aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Yang <liezhi.yang@windriver.com>2015-03-25 23:42:34 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-04-02 12:01:37 +0100
commit166e70e80628c296075d41acd0acf2d1cda441fe (patch)
treeaea8b17b796ddd88b2d765eb768b092ef43c0c4c
parentfbaddd724855a829698d853a70eee86118d6a5e7 (diff)
downloadopenembedded-core-166e70e80628c296075d41acd0acf2d1cda441fe.zip
openembedded-core-166e70e80628c296075d41acd0acf2d1cda441fe.tar.gz
openembedded-core-166e70e80628c296075d41acd0acf2d1cda441fe.tar.bz2
patch: fix CVE-2015-1196
A directory traversal flaw was reported in patch: References: http://www.openwall.com/lists/oss-security/2015/01/18/6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 [YOCTO #7182] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/patch/patch.inc5
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-devtools/patch/patch.inc b/meta/recipes-devtools/patch/patch.inc
index 332b97a..d306403 100644
--- a/meta/recipes-devtools/patch/patch.inc
+++ b/meta/recipes-devtools/patch/patch.inc
@@ -4,7 +4,10 @@ produced by the diff program and applies those differences to one or more \
original files, producing patched versions."
SECTION = "utils"
-SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz \
+ file://patch-CVE-2015-1196.patch \
+ "
+
S = "${WORKDIR}/patch-${PV}"
inherit autotools update-alternatives