From 8ec7a51da26f07fd43b5e6787b15c8636009b183 Mon Sep 17 00:00:00 2001 From: Lee Chee Yang Date: Wed, 11 Mar 2020 14:47:36 +0800 Subject: libpcre2: fix CVE-2019-20454 Signed-off-by: Lee Chee Yang Signed-off-by: Anuj Mittal --- .../libpcre/libpcre2/CVE-2019-20454.patch | 19 +++++++++++++++++++ meta/recipes-support/libpcre/libpcre2_10.33.bb | 1 + 2 files changed, 20 insertions(+) create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch (limited to 'meta') diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch new file mode 100644 index 0000000000..51f95a7097 --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch @@ -0,0 +1,19 @@ +Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092] +CVE: CVE-2020-8002 +Signed-off-by: Lee Chee Yang + +--- pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:26:17 1091 ++++ pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:38:18 1092 +@@ -8571,7 +8571,10 @@ + PCRE2_SPTR bptr; + uint32_t c; + +-GETCHARINC(c, cc); ++/* Patch by PH */ ++/* GETCHARINC(c, cc); */ ++ ++c = *cc++; + #if PCRE2_CODE_UNIT_WIDTH == 32 + if (c >= 0x110000) + return NULL; + diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb index 50b26753b4..1020df99b8 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.33.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb @@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37" SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ file://pcre-cross.patch \ + file://CVE-2019-20454.patch \ " SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44" -- cgit 1.2.3-korg