diff options
author | Ross Burton <ross.burton@intel.com> | 2013-04-29 15:25:02 +0100 |
---|---|---|
committer | Ross Burton <ross.burton@intel.com> | 2013-04-29 15:25:02 +0100 |
commit | b585a50b7bd735c3092af9477af263c13c853d32 (patch) | |
tree | fa43aa3465da589e1a82dea2b282f7136758259d | |
parent | 1d4f2d5ef65135e61d78ac0db90afe7f5d166d05 (diff) | |
download | openembedded-core-b585a50b7bd735c3092af9477af263c13c853d32.tar.gz |
perl: fix CVE-2012-6329
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6329:
"The _compile function in Maketext.pm in the Locale::Maketext implementation in
Perl before 5.17.7 does not properly handle backslashes and fully qualified
method names during compilation of bracket notation, which allows
context-dependent attackers to execute arbitrary commands via crafted input to
an application."
Patches taken from upstream git.
Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r-- | meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch | 71 | ||||
-rw-r--r-- | meta/recipes-devtools/perl/perl_5.14.2.bb | 1 |
2 files changed, 72 insertions, 0 deletions
diff --git a/meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch b/meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch new file mode 100644 index 0000000000..b9e2a4379b --- /dev/null +++ b/meta/recipes-devtools/perl/perl-5.14.2/cve-2012-6329.patch @@ -0,0 +1,71 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From 1735f6f53ca19f99c6e9e39496c486af323ba6a8 Mon Sep 17 00:00:00 2001 +From: Brian Carlson <brian.carlson@cpanel.net> +Date: Wed, 28 Nov 2012 08:54:33 -0500 +Subject: [PATCH] Fix misparsing of maketext strings. + +Case 61251: This commit fixes a misparse of maketext strings that could +lead to arbitrary code execution. Basically, maketext was compiling +bracket notation into functions, but neglected to escape backslashes +inside the content or die on fully-qualified method names when +generating the code. This change escapes all such backslashes and dies +when a method name with a colon or apostrophe is specified. +--- + AUTHORS | 1 + + dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++---------------- + 2 files changed, 9 insertions(+), 16 deletions(-) + +diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm +index 4822027..63e5fba 100644 +--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm ++++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm +@@ -625,21 +625,9 @@ sub _compile { + # 0-length method name means to just interpolate: + push @code, ' ('; + } +- elsif($m =~ /^\w+(?:\:\:\w+)*$/s +- and $m !~ m/(?:^|\:)\d/s +- # exclude starting a (sub)package or symbol with a digit ++ elsif($m =~ /^\w+$/s ++ # exclude anything fancy, especially fully-qualified module names + ) { +- # Yes, it even supports the demented (and undocumented?) +- # $obj->Foo::bar(...) syntax. +- $target->_die_pointing( +- $string_to_compile, q{Can't use "SUPER::" in a bracket-group method}, +- 2 + length($c[-1]) +- ) +- if $m =~ m/^SUPER::/s; +- # Because for SUPER:: to work, we'd have to compile this into +- # the right package, and that seems just not worth the bother, +- # unless someone convinces me otherwise. +- + push @code, ' $_[0]->' . $m . '('; + } + else { +@@ -693,7 +681,9 @@ sub _compile { + elsif(substr($1,0,1) ne '~') { + # it's stuff not containing "~" or "[" or "]" + # i.e., a literal blob +- $c[-1] .= $1; ++ my $text = $1; ++ $text =~ s/\\/\\\\/g; ++ $c[-1] .= $text; + + } + elsif($1 eq '~~') { # "~~" +@@ -731,7 +721,9 @@ sub _compile { + else { + # It's a "~X" where X is not a special character. + # Consider it a literal ~ and X. +- $c[-1] .= $1; ++ my $text = $1; ++ $text =~ s/\\/\\\\/g; ++ $c[-1] .= $text; + } + } + } +-- +1.7.4.1 diff --git a/meta/recipes-devtools/perl/perl_5.14.2.bb b/meta/recipes-devtools/perl/perl_5.14.2.bb index dc45bca52e..5e17661507 100644 --- a/meta/recipes-devtools/perl/perl_5.14.2.bb +++ b/meta/recipes-devtools/perl/perl_5.14.2.bb @@ -68,6 +68,7 @@ SRC_URI = "http://www.cpan.org/src/5.0/perl-${PV}.tar.gz \ file://perl-build-in-t-dir.patch \ file://perl-archlib-exp.patch \ file://perl-fix-CVE-2012-5195.patch \ + file://cve-2012-6329.patch \ \ file://config.sh \ file://config.sh-32 \ |