Hello Theo from what I see, this CVE also affects master (same version of Perl as in wrynose)
I couldn't find a similar patch for master. Please submit one before we can backport on stable branches Regards Jérémy On Thu May 28, 2026 at 2:01 PM CEST, Theo Gaige via lists.openembedded.org wrote: > From: "Theo Gaige (Schneider Electric)" <[email protected]> > > Backport patches from [1] > > [1] https://github.com/Perl/perl5/pull/24433 > > Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> > --- > .../perl/files/CVE-2026-8376-01.patch | 62 +++++++++++++++++++ > .../perl/files/CVE-2026-8376-02.patch | 49 +++++++++++++++ > meta/recipes-devtools/perl/perl_5.42.0.bb | 2 + > 3 files changed, 113 insertions(+) > create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch > create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch > > diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch > b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch > new file mode 100644 > index 0000000000..2b5d27147a > --- /dev/null > +++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch > @@ -0,0 +1,62 @@ > +From 6ad242ce86b16b74437e6815d507bc003e77a948 Mon Sep 17 00:00:00 2001 > +From: Tony Cook <[email protected]> > +Date: Tue, 12 May 2026 14:47:31 +1000 > +Subject: [PATCH 1/2] perl/perl-security#147: test cases > + > +The suggested case from the ticket and an alternative. > + > +(cherry picked from commit e842efdafe7c51a687a4907e4887988fe6a025ef) > + > +CVE: CVE-2026-8376 > +Upstream-Status: Backport > [https://github.com/Perl/perl5/commit/e842efdafe7c51a687a4907e4887988fe6a025ef] > +Signed-off-by: Theo Gaige (Schneider Electric) > <[email protected]> > +--- > + t/re/pat_psycho.t | 18 ++++++++++++++++-- > + 1 file changed, 16 insertions(+), 2 deletions(-) > + > +diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t > +index 336039521d..73a7992372 100644 > +--- a/t/re/pat_psycho.t > ++++ b/t/re/pat_psycho.t > +@@ -10,7 +10,7 @@ > + use strict; > + use warnings; > + use 5.010; > +- > ++use Config; > + > + sub run_tests; > + > +@@ -31,7 +31,7 @@ BEGIN { > + > + skip_all('$PERL_SKIP_PSYCHO_TEST set') if $ENV{PERL_SKIP_PSYCHO_TEST}; > + > +-plan tests => 15; # Update this when adding/deleting tests. > ++plan tests => 17; # Update this when adding/deleting tests. > + > + run_tests() unless caller; > + > +@@ -211,6 +211,20 @@ EOF > + > + > + } > ++ > ++ SKIP: > ++ { # sec #147 > ++ $Config{ptrsize} == 4 > ++ or skip "these only fail on x32 and use too much memory on x64", > 2; > ++ local $::TODO = "This crashes"; > ++ # original case > ++ fresh_perl_like('/\x{10000}{1073741824}/', > ++ qr/Regexp out of space/, {}, "ssize_t overflow"); > ++ > ++ # synthesized but similar case > ++ fresh_perl_like('/(?:\x{10001}\x{10000}){536870912}/', > ++ qr/Regexp out of space/, {}, "ssize_t overflow > again"); > ++ } > + } # End of sub run_tests > + > + 1; > +-- > +2.43.0 > + > diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch > b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch > new file mode 100644 > index 0000000000..a1fef66119 > --- /dev/null > +++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch > @@ -0,0 +1,49 @@ > +From 0fc9c70ccc0fea260326e08baa60d92797f8a79b Mon Sep 17 00:00:00 2001 > +From: Tony Cook <[email protected]> > +Date: Tue, 12 May 2026 14:51:00 +1000 > +Subject: [PATCH 2/2] perl/perl-security#147: test against the actual > character > + lengths > + > +(cherry picked from commit 5e7f119eb2bb1181be908701f22bf7068e722f1c) > + > +CVE: CVE-2026-8376 > +Upstream-Status: Backport > [https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c] > +Signed-off-by: Theo Gaige (Schneider Electric) > <[email protected]> > +--- > + regcomp_study.c | 7 +++++++ > + t/re/pat_psycho.t | 1 - > + 2 files changed, 7 insertions(+), 1 deletion(-) > + > +diff --git a/regcomp_study.c b/regcomp_study.c > +index 9106452dd5..05f1b017b1 100644 > +--- a/regcomp_study.c > ++++ b/regcomp_study.c > +@@ -2770,6 +2770,13 @@ Perl_study_chunk(pTHX_ > + (U8 *) > SvEND(data->last_found)) > + - (U8*)s; > + l -= old; > ++ > ++ if (l > 0 && > ++ (mincount >= SSize_t_MAX / (SSize_t)l > ++ || old > SSize_t_MAX - mincount * (SSize_t)l)) > { > ++ FAIL("Regexp out of space"); > ++ } > ++ > + /* Get the added string: */ > + last_str = newSVpvn_utf8(s + old, l, UTF); > + last_chrs = UTF ? utf8_length((U8*)(s + old), > +diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t > +index 73a7992372..9fd764fd5e 100644 > +--- a/t/re/pat_psycho.t > ++++ b/t/re/pat_psycho.t > +@@ -216,7 +216,6 @@ EOF > + { # sec #147 > + $Config{ptrsize} == 4 > + or skip "these only fail on x32 and use too much memory on x64", > 2; > +- local $::TODO = "This crashes"; > + # original case > + fresh_perl_like('/\x{10000}{1073741824}/', > + qr/Regexp out of space/, {}, "ssize_t overflow"); > +-- > +2.43.0 > + > diff --git a/meta/recipes-devtools/perl/perl_5.42.0.bb > b/meta/recipes-devtools/perl/perl_5.42.0.bb > index cf28067bab..1833b7a352 100644 > --- a/meta/recipes-devtools/perl/perl_5.42.0.bb > +++ b/meta/recipes-devtools/perl/perl_5.42.0.bb > @@ -16,6 +16,8 @@ SRC_URI = > "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ > file://0002-Constant-Fix-up-shebang.patch \ > file://determinism.patch \ > > file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ > + file://CVE-2026-8376-01.patch \ > + file://CVE-2026-8376-02.patch \ > " > SRC_URI:append:class-native = " \ > file://perl-configpm-switch.patch \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238241): https://lists.openembedded.org/g/openembedded-core/message/238241 Mute This Topic: https://lists.openembedded.org/mt/119528488/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
