* [PATCH] busybox: update to 1.29.2
@ 2018-08-30 15:57 Andrej Valek
2018-08-31 7:42 ` Andrej Valek
0 siblings, 1 reply; 6+ messages in thread
From: Andrej Valek @ 2018-08-30 15:57 UTC (permalink / raw)
To: openembedded-core
- refresh busybox-udhcpc-no_deconfig.patch
- remove obsolete patches which are included in this update
- update defconfig
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
...inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} | 0
.../busybox/busybox/CVE-2011-5325.patch | 481 ---------------------
.../busybox/busybox/CVE-2017-15873.patch | 95 ----
.../busybox/busybox/busybox-CVE-2017-16544.patch | 43 --
.../busybox/busybox-fix-lzma-segfaults.patch | 106 -----
.../busybox/busybox-udhcpc-no_deconfig.patch | 48 +-
meta/recipes-core/busybox/busybox/defconfig | 46 +-
.../busybox/busybox/umount-ignore-c.patch | 40 --
.../{busybox_1.27.2.bb => busybox_1.29.2.bb} | 9 +-
9 files changed, 66 insertions(+), 802 deletions(-)
rename meta/recipes-core/busybox/{busybox-inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} (100%)
delete mode 100755 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
delete mode 100644 meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
delete mode 100644 meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
delete mode 100644 meta/recipes-core/busybox/busybox/umount-ignore-c.patch
rename meta/recipes-core/busybox/{busybox_1.27.2.bb => busybox_1.29.2.bb} (82%)
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
similarity index 100%
rename from meta/recipes-core/busybox/busybox-inittab_1.27.2.bb
rename to meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
deleted file mode 100755
index 0926107bea..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-busybox-1.27.2: Fix CVE-2011-5325
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
-
-libarchive: do not extract unsafe symlinks
-
-Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
-is not set. Untarring file with -C DESTDIR parameter could be extracted with
-unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
-Include necessary changes from previous commits.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
-CVE: CVE-2011-5325
-bug: 8411
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
-index 942e755..e1a8a75 100644
---- a/archival/libarchive/Kbuild.src
-+++ b/archival/libarchive/Kbuild.src
-@@ -12,6 +12,8 @@ COMMON_FILES:= \
- data_extract_all.o \
- data_extract_to_stdout.o \
- \
-+ unsafe_symlink_target.o \
-+\
- filter_accept_all.o \
- filter_accept_list.o \
- filter_accept_reject_list.o \
-diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
-index 1830ffb..b828b65 100644
---- a/archival/libarchive/data_extract_all.c
-+++ b/archival/libarchive/data_extract_all.c
-@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- res = link(hard_link, dst_name);
- if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
- /* shared message */
-- bb_perror_msg("can't create %slink "
-- "%s to %s", "hard",
-- dst_name,
-- hard_link);
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "hard", dst_name, hard_link
-+ );
- }
- /* Hardlinks have no separate mode/ownership, skip chown/chmod */
- goto ret;
-@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- case S_IFLNK:
- /* Symlink */
- //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
-- res = symlink(file_header->link_target, dst_name);
-- if (res != 0
-- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-- ) {
-- /* shared message */
-- bb_perror_msg("can't create %slink "
-- "%s to %s", "sym",
-- dst_name,
-- file_header->link_target);
-+ if (!unsafe_symlink_target(file_header->link_target)) {
-+ res = symlink(file_header->link_target, dst_name);
-+ if (res != 0
-+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-+ ) {
-+ /* shared message */
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "sym",
-+ dst_name, file_header->link_target
-+ );
-+ }
- }
- break;
- case S_IFSOCK:
-diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
-new file mode 100644
-index 0000000..ee46e28
---- /dev/null
-+++ b/archival/libarchive/unsafe_symlink_target.c
-@@ -0,0 +1,48 @@
-+/* vi: set sw=4 ts=4: */
-+/*
-+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
-+ */
-+#include "libbb.h"
-+#include "bb_archive.h"
-+
-+int FAST_FUNC unsafe_symlink_target(const char *target)
-+{
-+ const char *dot;
-+
-+ if (target[0] == '/') {
-+ const char *var;
-+unsafe:
-+ var = getenv("EXTRACT_UNSAFE_SYMLINKS");
-+ if (var) {
-+ if (LONE_CHAR(var, '1'))
-+ return 0; /* pretend it's safe */
-+ return 1; /* "UNSAFE!" */
-+ }
-+ bb_error_msg("skipping unsafe symlink to '%s' in archive,"
-+ " set %s=1 to extract",
-+ target,
-+ "EXTRACT_UNSAFE_SYMLINKS"
-+ );
-+ /* Prevent further messages */
-+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
-+ return 1; /* "UNSAFE!" */
-+ }
-+
-+ dot = target;
-+ for (;;) {
-+ dot = strchr(dot, '.');
-+ if (!dot)
-+ return 0; /* safe target */
-+
-+ /* Is it a path component starting with ".."? */
-+ if ((dot[1] == '.')
-+ && (dot == target || dot[-1] == '/')
-+ /* Is it exactly ".."? */
-+ && (dot[2] == '/' || dot[2] == '\0')
-+ ) {
-+ goto unsafe;
-+ }
-+ /* NB: it can even be trailing ".", should only add 1 */
-+ dot += 1;
-+ }
-+}
-\ No newline at end of file
-diff --git a/archival/unzip.c b/archival/unzip.c
-index 9037262..270e261 100644
---- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
- free(name);
- }
-
-+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
-+{
-+ char *target;
-+
-+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
-+ bb_error_msg_and_die("bad archive");
-+
-+ if (zip->fmt.method == 0) {
-+ /* Method 0 - stored (not compressed) */
-+ target = xzalloc(zip->fmt.ucmpsize + 1);
-+ xread(zip_fd, target, zip->fmt.ucmpsize);
-+ } else {
-+#if 1
-+ bb_error_msg_and_die("compressed symlink is not supported");
-+#else
-+ transformer_state_t xstate;
-+ init_transformer_state(&xstate);
-+ xstate.mem_output_size_max = zip->fmt.ucmpsize;
-+ /* ...unpack... */
-+ if (!xstate.mem_output_buf)
-+ WTF();
-+ target = xstate.mem_output_buf;
-+ target = xrealloc(target, xstate.mem_output_size + 1);
-+ target[xstate.mem_output_size] = '\0';
-+#endif
-+ }
-+ if (!unsafe_symlink_target(target)) {
-+//TODO: libbb candidate
-+ if (symlink(target, dst_fn)) {
-+ /* shared message */
-+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+ "sym", dst_fn, target
-+ );
-+ }
-+ }
-+ free(target);
-+}
-+
- static void unzip_extract(zip_header_t *zip, int dst_fd)
- {
- transformer_state_t xstate;
-@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
- }
- check_file:
- /* Extract file */
-- if (stat(dst_fn, &stat_buf) == -1) {
-+ if (lstat(dst_fn, &stat_buf) == -1) {
- /* File does not exist */
- if (errno != ENOENT) {
- bb_perror_msg_and_die("can't stat '%s'", dst_fn);
-@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
- goto do_open_and_extract;
- printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
- my_fgets80(key_buf);
-+//TODO: redo lstat + ISREG check! user input could have taken a long time!
-
- switch (key_buf[0]) {
- case 'A':
-@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
- do_open_and_extract:
- unzip_create_leading_dirs(dst_fn);
- #if ENABLE_FEATURE_UNZIP_CDF
-- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
-+ if (!S_ISLNK(file_mode))
-+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
- #else
- dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
- #endif
-@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
- ? " extracting: %s\n"
- : */ " inflating: %s\n", dst_fn);
- }
-- unzip_extract(&zip, dst_fd);
-- if (dst_fd != STDOUT_FILENO) {
-- /* closing STDOUT is potentially bad for future business */
-- close(dst_fd);
-+#if ENABLE_FEATURE_UNZIP_CDF
-+ if (S_ISLNK(file_mode)) {
-+ if (dst_fd != STDOUT_FILENO) /* no -p */
-+ unzip_extract_symlink(&zip, dst_fn);
-+ } else
-+#endif
-+ {
-+ unzip_extract(&zip, dst_fd);
-+ if (dst_fd != STDOUT_FILENO) {
-+ /* closing STDOUT is potentially bad for future business */
-+ close(dst_fd);
-+ };
- }
- break;
-
-diff --git a/coreutils/link.c b/coreutils/link.c
-index ac3ef85..aab249d 100644
---- a/coreutils/link.c
-+++ b/coreutils/link.c
-@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
- argv += optind;
- if (link(argv[0], argv[1]) != 0) {
- /* shared message */
-- bb_perror_msg_and_die("can't create %slink "
-- "%s to %s", "hard",
-- argv[1], argv[0]
-+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+ "hard", argv[1], argv[0]
- );
- }
- return EXIT_SUCCESS;
-diff --git a/include/bb_archive.h b/include/bb_archive.h
-index 2b9c5f0..1e4da3c 100644
---- a/include/bb_archive.h
-+++ b/include/bb_archive.h
-@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
- void seek_by_read(int fd, off_t amount) FAST_FUNC;
-
- const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
-+int unsafe_symlink_target(const char *target) FAST_FUNC;
-
- void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
- const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
-diff --git a/libbb/copy_file.c b/libbb/copy_file.c
-index 23c0f83..be90066 100644
---- a/libbb/copy_file.c
-+++ b/libbb/copy_file.c
-@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
- int r = symlink(lpath, dest);
- free(lpath);
- if (r < 0) {
-- bb_perror_msg("can't create symlink '%s'", dest);
-+ /* shared message */
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "sym", dest, lpath
-+ );
- return -1;
- }
- if (flags & FILEUTILS_PRESERVE_STATUS)
-diff --git a/testsuite/tar.tests b/testsuite/tar.tests
-index 9f7ce15..b7cd74c 100755
---- a/testsuite/tar.tests
-+++ b/testsuite/tar.tests
-@@ -10,9 +10,6 @@ unset LC_COLLATE
- unset LC_ALL
- umask 022
-
--rm -rf tar.tempdir 2>/dev/null
--mkdir tar.tempdir && cd tar.tempdir || exit 1
--
- # testing "test name" "script" "expected result" "file input" "stdin"
-
- testing "Empty file is not a tarball" '\
-@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
- "" ""
- SKIP=
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
- # GNU tar 1.26 records as hardlinks:
- # input_hard2 -> input_hard1
-@@ -64,7 +62,6 @@ SKIP=
- # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks and repeated files" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- ln input_hard1 input_hard2
- mkdir input_dir
-@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- chmod 741 input_hard1
- ln input_hard1 input_hard2
-@@ -128,10 +126,11 @@ Ok: 0
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar symlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_file
- chmod 741 input_file
- ln -s input_file input_soft
-@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
- testing "tar --overwrite" "\
--rm -rf input_* test.tar 2>/dev/null
- ln input input_hard
- tar cf test.tar input_hard
- echo WRONG >input
-@@ -174,12 +174,13 @@ Ok
- " \
- "Ok\n" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- test x"$SKIP_KNOWN_BUGS" = x"" && {
- # Needs to be run under non-root for meaningful test
- optional FEATURE_TAR_CREATE
- testing "tar writing into read-only dir" '\
--rm -rf input_* test.tar 2>/dev/null
- mkdir input_dir
- >input_dir/input_file
- chmod 550 input_dir
-@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
- "" ""
- SKIP=
- }
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Had a bug where on extract autodetect first "switched off" -z
- # and then failed to recognize .tgz extension
- optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
-@@ -217,7 +220,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
- # (the uuencoded hello_world.txz contains one empty file named "hello_world")
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
-@@ -236,7 +241,9 @@ AAAEWVo=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # On extract, everything up to and including last ".." component is stripped
- optional FEATURE_TAR_CREATE
- testing "tar strips /../ on extract" "\
-@@ -255,7 +262,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # attack.tar.bz2 has symlink pointing to a system file
- # followed by a regular file with the same name
- # containing "root::0:0::/root:/bin/sh":
-@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-+
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # And same with -k
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar -k does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
--tar: can't open 'passwd': File exists
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
- testing "Pax-encoded UTF8 names and symlinks" '\
- tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
-@@ -309,17 +324,45 @@ rm -rf etc usr
- ' "\
- etc/ssl/certs/3b2716e5.0
- etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
-+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- etc/ssl/certs/f80cc7f6.0
- usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- 0
- etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
--etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
--
--cd .. && rm -rf tar.tempdir || exit 1
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
-+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
-+testing "Symlink attack: create symlink and then write through it" '\
-+exec 2>&1
-+uudecode -o input && tar xvf input; echo $?
