diff options
| author |   Robert Yang <liezhi.yang@windriver.com> | 2015-03-25 23:42:34 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-04-02 12:01:37 +0100 |
| commit | 166e70e80628c296075d41acd0acf2d1cda441fe (patch) | |
| tree | aea8b17b796ddd88b2d765eb768b092ef43c0c4c | |
| parent | fbaddd724855a829698d853a70eee86118d6a5e7 (diff) | |
| download | openembedded-core-166e70e80628c296075d41acd0acf2d1cda441fe.tar.gz | |
patch: fix CVE-2015-1196
A directory traversal flaw was reported in patch:
References:
http://www.openwall.com/lists/oss-security/2015/01/18/6
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
https://bugzilla.redhat.com/show_bug.cgi?id=1182154
[YOCTO #7182]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/patch/patch.inc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-devtools/patch/patch.inc b/meta/recipes-devtools/patch/patch.inc index 332b97a85e..d306403cc4 100644 --- a/meta/recipes-devtools/patch/patch.inc +++ b/meta/recipes-devtools/patch/patch.inc @@ -4,7 +4,10 @@ produced by the diff program and applies those differences to one or more \ original files, producing patched versions." SECTION = "utils" -SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz" +SRC_URI = "${GNU_MIRROR}/patch/patch-${PV}.tar.gz \ + file://patch-CVE-2015-1196.patch \ + " + S = "${WORKDIR}/patch-${PV}" inherit autotools update-alternatives |