diff options
author | Mingli Yu <Mingli.Yu@windriver.com> | 2016-09-21 17:47:32 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-22 11:08:22 +0100 |
commit | e2289647ace9ef96e6a7e4aae201fd9149e56678 (patch) | |
tree | 374ac0ac0583282e3db670a979a01125680b7a21 | |
parent | 81e550d0c23c9842b85207cdfa73bbe9102e01fb (diff) | |
download | openembedded-core-e2289647ace9ef96e6a7e4aae201fd9149e56678.tar.gz openembedded-core-e2289647ace9ef96e6a7e4aae201fd9149e56678.tar.bz2 openembedded-core-e2289647ace9ef96e6a7e4aae201fd9149e56678.zip |
perl: fix CVE-2015-8607
Backport patch to fix CVE-2015-8607 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r-- | meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch | 74 | ||||
-rw-r--r-- | meta/recipes-devtools/perl/perl_5.22.1.bb | 1 |
2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch new file mode 100644 index 0000000000..7b4a0015cb --- /dev/null +++ b/meta/recipes-devtools/perl/perl/perl-fix-CVE-2015-8607.patch @@ -0,0 +1,74 @@ +From 652c8d4852a69f1bb4d387946f9b76350a1f0d0e Mon Sep 17 00:00:00 2001 +From: Tony Cook <tony@develop-help.com> +Date: Tue, 15 Dec 2015 10:56:54 +1100 +Subject: [PATCH] perl: fix CVE-2015-8607 + +ensure File::Spec::canonpath() preserves taint + +Previously the unix specific XS implementation of canonpath() would +return an untainted path when supplied a tainted path. + +For the empty string case, newSVpvs() already sets taint as needed on +its result. + +This issue was assigned CVE-2015-8607. [perl #126862] + +Backport patch from http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd + +Upstream-Status: Backport +CVE: CVE-2015-8607 +Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> +--- + dist/PathTools/Cwd.xs | 1 + + dist/PathTools/t/taint.t | 19 ++++++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs +index 9d4dcf0..3d018dc 100644 +--- a/dist/PathTools/Cwd.xs ++++ b/dist/PathTools/Cwd.xs +@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) + *o = 0; + SvPOK_on(retval); + SvCUR_set(retval, o - SvPVX(retval)); ++ SvTAINT(retval); + return retval; + } + +diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t +index 309b3e5..48f8c5b 100644 +--- a/dist/PathTools/t/taint.t ++++ b/dist/PathTools/t/taint.t +@@ -12,7 +12,7 @@ use Test::More; + BEGIN { + plan( + ${^TAINT} +- ? (tests => 17) ++ ? (tests => 21) + : (skip_all => "A perl without taint support") + ); + } +@@ -34,3 +34,20 @@ foreach my $func (@Functions) { + + # Previous versions of Cwd tainted $^O + is !tainted($^O), 1, "\$^O should not be tainted"; ++ ++{ ++ # [perl #126862] canonpath() loses taint ++ my $tainted = substr($ENV{PATH}, 0, 0); ++ # yes, getcwd()'s result should be tainted, and is tested above ++ # but be sure ++ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), ++ "canonpath() keeps taint on non-empty string"; ++ ok tainted(File::Spec->canonpath($tainted)), ++ "canonpath() keeps taint on empty string"; ++ ++ (Cwd::getcwd() =~ /^(.*)/); ++ my $untainted = $1; ++ ok !tainted($untainted), "make sure our untainted value is untainted"; ++ ok !tainted(File::Spec->canonpath($untainted)), ++ "canonpath() doesn't add taint to untainted string"; ++} +-- +2.8.1 + diff --git a/meta/recipes-devtools/perl/perl_5.22.1.bb b/meta/recipes-devtools/perl/perl_5.22.1.bb index 33cad9efec..b904674d69 100644 --- a/meta/recipes-devtools/perl/perl_5.22.1.bb +++ b/meta/recipes-devtools/perl/perl_5.22.1.bb @@ -67,6 +67,7 @@ SRC_URI += " \ file://perl-test-customized.patch \ file://perl-fix-CVE-2016-2381.patch \ file://perl-fix-CVE-2016-6185.patch \ + file://perl-fix-CVE-2015-8607.patch \ " # Fix test case issues |