-+ls /tmp/bb_test_evilfile
-+ls bb_test_evilfile
-+ls symlink/bb_test_evilfile
-+' "\
-+anything.txt
-+symlink
-+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
-+symlink/bb_test_evilfile
-+0
-+ls: /tmp/bb_test_evilfile: No such file or directory
-+ls: bb_test_evilfile: No such file or directory
-+symlink/bb_test_evilfile
-+" \
-+"" "\
-+begin-base64 644 tar_symlink_attack.tar.bz2
-+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
-+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
-+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
-+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
-+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
-+====
-+"
-+SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
- exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
deleted file mode 100644
index 5a027c9bcc..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-busybox-1.27.2: Fix CVE-2017-15873
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
-
-bunzip2: fix runCnt overflow
-
-The get_next_block function in archival/libarchive/decompress_bunzip2.c
-in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
-access violation.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
-CVE: CVE-2017-15873
-bug: 10431
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-
-diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
-index 7cd18f5..bec89ed 100644
---- a/archival/libarchive/decompress_bunzip2.c
-+++ b/archival/libarchive/decompress_bunzip2.c
-@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
- static int get_next_block(bunzip_data *bd)
- {
- struct group_data *hufGroup;
-- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
-- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
-- int runCnt = runCnt; /* for compiler */
-+ int groupCount, *base, *limit, selector,
-+ i, j, symCount, symTotal, nSelectors, byteCount[256];
- uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
- uint32_t *dbuf;
- unsigned origPtr, t;
-+ unsigned dbufCount, runPos;
-+ unsigned runCnt = runCnt; /* for compiler */
-
- dbuf = bd->dbuf;
-- dbufSize = bd->dbufSize;
- selectors = bd->selectors;
-
- /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
-@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
- it didn't actually work. */
- if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
- origPtr = get_bits(bd, 24);
-- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
-+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
-
- /* mapping table: if some byte values are never used (encoding things
- like ascii text), the compression code removes the gaps to have fewer
-@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
- symbols, but a run of length 0 doesn't mean anything in this
- context). Thus space is saved. */
- runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
-- if (runPos < dbufSize) runPos <<= 1;
-+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
-+//This would be the fix (catches too large count way before it can overflow):
-+// if (runCnt > bd->dbufSize) {
-+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
-+// runCnt, bd->dbufSize);
-+// return RETVAL_DATA_ERROR;
-+// }
-+ if (runPos < bd->dbufSize) runPos <<= 1;
- goto end_of_huffman_loop;
- }
-
-@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
- literal used is the one at the head of the mtfSymbol array.) */
- if (runPos != 0) {
- uint8_t tmp_byte;
-- if (dbufCount + runCnt > dbufSize) {
-- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
-- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
-+ if (dbufCount + runCnt > bd->dbufSize) {
-+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
-+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
- return RETVAL_DATA_ERROR;
- }
- tmp_byte = symToByte[mtfSymbol[0]];
- byteCount[tmp_byte] += runCnt;
-- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
-+ while ((int)--runCnt >= 0)
-+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
- runPos = 0;
- }
-
-@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
- first symbol in the mtf array, position 0, would have been handled
- as part of a run above. Therefore 1 unused mtf position minus
- 2 non-literal nextSym values equals -1.) */
-- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
-+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
- i = nextSym - 1;
- uc = mtfSymbol[i];
-
---
-cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
deleted file mode 100644
index fc19ee3356..0000000000
--- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Tue, 7 Nov 2017 18:09:29 +0100
-Subject: lineedit: do not tab-complete any strings which have control
- characters
-
-function old new delta
-add_match 41 68 +27
-
-CVE: CVE-2017-16544
-Upstream-Status: Backport
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- libbb/lineedit.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/libbb/lineedit.c b/libbb/lineedit.c
-index c0e35bb..56e8140 100644
---- a/libbb/lineedit.c
-+++ b/libbb/lineedit.c
-@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
-
- static void add_match(char *matched)
- {
-+ unsigned char *p = (unsigned char*)matched;
-+ while (*p) {
-+ /* ESC attack fix: drop any string with control chars */
-+ if (*p < ' '
-+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
-+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
-+ ) {
-+ free(matched);
-+ return;
-+ }
-+ p++;
-+ }
- matches = xrealloc_vector(matches, 4, num_matches);
- matches[num_matches] = matched;
- num_matches++;
---
-cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
deleted file mode 100644
index da6dfa8023..0000000000
--- a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-busybox-1.27.2: Fix lzma segfaults
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
-
-libarchive: check buffer index in lzma_decompress
-
-With specific defconfig busybox fails to check zip fileheader magic
-(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
-for decompression which leads to segmentation fault. It prevents accessing into
-buffer, which is smaller than pos index. Patch includes multiple segmentation
-fault fixes.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
-bug: 10436 10871
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
-index a904087..29eee2a 100644
---- a/archival/libarchive/decompress_unlzma.c
-+++ b/archival/libarchive/decompress_unlzma.c
-@@ -11,6 +11,14 @@
- #include "libbb.h"
- #include "bb_archive.h"
-
-+
-+#if 0
-+# define dbg(...) bb_error_msg(__VA_ARGS__)
-+#else
-+# define dbg(...) ((void)0)
-+#endif
-+
-+
- #if ENABLE_FEATURE_LZMA_FAST
- # define speed_inline ALWAYS_INLINE
- # define size_inline
-@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
- rc_t *rc;
- int i;
- uint8_t *buffer;
-+ uint32_t buffer_size;
- uint8_t previous_byte = 0;
- size_t buffer_pos = 0, global_pos = 0;
- int len = 0;
-@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
- if (header.dict_size == 0)
- header.dict_size++;
-
-- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
-+ buffer_size = MIN(header.dst_size, header.dict_size);
-+ buffer = xmalloc(buffer_size);
-
- {
- int num_probs;
-@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
-
- pos = buffer_pos - rep0;
-- if ((int32_t)pos < 0)
-+ if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* see unzip_bad_lzma_2.zip: */
-+ if (pos >= buffer_size)
-+ goto bad;
-+ }
- previous_byte = buffer[pos];
- goto one_byte1;
- #else
-@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
- for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
- rep0 = (rep0 << 1) | rc_direct_bit(rc);
- rep0 <<= LZMA_NUM_ALIGN_BITS;
-+ if ((int32_t)rep0 < 0) {
-+ dbg("%d rep0:%d", __LINE__, rep0);
-+ goto bad;
-+ }
- prob3 = p + LZMA_ALIGN;
- }
- i2 = 1;
-@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- IF_NOT_FEATURE_LZMA_FAST(string:)
- do {
- uint32_t pos = buffer_pos - rep0;
-- if ((int32_t)pos < 0)
-+ if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* more stringent test (see unzip_bad_lzma_1.zip): */
-+ if (pos >= buffer_size)
-+ goto bad;
-+ }
- previous_byte = buffer[pos];
- IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
- buffer[buffer_pos++] = previous_byte;
-@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- IF_DESKTOP(total_written += buffer_pos;)
- if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
- bad:
-+ /* One of our users, bbunpack(), expects _us_ to emit
-+ * the error message (since it's the best place to give
-+ * potentially more detailed information).
-+ * Do not fail silently.
-+ */
-+ bb_error_msg("corrupted data");
- total_written = -1; /* failure */
- }
- rc_free(rc);
-
diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
index 582a258939..76daaf1f02 100644
--- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
+++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
@@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
networking/udhcp/dhcpc.c | 29 ++++++++++++++++------
1 file changed, 21 insertions(+), 8 deletions(-)
-Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+Index: busybox-1.29.1/networking/udhcp/dhcpc.c
===================================================================
---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c
-+++ busybox-1.27.2/networking/udhcp/dhcpc.c
-@@ -49,6 +49,8 @@ struct tpacket_auxdata {
+--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.1/networking/udhcp/dhcpc.c
+@@ -48,6 +48,8 @@
};
#endif
@@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
/* "struct client_config_t client_config" is in bb_common_bufsiz1 */
-@@ -104,8 +106,9 @@ enum {
+@@ -103,8 +105,9 @@
OPT_x = 1 << 18,
OPT_f = 1 << 19,
OPT_B = 1 << 20,
@@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
USE_FOR_MMU( OPTBIT_b,)
IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
IF_FEATURE_UDHCP_PORT( OPTBIT_P,)
-@@ -1110,7 +1113,8 @@ static void perform_renew(void)
+@@ -1116,7 +1119,8 @@
state = RENEW_REQUESTED;
break;
case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
@@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
case REQUESTING:
case RELEASED:
change_listen_mode(LISTEN_RAW);
-@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip)
+@@ -1152,7 +1156,8 @@
* Users requested to be notified in all cases, even if not in one
* of the states above.
