diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2018-08-30 18:02:44 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-05 18:00:25 +0100 |
commit | 29108755c1c5a23855ab4dda59ea728781b9d75e (patch) | |
tree | 94da1d09be6d8da1ace653b6c9a61949e5cea8b8 /meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch | |
parent | 5b2a6e0edc9fd012f09735cf170717eeddaa05a7 (diff) | |
download | poky-29108755c1c5a23855ab4dda59ea728781b9d75e.tar.gz |
busybox: update to 1.29.2
- refresh busybox-udhcpc-no_deconfig.patch
- remove obsolete patches which are included in this update
- update defconfig
- Add newly required virtual/crypt depends [RB]
(From OE-Core rev: b9c7fdd4b204ab1c2466e9ec5d933bbc635fcc4f)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch')
-rw-r--r-- | meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch deleted file mode 100644 index fc19ee3356..0000000000 --- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Tue, 7 Nov 2017 18:09:29 +0100 | ||
4 | Subject: lineedit: do not tab-complete any strings which have control | ||
5 | characters | ||
6 | |||
7 | function old new delta | ||
8 | add_match 41 68 +27 | ||
9 | |||
10 | CVE: CVE-2017-16544 | ||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
14 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
15 | --- | ||
16 | libbb/lineedit.c | 12 ++++++++++++ | ||
17 | 1 file changed, 12 insertions(+) | ||
18 | |||
19 | diff --git a/libbb/lineedit.c b/libbb/lineedit.c | ||
20 | index c0e35bb..56e8140 100644 | ||
21 | --- a/libbb/lineedit.c | ||
22 | +++ b/libbb/lineedit.c | ||
23 | @@ -645,6 +645,18 @@ static void free_tab_completion_data(void) | ||
24 | |||
25 | static void add_match(char *matched) | ||
26 | { | ||
27 | + unsigned char *p = (unsigned char*)matched; | ||
28 | + while (*p) { | ||
29 | + /* ESC attack fix: drop any string with control chars */ | ||
30 | + if (*p < ' ' | ||
31 | + || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) | ||
32 | + || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) | ||
33 | + ) { | ||
34 | + free(matched); | ||
35 | + return; | ||
36 | + } | ||
37 | + p++; | ||
38 | + } | ||
39 | matches = xrealloc_vector(matches, 4, num_matches); | ||
40 | matches[num_matches] = matched; | ||
41 | num_matches++; | ||
42 | -- | ||
43 | cgit v0.12 | ||