aboutsummaryrefslogtreecommitdiffstats
path: root/package/utils/busybox/patches/600-cve-2017-16544.patch
Commit message (Collapse)AuthorAgeFilesLines
* busybox: update to 1.28.2Hannu Nyman2018-04-031-35/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update busybox to 1.28.2, refresh patches and default config. * modify 230-add_nslookup_lede.patch as opt_complementary was removed Also move nslookup_longopts variable declaration to be inside the same conditional as the function itself. * modify 250-date-k-flag.patch to match upstream (opt_complementary) * remove 600-cve-2017-16544.patch that is upstreamed Notes about config changes: * Some applet-specific LONG_OPTIONS config options were removed * Config help text indentation changed, caused lots of text formatting changes for convert_menuconfig.pl * convert_defaults.pl moved lots of defaults around, summary of actual changes below New applets/features: --------------------- ARCH HEXEDIT MINIPS NETCAT NUKE RESUME RUN_INIT SETFATTR New options: ------------ FEATURE_CATN FEATURE_CROND_SPECIAL_TIMES FEATURE_LIBBUSYBOX_STATIC FEATURE_SETPRIV_CAPABILITIES FEATURE_SETPRIV_CAPABILITY_NAMES FEATURE_SETPRIV_DUMP FEATURE_SH_READ_FRAC FEATURE_SWAPONOFF_LABEL FEATURE_VOLUMEID_MINIX FEATURE_XARGS_SUPPORT_ARGS_FILE FEATURE_XARGS_SUPPORT_PARALLEL HUSH_GETOPTS HUSH_READONLY HUSH_TIMES Removed: -------- FEATURE_HAVE_RPC MSH Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: clean up patch fuzzKevin Darbyshire-Bryant2018-01-051-6/+1
| | | | | | Refresh patches to tidy up fuzz. No functional changes Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* busybox: backport cve-2017-16544 fixJohn Crispin2018-01-021-0/+40
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Fixes: FS#1181 - CVE-2017-16544: Backport the patch from: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 https://nvd.nist.gov/vuln/detail/CVE-2017-16544 Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com> Signed-off-by: John Crispin <john@phrozen.org>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-31 08:53:18 +0000