From patchwork Mon Nov 11 18:29:58 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Armin Kuster <akuster808@gmail.com>
X-Patchwork-Id: 179106
Delivered-To: patch@linaro.org
Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp7023819ilf;
 Mon, 11 Nov 2019 10:32:18 -0800 (PST)
X-Google-Smtp-Source: APXvYqzb1sUxCMh9mGxy/3mT1UBnO3DfXUMfJ/iDUsHf9/ggG05CEMv3Gw0hqA5JwiNqXHCdXTLs
X-Received: by 2002:a17:90a:7bcc:: with SMTP id
 d12mr492127pjl.63.1573497138171; 
 Mon, 11 Nov 2019 10:32:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573497138; cv=none;
 d=google.com; s=arc-20160816;
 b=EpbtDIeM1j1QP1Fle1O006+hf8mzgj9AGb6CfFrH6B45lVHbOu4Va4M7mz1mzNb1Kh
 mAl65O+VaeWjnIUJnTO9cSfyEWdrAIMCY0Ara5H4rlHCM9qnx1qw6vpMV5jsB4qiaYGc
 j7tpK1N5xcDLcARZ7d9HpRrKHRhtfX7SkpeRBCZLq2QjIHF1v1pNHjAAR3cDVNKjmg9V
 jG36OSNaUqLKq3YzTI7gAI2zaIO7WbG+7WLEF0b60BY+Xpbw2WX8xxuNpYXdpO9aYBQV
 x/SSFzCnj1HQ94Ragea2o86imcqIldmFVdD/8KwmOPLeiuJhl9bzpOvY7JIoZxWHRekX
 ppow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=errors-to:sender:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:references:in-reply-to:message-id:date
 :to:from:dkim-signature:delivered-to;
 bh=T8Vw/TGg+YVlWmbXkyXqy+0yYVUNA4xWSV5+6i6gHq8=;
 b=1De71e4PgjEIIdYMs31TMQxmtMDaZkpVPHIqlw2ejfC5LCE4l97pAnvB42G/gYXedE
 ouyr5Zpyb4WcxJMA/O/Aq1qHpoU35F7u8n2Iz8Lw7jc8Eq6lw/v/5XvsNwSXtemQ6pE3
 grEryuZPVZusvPNOsZomMz331BsnJrQVNxbuCgS8RdpvepGiP4UW2WnIHsQXv/HccaLm
 SSBSs2xtKlPBeeyDBx5cnpiHRnwRFu5p02GkFMnlfpOX4TY9RgRhxA6vS6t5ekYSbdx5
 ShPN1Eg7d+HReBJZElE7XpNPezv8t3ocmULD7uJZl4QZraUfDm6RQU2RkWzILRR79mge
 /hQw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20161025 header.b=HFguDZmh; 
 spf=pass (google.com: best guess record for domain of
 openembedded-core-bounces@lists.openembedded.org designates
 140.211.169.62 as permitted sender)
 smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org;
 dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <openembedded-core-bounces@lists.openembedded.org>
Received: from mail.openembedded.org (mail.openembedded.org.
 [140.211.169.62]) by mx.google.com with ESMTP id
 a128si19798519pfb.173.2019.11.11.10.32.17; 
 Mon, 11 Nov 2019 10:32:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 openembedded-core-bounces@lists.openembedded.org designates
 140.211.169.62 as permitted sender) client-ip=140.211.169.62; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20161025 header.b=HFguDZmh; 
 spf=pass (google.com: best guess record for domain of
 openembedded-core-bounces@lists.openembedded.org designates
 140.211.169.62 as permitted sender)
 smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org;
 dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost
 [127.0.0.1])
 by mail.openembedded.org (Postfix) with ESMTP id 8F3C37FC09;
 Mon, 11 Nov 2019 18:30:40 +0000 (UTC)
X-Original-To: openembedded-core@lists.openembedded.org
Delivered-To: openembedded-core@lists.openembedded.org
Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com
 [209.85.215.193])
 by mail.openembedded.org (Postfix) with ESMTP id 9489B7FA45
 for <openembedded-core@lists.openembedded.org>;
 Mon, 11 Nov 2019 18:30:23 +0000 (UTC)
Received: by mail-pg1-f193.google.com with SMTP id 15so9945702pgt.7
 for <openembedded-core@lists.openembedded.org>;
 Mon, 11 Nov 2019 10:30:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=from:to:subject:date:message-id:in-reply-to:references;
