[Buildroot] [PATCH] package/busybox: update to 1.36.0
Arnout Vandecappelle
arnout at mind.be
Tue Feb 7 13:33:10 UTC 2023
On 07/02/2023 12:53, Arnout Vandecappelle wrote:
> Remove upstream patch 0003-awk-fix-use-after-free-CVE-2022-30065.patch
> and update _IGNORE_CVES accordingly.
>
> The two other CVE fixes are still needed.
>
> Refresh busybox.config. All configs are set to the new defaults, except
> for CONFIG_UDHCPC_DEFAULT_SCRIPT: for this one, reuse the script we also
> use for DHCPv4. This is matches the behaviour previous to the bump,
> where we had a single script handling both.
>
> Signed-off-by: Arnout Vandecappelle <arnout at mind.be>
Applied to master after a quick review by Thomas, thanks.
Regards,
Arnout
> ---
> ...wk-fix-use-after-free-CVE-2022-30065.patch | 52 -------------------
> package/busybox/busybox.config | 23 +++++---
> package/busybox/busybox.hash | 2 +-
> package/busybox/busybox.mk | 4 +-
> 4 files changed, 19 insertions(+), 62 deletions(-)
> delete mode 100644 package/busybox/0003-awk-fix-use-after-free-CVE-2022-30065.patch
[snip]
More information about the buildroot
mailing list