new file mode 100644
@@ -0,0 +1,30 @@
+From 5d1e62b0155292b994aa1c96d4ed8ce4346ef4c2 Mon Sep 17 00:00:00 2001
+From: Zoltan Herczeg <hzmester@freemail.hu>
+Date: Thu, 24 Mar 2022 05:34:42 +0000
+Subject: [PATCH] Fix incorrect value reading in JIT.
+
+CVE: CVE-2022-1586
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3]
+
+(cherry picked from commit d4fa336fbcc388f89095b184ba6d99422cfc676c)
+Signed-off-by: Shinu Chandran <shinucha@cisco.com>
+---
+ src/pcre2_jit_compile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 493c96d..fa57942 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -7188,7 +7188,7 @@ while (*cc != XCL_END)
+ {
+ SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
+ cc++;
+- if (*cc == PT_CLIST && *cc == XCL_PROP)
++ if (*cc == PT_CLIST && cc[-1] == XCL_PROP)
+ {
+ other_cases = PRIV(ucd_caseless_sets) + cc[1];
+ while (*other_cases != NOTACHAR)
+--
+2.25.1
+
@@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
file://CVE-2022-1586.patch \
+ file://CVE-2022-1586-regression.patch \
file://CVE-2022-1587.patch \
file://CVE-2022-41409.patch \
"
CVE-2022-1586 was originally fixed by OE commit https://github.com/openembedded/openembedded-core/commit/7f4daf88b71f through libpcre2 commit https://github.com/PCRE2Project/pcre2/commit/50a51cb7e672 The follow up patch is required to resolve a bug in the initial fix[50a51cb7e672] https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-1586 https://security-tracker.debian.org/tracker/CVE-2022-1586 Signed-off-by: Shinu Chandran <shinucha@cisco.com> --- .../libpcre2/CVE-2022-1586-regression.patch | 30 +++++++++++++++++++ .../recipes-support/libpcre/libpcre2_10.34.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch