mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-07 01:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,194 Commits 38 Branches 617 Tags
dc5bbd2607fe55e2cb42e655dfd86dc7531f5a86
Commit Graph

9 Commits

Author SHA1 Message Date
Scott Murray
897a7d5679 patch: fix CVE-2019-20633 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-20633

* upstream tracking: https://savannah.gnu.org/bugs/index.php?56683

* Fixes potential for double free after incomplete fix for CVE-2018-6952
  - src/pch.c (another_hunk): Avoid invalid memory access in context format
    diffs.

(From OE-Core rev: be71dd2cc16a4c0d244a76a748f08ca0d9bfeba0)

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-01-01 23:15:13 +00:00
Richard Purdie
500206534f patch: Extend to native/nativesdk and depend upon 
There is a bug in patch 2.7.3 and earlier where index lines
in patches can change file modes when they shouldn't:
http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4

This leaks into debug sources in particular (e.g. tcp-wrappers where
source files are read-only). Add the dependency to target recipes
to avoid this problem until we can rely on 2.7.4 or later.

We could try and remove all index lines from patch files but it will be a
losing battle. We could try and identify all the recipes which change
modes on files in patches but again, its a losing battle.

Instead, compromise and have patch-native as a dependency
for target recipes. We use patch-replacement-native since patch-native
is in ASSUME_PROVIDED.

Also add nativesdk-patch to buildtools-tarball.

[YOCTO #13777]

(From OE-Core rev: 5ed0840c93804488cd1c1aba6cb382b2434714a5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-02-06 12:16:34 +00:00
Anuj Mittal
f326d31c4e patch: backport fixes 
The original fix for CVE-2018-1000156 was incomplete. Backport more
fixes done later for a complete fix.

Also see:
https://savannah.gnu.org/bugs/index.php?53820

(From OE-Core rev: 9ea833b7d1655e042a513ea2225468c84f1c8bfb)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2019-08-22 22:48:26 +01:00
Trevor Gamblin
6e5636d56b patch: fix CVE-2019-13638 
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2019-08-13 09:37:37 +01:00
Anuj Mittal
df9d8dbe75 patch: fix CVE-2019-13636 
(From OE-Core rev: f201b9db5d148cb9fe03b78ca085493a27f7e24c)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2019-07-31 23:03:01 +01:00
Hongxu Jia
a11008a90d patch: fix CVE-2018-6952 
(From OE-Core rev: 1314a6953aa647706107557faaba8574e307d2bd)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-23 07:50:01 +01:00
Jackie Huang
16174d9342 patch: fix CVE-2018-1000156 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156

* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566

* Fix arbitrary command execution in ed-style patches:
  - src/pch.c (do_ed_script): Write ed script to a temporary file instead
    of piping it to ed: this will cause ed to abort on invalid commands
    instead of rejecting them and carrying on.
  - tests/ed-style: New test case.
  - tests/Makefile.am (TESTS): Add test case.

(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-04-13 16:58:07 +01:00
Jackie Huang
31714674e4 patch: fix CVE-2018-6951 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951

* upstream tracking: http://savannah.gnu.org/bugs/?53132

* Fix segfault with mangled rename patch
  - src/pch.c (intuit_diff_type): Ensure that two filenames are specified
    for renames and copies (fix the existing check).

(From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-04-13 16:58:07 +01:00
Huang Qiyu
e5969c7ec7 patch:2.7.5 -> 2.7.6 
Upgrade patch from 2.7.5 to 2.7.6.

(From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75)

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-03-08 10:39:32 -08:00