Remove 0003-Revert-libbb-remove-unnecessary-variable-in-xmalloc_.patch
It caused a segfault which was fixed in this release.
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Includes fixes to sendmail and wget.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The two patches are still needed, with the second needing a slight
refresh around the edge.
Since upstream has now full support to perform a noclobber install, drop
our BUSYBOX_NOCLOBBER_INSTALL hook and use the new install rule.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Drop 0003-tar-unzip-postpone-creation-of-symlinks-with-suspici.patch now upstream.
>From the release notes:
Bug fix release. 1.28.2 has fixes for tcpsvd (fixed fallout from
opt_complementary removal), udhcpd (do not ignore SIGTERM), tar and unzip
(reverted to previous, more permissive symlink handling), ssl_client (fixed
option parsing).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Other changes:
- Update 0002-Makefile.flags-strip-non-l-arguments-returned-by-pkg.patch
for 1.28.0
- Remove upstream patches 3, 4, and 5.
- Update buxybox.config and busybox-minimal.config
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In addition, update busybox-minimal.config and busybox.config by loading the
config files and saving them back.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And drop patches now upstream. Also enable internal glob() handling in ash,
as busybox now errors out if this isn't enabled when building for uClibc
because of bugs in the the glob(3) implementation in uClibc and musl since:
commit 3a4cdf45f928de0af09088bbbb96f60d9ac44e87
Author: Denys Vlasenko <vda.linux@googlemail.com>
Date: Wed Dec 21 04:13:23 2016 +0100
ash: error out if ASH_INTERNAL_GLOB is not selected on uClibc
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The version bump doesn't inherently fix the security issues, however the
added CVE patches do, which fix:
CVE-2016-2147 - out of bounds write (heap) due to integer underflow in
udhcpc.
CVE-2016-2148 - heap-based buffer overflow in OPTION_6RD parsing.
Drop patches that are upstream as well.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable CONFIG_FEATURE_SYNC_FANCY in the busybox.config because that
option causes build failures for any uClibc based toolchains since it
requires syncfs() support, which doens't exist in uClibc.
This new option has been introduced in 1.24.0, so despite of disabling
it, we are not losing anything that we had before.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
And rename 0006-lzop-add-overflow-check.patch to the proper convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
