poky: sumo refresh 874976b..45ef387
Update poky to sumo HEAD.
Alexander Kanavin (1):
openssl: fix upstream version check for 1.0 version
Andre McCurdy (19):
openssl_1.1: avoid using += with an over-ride
openssl_1.1: minor recipe formatting tweaks etc
openssl_1.0: merge openssl10.inc into the openssl_1.0.2o.bb recipe
openssl_1.0: minor recipe formatting tweaks etc
openssl_1.0: drop curly brackets from shell local variables
openssl_1.0: fix cryptodev-linux PACKAGECONFIG support
openssl_1.0: drop leading "-" from no-ssl3 config option
openssl_1.0: avoid running make twice for target do_compile()
openssl: remove uclibc remnants
openssl: support musl-x32 build
openssl: minor indent fixes
openssl_1.0: drop obsolete ca.patch
openssl_1.0: drop obsolete exporting of AS, EX_LIBS and DIRS
openssl_1.0: drop unmaintained darwin support
openssl_1.0: add PACKAGECONFIG option to control manpages
openssl_1.0: squash whitespace in CC_INFO
openssl: fix missing dependency on hostperl-runtime-native
openssl_1.0: drop unnecessary dependency on makedepend-native
openssl_1.0: drop unnecessary call to perlpath.pl from do_configure()
Andrej Valek (3):
openssl-1.1: fix c_rehash perl errors
openssl: update 1.0.2o -> 1.0.2p
openssl: update 1.1.0h -> 1.1.0i
Anuj Mittal (1):
wic/qemux86: don't pass ip parameter to kernel in wks
Changqing Li (1):
unzip: fix CVE-2018-1000035
Hongxu Jia (2):
nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316
patch: fix CVE-2018-6952
Jagadeesh Krishnanjanappa (19):
libvorbis: CVE-2017-14160 CVE-2018-10393
libvorbis: CVE-2018-10392
flac: CVE-2017-6888
libarchive: CVE-2017-14503
libsndfile1: CVE-2017-14245 CVE-2017-14246
libsndfile1: CVE-2017-14634
coreutils: CVE-2017-18018
libgcrypt: CVE-2018-0495
git: CVE-2018-11235
gnupg: CVE-2018-12020
shadow: CVE-2018-7169
procps: CVE-2018-1124
python: CVE-2018-1000030
qemu: CVE-2018-7550
qemu: CVE-2018-12617
perl: CVE-2018-6798
perl: CVE-2018-6797
perl: CVE-2018-6913
perl: CVE-2018-12015
Joshua Watt (2):
alsa-lib: Cleanup packaging
swig: Remove superfluous python dependency
Ovidiu Panait (1):
openssl-nativesdk: Fix "can't open config file" warning
Ross Burton (6):
bzip2: use Yocto Project mirror for SRC_URI
classes: sanity-check LIC_FILES_CHKSUM
openssl: disable ccache usage
unzip: fix symlink problem
bitbake: utils/md5_file: don't iterate line-by-line
bitbake: checksum: sanity check path when recursively checksumming
Change-Id: I262a451f483cb276343ae6f02c272af053d33d7a
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
new file mode 100644
index 0000000..a33deaf
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-12015.patch
@@ -0,0 +1,48 @@
+From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 8 Jun 2018 11:45:40 +0100
+Subject: [PATCH] [PATCH] Remove existing files before overwriting them
+
+Archive should extract only the latest same-named entry.
+Extracted regular file should not be writtent into existing block
+device (or any other one).
+
+https://rt.cpan.org/Ticket/Display.html?id=125523
+
+CVE: CVE-2018-12015
+Upstream-Status: Backport [https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5]
+
+Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/Archive/Tar.pm | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm
+index 6244369..a83975f 100644
+--- a/cpan/Archive-Tar/lib/Archive/Tar.pm
++++ b/cpan/Archive-Tar/lib/Archive/Tar.pm
+@@ -845,6 +845,20 @@ sub _extract_file {
+ return;
+ }
+
++ ### If a file system already contains a block device with the same name as
++ ### the being extracted regular file, we would write the file's content
++ ### to the block device. So remove the existing file (block device) now.
