aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/patch/patch
Commit message (Collapse)AuthorAgeFilesLines
* patch: the CVE-2019-13638 fix also handles CVE-2018-20969Ross Burton2019-11-051-2/+2
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: add CVE tags to patchesRoss Burton2019-09-062-0/+2
| | | | | | | These patches improve CVE fixes but trip up patch status sanity checks, so add CVE tags to them. Signed-off-by: Ross Burton <ross.burton@intel.com>
* patch: backport fixesAnuj Mittal2019-08-222-0/+173
| | | | | | | | | | | The original fix for CVE-2018-1000156 was incomplete. Backport more fixes done later for a complete fix. Also see: https://savannah.gnu.org/bugs/index.php?53820 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* patch: fix CVE-2019-13638Trevor Gamblin2019-08-131-0/+44
| | | | | Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2019-13636Anuj Mittal2019-07-311-0/+113
| | | | | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2018-6952Hongxu Jia2018-08-231-0/+36
| | | | | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2018-1000156Jackie Huang2018-04-132-0/+253
| | | | | | | | | | | | | | | | * CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156 * upstream tracking: https://savannah.gnu.org/bugs/index.php?53566 * Fix arbitrary command execution in ed-style patches: - src/pch.c (do_ed_script): Write ed script to a temporary file instead of piping it to ed: this will cause ed to abort on invalid commands instead of rejecting them and carrying on. - tests/ed-style: New test case. - tests/Makefile.am (TESTS): Add test case. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* patch: fix CVE-2018-6951Jackie Huang2018-04-131-0/+35
| | | | | | | | | | | | | * CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951 * upstream tracking: http://savannah.gnu.org/bugs/?53132 * Fix segfault with mangled rename patch - src/pch.c (intuit_diff_type): Ensure that two filenames are specified for renames and copies (fix the existing check). Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* recipes: Move out stale GPLv2 versions to a seperate layerRichard Purdie2017-03-074-10979/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These are recipes where the upstream has moved to GPLv3 and these old versions are the last ones under the GPLv2 license. There are several reasons for making this move. There is a different quality of service with these recipes in that they don't get security fixes and upstream no longer care about them, in fact they're actively hostile against people using old versions. The recipes tend to need a different kind of maintenance to work with changes in the wider ecosystem and there needs to be isolation between changes made in the v3 versions and those in the v2 versions. There are probably better ways to handle a "non-GPLv3" system but right now having these in OE-Core makes them look like a first class citizen when I believe they have potential for a variety of undesireable issues. Moving them into a separate layer makes their different needs clearer, it also makes it clear how many of these there are. Some are probably not needed (e.g. mc), I also wonder whether some are useful (e.g. gmp) since most things that use them are GPLv3 only already. Someone could now more clearly see how to streamline the list of recipes here. I'm proposing we mmove to this separate layer for 2.3 with its future maintinership and testing to be determined in 2.4 and beyond. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix Upstream-Status statementsRoss Burton2015-09-121-1/+1
| | | | | | | | Fix a variety of problems such as typos, bad punctuations, or incorrect Upstream-Status values. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Fix charset.alias for muslKhem Raj2015-04-211-0/+33
| | | | | | | | This is same gnulib fix replicated across needed recipes Change-Id: I756713407111a726eae98e26c9c1ff64981371c0 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: 2.7.1 -> 2.7.5Robert Yang2015-04-071-200/+0
| | | | | | | | * Removed backport patch patch-CVE-2015-1196.patch * Add HOMEPAGE Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2015-1196Robert Yang2015-03-291-0/+200
| | | | | | | | | | | | | | A directory traversal flaw was reported in patch: References: http://www.openwall.com/lists/oss-security/2015/01/18/6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 [YOCTO #7182] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Fix the Upstream-Status formatNitin A Kamble2011-05-114-4/+4
| | | | Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
* patch: update upstream status for patchesNitin A Kamble2011-05-084-0/+8
| | | | Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
* patch_2.5.9: clean up the recipeNitin A Kamble2010-12-164-0/+10971
Earlier the recipe was using 2.5.4 tar ball and a patch for upgrading to 2.5.9. Replaces these with pointer to 2.5.9 tarball. Also noted that both 2.5.4 & 2.5.9 are GPLv2 sources. Updated checksums and license of the recipe Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>