 bh=UnB+qFtf7XRTf1acXkY+pelryarBLz4L3x6kJa6PSfw=;
 b=HFguDZmhdxpSxuKvKHnLH7F78p6HOJgtzI5TVdNd1hj5xy+ZTBjKsAJVr1C5V7+W4i
 YhzjTmykLSrK3chYifC8C8866oyFnkHNX/dKBkTqhoZjrYfiIBLV91h/YQE8i0ho1IUI
 UVCmeXir+vy4hfmNrFIhVafCp4fhOPRJ67AfM3xj+H7u9KPTGR6Jhj1dZFZUbSJrpneD
 BHZa9wsj0vYV6aI+gpE+BQwKJnd0D3Gp0qONfRfmq4jeZj3zHJVlrDUpQX37jv368DBN
 oEep832O5H72X6IA12b7vies9/GBrS+/18J61Hv1hWh04CwZfkIXRIuv/OJt1i8FFNs1
 1LJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references;
 bh=UnB+qFtf7XRTf1acXkY+pelryarBLz4L3x6kJa6PSfw=;
 b=Pu+/Q8p5zpVbHxOw7sxjdM8h6RCETTq8vrRcLNatFNGfx7rEq4qYsDw1bNvFWCCe55
 04VMa9bg7W6vADQl/gnKHXsE9fAAB81Ee5TEsiySR0jIRlTlX4G4IQFX+knILYAyBTES
 FLcPSg4qRdWqNsUsh7AY9CQh3Zf8uMWyLNfRZF8vXKm22SEptRzNCPhAMzjaq592CF2R
 tDK/e8aWBt89qDPVTFMD7Tq0GmrssVAIjzLH0urH+J4xUOFn+XZAGNGy+IK1fas/Tsfd
 U6RUNPkQBOrSSKQbii8PoTjvdokd4zO+/4pWWwcetnQqpol00nHIiE1NBukDDYWVbnhw
 vZcA==
X-Gm-Message-State: APjAAAVGPXJBo1IUO/UN2VnW2LmD5yD9O7R5xJoON+vBEPYCu1Yh3eRa
 pj7hJl0Sjeq1+9aTW4X1zC7k/IPH
X-Received: by 2002:aa7:9157:: with SMTP id 23mr31573974pfi.73.1573497024070; 
 Mon, 11 Nov 2019 10:30:24 -0800 (PST)
Received: from akuster-ThinkPad-T460s.mvista.com
 ([2601:202:4180:a5c0:604a:b703:29ca:5c7d])
 by smtp.gmail.com with ESMTPSA id
 l62sm17731698pgl.24.2019.11.11.10.30.23
 for <openembedded-core@lists.openembedded.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 11 Nov 2019 10:30:23 -0800 (PST)
From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Date: Mon, 11 Nov 2019 10:29:58 -0800
Message-Id: <41b1d53cea0302f1c3954c6ab048366c908cf754.1573496794.git.akuster808@gmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <cover.1573496794.git.akuster808@gmail.com>
References: <cover.1573496794.git.akuster808@gmail.com>
Subject: [OE-core] [zeus 16/21] patch: the CVE-2019-13638 fix also handles
 CVE-2018-20969
X-BeenThere: openembedded-core@lists.openembedded.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Patches and discussions about the oe-core layer
 <openembedded-core.lists.openembedded.org>
List-Unsubscribe: <http://lists.openembedded.org/mailman/options/openembedded-core>, 
 <mailto:openembedded-core-request@lists.openembedded.org?subject=unsubscribe>
List-Archive: <http://lists.openembedded.org/pipermail/openembedded-core/>
List-Post: <mailto:openembedded-core@lists.openembedded.org>
List-Help: <mailto:openembedded-core-request@lists.openembedded.org?subject=help>
List-Subscribe: <http://lists.openembedded.org/mailman/listinfo/openembedded-core>, 
 <mailto:openembedded-core-request@lists.openembedded.org?subject=subscribe>
MIME-Version: 1.0
Sender: openembedded-core-bounces@lists.openembedded.org
Errors-To: openembedded-core-bounces@lists.openembedded.org

From: Ross Burton <ross.burton@intel.com>

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.7.4

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
index f60dfe8..d13d419 100644
--- a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
+++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
@@ -6,8 +6,8 @@ Subject: [PATCH] Invoke ed directly instead of using the shell
 * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
 command to avoid quoting vulnerabilities.
 
-CVE: CVE-2019-13638
-Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
+CVE: CVE-2019-13638 CVE-2018-20969
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 
 ---