From: "Theo Gaige (Schneider Electric)" <[email protected]>
Backport patches from [1] [1] https://github.com/Perl/perl5/pull/24433 Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> --- .../perl/files/CVE-2026-8376-01.patch | 62 +++++++++++++++++++ .../perl/files/CVE-2026-8376-02.patch | 49 +++++++++++++++ meta/recipes-devtools/perl/perl_5.42.0.bb | 2 + 3 files changed, 113 insertions(+) create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch new file mode 100644 index 0000000000..2b5d27147a --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch @@ -0,0 +1,62 @@ +From 6ad242ce86b16b74437e6815d507bc003e77a948 Mon Sep 17 00:00:00 2001 +From: Tony Cook <[email protected]> +Date: Tue, 12 May 2026 14:47:31 +1000 +Subject: [PATCH 1/2] perl/perl-security#147: test cases + +The suggested case from the ticket and an alternative. + +(cherry picked from commit e842efdafe7c51a687a4907e4887988fe6a025ef) + +CVE: CVE-2026-8376 +Upstream-Status: Backport [https://github.com/Perl/perl5/commit/e842efdafe7c51a687a4907e4887988fe6a025ef] +Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> +--- + t/re/pat_psycho.t | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t +index 336039521d..73a7992372 100644 +--- a/t/re/pat_psycho.t ++++ b/t/re/pat_psycho.t +@@ -10,7 +10,7 @@ + use strict; + use warnings; + use 5.010; +- ++use Config; + + sub run_tests; + +@@ -31,7 +31,7 @@ BEGIN { + + skip_all('$PERL_SKIP_PSYCHO_TEST set') if $ENV{PERL_SKIP_PSYCHO_TEST}; + +-plan tests => 15; # Update this when adding/deleting tests. ++plan tests => 17; # Update this when adding/deleting tests. + + run_tests() unless caller; + +@@ -211,6 +211,20 @@ EOF + + + } ++ ++ SKIP: ++ { # sec #147 ++ $Config{ptrsize} == 4 ++ or skip "these only fail on x32 and use too much memory on x64", 2; ++ local $::TODO = "This crashes"; ++ # original case ++ fresh_perl_like('/\x{10000}{1073741824}/', ++ qr/Regexp out of space/, {}, "ssize_t overflow"); ++ ++ # synthesized but similar case ++ fresh_perl_like('/(?:\x{10001}\x{10000}){536870912}/', ++ qr/Regexp out of space/, {}, "ssize_t overflow again"); ++ } + } # End of sub run_tests + + 1; +-- +2.43.0 + diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch new file mode 100644 index 0000000000..a1fef66119 --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch @@ -0,0 +1,49 @@ +From 0fc9c70ccc0fea260326e08baa60d92797f8a79b Mon Sep 17 00:00:00 2001 +From: Tony Cook <[email protected]> +Date: Tue, 12 May 2026 14:51:00 +1000 +Subject: [PATCH 2/2] perl/perl-security#147: test against the actual character + lengths + +(cherry picked from commit 5e7f119eb2bb1181be908701f22bf7068e722f1c) + +CVE: CVE-2026-8376 +Upstream-Status: Backport [https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c] +Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> +--- + regcomp_study.c | 7 +++++++ + t/re/pat_psycho.t | 1 - + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/regcomp_study.c b/regcomp_study.c +index 9106452dd5..05f1b017b1 100644 +--- a/regcomp_study.c ++++ b/regcomp_study.c +@@ -2770,6 +2770,13 @@ Perl_study_chunk(pTHX_ + (U8 *) SvEND(data->last_found)) + - (U8*)s; + l -= old; ++ ++ if (l > 0 && ++ (mincount >= SSize_t_MAX / (SSize_t)l ++ || old > SSize_t_MAX - mincount * (SSize_t)l)) { ++ FAIL("Regexp out of space"); ++ } ++ + /* Get the added string: */ + last_str = newSVpvn_utf8(s + old, l, UTF); + last_chrs = UTF ? utf8_length((U8*)(s + old), +diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t +index 73a7992372..9fd764fd5e 100644 +--- a/t/re/pat_psycho.t ++++ b/t/re/pat_psycho.t +@@ -216,7 +216,6 @@ EOF + { # sec #147 + $Config{ptrsize} == 4 + or skip "these only fail on x32 and use too much memory on x64", 2; +- local $::TODO = "This crashes"; + # original case + fresh_perl_like('/\x{10000}{1073741824}/', + qr/Regexp out of space/, {}, "ssize_t overflow"); +-- +2.43.0 + diff --git a/meta/recipes-devtools/perl/perl_5.42.0.bb b/meta/recipes-devtools/perl/perl_5.42.0.bb index cf28067bab..1833b7a352 100644 --- a/meta/recipes-devtools/perl/perl_5.42.0.bb +++ b/meta/recipes-devtools/perl/perl_5.42.0.bb @@ -16,6 +16,8 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ file://0002-Constant-Fix-up-shebang.patch \ file://determinism.patch \ file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ + file://CVE-2026-8376-01.patch \ + file://CVE-2026-8376-02.patch \ " SRC_URI:append:class-native = " \ file://perl-configpm-switch.patch \ -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237701): https://lists.openembedded.org/g/openembedded-core/message/237701 Mute This Topic: https://lists.openembedded.org/mt/119528488/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