*/
@@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
change_listen_mode(LISTEN_NONE);
state = RELEASED;
-@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
- /* O,x: list; -T,-t,-A take numeric param */
- IF_UDHCP_VERBOSE(opt_complementary = "vv";)
- IF_LONG_OPTS(applet_long_options = udhcpc_longopts;)
-- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
-+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
+@@ -1265,7 +1270,7 @@
+ /* Parse command line */
+ opt = getopt32long(argv, "^"
+ /* O,x: list; -T,-t,-A take numeric param */
+- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
USE_FOR_MMU("b")
IF_FEATURE_UDHCPC_ARPING("a::")
IF_FEATURE_UDHCP_PORT("P:")
-@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1376,6 +1381,10 @@
logmode |= LOGMODE_SYSLOG;
}
@@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+
/* Make sure fd 0,1,2 are open */
bb_sanitize_stdio();
- /* Equivalent of doing a fflush after every \n */
-@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ /* Create pidfile */
+@@ -1388,7 +1397,8 @@
srand(monotonic_us());
state = INIT_SELECTING;
@@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
change_listen_mode(LISTEN_RAW);
packet_num = 0;
timeout = 0;
-@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1555,7 +1565,8 @@
}
/* Timed out, enter init state */
bb_error_msg("lease lost, entering init state");
@@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
state = INIT_SELECTING;
client_config.first_secs = 0; /* make secs field count from 0 */
/*timeout = 0; - already is */
-@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1748,8 +1759,10 @@
+ "(got ARP reply), declining");
send_decline(/*xid,*/ server_addr, packet.yiaddr);
- if (state != REQUESTING)
+- if (state != REQUESTING)
- udhcp_run_script(NULL, "deconfig");
++ if (state != REQUESTING) {
+ if (allow_deconfig)
+ udhcp_run_script(NULL, "deconfig");
++ }
change_listen_mode(LISTEN_RAW);
state = INIT_SELECTING;
client_config.first_secs = 0; /* make secs field count from 0 */
-@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1818,8 +1831,10 @@
+ /* return to init state */
bb_error_msg("received %s", "DHCP NAK");
udhcp_run_script(&packet, "nak");
- if (state != REQUESTING)
+- if (state != REQUESTING)
- udhcp_run_script(NULL, "deconfig");
++ if (state != REQUESTING) {
+ if (allow_deconfig)
+ udhcp_run_script(NULL, "deconfig");
++ }
change_listen_mode(LISTEN_RAW);
sleep(3); /* avoid excessive network traffic */
state = INIT_SELECTING;
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
index 59d93c7079..f081f281cc 100644
--- a/meta/recipes-core/busybox/busybox/defconfig
+++ b/meta/recipes-core/busybox/busybox/defconfig
@@ -1,12 +1,12 @@
#
# Automatically generated make config: don't edit
-# Busybox version: 1.27.2
-# Wed Sep 27 08:56:13 2017
+# Busybox version: 1.29.1
+# Thu Jul 19 11:09:46 2018
#
CONFIG_HAVE_DOT_CONFIG=y
#
-# Busybox Settings
+# Settings
#
# CONFIG_DESKTOP is not set
# CONFIG_EXTRA_COMPAT is not set
@@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y
# CONFIG_EFENCE is not set
#
-# Busybox Library Tuning
+# Library Tuning
#
# CONFIG_FEATURE_USE_BSS_TAIL is not set
CONFIG_FEATURE_RTMINMAX=y
@@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
CONFIG_FEATURE_FAST_TOP=y
# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_ETC_SERVICES is not set
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
# CONFIG_FEATURE_EDITING_VI is not set
@@ -321,6 +322,7 @@ CONFIG_TRUE=y
CONFIG_TTY=y
CONFIG_UNAME=y
CONFIG_UNAME_OSNAME="GNU/Linux"
+# CONFIG_BB_ARCH is not set
CONFIG_UNIQ=y
CONFIG_UNLINK=y
CONFIG_USLEEP=y
@@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
+# klibc-utils
+#
+# CONFIG_MINIPS is not set
+# CONFIG_NUKE is not set
+# CONFIG_RESUME is not set
+# CONFIG_RUN_INIT is not set
+
+#
# Editors
#
CONFIG_AWK=y
@@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y
CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
# CONFIG_FEATURE_MTAB_SUPPORT is not set
# CONFIG_VOLUMEID is not set
+
+#
+# Filesystem/Volume identification
+#
# CONFIG_FEATURE_VOLUMEID_BCACHE is not set
# CONFIG_FEATURE_VOLUMEID_BTRFS is not set
# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
@@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
+# CONFIG_HEXEDIT is not set
# CONFIG_I2CGET is not set
# CONFIG_I2CSET is not set
# CONFIG_I2CDUMP is not set
@@ -807,6 +822,7 @@ CONFIG_MICROCOM=y
# CONFIG_RUNLEVEL is not set
# CONFIG_RX is not set
# CONFIG_SETSID is not set
+# CONFIG_SETFATTR is not set
CONFIG_STRINGS=y
CONFIG_TIME=y
# CONFIG_TIMEOUT is not set
@@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
+# CONFIG_TC is not set
+# CONFIG_FEATURE_TC_INGRESS is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
@@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
-# CONFIG_UDHCPC6 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
CONFIG_UDHCPD=y
-# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
+# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
CONFIG_DUMPLEASES=y
# CONFIG_DHCPRELAY is not set
@@ -963,6 +977,15 @@ CONFIG_UDHCPC=y
CONFIG_FEATURE_UDHCPC_ARPING=y
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
+# CONFIG_UDHCPC6 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
+
+#
+# Common options for DHCP applets
+#
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=0
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
@@ -1045,6 +1068,7 @@ CONFIG_WATCH=y
# CONFIG_SV is not set
CONFIG_SV_DEFAULT_SERVICE_DIR=""
# CONFIG_SVC is not set
+# CONFIG_SVOK is not set
# CONFIG_SVLOGD is not set
# CONFIG_CHCON is not set
# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
@@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y
# System Logging Utilities
#
CONFIG_KLOGD=y
+
+#
+# klogd should not be used together with syslog to kernel printk buffer
+#
CONFIG_FEATURE_KLOGD_KLOGCTL=y
CONFIG_LOGGER=y
# CONFIG_LOGREAD is not set
diff --git a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
deleted file mode 100644
index 9fe7998df3..0000000000
--- a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
-
-From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
-From: Shawn Landden <slandden@gmail.com>
-Date: Mon, 8 Jan 2018 13:31:58 +0100
-Subject: [PATCH] umount: ignore -c
-Organization: O.S. Systems Software LTDA.
-
-"-c, --no-canonicalize: Do not canonicalize paths."
-
-As busybox doesn't canonicalize paths in the first place it is safe to ignore
-this option.
-
-See https://github.com/systemd/systemd/issues/7786
-
-Signed-off-by: Shawn Landden <slandden@gmail.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- util-linux/umount.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util-linux/umount.c b/util-linux/umount.c
-index 0c50dc9ee..0425c5b76 100644
---- a/util-linux/umount.c
-+++ b/util-linux/umount.c
-@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
- }
- #endif
-
--/* ignored: -v -t -i */
--#define OPTION_STRING "fldnra" "vt:i"
-+/* ignored: -c -v -t -i */
-+#define OPTION_STRING "fldnra" "cvt:i"
- #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
- #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
- #define OPT_FREELOOP (1 << 2)
---
-2.18.0
-
diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.29.2.bb
similarity index 82%
rename from meta/recipes-core/busybox/busybox_1.27.2.bb
rename to meta/recipes-core/busybox/busybox_1.29.2.bb
index 1ce4823d47..3496a857c4 100644
--- a/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.29.2.bb
@@ -42,13 +42,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://rcK \
file://runlevel \
file://makefile-libbb-race.patch \
- file://CVE-2011-5325.patch \
- file://CVE-2017-15873.patch \
- file://busybox-CVE-2017-16544.patch \
- file://busybox-fix-lzma-segfaults.patch \
- file://umount-ignore-c.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
-SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
-SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
+SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
+SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] busybox: update to 1.29.2
2018-08-30 15:57 [PATCH] busybox: update to 1.29.2 Andrej Valek
@ 2018-08-31 7:42 ` Andrej Valek
2018-09-04 19:31 ` Randy MacLeod
0 siblings, 1 reply; 6+ messages in thread
From: Andrej Valek @ 2018-08-31 7:42 UTC (permalink / raw)
To: openembedded-core
I had some network problems.
This patch could be ignored, because, it's same as
http://lists.openembedded.org/pipermail/openembedded-core/2018-August/155059.html
Andrej
On 08/30/18 17:57, Andrej Valek wrote:
> - refresh busybox-udhcpc-no_deconfig.patch
> - remove obsolete patches which are included in this update
> - update defconfig
>
> Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> ---
> ...inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} | 0
> .../busybox/busybox/CVE-2011-5325.patch | 481 ---------------------
> .../busybox/busybox/CVE-2017-15873.patch | 95 ----
> .../busybox/busybox/busybox-CVE-2017-16544.patch | 43 --
> .../busybox/busybox-fix-lzma-segfaults.patch | 106 -----
> .../busybox/busybox-udhcpc-no_deconfig.patch | 48 +-
> meta/recipes-core/busybox/busybox/defconfig | 46 +-
> .../busybox/busybox/umount-ignore-c.patch | 40 --
> .../{busybox_1.27.2.bb => busybox_1.29.2.bb} | 9 +-
> 9 files changed, 66 insertions(+), 802 deletions(-)
> rename meta/recipes-core/busybox/{busybox-inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} (100%)
> delete mode 100755 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/umount-ignore-c.patch
> rename meta/recipes-core/busybox/{busybox_1.27.2.bb => busybox_1.29.2.bb} (82%)
>
> diff --git a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
> similarity index 100%
> rename from meta/recipes-core/busybox/busybox-inittab_1.27.2.bb
> rename to meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
> diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
> deleted file mode 100755
> index 0926107bea..0000000000
> --- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
> +++ /dev/null
> @@ -1,481 +0,0 @@
> -busybox-1.27.2: Fix CVE-2011-5325
> -
> -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
> -
> -libarchive: do not extract unsafe symlinks
> -
> -Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
> -is not set. Untarring file with -C DESTDIR parameter could be extracted with
> -unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
> -Include necessary changes from previous commits.
> -
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
> -CVE: CVE-2011-5325
> -bug: 8411
> -Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
> -index 942e755..e1a8a75 100644
> ---- a/archival/libarchive/Kbuild.src
> -+++ b/archival/libarchive/Kbuild.src
> -@@ -12,6 +12,8 @@ COMMON_FILES:= \
> - data_extract_all.o \
> - data_extract_to_stdout.o \
> - \
> -+ unsafe_symlink_target.o \
> -+\
> - filter_accept_all.o \
> - filter_accept_list.o \
> - filter_accept_reject_list.o \
> -diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
> -index 1830ffb..b828b65 100644
> ---- a/archival/libarchive/data_extract_all.c
> -+++ b/archival/libarchive/data_extract_all.c
> -@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
> - res = link(hard_link, dst_name);
> - if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
> - /* shared message */
> -- bb_perror_msg("can't create %slink "
> -- "%s to %s", "hard",
> -- dst_name,
> -- hard_link);
> -+ bb_perror_msg("can't create %slink '%s' to '%s'",
> -+ "hard", dst_name, hard_link
> -+ );
> - }
> - /* Hardlinks have no separate mode/ownership, skip chown/chmod */
> - goto ret;
> -@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
> - case S_IFLNK:
> - /* Symlink */
> - //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
> -- res = symlink(file_header->link_target, dst_name);
> -- if (res != 0
> -- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
> -- ) {
> -- /* shared message */
> -- bb_perror_msg("can't create %slink "
> -- "%s to %s", "sym",
> -- dst_name,
> -- file_header->link_target);
> -+ if (!unsafe_symlink_target(file_header->link_target)) {
> -+ res = symlink(file_header->link_target, dst_name);
> -+ if (res != 0
> -+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
> -+ ) {
> -+ /* shared message */
> -+ bb_perror_msg("can't create %slink '%s' to '%s'",
> -+ "sym",
> -+ dst_name, file_header->link_target
> -+ );
> -+ }
> - }
> - break;
> - case S_IFSOCK:
> -diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
> -new file mode 100644
> -index 0000000..ee46e28
> ---- /dev/null
> -+++ b/archival/libarchive/unsafe_symlink_target.c
> -@@ -0,0 +1,48 @@
> -+/* vi: set sw=4 ts=4: */
> -+/*
> -+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
> -+ */
> -+#include "libbb.h"
> -+#include "bb_archive.h"
> -+
> -+int FAST_FUNC unsafe_symlink_target(const char *target)
> -+{
> -+ const char *dot;
> -+
> -+ if (target[0] == '/') {
> -+ const char *var;
> -+unsafe:
> -+ var = getenv("EXTRACT_UNSAFE_SYMLINKS");
> -+ if (var) {
> -+ if (LONE_CHAR(var, '1'))
> -+ return 0; /* pretend it's safe */
> -+ return 1; /* "UNSAFE!" */
> -+ }
> -+ bb_error_msg("skipping unsafe symlink to '%s' in archive,"
> -+ " set %s=1 to extract",
> -+ target,
> -+ "EXTRACT_UNSAFE_SYMLINKS"
> -+ );
> -+ /* Prevent further messages */
> -+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
> -+ return 1; /* "UNSAFE!" */
> -+ }
> -+
> -+ dot = target;
> -+ for (;;) {
> -+ dot = strchr(dot, '.');
> -+ if (!dot)
> -+ return 0; /* safe target */
> -+
> -+ /* Is it a path component starting with ".."? */
> -+ if ((dot[1] == '.')
