]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7fe6a1c) | patch
busybox: fix for CVE-2026-26157, CVE-2026-26158 master
authorErnst Persson <ernst.persson@non.se.com>
Fri, 10 Apr 2026 10:51:45 +0000 (03:51 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 20 Apr 2026 16:58:37 +0000 (17:58 +0100)
commit9a83f0878b6bacbc7b322cfec076b4e79ad7b8fb
tree1ba8e4a4bebd27bc6988aefd4cd20d534aa40eb8tree | snapshot
parent7fe6a1ccc9e79681763f3888072ef5b36c8bb416commit | diff
busybox: fix for CVE-2026-26157, CVE-2026-26158

Pick up patch from NVD report.

More details :
[1]: https://nvd.nist.gov/vuln/detail/CVE-2026-26157
[2]: https://nvd.nist.gov/vuln/detail/CVE-2026-26158

Note:
We use patch from busybox mirror that looks trustworthy https://gogs.librecmc.org/OWEALS/busybox.

Suggested-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Ernst Persson <ernst.persson@non.se.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/busybox/busybox/0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch [new file with mode: 0644] blob
meta/recipes-core/busybox/busybox/0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch [new file with mode: 0644] blob
meta/recipes-core/busybox/busybox_1.37.0.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core