[OE-core] [PATCH][zeus 2/7] libpcre2: fix CVE-2019-20454
Anuj Mittal
anuj.mittal at intel.com
Mon Mar 16 16:31:00 UTC 2020
From: Lee Chee Yang <chee.yang.lee at intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee at intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
.../libpcre/libpcre2/CVE-2019-20454.patch | 19 +++++++++++++++++++
.../recipes-support/libpcre/libpcre2_10.33.bb | 1 +
2 files changed, 20 insertions(+)
create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
new file mode 100644
index 0000000000..51f95a7097
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2019-20454.patch
@@ -0,0 +1,19 @@
+Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1092&r2=1091&pathrev=1092]
+CVE: CVE-2020-8002
+Signed-off-by: Lee Chee Yang <chee.yang.lee at intel.com>
+
+--- pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:26:17 1091
++++ pcre2-10.30/src/pcre2_jit_compile.c 2019/05/13 16:38:18 1092
+@@ -8571,7 +8571,10 @@
+ PCRE2_SPTR bptr;
+ uint32_t c;
+
+-GETCHARINC(c, cc);
++/* Patch by PH */
++/* GETCHARINC(c, cc); */
++
++c = *cc++;
+ #if PCRE2_CODE_UNIT_WIDTH == 32
+ if (c >= 0x110000)
+ return NULL;
+
diff --git a/meta/recipes-support/libpcre/libpcre2_10.33.bb b/meta/recipes-support/libpcre/libpcre2_10.33.bb
index 50b26753b4..1020df99b8 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.33.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.33.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
+ file://CVE-2019-20454.patch \
"
SRC_URI[md5sum] = "80b355f2dce909a2e2424f5c79eddb44"
--
2.24.1
More information about the Openembedded-core
mailing list