++ ### If an archive contains multiple same-named entries, the last one
++ ### should replace the previous ones. So remove the old file now.
++ ### If the old entry is a symlink to a file outside of the CWD, the new
++ ### entry would create a file there. This is CVE-2018-12015
++ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>.
++ if (-l $full || -e _) {
++ if (!unlink $full) {
++ $self->_error( qq[Could not remove old file '$full': $!] );
++ return;
++ }
++ }
+ if( length $entry->type && $entry->is_file ) {
+ my $fh = IO::File->new;
+ $fh->open( '>' . $full ) or (
+--
+2.13.3
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
new file mode 100644
index 0000000..b56ebd3
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6797.patch
@@ -0,0 +1,45 @@
+From abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Fri, 2 Feb 2018 15:14:27 -0700
+Subject: [PATCH] (perl #132227) restart a node if we change to uni rules
+ within the node and encounter a sharp S
+
+This could lead to a buffer overflow.
+
+(cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d)
+
+CVE: CVE-2018-6797
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ regcomp.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 3b9550b10d..a7dee9a09e 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13543,6 +13543,18 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+ * /u. This includes the multi-char fold SHARP S to
+ * 'ss' */
+ if (UNLIKELY(ender == LATIN_SMALL_LETTER_SHARP_S)) {
++
++ /* If the node started out having uni rules, we
++ * wouldn't have gotten here. So this means
++ * something in the middle has changed it, but
++ * didn't think it needed to reparse. But this
++ * sharp s now does indicate the need for
++ * reparsing. */
++ if (RExC_uni_semantics) {
++ p = oldp;
++ goto loopdone;
++ }
++
+ RExC_seen_unfolded_sharp_s = 1;
+ maybe_exactfu = FALSE;
+ }
+--
+2.15.1-424-g9478a660812
+
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch
new file mode 100644
index 0000000..3477162
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-1.patch
@@ -0,0 +1,130 @@
+From 0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Tue, 6 Feb 2018 14:50:48 -0700
+Subject: [PATCH] [perl #132063]: Heap buffer overflow
+
+The proximal cause is several instances in regexec.c of the code
+assuming that the input was valid UTF-8, whereas the input was too short
+for what the start byte claimed it would be.
+
+I grepped through the core for any other similar uses, and did not find
+any.
+
+(cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/patch/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ regexec.c | 29 ++++++++++++++++-------------
+ t/lib/warnings/regexec | 7 +++++++
+ 2 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/regexec.c b/regexec.c
+index 5735b997fd..ea432c39d3 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -1466,7 +1466,9 @@ Perl_re_intuit_start(pTHX_
+ ? trie_utf8_fold \
+ : trie_latin_utf8_fold)))
+
+-#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uscan, len, uvc, charid, foldlen, foldbuf, uniflags) \
++/* 'uscan' is set to foldbuf, and incremented, so below the end of uscan is
++ * 'foldbuf+sizeof(foldbuf)' */
++#define REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc, uc_end, uscan, len, uvc, charid, foldlen, foldbuf, uniflags) \
+ STMT_START { \
+ STRLEN skiplen; \
+ U8 flags = FOLD_FLAGS_FULL; \
+@@ -1474,7 +1476,7 @@ STMT_START {
+ case trie_flu8: \
+ _CHECK_AND_WARN_PROBLEMATIC_LOCALE; \
+ if (utf8_target && UTF8_IS_ABOVE_LATIN1(*uc)) { \
