busybox: fix CVE-2021-28831

Backport patch to fix CVE-2021-28831. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <Qi.Chen@windriver.com> 2021-04-07 21:55:18 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-04-18 11:28:20 +0100
commit: e579dbd9a6b2472ca90f411c0b594da9e38c9aca (patch)
tree: da994e7ce45476ebea1d598449243ae1ced2486d /meta/recipes-core/busybox/busybox_1.33.0.bb
parent: 36de56496bc07c321162555d603fac756297911a (diff)
download: openembedded-core-contrib-e579dbd9a6b2472ca90f411c0b594da9e38c9aca.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-core/busybox/busybox_1.33.0.bb b/meta/recipes-core/busybox/busybox_1.33.0.bb
index 1a3f218bca..58e9cf7fce 100644
--- a/meta/recipes-core/busybox/busybox_1.33.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.33.0.bb
@@ -46,7 +46,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-sysctl-ignore-EIO-of-stable_secret-below-proc-sys-ne.patch \
            file://rev.cfg \
            file://pgrep.cfg \
-"
+           file://0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch \
+           "
 SRC_URI_append_libc-musl = " file://musl.cfg "
 
 SRC_URI[tarball.sha256sum] = "d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd"
author	Chen Qi <Qi.Chen@windriver.com>	2021-04-07 21:55:18 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-04-18 11:28:20 +0100
commit	e579dbd9a6b2472ca90f411c0b594da9e38c9aca (patch)
tree	da994e7ce45476ebea1d598449243ae1ced2486d /meta/recipes-core/busybox/busybox_1.33.0.bb
parent	36de56496bc07c321162555d603fac756297911a (diff)
download	openembedded-core-contrib-e579dbd9a6b2472ca90f411c0b594da9e38c9aca.tar.gz