From: Romain Forlot <romain.forlot@iot.bzh>
Date: Fri, 2 Dec 2016 16:13:31 +0000 (+0000)
Subject: Fix: CVE-2016-1238 recent perl doesn't include cwd
X-Git-Tag: chinook_3.0.0~38
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F11%2F7411%2F4;p=AGL%2Fmeta-agl.git

Fix: CVE-2016-1238 recent perl doesn't include cwd

Upstream YP introduced
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=krogoth&id=529bbe2cc2cebeec0ee6cef27aba2d1aafe79d38

Thus this adds a follow-up fix for openssl.

Change-Id: Ifb55c3022596a6105662618f4cd08bd0165f5a6b
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
---

diff --git a/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend b/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend
new file mode 100644
index 000000000..31c5c2040
--- /dev/null
+++ b/meta-agl/recipes-connectivity/openssl/openssl_1.0.2h.bbappend
@@ -0,0 +1,7 @@
+# As fixed in debian package perl (5.22.2-3) [SECURITY] CVE-2016-1238
+# We have to tell perl to include cwd in @INC using PERL_USE_UNSAFE_INC
+# Fixed in morty release. See commit : http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=ffdc23ab5311b651e27c9bda16da5ddd482249fa
+
+do_configure_prepend() {
+${@'export PERL_USE_UNSAFE_INC=1' if (d.getVar("DISTRO_CODENAME", True) == "chinook") else ''}
+}