libpcre2: Fix CVE-2017-8786

The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
author: Robert Yang <liezhi.yang@windriver.com> 2017-08-28 03:01:22 -0700
committer: Robert Yang <liezhi.yang@windriver.com> 2017-08-29 17:47:19 -0700
commit: b880c92a7789b5b0d630252ee84d0cc0e10863e8 (patch)
tree: e991015feb96c250ab7243b4f9ab192c4b53e723 /meta/recipes-support/libpcre/libpcre2_10.23.bb
parent: 2454019844c762613a2c78ed7f7f2d30960c0bfd (diff)
download: openembedded-core-contrib-b880c92a7789b5b0d630252ee84d0cc0e10863e8.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/libpcre/libpcre2_10.23.bb b/meta/recipes-support/libpcre/libpcre2_10.23.bb
index 794d973d71..63f8d51c9e 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.23.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.23.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=3de34df49e1fe3c3b59a08dff214488b"
 
 SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
            file://pcre-cross.patch \
+           file://libpcre2-CVE-2017-8786.patch \
 "
 
 SRC_URI[md5sum] = "b2cd00ca7e24049040099b0a46bb3649"
author	Robert Yang <liezhi.yang@windriver.com>	2017-08-28 03:01:22 -0700
committer	Robert Yang <liezhi.yang@windriver.com>	2017-08-29 17:47:19 -0700
commit	b880c92a7789b5b0d630252ee84d0cc0e10863e8 (patch)
tree	e991015feb96c250ab7243b4f9ab192c4b53e723 /meta/recipes-support/libpcre/libpcre2_10.23.bb
parent	2454019844c762613a2c78ed7f7f2d30960c0bfd (diff)
download	openembedded-core-contrib-b880c92a7789b5b0d630252ee84d0cc0e10863e8.tar.gz