And drop patches now upstream. Also enable internal glob() handling in ash,
as busybox now errors out if this isn't enabled when building for uClibc
because of bugs in the the glob(3) implementation in uClibc and musl since:
commit 3a4cdf45f928de0af09088bbbb96f60d9ac44e87
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Wed Dec 21 04:13:23 2016 +0100
ash: error out if ASH_INTERNAL_GLOB is not selected on uClibc
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The version bump doesn't inherently fix the security issues, however the
added CVE patches do, which fix:
CVE-2016-2147 - out of bounds write (heap) due to integer underflow in
udhcpc.
CVE-2016-2148 - heap-based buffer overflow in OPTION_6RD parsing.
Drop patches that are upstream as well.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable CONFIG_FEATURE_SYNC_FANCY in the busybox.config because that
option causes build failures for any uClibc based toolchains since it
requires syncfs() support, which doens't exist in uClibc.
This new option has been introduced in 1.24.0, so despite of disabling
it, we are not losing anything that we had before.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And rename 0006-lzop-add-overflow-check.patch to the proper convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
