git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Jackie Huang <jackie.huang@windriver.com>
	Wed, 11 Apr 2018 06:56:10 +0000 (14:56 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 13 Apr 2018 15:58:07 +0000 (16:58 +0100)
commit	16174d9342f2c0ed376d8e797e8a7f04ed04f57c
tree	f4eef664d9675c7647d8e1cba79aa9923ad35786	tree
parent	31714674e4dc9c1196553be7363c8a1d08565b4c	commit \| diff

patch: fix CVE-2018-1000156

* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156

* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566

* Fix arbitrary command execution in ed-style patches:
  - src/pch.c (do_ed_script): Write ed script to a temporary file instead
    of piping it to ed: this will cause ed to abort on invalid commands
    instead of rejecting them and carrying on.
  - tests/ed-style: New test case.
  - tests/Makefile.am (TESTS): Add test case.

(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/patch/patch_2.7.6.bb		diff \| blob \| blame \| history