> -+ && (dot == target || dot[-1] == '/')
> -+ /* Is it exactly ".."? */
> -+ && (dot[2] == '/' || dot[2] == '\0')
> -+ ) {
> -+ goto unsafe;
> -+ }
> -+ /* NB: it can even be trailing ".", should only add 1 */
> -+ dot += 1;
> -+ }
> -+}
> -\ No newline at end of file
> -diff --git a/archival/unzip.c b/archival/unzip.c
> -index 9037262..270e261 100644
> ---- a/archival/unzip.c
> -+++ b/archival/unzip.c
> -@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
> - free(name);
> - }
> -
> -+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
> -+{
> -+ char *target;
> -+
> -+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
> -+ bb_error_msg_and_die("bad archive");
> -+
> -+ if (zip->fmt.method == 0) {
> -+ /* Method 0 - stored (not compressed) */
> -+ target = xzalloc(zip->fmt.ucmpsize + 1);
> -+ xread(zip_fd, target, zip->fmt.ucmpsize);
> -+ } else {
> -+#if 1
> -+ bb_error_msg_and_die("compressed symlink is not supported");
> -+#else
> -+ transformer_state_t xstate;
> -+ init_transformer_state(&xstate);
> -+ xstate.mem_output_size_max = zip->fmt.ucmpsize;
> -+ /* ...unpack... */
> -+ if (!xstate.mem_output_buf)
> -+ WTF();
> -+ target = xstate.mem_output_buf;
> -+ target = xrealloc(target, xstate.mem_output_size + 1);
> -+ target[xstate.mem_output_size] = '\0';
> -+#endif
> -+ }
> -+ if (!unsafe_symlink_target(target)) {
> -+//TODO: libbb candidate
> -+ if (symlink(target, dst_fn)) {
> -+ /* shared message */
> -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
> -+ "sym", dst_fn, target
> -+ );
> -+ }
> -+ }
> -+ free(target);
> -+}
> -+
> - static void unzip_extract(zip_header_t *zip, int dst_fd)
> - {
> - transformer_state_t xstate;
> -@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
> - }
> - check_file:
> - /* Extract file */
> -- if (stat(dst_fn, &stat_buf) == -1) {
> -+ if (lstat(dst_fn, &stat_buf) == -1) {
> - /* File does not exist */
> - if (errno != ENOENT) {
> - bb_perror_msg_and_die("can't stat '%s'", dst_fn);
> -@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
> - goto do_open_and_extract;
> - printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
> - my_fgets80(key_buf);
> -+//TODO: redo lstat + ISREG check! user input could have taken a long time!
> -
> - switch (key_buf[0]) {
> - case 'A':
> -@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
> - do_open_and_extract:
> - unzip_create_leading_dirs(dst_fn);
> - #if ENABLE_FEATURE_UNZIP_CDF
> -- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
> -+ if (!S_ISLNK(file_mode))
> -+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
> - #else
> - dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
> - #endif
> -@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
> - ? " extracting: %s\n"
> - : */ " inflating: %s\n", dst_fn);
> - }
> -- unzip_extract(&zip, dst_fd);
> -- if (dst_fd != STDOUT_FILENO) {
> -- /* closing STDOUT is potentially bad for future business */
> -- close(dst_fd);
> -+#if ENABLE_FEATURE_UNZIP_CDF
> -+ if (S_ISLNK(file_mode)) {
> -+ if (dst_fd != STDOUT_FILENO) /* no -p */
> -+ unzip_extract_symlink(&zip, dst_fn);
> -+ } else
> -+#endif
> -+ {
> -+ unzip_extract(&zip, dst_fd);
> -+ if (dst_fd != STDOUT_FILENO) {
> -+ /* closing STDOUT is potentially bad for future business */
> -+ close(dst_fd);
> -+ };
> - }
> - break;
> -
> -diff --git a/coreutils/link.c b/coreutils/link.c
> -index ac3ef85..aab249d 100644
> ---- a/coreutils/link.c
> -+++ b/coreutils/link.c
> -@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
> - argv += optind;
> - if (link(argv[0], argv[1]) != 0) {
> - /* shared message */
> -- bb_perror_msg_and_die("can't create %slink "
> -- "%s to %s", "hard",
> -- argv[1], argv[0]
> -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
> -+ "hard", argv[1], argv[0]
> - );
> - }
> - return EXIT_SUCCESS;
> -diff --git a/include/bb_archive.h b/include/bb_archive.h
> -index 2b9c5f0..1e4da3c 100644
> ---- a/include/bb_archive.h
> -+++ b/include/bb_archive.h
> -@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
> - void seek_by_read(int fd, off_t amount) FAST_FUNC;
> -
> - const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
> -+int unsafe_symlink_target(const char *target) FAST_FUNC;
> -
> - void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
> - const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
> -diff --git a/libbb/copy_file.c b/libbb/copy_file.c
> -index 23c0f83..be90066 100644
> ---- a/libbb/copy_file.c
> -+++ b/libbb/copy_file.c
> -@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
> - int r = symlink(lpath, dest);
> - free(lpath);
> - if (r < 0) {
> -- bb_perror_msg("can't create symlink '%s'", dest);
> -+ /* shared message */
> -+ bb_perror_msg("can't create %slink '%s' to '%s'",
> -+ "sym", dest, lpath
> -+ );
> - return -1;
> - }
> - if (flags & FILEUTILS_PRESERVE_STATUS)
> -diff --git a/testsuite/tar.tests b/testsuite/tar.tests
> -index 9f7ce15..b7cd74c 100755
> ---- a/testsuite/tar.tests
> -+++ b/testsuite/tar.tests
> -@@ -10,9 +10,6 @@ unset LC_COLLATE
> - unset LC_ALL
> - umask 022
> -
> --rm -rf tar.tempdir 2>/dev/null
> --mkdir tar.tempdir && cd tar.tempdir || exit 1
> --
> - # testing "test name" "script" "expected result" "file input" "stdin"
> -
> - testing "Empty file is not a tarball" '\
> -@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
> - "" ""
> - SKIP=
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
> - # GNU tar 1.26 records as hardlinks:
> - # input_hard2 -> input_hard1
> -@@ -64,7 +62,6 @@ SKIP=
> - # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
> - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
> - testing "tar hardlinks and repeated files" '\
> --rm -rf input_* test.tar 2>/dev/null
> - >input_hard1
> - ln input_hard1 input_hard2
> - mkdir input_dir
> -@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
> - testing "tar hardlinks mode" '\
> --rm -rf input_* test.tar 2>/dev/null
> - >input_hard1
> - chmod 741 input_hard1
> - ln input_hard1 input_hard2
> -@@ -128,10 +126,11 @@ Ok: 0
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
> - testing "tar symlinks mode" '\
> --rm -rf input_* test.tar 2>/dev/null
> - >input_file
> - chmod 741 input_file
> - ln -s input_file input_soft
> -@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
> - testing "tar --overwrite" "\
> --rm -rf input_* test.tar 2>/dev/null
> - ln input input_hard
> - tar cf test.tar input_hard
> - echo WRONG >input
> -@@ -174,12 +174,13 @@ Ok
> - " \
> - "Ok\n" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - test x"$SKIP_KNOWN_BUGS" = x"" && {
> - # Needs to be run under non-root for meaningful test
> - optional FEATURE_TAR_CREATE
> - testing "tar writing into read-only dir" '\
> --rm -rf input_* test.tar 2>/dev/null
> - mkdir input_dir
> - >input_dir/input_file
> - chmod 550 input_dir
> -@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
> - "" ""
> - SKIP=
> - }
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # Had a bug where on extract autodetect first "switched off" -z
> - # and then failed to recognize .tgz extension
> - optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
> -@@ -217,7 +220,9 @@ Ok
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
> - # (the uuencoded hello_world.txz contains one empty file named "hello_world")
> - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
> -@@ -236,7 +241,9 @@ AAAEWVo=
> - ====
> - "
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # On extract, everything up to and including last ".." component is stripped
> - optional FEATURE_TAR_CREATE
> - testing "tar strips /../ on extract" "\
> -@@ -255,7 +262,9 @@ Ok
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # attack.tar.bz2 has symlink pointing to a system file
> - # followed by a regular file with the same name
> - # containing "root::0:0::/root:/bin/sh":
> -@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
> - testing "tar does not extract into symlinks" "\
> - >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
> - " "\
> -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> - 0
> - " \
> - "" "\
> -@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
> - ====
> - "
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -+
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # And same with -k
> - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
> - testing "tar -k does not extract into symlinks" "\
> - >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
> - " "\
> --tar: can't open 'passwd': File exists
> -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> - 0
> - " \
> - "" "\
> -@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
> - ====
> - "
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
> - testing "Pax-encoded UTF8 names and symlinks" '\
> - tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
> -@@ -309,17 +324,45 @@ rm -rf etc usr
> - ' "\
> - etc/ssl/certs/3b2716e5.0
> - etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
> -+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> - etc/ssl/certs/f80cc7f6.0
> - usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
> - 0
> - etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
> --etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
> - etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> --
> --cd .. && rm -rf tar.tempdir || exit 1
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> -+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
> -+testing "Symlink attack: create symlink and then write through it" '\
> -+exec 2>&1
> -+uudecode -o input && tar xvf input; echo $?
> -+ls /tmp/bb_test_evilfile
> -+ls bb_test_evilfile
> -+ls symlink/bb_test_evilfile
> -+' "\
> -+anything.txt
> -+symlink
> -+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> -+symlink/bb_test_evilfile
> -+0
> -+ls: /tmp/bb_test_evilfile: No such file or directory
> -+ls: bb_test_evilfile: No such file or directory
> -+symlink/bb_test_evilfile
> -+" \
> -+"" "\
> -+begin-base64 644 tar_symlink_attack.tar.bz2
> -+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
> -+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
> -+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
> -+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
> -+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
> -+====
> -+"
> -+SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> - exit $FAILCOUNT
> diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
> deleted file mode 100644
> index 5a027c9bcc..0000000000
> --- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
> +++ /dev/null
> @@ -1,95 +0,0 @@
> -busybox-1.27.2: Fix CVE-2017-15873
> -
> -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
> -
> -bunzip2: fix runCnt overflow
> -
> -The get_next_block function in archival/libarchive/decompress_bunzip2.c
> -in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
> -access violation.
