patch: add upstream security fix

Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches. Depend on MMU for now, because the patch adds a fork() call. Upstream later switched to gnulib provided execute(), so this dependency can be dropped on the next version bump. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
author: Baruch Siach <baruch@tkos.co.il> 2018-04-09 19:20:36 +0300
committer: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-04-09 20:59:02 +0200
commit: f4a4df2084b923f29eca2130976ca10a7aa6b719 (patch)
tree: 61af17ff06c91879849ddbaad41b59c532e8b6c4 /package/patch/Config.in
parent: 265aee8c51718fe7370a3dbc91048ff60eb5909c (diff)
download: buildroot-f4a4df2084b923f29eca2130976ca10a7aa6b719.tar.gz
buildroot-f4a4df2084b923f29eca2130976ca10a7aa6b719.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/package/patch/Config.in b/package/patch/Config.in
index 0c2425823a..13fa7bfc52 100644
--- a/package/patch/Config.in
+++ b/package/patch/Config.in
@@ -1,5 +1,6 @@
 config BR2_PACKAGE_PATCH
 	bool "patch"
+	depends on BR2_USE_MMU # fork()
 	depends on BR2_USE_WCHAR
 	depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 	help
@@ -10,4 +11,5 @@ config BR2_PACKAGE_PATCH
 
 comment "patch needs a toolchain w/ wchar"
 	depends on !BR2_USE_WCHAR
+	depends on BR2_USE_MMU
 	depends on BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
author	Baruch Siach <baruch@tkos.co.il>	2018-04-09 19:20:36 +0300
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>	2018-04-09 20:59:02 +0200
commit	f4a4df2084b923f29eca2130976ca10a7aa6b719 (patch)
tree	61af17ff06c91879849ddbaad41b59c532e8b6c4 /package/patch/Config.in
parent	265aee8c51718fe7370a3dbc91048ff60eb5909c (diff)
download	buildroot-f4a4df2084b923f29eca2130976ca10a7aa6b719.tar.gz buildroot-f4a4df2084b923f29eca2130976ca10a7aa6b719.zip