diff options
Diffstat (limited to 'meta/recipes-devtools/perl/perl/CVE-2018-12015.patch')
| -rw-r--r-- | meta/recipes-devtools/perl/perl/CVE-2018-12015.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch b/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch deleted file mode 100644 index a33deaff6a..0000000000 --- a/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch +++ /dev/null @@ -1,48 +0,0 @@ -From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> -Date: Fri, 8 Jun 2018 11:45:40 +0100 -Subject: [PATCH] [PATCH] Remove existing files before overwriting them - -Archive should extract only the latest same-named entry. -Extracted regular file should not be writtent into existing block -device (or any other one). - -https://rt.cpan.org/Ticket/Display.html?id=125523 - -CVE: CVE-2018-12015 -Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5] - -Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk> -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> ---- - lib/Archive/Tar.pm | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm -index 6244369..a83975f 100644 ---- a/cpan/Archive-Tar/lib/Archive/Tar.pm -+++ b/cpan/Archive-Tar/lib/Archive/Tar.pm -@@ -845,6 +845,20 @@ sub _extract_file { - return; - } - -+ ### If a file system already contains a block device with the same name as -+ ### the being extracted regular file, we would write the file's content -+ ### to the block device. So remove the existing file (block device) now. -+ ### If an archive contains multiple same-named entries, the last one -+ ### should replace the previous ones. So remove the old file now. -+ ### If the old entry is a symlink to a file outside of the CWD, the new -+ ### entry would create a file there. This is CVE-2018-12015 -+ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>. -+ if (-l $full || -e _) { -+ if (!unlink $full) { -+ $self->_error( qq[Could not remove old file '$full': $!] ); -+ return; -+ } -+ } - if( length $entry->type && $entry->is_file ) { - my $fh = IO::File->new; - $fh->open( '>' . $full ) or ( --- -2.13.3 - |