The version bump doesn't inherently fix the security issues, however the
added CVE patches do, which fix:
CVE-2016-2147 - out of bounds write (heap) due to integer underflow in
udhcpc.
CVE-2016-2148 - heap-based buffer overflow in OPTION_6RD parsing.
Drop patches that are upstream as well.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable CONFIG_FEATURE_SYNC_FANCY in the busybox.config because that
option causes build failures for any uClibc based toolchains since it
requires syncfs() support, which doens't exist in uClibc.
This new option has been introduced in 1.24.0, so despite of disabling
it, we are not losing anything that we had before.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And rename 0006-lzop-add-overflow-check.patch to the proper convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
