projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61c433b) | patch
busybox: security bump to version 1.24.2
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Fri, 25 Mar 2016 21:56:32 +0000 (18:56 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 25 Mar 2016 22:36:10 +0000 (23:36 +0100)
commit157dc65fb744c00c972a065079e83458b6249344
tree047131f191c37fd0517b76542635c07bb2e3238etree
parent61c433b32102de25a88a896ef6ba74b07bb05b6ecommit | diff
busybox: security bump to version 1.24.2

The version bump doesn't inherently fix the security issues, however the
added CVE patches do, which fix:

CVE-2016-2147 - out of bounds write (heap) due to integer underflow in
udhcpc.
CVE-2016-2148 - heap-based buffer overflow in OPTION_6RD parsing.

Drop patches that are upstream as well.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/busybox/0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch [new file with mode: 0644] blob
package/busybox/0002-unzip.patch [deleted file] blob | history
package/busybox/0003-ash-recursive-heredocs.patch [new file with mode: 0644] blob
package/busybox/0003-g-unzip-fix-recent-breakage.patch [deleted file] blob | history
package/busybox/0004-fix-CVE-2016-2147.patch [new file with mode: 0644] blob
package/busybox/0004-truncate-open-mode.patch [deleted file] blob | history
package/busybox/0005-fix-CVE-2016-2148.patch [new file with mode: 0644] blob
package/busybox/0008-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch [deleted file] blob | history
package/busybox/busybox.hash diff | blob | history
package/busybox/busybox.mk diff | blob | history