+
diff --git a/meta/recipes-devtools/perl/perl_5.22.1.bb b/meta/recipes-devtools/perl/perl_5.22.1.bb
index 33cad9efec..b904674d69 100644
--- a/meta/recipes-devtools/perl/perl_5.22.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.22.1.bb
@@ -67,6 +67,7 @@ SRC_URI += " \
file://perl-test-customized.patch \
file://perl-fix-CVE-2016-2381.patch \
file://perl-fix-CVE-2016-6185.patch \
+ file://perl-fix-CVE-2015-8607.patch \
"
# Fix test case issues