diff options
| author |   Robert Yang <liezhi.yang@windriver.com> | 2015-06-17 00:19:42 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-07-01 15:38:20 +0100 |
| commit | 06d43a90acbe63baea62d220659149a3ff2f9198 (patch) | |
| tree | 7bc9adc24b74694192fba12119e87b0d86521fb5 /meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch | |
| parent | eb54c29d0566e01c287bdccbdb26c188aac66033 (diff) | |
| download | openembedded-core-contrib-06d43a90acbe63baea62d220659149a3ff2f9198.tar.gz | |
perl: 5.20.0 -> 5.22.0
* Remove:
- perl-5.14.3-fix-CVE-2010-4777.patch: backport
- fix-FF_MORE-crash.patch: backport
- perl-rprovides.inc: it was introduced by 5.8.7, the lines in it are like:
RPROVIDES_perl-module-b-asmdata = "perl-module-${TARGET_SYS}-b-asmdata"
If some packages do RPDEND on something like
perl-module-${TARGET_SYS}-b-asmdatam, we need update the package rather
than keep use RPROVIDES in perl-rprovides.inc, so remove it.
- perl-rprovides_5.20.0.inc: it only has one line:
RPROVIDES_perl-module-module-build, but the perl-module-module-build
is gone in 5.22.0, so remove it.
* Update:
- debian patches from http://ftp.de.debian.org/debian/pool/main/p/perl/perl_5.20.0-1.debian.tar.xz
- Makefile.SH.patch
- Merge 0001-Makefile.SH-fix-do_install-failed.patch into Makefile.SH.patch
- native-nopacklist.patch
- config.sh
* The CGI.pm and Module::Build disappear from core, so no
perl-module-module-build.rpm any more, more info:
http://perltricks.com/article/165/2015/4/10/A-preview-of-Perl-5-22
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Diffstat (limited to 'meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch')
| -rw-r--r-- | meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch b/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch deleted file mode 100644 index e0dcf412bb..0000000000 --- a/meta/recipes-devtools/perl/perl-5.20.0/perl-5.14.3-fix-CVE-2010-4777.patch +++ /dev/null @@ -1,45 +0,0 @@ -perl:fix for CVE-2010-4777 - -Upstream-Status: Backport - -The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, -5.14.0, and other versions, when running with debugging enabled, -allows context-dependent attackers to cause a denial of service -(assertion failure and application exit) via crafted input that -is not properly handled when using certain regular expressions, -as demonstrated by causing SpamAssassin and OCSInventory to -crash. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 - -Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> ---- a/regcomp.c -+++ b/regcomp.c -@@ -11868,8 +11868,25 @@ Perl_save_re_context(pTHX) - - if (gvp) { - GV * const gv = *gvp; -- if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) -- save_scalar(gv); -+ if (SvTYPE(gv) == SVt_PVGV && GvSV(gv)) { -+ /* this is a copy of save_scalar() without the GETMAGIC call, RT#76538 */ -+ SV ** const sptr = &GvSVn(gv); -+ SV * osv = *sptr; -+ SV * nsv = newSV(0); -+ save_pushptrptr(SvREFCNT_inc_simple(gv), -+ SvREFCNT_inc(osv), SAVEt_SV); -+ if (SvTYPE(osv) >= SVt_PVMG && SvMAGIC(osv) && -+ SvTYPE(osv) != SVt_PVGV) { -+ if (SvGMAGICAL(osv)) { -+ const bool oldtainted = PL_tainted; -+ SvFLAGS(osv) |= (SvFLAGS(osv) & -+ (SVp_IOK|SVp_NOK|SVp_POK)) >> PRIVSHIFT; -+ PL_tainted = oldtainted; -+ } -+ mg_localize(osv, nsv, 1); -+ } -+ *sptr = nsv; -+ } - } - } - } |