> -
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
> -CVE: CVE-2017-15873
> -bug: 10431
> -Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
> -
> -diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
> -index 7cd18f5..bec89ed 100644
> ---- a/archival/libarchive/decompress_bunzip2.c
> -+++ b/archival/libarchive/decompress_bunzip2.c
> -@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
> - static int get_next_block(bunzip_data *bd)
> - {
> - struct group_data *hufGroup;
> -- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
> -- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
> -- int runCnt = runCnt; /* for compiler */
> -+ int groupCount, *base, *limit, selector,
> -+ i, j, symCount, symTotal, nSelectors, byteCount[256];
> - uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
> - uint32_t *dbuf;
> - unsigned origPtr, t;
> -+ unsigned dbufCount, runPos;
> -+ unsigned runCnt = runCnt; /* for compiler */
> -
> - dbuf = bd->dbuf;
> -- dbufSize = bd->dbufSize;
> - selectors = bd->selectors;
> -
> - /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
> -@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
> - it didn't actually work. */
> - if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
> - origPtr = get_bits(bd, 24);
> -- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
> -+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
> -
> - /* mapping table: if some byte values are never used (encoding things
> - like ascii text), the compression code removes the gaps to have fewer
> -@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
> - symbols, but a run of length 0 doesn't mean anything in this
> - context). Thus space is saved. */
> - runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
> -- if (runPos < dbufSize) runPos <<= 1;
> -+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
> -+//This would be the fix (catches too large count way before it can overflow):
> -+// if (runCnt > bd->dbufSize) {
> -+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
> -+// runCnt, bd->dbufSize);
> -+// return RETVAL_DATA_ERROR;
> -+// }
> -+ if (runPos < bd->dbufSize) runPos <<= 1;
> - goto end_of_huffman_loop;
> - }
> -
> -@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
> - literal used is the one at the head of the mtfSymbol array.) */
> - if (runPos != 0) {
> - uint8_t tmp_byte;
> -- if (dbufCount + runCnt > dbufSize) {
> -- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
> -- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
> -+ if (dbufCount + runCnt > bd->dbufSize) {
> -+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
> -+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
> - return RETVAL_DATA_ERROR;
> - }
> - tmp_byte = symToByte[mtfSymbol[0]];
> - byteCount[tmp_byte] += runCnt;
> -- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
> -+ while ((int)--runCnt >= 0)
> -+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
> - runPos = 0;
> - }
> -
> -@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
> - first symbol in the mtf array, position 0, would have been handled
> - as part of a run above. Therefore 1 unused mtf position minus
> - 2 non-literal nextSym values equals -1.) */
> -- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
> -+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
> - i = nextSym - 1;
> - uc = mtfSymbol[i];
> -
> ---
> -cgit v0.12
> diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
> deleted file mode 100644
> index fc19ee3356..0000000000
> --- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
> -From: Denys Vlasenko <vda.linux@googlemail.com>
> -Date: Tue, 7 Nov 2017 18:09:29 +0100
> -Subject: lineedit: do not tab-complete any strings which have control
> - characters
> -
> -function old new delta
> -add_match 41 68 +27
> -
> -CVE: CVE-2017-16544
> -Upstream-Status: Backport
> -
> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
> ----
> - libbb/lineedit.c | 12 ++++++++++++
> - 1 file changed, 12 insertions(+)
> -
> -diff --git a/libbb/lineedit.c b/libbb/lineedit.c
> -index c0e35bb..56e8140 100644
> ---- a/libbb/lineedit.c
> -+++ b/libbb/lineedit.c
> -@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
> -
> - static void add_match(char *matched)
> - {
> -+ unsigned char *p = (unsigned char*)matched;
> -+ while (*p) {
> -+ /* ESC attack fix: drop any string with control chars */
> -+ if (*p < ' '
> -+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
> -+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
> -+ ) {
> -+ free(matched);
> -+ return;
> -+ }
> -+ p++;
> -+ }
> - matches = xrealloc_vector(matches, 4, num_matches);
> - matches[num_matches] = matched;
> - num_matches++;
> ---
> -cgit v0.12
> diff --git a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
> deleted file mode 100644
> index da6dfa8023..0000000000
> --- a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
> +++ /dev/null
> @@ -1,106 +0,0 @@
> -busybox-1.27.2: Fix lzma segfaults
> -
> -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
> -
> -libarchive: check buffer index in lzma_decompress
> -
> -With specific defconfig busybox fails to check zip fileheader magic
> -(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
> -for decompression which leads to segmentation fault. It prevents accessing into
> -buffer, which is smaller than pos index. Patch includes multiple segmentation
> -fault fixes.
> -
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
> -bug: 10436 10871
> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
> -
> -diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
> -index a904087..29eee2a 100644
> ---- a/archival/libarchive/decompress_unlzma.c
> -+++ b/archival/libarchive/decompress_unlzma.c
> -@@ -11,6 +11,14 @@
> - #include "libbb.h"
> - #include "bb_archive.h"
> -
> -+
> -+#if 0
> -+# define dbg(...) bb_error_msg(__VA_ARGS__)
> -+#else
> -+# define dbg(...) ((void)0)
> -+#endif
> -+
> -+
> - #if ENABLE_FEATURE_LZMA_FAST
> - # define speed_inline ALWAYS_INLINE
> - # define size_inline
> -@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - rc_t *rc;
> - int i;
> - uint8_t *buffer;
> -+ uint32_t buffer_size;
> - uint8_t previous_byte = 0;
> - size_t buffer_pos = 0, global_pos = 0;
> - int len = 0;
> -@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - if (header.dict_size == 0)
> - header.dict_size++;
> -
> -- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
> -+ buffer_size = MIN(header.dst_size, header.dict_size);
> -+ buffer = xmalloc(buffer_size);
> -
> - {
> - int num_probs;
> -@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
> -
> - pos = buffer_pos - rep0;
> -- if ((int32_t)pos < 0)
> -+ if ((int32_t)pos < 0) {
> - pos += header.dict_size;
> -+ /* see unzip_bad_lzma_2.zip: */
> -+ if (pos >= buffer_size)
> -+ goto bad;
> -+ }
> - previous_byte = buffer[pos];
> - goto one_byte1;
> - #else
> -@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
> - rep0 = (rep0 << 1) | rc_direct_bit(rc);
> - rep0 <<= LZMA_NUM_ALIGN_BITS;
> -+ if ((int32_t)rep0 < 0) {
> -+ dbg("%d rep0:%d", __LINE__, rep0);
> -+ goto bad;
> -+ }
> - prob3 = p + LZMA_ALIGN;
> - }
> - i2 = 1;
> -@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - IF_NOT_FEATURE_LZMA_FAST(string:)
> - do {
> - uint32_t pos = buffer_pos - rep0;
> -- if ((int32_t)pos < 0)
> -+ if ((int32_t)pos < 0) {
> - pos += header.dict_size;
> -+ /* more stringent test (see unzip_bad_lzma_1.zip): */
> -+ if (pos >= buffer_size)
> -+ goto bad;
> -+ }
> - previous_byte = buffer[pos];
> - IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
> - buffer[buffer_pos++] = previous_byte;
> -@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - IF_DESKTOP(total_written += buffer_pos;)
> - if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
> - bad:
> -+ /* One of our users, bbunpack(), expects _us_ to emit
> -+ * the error message (since it's the best place to give
> -+ * potentially more detailed information).
> -+ * Do not fail silently.
> -+ */
> -+ bb_error_msg("corrupted data");
> - total_written = -1; /* failure */
> - }
> - rc_free(rc);
> -
> diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
> index 582a258939..76daaf1f02 100644
> --- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
> +++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
> @@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
> networking/udhcp/dhcpc.c | 29 ++++++++++++++++------
> 1 file changed, 21 insertions(+), 8 deletions(-)
>
> -Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> +Index: busybox-1.29.1/networking/udhcp/dhcpc.c
> ===================================================================
> ---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c
> -+++ busybox-1.27.2/networking/udhcp/dhcpc.c
> -@@ -49,6 +49,8 @@ struct tpacket_auxdata {
> +--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c
> ++++ busybox-1.29.1/networking/udhcp/dhcpc.c
> +@@ -48,6 +48,8 @@
> };
> #endif
>
> @@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
>
> /* "struct client_config_t client_config" is in bb_common_bufsiz1 */
>
> -@@ -104,8 +106,9 @@ enum {
> +@@ -103,8 +105,9 @@
> OPT_x = 1 << 18,
> OPT_f = 1 << 19,
> OPT_B = 1 << 20,
> @@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> USE_FOR_MMU( OPTBIT_b,)
> IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
> IF_FEATURE_UDHCP_PORT( OPTBIT_P,)
> -@@ -1110,7 +1113,8 @@ static void perform_renew(void)
> +@@ -1116,7 +1119,8 @@
> state = RENEW_REQUESTED;
> break;
> case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
> @@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> case REQUESTING:
> case RELEASED:
> change_listen_mode(LISTEN_RAW);
> -@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip)
> +@@ -1152,7 +1156,8 @@
> * Users requested to be notified in all cases, even if not in one
> * of the states above.
