helium-3rd-party/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky synced 2026-05-22 01:13:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
52,891 Commits 38 Branches 624 Tags
Commit Graph

7 Commits

Author SHA1 Message Date
Anuj Mittal
65ba01d602 patch: backport fixes 
The original fix for CVE-2018-1000156 was incomplete. Backport more
fixes done later for a complete fix.

Also see:
https://savannah.gnu.org/bugs/index.php?53820

(From OE-Core rev: e2869ff2f76adb2b1ba6f003d6d02d242afe49e8)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 12f9689cba740da6b8c7d9292c74c3992c2e18f2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2019-10-08 22:52:28 +01:00
Trevor Gamblin
6fc3dc1af5 patch: fix CVE-2019-13638 
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)

(From OE-Core rev: 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd)

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 555b0642579c00c41bc3daab9cef08452f9834d5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2019-10-08 22:52:28 +01:00
Anuj Mittal
d581f111db patch: fix CVE-2019-13636 
(From OE-Core rev: bd367f58d9d6b5f0ce213e1be36763c5a9e425b6)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2019-10-08 22:52:27 +01:00
Hongxu Jia
a11008a90d patch: fix CVE-2018-6952 
(From OE-Core rev: 1314a6953aa647706107557faaba8574e307d2bd)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-23 07:50:01 +01:00
Jackie Huang
16174d9342 patch: fix CVE-2018-1000156 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156

* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566

* Fix arbitrary command execution in ed-style patches:
  - src/pch.c (do_ed_script): Write ed script to a temporary file instead
    of piping it to ed: this will cause ed to abort on invalid commands
    instead of rejecting them and carrying on.
  - tests/ed-style: New test case.
  - tests/Makefile.am (TESTS): Add test case.

(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-04-13 16:58:07 +01:00
Jackie Huang
31714674e4 patch: fix CVE-2018-6951 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951

* upstream tracking: http://savannah.gnu.org/bugs/?53132

* Fix segfault with mangled rename patch
  - src/pch.c (intuit_diff_type): Ensure that two filenames are specified
    for renames and copies (fix the existing check).

(From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-04-13 16:58:07 +01:00
Huang Qiyu
e5969c7ec7 patch:2.7.5 -> 2.7.6 
Upgrade patch from 2.7.5 to 2.7.6.

(From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75)

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-03-08 10:39:32 -08:00