godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

package/patch: fix CVE-2019-13636

Browse Source 
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine
2020-03-03 20:47:02 +01:00
committed by Thomas Petazzoni
parent 0835550ce9
commit ad9c33935b
2 changed files with 114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
package/patch/patch.mk
View File

@@ -19,6 +19,9 @@ PATCH_IGNORE_CVES += CVE-2018-1000156
# 0004-Invoke-ed-directly-instead-of-using-the-shell.patch
PATCH_IGNORE_CVES += CVE-2018-20969
# 0005-Don-t-follow-symlinks-unless--follow-symlinks-is-given.patch
PATCH_IGNORE_CVES += CVE-2019-13636
ifeq ($(BR2_PACKAGE_ATTR),y)
PATCH_CONF_OPTS += --enable-xattr
PATCH_DEPENDENCIES += attr