| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
|
| |
|
|
|
|
|
|
|
| |
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
|
| |
|
|
|
|
|
|
| |
https://lists.gnu.org/archive/html/bug-patch/2018-10/msg00000.html
I assume a CVE number will be assigned soon.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new test case was adding in one of the patches fixing a problem, this
also included a change in the test/Makefile.am to add this test case.
The build system detected a change in the Makefile.am and wants to
regenerate the Makefile.in, but this fails because automake-1.15 is not
installed yet. As automake depends on patch being build first, make sure
we do not modify the Makefile.am.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Apply two upstream patches to address two CVEs:
* CVE-2018-1000156
* CVE-2018-6952
Add PKG_CPE_ID to Makefile.
Build tested on apm821xx and ar71xx.
Signed-off-by: Russell Senior <russell@personaltelco.net>
|
| |
|
|
|
|
|
| |
Removes a redundant patch with a fix already upstream. Build tested on
apm821xx (PPC).
Signed-off-by: Russell Senior <russell@personaltelco.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
These host tools compile but may crash at runtime when building on
macOS 10.13 (High Sierra). Backport upstream gnulib patch until new
releases of affected tools.
https://lists.gnu.org/archive/html/bug-gnulib/2017-07/msg00056.html
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=c41f233c4c38e84023a16339782ee306f03e7f59
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
|
| |
|
|
|
|
| |
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 47049
|
| |
|
|
|
|
|
|
| |
without ccache (fixes #20132)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 46434
|
| |
|
|
|
|
|
|
|
| |
Bump GNU patch in tools from 2.7.1 to 2.7.5.
Change download URL to use @GNU alias.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 44760
|
|
|
following patch allows to build images for Qemu ARM on
OpenBSD 5.2 amd64 and FreeBSD 9.1 amd64.
Mostly small pieces of code changes to get things right on the
specific platform.
Updated the README to describe better, which tools on the host
are required. Added some kind of prepare scripts to install needed
tools on BSD via packages.
Signed-off-by: Waldemar Brodkorb <mail@waldemar-brodkorb.de>
SVN-Revision: 35900
|
