In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
The last commit added PKG_CPE_ID and now uscan detects a CVE that I missed
Reordered patches by date
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[tweaked commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Patches taken from official git repository.
Added PKG_CPE_ID for proper CVE tracking.
Added PKG_BUILD_PARALLEL for faster compilation.
Also adjusted Makefile to be more similar to other projects.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Bump GNU patch from 2.7.4 to 2.7.5.
Changelog: http://git.savannah.gnu.org/cgit/patch.git/tree/NEWS
Changes in version 2.7.5:
* There are users which expect patch to follow symbolic links in the working
directory, so patch now again follows symbolic links as long as they do not
leave the working directory.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Russell Senior
Rosen Penev
Etienne Champetier
Hannu Nyman
Ian Leonard
Etienne CHAMPETIER