summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2020-03-20 19:23:54 +0200
committerAnuj Mittal <anuj.mittal@intel.com>2020-03-21 11:03:56 +0800
commitbc3c82e82e6d2dce025e84b8f398379f4fc6f249 (patch)
treeec61d99b8950cf83f81e29013e575d905de7ef15 /meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
parentb3fcf13e332d8830e759ef4161161f0e54591700 (diff)
downloadopenembedded-core-contrib-bc3c82e82e6d2dce025e84b8f398379f4fc6f249.tar.gz
e2fsprogs: backport upstream patch
Fixes a bug wherein a use after free could potentially be used to run malicious code if a user can be tricked into running e2fsck on a maliciously crafted file system. Also see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948517 (From OE-Core rev: 23c1b157362609bd8d85c7d35e6c7f0f60c32c88) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb')
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
index 2014e68579..f81defb837 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \
file://CVE-2019-5094.patch \
file://CVE-2019-5188.patch \
file://0001-e2fsck-don-t-try-to-rehash-a-deleted-directory.patch \
+ file://e2fsck-fix-use-after-free-in-calculate_tree.patch \
"
SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch \