patch: add upstream security fix

Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches. Depend on MMU for now, because the patch adds a fork() call. Upstream later switched to gnulib provided execute(), so this dependency can be dropped on the next version bump. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit f4a4df2084b923f29eca2130976ca10a7aa6b719) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
author: Baruch Siach <baruch@tkos.co.il> 2018-04-09 19:20:36 +0300
committer: Peter Korsgaard <peter@korsgaard.com> 2018-04-09 21:01:30 +0200
commit: c3e1d9849a72495f799b007260bbcdc61fc78da3 (patch)
tree: 1b877807c65e0370bebbc6bcda6a9d4cba949927 /package/patch/Config.in
parent: 014dbd4855fa0d52a32d2e2d15b425c64b2e7c95 (diff)
download: buildroot-c3e1d9849a72495f799b007260bbcdc61fc78da3.tar.gz
buildroot-c3e1d9849a72495f799b007260bbcdc61fc78da3.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/package/patch/Config.in b/package/patch/Config.in
index 0c2425823a..13fa7bfc52 100644
--- a/package/patch/Config.in
+++ b/package/patch/Config.in
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_PATCH
 	bool "patch"
+	depends on BR2_USE_MMU # fork()
 	depends on BR2_USE_WCHAR
 	depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 	help
@@ -10,4 +11,5 @@ config BR2_PACKAGE_PATCH
 
 comment "patch needs a toolchain w/ wchar"
 	depends on !BR2_USE_WCHAR
+	depends on BR2_USE_MMU
 	depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
author	Baruch Siach <baruch@tkos.co.il>	2018-04-09 19:20:36 +0300
committer	Peter Korsgaard <peter@korsgaard.com>	2018-04-09 21:01:30 +0200
commit	c3e1d9849a72495f799b007260bbcdc61fc78da3 (patch)
tree	1b877807c65e0370bebbc6bcda6a9d4cba949927 /package/patch/Config.in
parent	014dbd4855fa0d52a32d2e2d15b425c64b2e7c95 (diff)
download	buildroot-c3e1d9849a72495f799b007260bbcdc61fc78da3.tar.gz buildroot-c3e1d9849a72495f799b007260bbcdc61fc78da3.zip