mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 18:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

libpcre2 : Follow up fix CVE-2022-1586

Browse Source 
CVE-2022-1586 was originally fixed by OE commit
https://github.com/openembedded/openembedded-core/commit/7f4daf88b71f
through libpcre2 commit
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e672

The follow up patch is required to resolve a bug in the initial fix[50a51cb7e672]
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
https://security-tracker.debian.org/tracker/CVE-2022-1586

(From OE-Core rev: 7e2fe508b456207fd991ece7621ef8ba24b89e59)

Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Shinu Chandran
2023-10-07 00:43:45 +05:30
committed by Steve Sakoman
parent d01194c739
commit e4d507b93b
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch Normal file
View File

@@ -0,0 +1,30 @@
From 5d1e62b0155292b994aa1c96d4ed8ce4346ef4c2 Mon Sep 17 00:00:00 2001
From: Zoltan Herczeg <hzmester@freemail.hu>
Date: Thu, 24 Mar 2022 05:34:42 +0000
Subject: [PATCH] Fix incorrect value reading in JIT.
CVE: CVE-2022-1586
Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3]
(cherry picked from commit d4fa336fbcc388f89095b184ba6d99422cfc676c)
Signed-off-by: Shinu Chandran <shinucha@cisco.com>
---
src/pcre2_jit_compile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
index 493c96d..fa57942 100644
--- a/src/pcre2_jit_compile.c
+++ b/src/pcre2_jit_compile.c
@@ -7188,7 +7188,7 @@ while (*cc != XCL_END)
{
SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
cc++;
- if (*cc == PT_CLIST && *cc == XCL_PROP)
+ if (*cc == PT_CLIST && cc[-1] == XCL_PROP)
{
other_cases = PRIV(ucd_caseless_sets) + cc[1];
while (*other_cases != NOTACHAR)
--
2.25.1

1
meta/recipes-support/libpcre/libpcre2_10.34.bb
View File

@@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
file://CVE-2022-1586.patch \
file://CVE-2022-1586-regression.patch \
file://CVE-2022-1587.patch \
file://CVE-2022-41409.patch \
"