projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 265aee8) | patch
patch: add upstream security fix
authorBaruch Siach <baruch@tkos.co.il>
Mon, 9 Apr 2018 16:20:36 +0000 (19:20 +0300)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Mon, 9 Apr 2018 18:59:02 +0000 (20:59 +0200)
commitf4a4df2084b923f29eca2130976ca10a7aa6b719
tree61af17ff06c91879849ddbaad41b59c532e8b6c4tree
parent265aee8c51718fe7370a3dbc91048ff60eb5909ccommit | diff
patch: add upstream security fix

Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches.

Depend on MMU for now, because the patch adds a fork() call. Upstream
later switched to gnulib provided execute(), so this dependency can be
dropped on the next version bump.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/patch/0002-Allow-input-files-to-be-missing-for-ed-style-patches.patch [new file with mode: 0644] blob
package/patch/0003-Fix-arbitrary-command-execution-in-ed-style-patches-.patch [new file with mode: 0644] blob
package/patch/Config.in diff | blob | history