From 166e70e80628c296075d41acd0acf2d1cda441fe Mon Sep 17 00:00:00 2001
From: Robert Yang <liezhi.yang@windriver.com>
Date: Wed, 25 Mar 2015 23:42:34 -0700
Subject: patch: fix CVE-2015-1196

A directory traversal flaw was reported in patch:

References:
http://www.openwall.com/lists/oss-security/2015/01/18/6
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
https://bugzilla.redhat.com/show_bug.cgi?id=1182154

[YOCTO #7182]

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/patch/patch.inc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/patch/patch.inc b/meta/recipes-devtools/patch/patch.inc
index 332b97a85e..d306403cc4 100644
--- a/meta/recipes-devtools/patch/patch.inc
+++ b/meta/recipes-devtools/patch/patch.inc
@@ -4,7 +4,10 @@ produced by the diff program and applies those differences to one or more \
 original files, producing patched versions."
 SECTION = "utils"
 
-SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz \
+        file://patch-CVE-2015-1196.patch \
+        "
+
 S = "${WORKDIR}/patch-${PV}"
 
 inherit autotools update-alternatives
-- 
cgit 1.2.3-korg