diff options
| author | Andrej Valek <andrej.valek@siemens.com> | 2018-08-30 18:02:44 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-05 18:00:25 +0100 |
| commit | 29108755c1c5a23855ab4dda59ea728781b9d75e (patch) | |
| tree | 94da1d09be6d8da1ace653b6c9a61949e5cea8b8 /meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch | |
| parent | 5b2a6e0edc9fd012f09735cf170717eeddaa05a7 (diff) | |
| download | poky-29108755c1c5a23855ab4dda59ea728781b9d75e.tar.gz | |
busybox: update to 1.29.2
- refresh busybox-udhcpc-no_deconfig.patch
- remove obsolete patches which are included in this update
- update defconfig
- Add newly required virtual/crypt depends [RB]
(From OE-Core rev: b9c7fdd4b204ab1c2466e9ec5d933bbc635fcc4f)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch')
| -rw-r--r-- | meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch deleted file mode 100644 index fc19ee3356..0000000000 --- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch +++ /dev/null | |||
| @@ -1,43 +0,0 @@ | |||
| 1 | From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
| 3 | Date: Tue, 7 Nov 2017 18:09:29 +0100 | ||
| 4 | Subject: lineedit: do not tab-complete any strings which have control | ||
| 5 | characters | ||
| 6 | |||
| 7 | function old new delta | ||
| 8 | add_match 41 68 +27 | ||
| 9 | |||
| 10 | CVE: CVE-2017-16544 | ||
| 11 | Upstream-Status: Backport | ||
| 12 | |||
| 13 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
| 14 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
| 15 | --- | ||
| 16 | libbb/lineedit.c | 12 ++++++++++++ | ||
| 17 | 1 file changed, 12 insertions(+) | ||
| 18 | |||
| 19 | diff --git a/libbb/lineedit.c b/libbb/lineedit.c | ||
| 20 | index c0e35bb..56e8140 100644 | ||
| 21 | --- a/libbb/lineedit.c | ||
| 22 | +++ b/libbb/lineedit.c | ||
| 23 | @@ -645,6 +645,18 @@ static void free_tab_completion_data(void) | ||
| 24 | |||
| 25 | static void add_match(char *matched) | ||
| 26 | { | ||
| 27 | + unsigned char *p = (unsigned char*)matched; | ||
| 28 | + while (*p) { | ||
| 29 | + /* ESC attack fix: drop any string with control chars */ | ||
| 30 | + if (*p < ' ' | ||
| 31 | + || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) | ||
| 32 | + || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) | ||
| 33 | + ) { | ||
| 34 | + free(matched); | ||
| 35 | + return; | ||
| 36 | + } | ||
| 37 | + p++; | ||
| 38 | + } | ||
| 39 | matches = xrealloc_vector(matches, 4, num_matches); | ||
| 40 | matches[num_matches] = matched; | ||
| 41 | num_matches++; | ||
| 42 | -- | ||
| 43 | cgit v0.12 | ||