mirror of
https://git.yoctoproject.org/poky
synced 2026-02-06 16:56:37 +01:00
16174d9342
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156 * upstream tracking: https://savannah.gnu.org/bugs/index.php?53566 * Fix arbitrary command execution in ed-style patches: - src/pch.c (do_ed_script): Write ed script to a temporary file instead of piping it to ed: this will cause ed to abort on invalid commands instead of rejecting them and carrying on. - tests/ed-style: New test case. - tests/Makefile.am (TESTS): Add test case. (From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
20 lines
735 B
BlitzBasic
20 lines
735 B
BlitzBasic
require patch.inc
|
|
LICENSE = "GPLv3"
|
|
|
|
SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
|
|
file://0002-Fix-segfault-with-mangled-rename-patch.patch \
|
|
file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \
|
|
file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
|
|
"
|
|
|
|
SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
|
|
SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e"
|
|
|
|
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
|
|
|
|
acpaths = "-I ${S}/m4 "
|
|
|
|
PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}"
|
|
PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
|
|
|