diff options
author | 2018-08-30 18:02:44 +0200 | |
---|---|---|
committer | 2018-09-05 18:00:00 +0100 | |
commit | b9c7fdd4b204ab1c2466e9ec5d933bbc635fcc4f (patch) | |
tree | 4b6de19e2e58321cea8f2c116408d11704919e4f /meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch | |
parent | c2dfd3baa2e673d45505b8b23bbae251cfd844e9 (diff) | |
download | openembedded-core-contrib-b9c7fdd4b204ab1c2466e9ec5d933bbc635fcc4f.tar.gz |
busybox: update to 1.29.2
- refresh busybox-udhcpc-no_deconfig.patch
- remove obsolete patches which are included in this update
- update defconfig
- Add newly required virtual/crypt depends [RB]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch')
-rw-r--r-- | meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch deleted file mode 100644 index fc19ee3356..0000000000 --- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Tue, 7 Nov 2017 18:09:29 +0100 -Subject: lineedit: do not tab-complete any strings which have control - characters - -function old new delta -add_match 41 68 +27 - -CVE: CVE-2017-16544 -Upstream-Status: Backport - -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - libbb/lineedit.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/libbb/lineedit.c b/libbb/lineedit.c -index c0e35bb..56e8140 100644 ---- a/libbb/lineedit.c -+++ b/libbb/lineedit.c -@@ -645,6 +645,18 @@ static void free_tab_completion_data(void) - - static void add_match(char *matched) - { -+ unsigned char *p = (unsigned char*)matched; -+ while (*p) { -+ /* ESC attack fix: drop any string with control chars */ -+ if (*p < ' ' -+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) -+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) -+ ) { -+ free(matched); -+ return; -+ } -+ p++; -+ } - matches = xrealloc_vector(matches, 4, num_matches); - matches[num_matches] = matched; - num_matches++; --- -cgit v0.12 |