> */
> @@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
>
> change_listen_mode(LISTEN_NONE);
> state = RELEASED;
> -@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> - /* O,x: list; -T,-t,-A take numeric param */
> - IF_UDHCP_VERBOSE(opt_complementary = "vv";)
> - IF_LONG_OPTS(applet_long_options = udhcpc_longopts;)
> -- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
> -+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
> +@@ -1265,7 +1270,7 @@
> + /* Parse command line */
> + opt = getopt32long(argv, "^"
> + /* O,x: list; -T,-t,-A take numeric param */
> +- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
> ++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
> USE_FOR_MMU("b")
> IF_FEATURE_UDHCPC_ARPING("a::")
> IF_FEATURE_UDHCP_PORT("P:")
> -@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1376,6 +1381,10 @@
> logmode |= LOGMODE_SYSLOG;
> }
>
> @@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> +
> /* Make sure fd 0,1,2 are open */
> bb_sanitize_stdio();
> - /* Equivalent of doing a fflush after every \n */
> -@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> + /* Create pidfile */
> +@@ -1388,7 +1397,8 @@
> srand(monotonic_us());
>
> state = INIT_SELECTING;
> @@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> change_listen_mode(LISTEN_RAW);
> packet_num = 0;
> timeout = 0;
> -@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1555,7 +1565,8 @@
> }
> /* Timed out, enter init state */
> bb_error_msg("lease lost, entering init state");
> @@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> state = INIT_SELECTING;
> client_config.first_secs = 0; /* make secs field count from 0 */
> /*timeout = 0; - already is */
> -@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1748,8 +1759,10 @@
> + "(got ARP reply), declining");
> send_decline(/*xid,*/ server_addr, packet.yiaddr);
>
> - if (state != REQUESTING)
> +- if (state != REQUESTING)
> - udhcp_run_script(NULL, "deconfig");
> ++ if (state != REQUESTING) {
> + if (allow_deconfig)
> + udhcp_run_script(NULL, "deconfig");
> ++ }
> change_listen_mode(LISTEN_RAW);
> state = INIT_SELECTING;
> client_config.first_secs = 0; /* make secs field count from 0 */
> -@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1818,8 +1831,10 @@
> + /* return to init state */
> bb_error_msg("received %s", "DHCP NAK");
> udhcp_run_script(&packet, "nak");
> - if (state != REQUESTING)
> +- if (state != REQUESTING)
> - udhcp_run_script(NULL, "deconfig");
> ++ if (state != REQUESTING) {
> + if (allow_deconfig)
> + udhcp_run_script(NULL, "deconfig");
> ++ }
> change_listen_mode(LISTEN_RAW);
> sleep(3); /* avoid excessive network traffic */
> state = INIT_SELECTING;
> diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
> index 59d93c7079..f081f281cc 100644
> --- a/meta/recipes-core/busybox/busybox/defconfig
> +++ b/meta/recipes-core/busybox/busybox/defconfig
> @@ -1,12 +1,12 @@
> #
> # Automatically generated make config: don't edit
> -# Busybox version: 1.27.2
> -# Wed Sep 27 08:56:13 2017
> +# Busybox version: 1.29.1
> +# Thu Jul 19 11:09:46 2018
> #
> CONFIG_HAVE_DOT_CONFIG=y
>
> #
> -# Busybox Settings
> +# Settings
> #
> # CONFIG_DESKTOP is not set
> # CONFIG_EXTRA_COMPAT is not set
> @@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y
> # CONFIG_EFENCE is not set
>
> #
> -# Busybox Library Tuning
> +# Library Tuning
> #
> # CONFIG_FEATURE_USE_BSS_TAIL is not set
> CONFIG_FEATURE_RTMINMAX=y
> @@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1
> CONFIG_SHA3_SMALL=1
> CONFIG_FEATURE_FAST_TOP=y
> # CONFIG_FEATURE_ETC_NETWORKS is not set
> +# CONFIG_FEATURE_ETC_SERVICES is not set
> CONFIG_FEATURE_EDITING=y
> CONFIG_FEATURE_EDITING_MAX_LEN=1024
> # CONFIG_FEATURE_EDITING_VI is not set
> @@ -321,6 +322,7 @@ CONFIG_TRUE=y
> CONFIG_TTY=y
> CONFIG_UNAME=y
> CONFIG_UNAME_OSNAME="GNU/Linux"
> +# CONFIG_BB_ARCH is not set
> CONFIG_UNIQ=y
> CONFIG_UNLINK=y
> CONFIG_USLEEP=y
> @@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
> CONFIG_WHICH=y
>
> #
> +# klibc-utils
> +#
> +# CONFIG_MINIPS is not set
> +# CONFIG_NUKE is not set
> +# CONFIG_RESUME is not set
> +# CONFIG_RUN_INIT is not set
> +
> +#
> # Editors
> #
> CONFIG_AWK=y
> @@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y
> CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
> # CONFIG_FEATURE_MTAB_SUPPORT is not set
> # CONFIG_VOLUMEID is not set
> +
> +#
> +# Filesystem/Volume identification
> +#
> # CONFIG_FEATURE_VOLUMEID_BCACHE is not set
> # CONFIG_FEATURE_VOLUMEID_BTRFS is not set
> # CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
> @@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR=""
> # CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
> # CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
> # CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
> +# CONFIG_HEXEDIT is not set
> # CONFIG_I2CGET is not set
> # CONFIG_I2CSET is not set
> # CONFIG_I2CDUMP is not set
> @@ -807,6 +822,7 @@ CONFIG_MICROCOM=y
> # CONFIG_RUNLEVEL is not set
> # CONFIG_RX is not set
> # CONFIG_SETSID is not set
> +# CONFIG_SETFATTR is not set
> CONFIG_STRINGS=y
> CONFIG_TIME=y
> # CONFIG_TIMEOUT is not set
> @@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y
> CONFIG_ROUTE=y
> # CONFIG_SLATTACH is not set
> # CONFIG_SSL_CLIENT is not set
> +# CONFIG_TC is not set
> +# CONFIG_FEATURE_TC_INGRESS is not set
> # CONFIG_TCPSVD is not set
> # CONFIG_UDPSVD is not set
> CONFIG_TELNET=y
> @@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y
> # CONFIG_FEATURE_WGET_OPENSSL is not set
> # CONFIG_WHOIS is not set
> # CONFIG_ZCIP is not set
> -# CONFIG_UDHCPC6 is not set
> -# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
> -# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
> -# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
> CONFIG_UDHCPD=y
> -# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
> # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
> +# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
> CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
> CONFIG_DUMPLEASES=y
> # CONFIG_DHCPRELAY is not set
> @@ -963,6 +977,15 @@ CONFIG_UDHCPC=y
> CONFIG_FEATURE_UDHCPC_ARPING=y
> CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
> CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
> +# CONFIG_UDHCPC6 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
> +
> +#
> +# Common options for DHCP applets
> +#
> # CONFIG_FEATURE_UDHCP_PORT is not set
> CONFIG_UDHCP_DEBUG=0
> # CONFIG_FEATURE_UDHCP_RFC3397 is not set
> @@ -1045,6 +1068,7 @@ CONFIG_WATCH=y
> # CONFIG_SV is not set
> CONFIG_SV_DEFAULT_SERVICE_DIR=""
> # CONFIG_SVC is not set
> +# CONFIG_SVOK is not set
> # CONFIG_SVLOGD is not set
> # CONFIG_CHCON is not set
> # CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
> @@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y
> # System Logging Utilities
> #
> CONFIG_KLOGD=y
> +
> +#
> +# klogd should not be used together with syslog to kernel printk buffer
> +#
> CONFIG_FEATURE_KLOGD_KLOGCTL=y
> CONFIG_LOGGER=y
> # CONFIG_LOGREAD is not set
> diff --git a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
> deleted file mode 100644
> index 9fe7998df3..0000000000
> --- a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
> -
> -From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
> -From: Shawn Landden <slandden@gmail.com>
> -Date: Mon, 8 Jan 2018 13:31:58 +0100
> -Subject: [PATCH] umount: ignore -c
> -Organization: O.S. Systems Software LTDA.
> -
> -"-c, --no-canonicalize: Do not canonicalize paths."
> -
> -As busybox doesn't canonicalize paths in the first place it is safe to ignore
> -this option.
> -
> -See https://github.com/systemd/systemd/issues/7786
> -
> -Signed-off-by: Shawn Landden <slandden@gmail.com>
> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> ----
> - util-linux/umount.c | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/util-linux/umount.c b/util-linux/umount.c
> -index 0c50dc9ee..0425c5b76 100644
> ---- a/util-linux/umount.c
> -+++ b/util-linux/umount.c
> -@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
> - }
> - #endif
> -
> --/* ignored: -v -t -i */
> --#define OPTION_STRING "fldnra" "vt:i"
> -+/* ignored: -c -v -t -i */
> -+#define OPTION_STRING "fldnra" "cvt:i"
> - #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
> - #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
> - #define OPT_FREELOOP (1 << 2)
> ---
> -2.18.0
> -
> diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.29.2.bb
> similarity index 82%
> rename from meta/recipes-core/busybox/busybox_1.27.2.bb
> rename to meta/recipes-core/busybox/busybox_1.29.2.bb
> index 1ce4823d47..3496a857c4 100644
> --- a/meta/recipes-core/busybox/busybox_1.27.2.bb
> +++ b/meta/recipes-core/busybox/busybox_1.29.2.bb
> @@ -42,13 +42,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
> file://rcK \
> file://runlevel \
> file://makefile-libbb-race.patch \
> - file://CVE-2011-5325.patch \
> - file://CVE-2017-15873.patch \
> - file://busybox-CVE-2017-16544.patch \
> - file://busybox-fix-lzma-segfaults.patch \
> - file://umount-ignore-c.patch \
> "
> SRC_URI_append_libc-musl = " file://musl.cfg "
>
> -SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
> -SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
> +SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
> +SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] busybox: update to 1.29.2
2018-08-31 7:42 ` Andrej Valek
@ 2018-09-04 19:31 ` Randy MacLeod
2018-09-06 0:05 ` Randy MacLeod
0 siblings, 1 reply; 6+ messages in thread
From: Randy MacLeod @ 2018-09-04 19:31 UTC (permalink / raw)
To: Andrej Valek, openembedded-core; +Cc: Purdie, Richard
We really want to get this change merged this week so
that it's part of the 2.6-M3 content that will be well tested.
On 08/31/2018 03:42 AM, Andrej Valek wrote:
> I had some network problems.
>
> This patch could be ignored, because, it's same as
> http://lists.openembedded.org/pipermail/openembedded-core/2018-August/155059.html
That patch dropped the:
Openpgp: preference=signencrypt
Autocrypt: addr=andrej.valek@siemens.com; prefer-encrypt=mutual;
keydata=
xsBNBFkSzTcBCADSJTRk7Y...bIFUmc7ck3KeuUGKy
ifrpWD6/7YPXbixv4sAlFl...zmMdr0BPLMsL96nBO
...
but it's still base64 encoded:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
whereas other patches to the list use:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Can you fix that and/or send a pull request:
http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Committing_your_patch
Thanks,
--
# Randy MacLeod
# Wind River Linux
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] busybox: update to 1.29.2
2018-09-04 19:31 ` Randy MacLeod
@ 2018-09-06 0:05 ` Randy MacLeod
2018-09-06 10:38 ` Richard Purdie
0 siblings, 1 reply; 6+ messages in thread
From: Randy MacLeod @ 2018-09-06 0:05 UTC (permalink / raw)
To: Andrej Valek, openembedded-core
On 09/04/2018 03:31 PM, Randy MacLeod wrote:
> We really want to get this change merged this week so
> that it's part of the 2.6-M3 content that will be well tested.
>
> On 08/31/2018 03:42 AM, Andrej Valek wrote:
>> I had some network problems.
>>
>> This patch could be ignored, because, it's same as
>> http://lists.openembedded.org/pipermail/openembedded-core/2018-August/155059.html
>>
>
>
> That patch dropped the:
>
> Openpgp: preference=signencrypt
> Autocrypt: addr=andrej.valek@siemens.com; prefer-encrypt=mutual;
> keydata=
> xsBNBFkSzTcBCADSJTRk7Y...bIFUmc7ck3KeuUGKy
> ifrpWD6/7YPXbixv4sAlFl...zmMdr0BPLMsL96nBO
> ...
>
> but it's still base64 encoded:
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: base64
>
> whereas other patches to the list use:
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
>
>
> Can you fix that and/or send a pull request:
>
> http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded#Committing_your_patch
>
>
Andrej,
Apparently, I need to learn how to handle base64 encoded patches since
Richard managed to merge this to master today...
Ah, using patchworks does it for me.
FYI, just use the download link on:
https://patchwork.openembedded.org/patch/154457/
as mentioned here:
https://stackoverflow.com/questions/5062389/how-to-use-git-am-to-apply-patches-from-email-messages
I'd still prefer to only deal with clear text patches on the list.
Baring that, one should be able to handle base64 encoded patches
without patchworks in case anyone has read this far and knows how
to do that...
../Randy
>
> Thanks,
--
# Randy MacLeod
# Wind River Linux
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] busybox: update to 1.29.2
2018-09-06 0:05 ` Randy MacLeod
@ 2018-09-06 10:38 ` Richard Purdie
0 siblings, 0 replies; 6+ messages in thread
From: Richard Purdie @ 2018-09-06 10:38 UTC (permalink / raw)
To: Randy MacLeod, Andrej Valek, openembedded-core
On Wed, 2018-09-05 at 20:05 -0400, Randy MacLeod wrote:
Apparently, I need to learn how to handle base64 encoded patches
> since
> Richard managed to merge this to master today...
>
> Ah, using patchworks does it for me.
>
> FYI, just use the download link on:
> https://patchwork.openembedded.org/patch/154457/
> as mentioned here:
>
> https://stackoverflow.com/questions/5062389/how-to-use-git-am-to-appl
> y-patches-from-email-messages
>
> I'd still prefer to only deal with clear text patches on the list.
> Baring that, one should be able to handle base64 encoded patches
> without patchworks in case anyone has read this far and knows how
> to do that...
Somehow my mail client is just handling the decoding magically for me
as the patches appear ok to me.
