]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: cdf74e1) | patch
patch: fix CVE-2018-1000156
authorJackie Huang <jackie.huang@windriver.com>
Wed, 11 Apr 2018 06:56:10 +0000 (14:56 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 13 Apr 2018 15:55:26 +0000 (16:55 +0100)
commit6b6ae212837a07aaefd2b675b5b527fbce2a4270
tree40351f923654b5f64c2f0b5b7942aac220dd9f89tree | snapshot
parentcdf74e1c67698b2d44a7460ff7d365d6da7b7b96commit | diff
patch: fix CVE-2018-1000156

* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156

* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566

* Fix arbitrary command execution in ed-style patches:
  - src/pch.c (do_ed_script): Write ed script to a temporary file instead
    of piping it to ed: this will cause ed to abort on invalid commands
    instead of rejecting them and carrying on.
  - tests/ed-style: New test case.
  - tests/Makefile.am (TESTS): Add test case.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch [new file with mode: 0644] blob
meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch [new file with mode: 0644] blob
meta/recipes-devtools/patch/patch_2.7.6.bb diff | blob | history
Mirror of the official openembedded-core repository