+- _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc + UTF8SKIP(uc)); \
++ _CHECK_AND_OUTPUT_WIDE_LOCALE_UTF8_MSG(uc, uc_end - uc); \
+ } \
+ goto do_trie_utf8_fold; \
+ case trie_utf8_exactfa_fold: \
+@@ -1483,7 +1485,7 @@ STMT_START {
+ case trie_utf8_fold: \
+ do_trie_utf8_fold: \
+ if ( foldlen>0 ) { \
+- uvc = utf8n_to_uvchr( (const U8*) uscan, UTF8_MAXLEN, &len, uniflags ); \
++ uvc = utf8n_to_uvchr( (const U8*) uscan, foldlen, &len, uniflags ); \
+ foldlen -= len; \
+ uscan += len; \
+ len=0; \
+@@ -1500,7 +1502,7 @@ STMT_START {
+ /* FALLTHROUGH */ \
+ case trie_latin_utf8_fold: \
+ if ( foldlen>0 ) { \
+- uvc = utf8n_to_uvchr( (const U8*) uscan, UTF8_MAXLEN, &len, uniflags ); \
++ uvc = utf8n_to_uvchr( (const U8*) uscan, foldlen, &len, uniflags ); \
+ foldlen -= len; \
+ uscan += len; \
+ len=0; \
+@@ -1519,7 +1521,7 @@ STMT_START {
+ } \
+ /* FALLTHROUGH */ \
+ case trie_utf8: \
+- uvc = utf8n_to_uvchr( (const U8*) uc, UTF8_MAXLEN, &len, uniflags ); \
++ uvc = utf8n_to_uvchr( (const U8*) uc, uc_end - uc, &len, uniflags ); \
+ break; \
+ case trie_plain: \
+ uvc = (UV)*uc; \
+@@ -2599,10 +2601,10 @@ S_find_byclass(pTHX_ regexp * prog, const regnode *c, char *s,
+ }
+ points[pointpos++ % maxlen]= uc;
+ if (foldlen || uc < (U8*)strend) {
+- REXEC_TRIE_READ_CHAR(trie_type, trie,
+- widecharmap, uc,
+- uscan, len, uvc, charid, foldlen,
+- foldbuf, uniflags);
++ REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc,
++ (U8 *) strend, uscan, len, uvc,
++ charid, foldlen, foldbuf,
++ uniflags);
+ DEBUG_TRIE_EXECUTE_r({
+ dump_exec_pos( (char *)uc, c, strend,
+ real_start, s, utf8_target, 0);
+@@ -5511,8 +5513,9 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, regnode *prog)
+ if ( base && (foldlen || uc < (U8*)(reginfo->strend))) {
+ I32 offset;
+ REXEC_TRIE_READ_CHAR(trie_type, trie, widecharmap, uc,
+- uscan, len, uvc, charid, foldlen,
+- foldbuf, uniflags);
++ (U8 *) reginfo->strend, uscan,
++ len, uvc, charid, foldlen,
++ foldbuf, uniflags);
+ charcount++;
+ if (foldlen>0)
+ ST.longfold = TRUE;
+@@ -5642,8 +5645,8 @@ S_regmatch(pTHX_ regmatch_info *reginfo, char *startpos, regnode *prog)
+ while (foldlen) {
+ if (!--chars)
+ break;
+- uvc = utf8n_to_uvchr(uscan, UTF8_MAXLEN, &len,
+- uniflags);
++ uvc = utf8n_to_uvchr(uscan, foldlen, &len,
++ uniflags);
+ uscan += len;
+ foldlen -= len;
+ }
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 900dd6ee7f..6635142dea 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -260,3 +260,10 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ "k" =~ /(?[ \N{KELVIN SIGN} ])/i;
+ ":" =~ /(?[ \: ])/;
+ EXPECT
++########
++# NAME perl #132063, read beyond buffer end
++# OPTION fatal
++"\xff" =~ /(?il)\x{100}|\x{100}/;
++EXPECT
++Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
++Malformed UTF-8 character (fatal) at - line 2.
+--
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
new file mode 100644
index 0000000..fb9b41a
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6798-2.patch
@@ -0,0 +1,37 @@
+From f65da1ca2eee74696d9c120e9d69af37b4fa1920 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 19 Feb 2018 15:11:42 +1100
+Subject: [PATCH] (perl #132063) we should no longer warn for this code
+
+The first patch for 132063 prevented the buffer read overflow when
+dumping the warning but didn't fix the underlying problem.
+
+The next change treats the supplied buffer correctly, preventing the
+non-UTF-8 SV from being treated as UTF-8, preventing the warning.