Cheers,
Richard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] busybox: update to 1.29.2
@ 2018-08-30 16:02 Andrej Valek
0 siblings, 0 replies; 6+ messages in thread
From: Andrej Valek @ 2018-08-30 16:02 UTC (permalink / raw)
To: openembedded-core
- refresh busybox-udhcpc-no_deconfig.patch
- remove obsolete patches which are included in this update
- update defconfig
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
---
...inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} | 0
.../busybox/busybox/CVE-2011-5325.patch | 481 ---------------------
.../busybox/busybox/CVE-2017-15873.patch | 95 ----
.../busybox/busybox/busybox-CVE-2017-16544.patch | 43 --
.../busybox/busybox-fix-lzma-segfaults.patch | 106 -----
.../busybox/busybox-udhcpc-no_deconfig.patch | 48 +-
meta/recipes-core/busybox/busybox/defconfig | 46 +-
.../busybox/busybox/umount-ignore-c.patch | 40 --
.../{busybox_1.27.2.bb => busybox_1.29.2.bb} | 9 +-
9 files changed, 66 insertions(+), 802 deletions(-)
rename meta/recipes-core/busybox/{busybox-inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} (100%)
delete mode 100755 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
delete mode 100644 meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
delete mode 100644 meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
delete mode 100644 meta/recipes-core/busybox/busybox/umount-ignore-c.patch
rename meta/recipes-core/busybox/{busybox_1.27.2.bb => busybox_1.29.2.bb} (82%)
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
similarity index 100%
rename from meta/recipes-core/busybox/busybox-inittab_1.27.2.bb
rename to meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
deleted file mode 100755
index 0926107bea..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-busybox-1.27.2: Fix CVE-2011-5325
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
-
-libarchive: do not extract unsafe symlinks
-
-Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
-is not set. Untarring file with -C DESTDIR parameter could be extracted with
-unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
-Include necessary changes from previous commits.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
-CVE: CVE-2011-5325
-bug: 8411
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
-index 942e755..e1a8a75 100644
---- a/archival/libarchive/Kbuild.src
-+++ b/archival/libarchive/Kbuild.src
-@@ -12,6 +12,8 @@ COMMON_FILES:= \
- data_extract_all.o \
- data_extract_to_stdout.o \
- \
-+ unsafe_symlink_target.o \
-+\
- filter_accept_all.o \
- filter_accept_list.o \
- filter_accept_reject_list.o \
-diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
-index 1830ffb..b828b65 100644
---- a/archival/libarchive/data_extract_all.c
-+++ b/archival/libarchive/data_extract_all.c
-@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- res = link(hard_link, dst_name);
- if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
- /* shared message */
-- bb_perror_msg("can't create %slink "
-- "%s to %s", "hard",
-- dst_name,
-- hard_link);
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "hard", dst_name, hard_link
-+ );
- }
- /* Hardlinks have no separate mode/ownership, skip chown/chmod */
- goto ret;
-@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- case S_IFLNK:
- /* Symlink */
- //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
-- res = symlink(file_header->link_target, dst_name);
-- if (res != 0
-- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-- ) {
-- /* shared message */
-- bb_perror_msg("can't create %slink "
-- "%s to %s", "sym",
-- dst_name,
-- file_header->link_target);
-+ if (!unsafe_symlink_target(file_header->link_target)) {
-+ res = symlink(file_header->link_target, dst_name);
-+ if (res != 0
-+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-+ ) {
-+ /* shared message */
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "sym",
-+ dst_name, file_header->link_target
-+ );
-+ }
- }
- break;
- case S_IFSOCK:
-diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
-new file mode 100644
-index 0000000..ee46e28
---- /dev/null
-+++ b/archival/libarchive/unsafe_symlink_target.c
-@@ -0,0 +1,48 @@
-+/* vi: set sw=4 ts=4: */
-+/*
-+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
-+ */
-+#include "libbb.h"
-+#include "bb_archive.h"
-+
-+int FAST_FUNC unsafe_symlink_target(const char *target)
-+{
-+ const char *dot;
-+
-+ if (target[0] == '/') {
-+ const char *var;
-+unsafe:
-+ var = getenv("EXTRACT_UNSAFE_SYMLINKS");
-+ if (var) {
-+ if (LONE_CHAR(var, '1'))
-+ return 0; /* pretend it's safe */
-+ return 1; /* "UNSAFE!" */
-+ }
-+ bb_error_msg("skipping unsafe symlink to '%s' in archive,"
-+ " set %s=1 to extract",
-+ target,
-+ "EXTRACT_UNSAFE_SYMLINKS"
-+ );
-+ /* Prevent further messages */
-+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
-+ return 1; /* "UNSAFE!" */
-+ }
-+
-+ dot = target;
-+ for (;;) {
-+ dot = strchr(dot, '.');
-+ if (!dot)
-+ return 0; /* safe target */
-+
-+ /* Is it a path component starting with ".."? */
-+ if ((dot[1] == '.')
-+ && (dot == target || dot[-1] == '/')
-+ /* Is it exactly ".."? */
-+ && (dot[2] == '/' || dot[2] == '\0')
-+ ) {
-+ goto unsafe;
-+ }
-+ /* NB: it can even be trailing ".", should only add 1 */
-+ dot += 1;
-+ }
-+}
-\ No newline at end of file
-diff --git a/archival/unzip.c b/archival/unzip.c
-index 9037262..270e261 100644
---- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
- free(name);
- }
-
-+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
-+{
-+ char *target;
-+
-+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
-+ bb_error_msg_and_die("bad archive");
-+
-+ if (zip->fmt.method == 0) {
-+ /* Method 0 - stored (not compressed) */
-+ target = xzalloc(zip->fmt.ucmpsize + 1);
-+ xread(zip_fd, target, zip->fmt.ucmpsize);
-+ } else {
-+#if 1
-+ bb_error_msg_and_die("compressed symlink is not supported");
-+#else
-+ transformer_state_t xstate;
-+ init_transformer_state(&xstate);
-+ xstate.mem_output_size_max = zip->fmt.ucmpsize;
-+ /* ...unpack... */
-+ if (!xstate.mem_output_buf)
-+ WTF();
-+ target = xstate.mem_output_buf;
-+ target = xrealloc(target, xstate.mem_output_size + 1);
-+ target[xstate.mem_output_size] = '\0';
-+#endif
-+ }
-+ if (!unsafe_symlink_target(target)) {
-+//TODO: libbb candidate
-+ if (symlink(target, dst_fn)) {
-+ /* shared message */
-+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+ "sym", dst_fn, target
-+ );
-+ }
-+ }
-+ free(target);
-+}
-+
- static void unzip_extract(zip_header_t *zip, int dst_fd)
- {
- transformer_state_t xstate;
-@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
- }
- check_file:
- /* Extract file */
-- if (stat(dst_fn, &stat_buf) == -1) {
-+ if (lstat(dst_fn, &stat_buf) == -1) {
- /* File does not exist */
- if (errno != ENOENT) {
- bb_perror_msg_and_die("can't stat '%s'", dst_fn);
-@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
- goto do_open_and_extract;
- printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
- my_fgets80(key_buf);
-+//TODO: redo lstat + ISREG check! user input could have taken a long time!
-
- switch (key_buf[0]) {
- case 'A':
-@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
- do_open_and_extract:
- unzip_create_leading_dirs(dst_fn);
- #if ENABLE_FEATURE_UNZIP_CDF
-- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
-+ if (!S_ISLNK(file_mode))
-+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
- #else
- dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
- #endif
-@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
- ? " extracting: %s\n"
- : */ " inflating: %s\n", dst_fn);
- }
-- unzip_extract(&zip, dst_fd);
-- if (dst_fd != STDOUT_FILENO) {
-- /* closing STDOUT is potentially bad for future business */
-- close(dst_fd);
-+#if ENABLE_FEATURE_UNZIP_CDF
-+ if (S_ISLNK(file_mode)) {
-+ if (dst_fd != STDOUT_FILENO) /* no -p */
-+ unzip_extract_symlink(&zip, dst_fn);
-+ } else
-+#endif
-+ {
-+ unzip_extract(&zip, dst_fd);
-+ if (dst_fd != STDOUT_FILENO) {
-+ /* closing STDOUT is potentially bad for future business */
-+ close(dst_fd);
-+ };
- }
- break;
-
-diff --git a/coreutils/link.c b/coreutils/link.c
-index ac3ef85..aab249d 100644
---- a/coreutils/link.c
-+++ b/coreutils/link.c
-@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
- argv += optind;
- if (link(argv[0], argv[1]) != 0) {
- /* shared message */
-- bb_perror_msg_and_die("can't create %slink "
-- "%s to %s", "hard",
-- argv[1], argv[0]
-+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+ "hard", argv[1], argv[0]
- );
- }
- return EXIT_SUCCESS;
-diff --git a/include/bb_archive.h b/include/bb_archive.h
-index 2b9c5f0..1e4da3c 100644
---- a/include/bb_archive.h
-+++ b/include/bb_archive.h
-@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
- void seek_by_read(int fd, off_t amount) FAST_FUNC;
-
- const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
-+int unsafe_symlink_target(const char *target) FAST_FUNC;
-
- void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
- const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
-diff --git a/libbb/copy_file.c b/libbb/copy_file.c
-index 23c0f83..be90066 100644
---- a/libbb/copy_file.c
-+++ b/libbb/copy_file.c
-@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
- int r = symlink(lpath, dest);
- free(lpath);
- if (r < 0) {
-- bb_perror_msg("can't create symlink '%s'", dest);
-+ /* shared message */
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "sym", dest, lpath
-+ );
- return -1;
- }
- if (flags & FILEUTILS_PRESERVE_STATUS)
-diff --git a/testsuite/tar.tests b/testsuite/tar.tests
-index 9f7ce15..b7cd74c 100755
---- a/testsuite/tar.tests
-+++ b/testsuite/tar.tests
-@@ -10,9 +10,6 @@ unset LC_COLLATE
- unset LC_ALL
- umask 022
-
--rm -rf tar.tempdir 2>/dev/null
--mkdir tar.tempdir && cd tar.tempdir || exit 1
--
- # testing "test name" "script" "expected result" "file input" "stdin"
-
- testing "Empty file is not a tarball" '\
-@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
- "" ""
- SKIP=
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
- # GNU tar 1.26 records as hardlinks:
- # input_hard2 -> input_hard1
-@@ -64,7 +62,6 @@ SKIP=
- # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks and repeated files" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- ln input_hard1 input_hard2
- mkdir input_dir
-@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- chmod 741 input_hard1
- ln input_hard1 input_hard2
-@@ -128,10 +126,11 @@ Ok: 0
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar symlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_file
- chmod 741 input_file
- ln -s input_file input_soft
-@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
- testing "tar --overwrite" "\
--rm -rf input_* test.tar 2>/dev/null
- ln input input_hard
- tar cf test.tar input_hard
- echo WRONG >input
-@@ -174,12 +174,13 @@ Ok
- " \
- "Ok\n" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- test x"$SKIP_KNOWN_BUGS" = x"" && {
- # Needs to be run under non-root for meaningful test
- optional FEATURE_TAR_CREATE
- testing "tar writing into read-only dir" '\
--rm -rf input_* test.tar 2>/dev/null
- mkdir input_dir
- >input_dir/input_file
- chmod 550 input_dir
-@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
- "" ""
- SKIP=
- }
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Had a bug where on extract autodetect first "switched off" -z
- # and then failed to recognize .tgz extension
- optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
-@@ -217,7 +220,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
- # (the uuencoded hello_world.txz contains one empty file named "hello_world")
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
-@@ -236,7 +241,9 @@ AAAEWVo=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # On extract, everything up to and including last ".." component is stripped
- optional FEATURE_TAR_CREATE
- testing "tar strips /../ on extract" "\
-@@ -255,7 +262,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # attack.tar.bz2 has symlink pointing to a system file
- # followed by a regular file with the same name
- # containing "root::0:0::/root:/bin/sh":
-@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-+
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # And same with -k
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar -k does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
--tar: can't open 'passwd': File exists
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
- testing "Pax-encoded UTF8 names and symlinks" '\
- tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
-@@ -309,17 +324,45 @@ rm -rf etc usr
- ' "\
- etc/ssl/certs/3b2716e5.0
- etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
-+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- etc/ssl/certs/f80cc7f6.0
- usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- 0
- etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
--etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
--
--cd .. && rm -rf tar.tempdir || exit 1
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
-+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
-+testing "Symlink attack: create symlink and then write through it" '\
-+exec 2>&1
-+uudecode -o input && tar xvf input; echo $?
