summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/patch/patch_2.7.6.bb
AgeCommit message (Collapse)Author
2021-01-07patch: fix CVE-2019-20633Scott Murray
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-20633 * upstream tracking: https://savannah.gnu.org/bugs/index.php?56683 * Fixes potential for double free after incomplete fix for CVE-2018-6952 - src/pch.c (another_hunk): Avoid invalid memory access in context format diffs. Signed-off-by: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit be71dd2cc16a4c0d244a76a748f08ca0d9bfeba0) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2020-02-06patch: Extend to native/nativesdk and depend uponRichard Purdie
There is a bug in patch 2.7.3 and earlier where index lines in patches can change file modes when they shouldn't: http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4 This leaks into debug sources in particular (e.g. tcp-wrappers where source files are read-only). Add the dependency to target recipes to avoid this problem until we can rely on 2.7.4 or later. We could try and remove all index lines from patch files but it will be a losing battle. We could try and identify all the recipes which change modes on files in patches but again, its a losing battle. Instead, compromise and have patch-native as a dependency for target recipes. We use patch-replacement-native since patch-native is in ASSUME_PROVIDED. Also add nativesdk-patch to buildtools-tarball. [YOCTO #13777] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-08-22patch: backport fixesAnuj Mittal
The original fix for CVE-2018-1000156 was incomplete. Backport more fixes done later for a complete fix. Also see: https://savannah.gnu.org/bugs/index.php?53820 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2019-08-13patch: fix CVE-2019-13638Trevor Gamblin
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-31patch: fix CVE-2019-13636Anuj Mittal
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-08-23patch: fix CVE-2018-6952Hongxu Jia
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-04-13patch: fix CVE-2018-1000156Jackie Huang
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156 * upstream tracking: https://savannah.gnu.org/bugs/index.php?53566 * Fix arbitrary command execution in ed-style patches: - src/pch.c (do_ed_script): Write ed script to a temporary file instead of piping it to ed: this will cause ed to abort on invalid commands instead of rejecting them and carrying on. - tests/ed-style: New test case. - tests/Makefile.am (TESTS): Add test case. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-04-13patch: fix CVE-2018-6951Jackie Huang
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951 * upstream tracking: http://savannah.gnu.org/bugs/?53132 * Fix segfault with mangled rename patch - src/pch.c (intuit_diff_type): Ensure that two filenames are specified for renames and copies (fix the existing check). Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-08patch:2.7.5 -> 2.7.6Huang Qiyu
Upgrade patch from 2.7.5 to 2.7.6. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-05 10:41:43 +0000