openwrtv4/package/utils/busybox
John Crispin 7c0a2bc930 busybox: backport cve-2017-16544 fix
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
..
config merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch 2017-12-08 19:41:18 +01:00
files sysntpd: restore support for peer-less (standalone) mode 2017-03-15 23:05:00 +01:00
patches busybox: backport cve-2017-16544 fix 2018-01-02 07:14:08 +01:00
Config-defaults.in busybox: enable find -newer needed for shorewall firewall, no size increase on binary 2017-12-14 09:29:30 +01:00
Config.in busybox: include config files relative to the main Config.in (#18522) 2014-12-12 12:33:34 +00:00
convert_defaults.pl busybox: add a reworked implementation of menuconfig support, this time with a guard option that keeps all symbols at default values until an extra option is activated 2014-01-31 13:50:16 +00:00
convert_menuconfig.pl busybox: adjust convert_menuconfig.pl to emit relative path references for Config.in files and refresh generated files 2016-01-03 11:38:31 +00:00
Makefile busybox: add missing TARGET_CPPFLAGS and TARGET_LDFLAGS 2017-12-28 12:26:23 +01:00