tools/patch: apply upstream patch for cve-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. https://nvd.nist.gov/vuln/detail/CVE-2019-13638 Signed-off-by: Russell Senior <russell@personaltelco.net> (cherry picked from commit bcfd1d76852974170780dbe368e6194dbb0e123e)
author: Russell Senior <russell@personaltelco.net> 2019-08-11 13:57:08 -0700
committer: Petr Štetiar <ynezz@true.cz> 2019-08-14 09:12:23 +0200
commit: dc2f2a16d385147abf8bc13b0b05ab0f2512b537 (patch)
tree: e12b29fb5549484fedc65ed499594051458533f3 /tools/patch/Makefile
parent: c99ceb7030ed92926d6e3561b176cb9940daa3cb (diff)
download: upstream-dc2f2a16d385147abf8bc13b0b05ab0f2512b537.tar.gz
upstream-dc2f2a16d385147abf8bc13b0b05ab0f2512b537.tar.bz2
upstream-dc2f2a16d385147abf8bc13b0b05ab0f2512b537.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/patch/Makefile b/tools/patch/Makefile
index 3bcf668b04..e0481204f7 100644
--- a/tools/patch/Makefile
+++ b/tools/patch/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=patch
 PKG_VERSION:=2.7.6
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 PKG_CPE_ID:=cpe:/a:gnu:patch
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
author	Russell Senior <russell@personaltelco.net>	2019-08-11 13:57:08 -0700
committer	Petr Štetiar <ynezz@true.cz>	2019-08-14 09:12:23 +0200
commit	dc2f2a16d385147abf8bc13b0b05ab0f2512b537 (patch)
tree	e12b29fb5549484fedc65ed499594051458533f3 /tools/patch/Makefile
parent	c99ceb7030ed92926d6e3561b176cb9940daa3cb (diff)
download	upstream-dc2f2a16d385147abf8bc13b0b05ab0f2512b537.tar.gz upstream-dc2f2a16d385147abf8bc13b0b05ab0f2512b537.tar.bz2 upstream-dc2f2a16d385147abf8bc13b0b05ab0f2512b537.zip