]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4225c9a) | patch
busybox: apply patch for CVE-2023-39810
authorPeter Marko <peter.marko@siemens.com>
Sat, 12 Jul 2025 16:06:56 +0000 (18:06 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Jul 2025 16:55:45 +0000 (09:55 -0700)
commitc9d071556aa2e066abffc35031d86ee8ee9437d8
treec5e78cf683375c74dff413b1b31301df9c948669tree
parent4225c9abbc68e1a29a54927a9c8e1fe12208e5b4commit | diff
busybox: apply patch for CVE-2023-39810

Backport patch referencing this CVE.

Note that the hardening is not activated by default, it adds defconfig
option to enable it.
Since it introduces a breaking change, it shouldn't be enabled in LTS
release by default.
This patch makes busybox cpio equivalent in this release to what is
currently in master and in kirkstone.
Also note that gnu cpio also does not have this hardening, but the CVE
is created only against busybox.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/busybox/busybox/CVE-2023-39810.patch [new file with mode: 0644] blob
meta/recipes-core/busybox/busybox_1.37.0.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib