diff options
Diffstat (limited to 'meta-oe/recipes-devtools/perl')
5 files changed, 62 insertions, 4 deletions
diff --git a/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb b/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb index c812ae1374..03812e901b 100644 --- a/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb +++ b/meta-oe/recipes-devtools/perl/ipc-run_20180523.0.bb @@ -9,7 +9,7 @@ LICENSE = "Artistic-1.0 | GPL-1.0+" LIC_FILES_CHKSUM = "file://LICENSE;md5=0ebd37caf53781e8b7223e6b99b63f4e" DEPENDS = "perl" -SRC_URI = "git://github.com/toddr/IPC-Run.git" +SRC_URI = "git://github.com/toddr/IPC-Run.git;branch=master;protocol=https" SRCREV = "0b409702490729eeb97ae65f5b94d949ec083134" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb index 049dc665dd..760c0ad0a5 100644 --- a/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb +++ b/meta-oe/recipes-devtools/perl/libdbd-mysql-perl_4.050.bb @@ -15,7 +15,7 @@ DEPENDS += "libdev-checklib-perl-native libdbi-perl-native libmysqlclient" LIC_FILES_CHKSUM = "file://LICENSE;md5=d0a06964340e5c0cde88b7af611f755c" SRCREV = "9b5b70ea372f49fe9bc9e592dae3870596d1e3d6" -SRC_URI = "git://github.com/perl5-dbi/DBD-mysql.git;protocol=https" +SRC_URI = "git://github.com/perl5-dbi/DBD-mysql.git;protocol=https;branch=master" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch b/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch new file mode 100644 index 0000000000..b41bbe0a50 --- /dev/null +++ b/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch @@ -0,0 +1,56 @@ +Backport patch to fix CVE-2014-10402. + +CVE: CVE-2014-10402 +Upstream-Status: Backport [https://github.com/rehsack/dbi/commit/19d0fb1] + +Ref: +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + + +From 19d0fb169eed475e1c053e99036b8668625cfa94 Mon Sep 17 00:00:00 2001 +From: Jens Rehsack <sno@netbsd.org> +Date: Tue, 6 Oct 2020 10:22:17 +0200 +Subject: [PATCH] lib/DBD/File.pm: fix CVE-2014-10401 + +Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and +figure out that DBI->parse_dsn is the wrong helper to parse our attributes in +DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes +parse_dsn to bailout. + +Parsing on our own similar to parse_dsn shows the way out. + +Signed-off-by: Jens Rehsack <sno@netbsd.org> +--- + lib/DBD/File.pm | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm +index fb14e9a..f55076f 100644 +--- a/lib/DBD/File.pm ++++ b/lib/DBD/File.pm +@@ -109,7 +109,11 @@ sub connect + # We do not (yet) care about conflicting attributes here + # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" }); + # will test here that both test and text should exist +- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) { ++ # ++ # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter. ++ if ($dbname) { ++ my @attrs = split /;/ => $dbname; ++ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs }; + if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) { + my $msg = "No such directory '$attr_hash->{f_dir}"; + $drh->set_err (2, $msg); +@@ -120,7 +124,6 @@ sub connect + if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) { + my $msg = "No such directory '$attr->{f_dir}"; + $drh->set_err (2, $msg); +- $attr->{RaiseError} and croak $msg; + return; + } + +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb b/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb index 75fad46bfd..c8abae628f 100644 --- a/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb +++ b/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb @@ -9,7 +9,9 @@ SECTION = "libs" LICENSE = "Artistic-1.0 | GPL-1.0+" LIC_FILES_CHKSUM = "file://LICENSE;md5=10982c7148e0a012c0fd80534522f5c5" -SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz" +SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz \ + file://CVE-2014-10402.patch \ + " SRC_URI[md5sum] = "352f80b1e23769c116082a90905d7398" SRC_URI[sha256sum] = "8a2b993db560a2c373c174ee976a51027dd780ec766ae17620c20393d2e836fa" diff --git a/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb b/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb index 4e5a8a6ff2..29bc99e141 100644 --- a/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb +++ b/meta-oe/recipes-devtools/perl/libjson-perl_4.02000.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://README;beginline=1171;endline=1176;md5=3be2cb8159d094 DEPENDS += "perl" -SRC_URI = "git://github.com/makamaka/JSON.git;protocol=https" +SRC_URI = "git://github.com/makamaka/JSON.git;protocol=https;branch=master" SRCREV = "42a6324df654e92419512cee80c0b49155d9e56d" |