[Buildroot] [PATCH] patch: security bump to version 2.7.3
Gustavo Zacarias
gustavo at zacarias.com.ar
Fri Jan 23 10:47:56 UTC 2015
Fixes CVE-2015-1196 - allows remote attackers to write to arbitrary
files via a symlink attack in a patch file.
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
package/patch/patch.hash | 2 ++
package/patch/patch.mk | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
create mode 100644 package/patch/patch.hash
diff --git a/package/patch/patch.hash b/package/patch/patch.hash
new file mode 100644
index 0000000..7f1b024
--- /dev/null
+++ b/package/patch/patch.hash
@@ -0,0 +1,2 @@
+# Locally calculated after checking pgp signature
+sha256 d09022de9d629561bf4dad44625ef4b1ead15178b210412113531730cdb6f19d patch-2.7.3.tar.xz
diff --git a/package/patch/patch.mk b/package/patch/patch.mk
index 2dd4533..4fa0e41 100644
--- a/package/patch/patch.mk
+++ b/package/patch/patch.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PATCH_VERSION = 2.7.1
+PATCH_VERSION = 2.7.3
PATCH_SOURCE = patch-$(PATCH_VERSION).tar.xz
PATCH_SITE = $(BR2_GNU_MIRROR)/patch
PATCH_LICENSE = GPLv3+
--
2.0.5
More information about the buildroot
mailing list