[Buildroot] [PATCH] patch: add upstream security fix
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Apr 9 18:59:17 UTC 2018
Hello,
On Mon, 9 Apr 2018 19:20:36 +0300, Baruch Siach wrote:
> Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches.
>
> Depend on MMU for now, because the patch adds a fork() call. Upstream
> later switched to gnulib provided execute(), so this dependency can be
> dropped on the next version bump.
>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> ---
> ...-files-to-be-missing-for-ed-style-patches.patch | 37 +++++
> ...ry-command-execution-in-ed-style-patches-.patch | 157 +++++++++++++++++++++
> package/patch/Config.in | 2 +
> 3 files changed, 196 insertions(+)
> create mode 100644 package/patch/0002-Allow-input-files-to-be-missing-for-ed-style-patches.patch
> create mode 100644 package/patch/0003-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list