aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/APKBUILD
diff options
context:
space:
mode:
authorChristine Dodrill <me@christine.website>2017-11-22 06:19:54 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2017-11-22 12:46:33 +0000
commitac414d2b6399469baedb0a1f6cd3ca93f0aabf59 (patch)
tree25634c4a9290542f65bce748eecf1effb1ee1220 /main/busybox/APKBUILD
parentc4e6c5cec25c025e87371ec316e5f18e417c7660 (diff)
downloadaports-ac414d2b6399469baedb0a1f6cd3ca93f0aabf59.tar.gz
aports-ac414d2b6399469baedb0a1f6cd3ca93f0aabf59.tar.bz2
aports-ac414d2b6399469baedb0a1f6cd3ca93f0aabf59.tar.xz
main/busybox: include patch for CVE-2017-16544, CVE-2017-15873, CVE-2017-15874
I have created an automated tool at https://github.com/Xe/cve-2017-16544 that will test busybox's ash implementation for CVE-2017-16544. [1]: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ CVE-2017-15873 and CVE-2017-15874 are fixed by their upstream patches. fixes #8187
Diffstat (limited to 'main/busybox/APKBUILD')
-rw-r--r--main/busybox/APKBUILD9
1 files changed, 8 insertions, 1 deletions
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 94ceef6099..2388575e33 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.27.2
-pkgrel=3
+pkgrel=4
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
arch="all"
@@ -33,6 +33,10 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
0010-udhcpc-Don-t-background-if-n-is-given.patch
0011-testsuite-fix-cpio-tests.patch
0012-microcom-segfault.patch
+
+ 0013-CVE-2017-16544.patch
+ 0014-CVE-2017-15873.patch
+ 0015-CVE-2017-15874.patch
top-buffer-overflow.patch
@@ -185,6 +189,9 @@ d1c375184f806f7550bac5c82ab5471bdb8085d845172c973724b22af05ab3759b3ce982e088b4c4
9b5143d0be615b1604d82007628d59a62721f1e61a63cca7a4ffa5e60fa8da102bfc21fa20cc35c2f5a0a24bc8013598f8eff5888f9d0f3bcfa796343b5f5a91 0010-udhcpc-Don-t-background-if-n-is-given.patch
f4e00eb13fda752df13f300a7ed9b1320ca9f573c4309247f292c8710464d7be8740148f42e4aff16312335eadabce5a629dce4af58334b9199faf2fd658e4f9 0011-testsuite-fix-cpio-tests.patch
a09a64b3bce8048c58a68dcd2dd9e63c911009c06195d6bb4e5aecfb5700e479c25b34635c60899127975fae32275ad51846ee75f840d612e00668ce9aba8322 0012-microcom-segfault.patch
+74620e589e863f63ad3fed1e37405e385648789d59e8914074f94b2d279728ad54cd497073ff7afe2aac1bca81150fa1b396034206358599281f15fb2dd079d5 0013-CVE-2017-16544.patch
+8a9f314c7d08d349957549c59d306d1b608f147e27719a290d421cce288c11adb8593034a6d722688ae3c5dc60a5180f7aa948213987cd5b188340558607cbcb 0014-CVE-2017-15873.patch
+93b3188fe3397899a625c203bcc03ddedadb96cceeb38ecad3ad3395d75fdfa7e1ba7cfc34eb8ebc7c70165ae967da474735247bf114398bea00440e90b1bef7 0015-CVE-2017-15874.patch
524e858b52cb31fb8d24e8c7f18606fff349aeab6a14da9cca3902641f6127980daed73c53586c6e8b41eecda06cdb29c40ff1dde2dc82a318c2649680458921 top-buffer-overflow.patch
a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c acpid.logrotate
02102f0764ffbec86e97ccab99b3a1e55ffa5b25aa2cdc1fe270d5b575610bdb50568574c7cbd05aba91b13151f84f536b44320c180051cbd77cf258e4fc89a4 busyboxconfig