+
+(cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f)
+
+CVE: CVE-2018-6798
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ t/lib/warnings/regexec | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/t/lib/warnings/regexec b/t/lib/warnings/regexec
+index 6635142dea..c370ddc3c7 100644
+--- a/t/lib/warnings/regexec
++++ b/t/lib/warnings/regexec
+@@ -262,8 +262,5 @@ setlocale(&POSIX::LC_CTYPE, $utf8_locale);
+ EXPECT
+ ########
+ # NAME perl #132063, read beyond buffer end
+-# OPTION fatal
+ "\xff" =~ /(?il)\x{100}|\x{100}/;
+ EXPECT
+-Malformed UTF-8 character: \xff (too short; 1 byte available, need 13) in pattern match (m//) at - line 2.
+-Malformed UTF-8 character (fatal) at - line 2.
+--
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch
new file mode 100644
index 0000000..157af7b
--- /dev/null
+++ b/poky/meta/recipes-devtools/perl/perl/CVE-2018-6913.patch
@@ -0,0 +1,153 @@
+From f17fed5006177dce8ac48229c424a2da0d6ba492 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 8 Aug 2017 09:32:58 +1000
+Subject: [PATCH] (perl #131844) fix various space calculation issues in
+ pp_pack.c
+
+- for the originally reported case, if the start/cur pointer is in the
+ top 75% of the address space the add (cur) + glen addition would
+ overflow, resulting in the condition failing incorrectly.
+
+- the addition of the existing space used to the space needed could
+ overflow, resulting in too small an allocation and a buffer overflow.
+
+- the scaling for UTF8 could overflow.
+
+- the multiply to calculate the space needed for many items could
+ overflow.
+
+For the first case, do a space calculation without making new pointers.
+
+For the other cases, detect the overflow and croak if there's an
+overflow.
+
+Originally this used Size_t_MAX as the maximum size of a memory
+allocation, but for -DDEBUGGING builds realloc() throws a panic for
+allocations over half the address space in size, changing the error
+reported for the allocation.
+
+For non-DEBUGGING builds the Size_t_MAX limit has the small chance
+of finding a system that has 3GB of contiguous space available, and
+allocating that space, which could be a denial of servce in some cases.
+
+Unfortunately changing the limit to half the address space means that
+the exact case with the original issue can no longer occur, so the
+test is no longer testing against the address + length issue that
+caused the original problem, since the allocation is failing earlier.
+
+One option would be to change the test so the size request by pack is
+just under 2GB, but this has a higher (but still low) probability that
+the system has the address space available, and will actually try to
+allocate the memory, so let's not do that.
+
+Note: changed
+plan tests => 14713;
+to
+plan tests => 14712;
+in a/t/op/pack.t
+to apply this patch on perl 5.24.1.
+
+CVE: CVE-2018-6913
+Upstream-Status: Backport [https://perl5.git.perl.org/perl.git/commitdiff/f17fed5006177dce8ac48229c424a2da0d6ba492]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ pp_pack.c | 25 +++++++++++++++++++++----
+ t/op/pack.t | 24 +++++++++++++++++++++++-
+ 2 files changed, 44 insertions(+), 5 deletions(-)
+
+diff --git a/pp_pack.c b/pp_pack.c
+index 8937d6d715..5e9cc64301 100644
+--- a/pp_pack.c
++++ b/pp_pack.c
+@@ -357,11 +357,28 @@ STMT_START { \
+ } \
+ } STMT_END
+
++#define SAFE_UTF8_EXPAND(var) \
++STMT_START { \
++ if ((var) > SSize_t_MAX / UTF8_EXPAND) \
++ Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++ (var) = (var) * UTF8_EXPAND; \
++} STMT_END
++
++#define GROWING2(utf8, cat, start, cur, item_size, item_count) \
++STMT_START { \
++ if (SSize_t_MAX / (item_size) < (item_count)) \
++ Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++ GROWING((utf8), (cat), (start), (cur), (item_size) * (item_count)); \
++} STMT_END
++
+ #define GROWING(utf8, cat, start, cur, in_len) \
+ STMT_START { \
+ STRLEN glen = (in_len); \
+- if (utf8) glen *= UTF8_EXPAND; \
+- if ((cur) + glen >= (start) + SvLEN(cat)) { \
++ STRLEN catcur = (STRLEN)((cur) - (start)); \
++ if (utf8) SAFE_UTF8_EXPAND(glen); \
++ if (SSize_t_MAX - glen < catcur) \
++ Perl_croak(aTHX_ "%s", "Out of memory during pack()"); \
++ if (catcur + glen >= SvLEN(cat)) { \
+ (start) = sv_exp_grow(cat, glen); \
+ (cur) = (start) + SvCUR(cat); \
+ } \
+@@ -372,7 +389,7 @@ STMT_START { \
+ STMT_START { \
+ const STRLEN glen = (in_len); \
+ STRLEN gl = glen; \
+- if (utf8) gl *= UTF8_EXPAND; \
++ if (utf8) SAFE_UTF8_EXPAND(gl); \
+ if ((cur) + gl >= (start) + SvLEN(cat)) { \
+ *cur = '\0'; \
+ SvCUR_set((cat), (cur) - (start)); \
+@@ -2126,7 +2143,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* sym
+ if (props && !(props & PACK_SIZE_UNPREDICTABLE)) {
+ /* We can process this letter. */
+ STRLEN size = props & PACK_SIZE_MASK;
+- GROWING(utf8, cat, start, cur, (STRLEN) len * size);
++ GROWING2(utf8, cat, start, cur, size, (STRLEN)len);
+ }
+ }
+
+diff --git a/t/op/pack.t b/t/op/pack.t
+index 664aaaf1b0..cf0e286509 100644
+--- a/t/op/pack.t
++++ b/t/op/pack.t
+@@ -12,7 +12,7 @@ my $no_endianness = $] > 5.009 ? '' :
+ my $no_signedness = $] > 5.009 ? '' :
+ "Signed/unsigned pack modifiers not available on this perl";
+
+-plan tests => 14712;
++plan tests => 14717;
+
+ use strict;
+ use warnings qw(FATAL all);
+@@ -2044,3 +2044,25 @@ ok(1, "argument underflow did not crash"
+ is(pack("H40", $up_nul), $twenty_nuls,
+ "check pack H zero fills (utf8 source)");
+ }
++
++SKIP:
++{
++ # [perl #131844] pointer addition overflow
++ $Config{ptrsize} == 4
++ or skip "[perl #131844] need 32-bit build for this test", 4;
++ # prevent ASAN just crashing on the allocation failure
++ local $ENV{ASAN_OPTIONS} = $ENV{ASAN_OPTIONS};
++ $ENV{ASAN_OPTIONS} .= ",allocator_may_return_null=1";
++ fresh_perl_like('pack "f999999999"', qr/Out of memory during pack/, { stderr => 1 },
++ "pointer addition overflow");
++
++ # integer (STRLEN) overflow from addition of glen to current length
++ fresh_perl_like('pack "c10f1073741823"', qr/Out of memory during pack/, { stderr => 1 },
++ "integer overflow calculating allocation (addition)");
++
++ fresh_perl_like('pack "W10f536870913", 256', qr/Out of memory during pack/, { stderr => 1 },
++ "integer overflow calculating allocation (utf8)");
++
++ fresh_perl_like('pack "c10f1073741824"', qr/Out of memory during pack/, { stderr => 1 },
++ "integer overflow calculating allocation (multiply)");
++}
+--
+2.15.1-424-g9478a660812
+
diff --git a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
index 91f310d..5fed896 100644
--- a/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/poky/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -66,6 +66,11 @@
file://perl-5.26.1-guard_old_libcrypt_fix.patch \
file://CVE-2017-12883.patch \
file://CVE-2017-12837.patch \
+ file://CVE-2018-6798-1.patch \
+ file://CVE-2018-6798-2.patch \
+ file://CVE-2018-6797.patch \
+ file://CVE-2018-6913.patch \
+ file://CVE-2018-12015.patch \
"
# Fix test case issues