-+ls /tmp/bb_test_evilfile
-+ls bb_test_evilfile
-+ls symlink/bb_test_evilfile
-+' "\
-+anything.txt
-+symlink
-+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
-+symlink/bb_test_evilfile
-+0
-+ls: /tmp/bb_test_evilfile: No such file or directory
-+ls: bb_test_evilfile: No such file or directory
-+symlink/bb_test_evilfile
-+" \
-+"" "\
-+begin-base64 644 tar_symlink_attack.tar.bz2
-+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
-+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
-+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
-+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
-+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
-+====
-+"
-+SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
- exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
deleted file mode 100644
index 5a027c9bcc..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-busybox-1.27.2: Fix CVE-2017-15873
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
-
-bunzip2: fix runCnt overflow
-
-The get_next_block function in archival/libarchive/decompress_bunzip2.c
-in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
-access violation.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
-CVE: CVE-2017-15873
-bug: 10431
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-
-diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
-index 7cd18f5..bec89ed 100644
---- a/archival/libarchive/decompress_bunzip2.c
-+++ b/archival/libarchive/decompress_bunzip2.c
-@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
- static int get_next_block(bunzip_data *bd)
- {
- struct group_data *hufGroup;
-- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
-- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
-- int runCnt = runCnt; /* for compiler */
-+ int groupCount, *base, *limit, selector,
-+ i, j, symCount, symTotal, nSelectors, byteCount[256];
- uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
- uint32_t *dbuf;
- unsigned origPtr, t;
-+ unsigned dbufCount, runPos;
-+ unsigned runCnt = runCnt; /* for compiler */
-
- dbuf = bd->dbuf;
-- dbufSize = bd->dbufSize;
- selectors = bd->selectors;
-
- /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
-@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
- it didn't actually work. */
- if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
- origPtr = get_bits(bd, 24);
-- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
-+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
-
- /* mapping table: if some byte values are never used (encoding things
- like ascii text), the compression code removes the gaps to have fewer
-@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
- symbols, but a run of length 0 doesn't mean anything in this
- context). Thus space is saved. */
- runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
-- if (runPos < dbufSize) runPos <<= 1;
-+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
-+//This would be the fix (catches too large count way before it can overflow):
-+// if (runCnt > bd->dbufSize) {
-+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
-+// runCnt, bd->dbufSize);
-+// return RETVAL_DATA_ERROR;
-+// }
-+ if (runPos < bd->dbufSize) runPos <<= 1;
- goto end_of_huffman_loop;
- }
-
-@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
- literal used is the one at the head of the mtfSymbol array.) */
- if (runPos != 0) {
- uint8_t tmp_byte;
-- if (dbufCount + runCnt > dbufSize) {
-- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
-- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
-+ if (dbufCount + runCnt > bd->dbufSize) {
-+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
-+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
- return RETVAL_DATA_ERROR;
- }
- tmp_byte = symToByte[mtfSymbol[0]];
- byteCount[tmp_byte] += runCnt;
-- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
-+ while ((int)--runCnt >= 0)
-+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
- runPos = 0;
- }
-
-@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
- first symbol in the mtf array, position 0, would have been handled
- as part of a run above. Therefore 1 unused mtf position minus
- 2 non-literal nextSym values equals -1.) */
-- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
-+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
- i = nextSym - 1;
- uc = mtfSymbol[i];
-
---
-cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
deleted file mode 100644
index fc19ee3356..0000000000
--- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Tue, 7 Nov 2017 18:09:29 +0100
-Subject: lineedit: do not tab-complete any strings which have control
- characters
-
-function old new delta
-add_match 41 68 +27
-
-CVE: CVE-2017-16544
-Upstream-Status: Backport
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- libbb/lineedit.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/libbb/lineedit.c b/libbb/lineedit.c
-index c0e35bb..56e8140 100644
---- a/libbb/lineedit.c
-+++ b/libbb/lineedit.c
-@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
-
- static void add_match(char *matched)
- {
-+ unsigned char *p = (unsigned char*)matched;
-+ while (*p) {
-+ /* ESC attack fix: drop any string with control chars */
-+ if (*p < ' '
-+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
-+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
-+ ) {
-+ free(matched);
-+ return;
-+ }
-+ p++;
-+ }
- matches = xrealloc_vector(matches, 4, num_matches);
- matches[num_matches] = matched;
- num_matches++;
---
-cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
deleted file mode 100644
index da6dfa8023..0000000000
--- a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-busybox-1.27.2: Fix lzma segfaults
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
-
-libarchive: check buffer index in lzma_decompress
-
-With specific defconfig busybox fails to check zip fileheader magic
-(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
-for decompression which leads to segmentation fault. It prevents accessing into
-buffer, which is smaller than pos index. Patch includes multiple segmentation
-fault fixes.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
-bug: 10436 10871
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
-index a904087..29eee2a 100644
---- a/archival/libarchive/decompress_unlzma.c
-+++ b/archival/libarchive/decompress_unlzma.c
-@@ -11,6 +11,14 @@
- #include "libbb.h"
- #include "bb_archive.h"
-
-+
-+#if 0
-+# define dbg(...) bb_error_msg(__VA_ARGS__)
-+#else
-+# define dbg(...) ((void)0)
-+#endif
-+
-+
- #if ENABLE_FEATURE_LZMA_FAST
- # define speed_inline ALWAYS_INLINE
- # define size_inline
-@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
- rc_t *rc;
- int i;
- uint8_t *buffer;
-+ uint32_t buffer_size;
- uint8_t previous_byte = 0;
- size_t buffer_pos = 0, global_pos = 0;
- int len = 0;
-@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
- if (header.dict_size == 0)
- header.dict_size++;
-
-- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
-+ buffer_size = MIN(header.dst_size, header.dict_size);
-+ buffer = xmalloc(buffer_size);
-
- {
- int num_probs;
-@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
-
- pos = buffer_pos - rep0;
-- if ((int32_t)pos < 0)
-+ if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* see unzip_bad_lzma_2.zip: */
-+ if (pos >= buffer_size)
-+ goto bad;
-+ }
- previous_byte = buffer[pos];
- goto one_byte1;
- #else
-@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
- for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
- rep0 = (rep0 << 1) | rc_direct_bit(rc);
- rep0 <<= LZMA_NUM_ALIGN_BITS;
-+ if ((int32_t)rep0 < 0) {
-+ dbg("%d rep0:%d", __LINE__, rep0);
-+ goto bad;
-+ }
- prob3 = p + LZMA_ALIGN;
- }
- i2 = 1;
-@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- IF_NOT_FEATURE_LZMA_FAST(string:)
- do {
- uint32_t pos = buffer_pos - rep0;
-- if ((int32_t)pos < 0)
-+ if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* more stringent test (see unzip_bad_lzma_1.zip): */
-+ if (pos >= buffer_size)
-+ goto bad;
-+ }
- previous_byte = buffer[pos];
- IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
- buffer[buffer_pos++] = previous_byte;
-@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- IF_DESKTOP(total_written += buffer_pos;)
- if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
- bad:
-+ /* One of our users, bbunpack(), expects _us_ to emit
-+ * the error message (since it's the best place to give
-+ * potentially more detailed information).
-+ * Do not fail silently.
-+ */
-+ bb_error_msg("corrupted data");
- total_written = -1; /* failure */
- }
- rc_free(rc);
-
diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
index 582a258939..76daaf1f02 100644
--- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
+++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
@@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
networking/udhcp/dhcpc.c | 29 ++++++++++++++++------
1 file changed, 21 insertions(+), 8 deletions(-)
-Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+Index: busybox-1.29.1/networking/udhcp/dhcpc.c
===================================================================
---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c
-+++ busybox-1.27.2/networking/udhcp/dhcpc.c
-@@ -49,6 +49,8 @@ struct tpacket_auxdata {
+--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.1/networking/udhcp/dhcpc.c
+@@ -48,6 +48,8 @@
};
#endif
@@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
/* "struct client_config_t client_config" is in bb_common_bufsiz1 */
-@@ -104,8 +106,9 @@ enum {
+@@ -103,8 +105,9 @@
OPT_x = 1 << 18,
OPT_f = 1 << 19,
OPT_B = 1 << 20,
@@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
USE_FOR_MMU( OPTBIT_b,)
IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
IF_FEATURE_UDHCP_PORT( OPTBIT_P,)
-@@ -1110,7 +1113,8 @@ static void perform_renew(void)
+@@ -1116,7 +1119,8 @@
state = RENEW_REQUESTED;
break;
case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
@@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
case REQUESTING:
case RELEASED:
change_listen_mode(LISTEN_RAW);
-@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip)
+@@ -1152,7 +1156,8 @@
* Users requested to be notified in all cases, even if not in one
* of the states above.
*/
@@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
change_listen_mode(LISTEN_NONE);
state = RELEASED;
-@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
- /* O,x: list; -T,-t,-A take numeric param */
- IF_UDHCP_VERBOSE(opt_complementary = "vv";)
- IF_LONG_OPTS(applet_long_options = udhcpc_longopts;)
-- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
-+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
+@@ -1265,7 +1270,7 @@
+ /* Parse command line */
+ opt = getopt32long(argv, "^"
+ /* O,x: list; -T,-t,-A take numeric param */
+- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
USE_FOR_MMU("b")
IF_FEATURE_UDHCPC_ARPING("a::")
IF_FEATURE_UDHCP_PORT("P:")
-@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1376,6 +1381,10 @@
logmode |= LOGMODE_SYSLOG;
}
@@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+
/* Make sure fd 0,1,2 are open */
bb_sanitize_stdio();
- /* Equivalent of doing a fflush after every \n */
-@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ /* Create pidfile */
+@@ -1388,7 +1397,8 @@
srand(monotonic_us());
state = INIT_SELECTING;
@@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
change_listen_mode(LISTEN_RAW);
packet_num = 0;
timeout = 0;
-@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1555,7 +1565,8 @@
}
/* Timed out, enter init state */
bb_error_msg("lease lost, entering init state");
@@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
state = INIT_SELECTING;
client_config.first_secs = 0; /* make secs field count from 0 */
/*timeout = 0; - already is */
-@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1748,8 +1759,10 @@
+ "(got ARP reply), declining");
send_decline(/*xid,*/ server_addr, packet.yiaddr);
- if (state != REQUESTING)
+- if (state != REQUESTING)
- udhcp_run_script(NULL, "deconfig");
++ if (state != REQUESTING) {
+ if (allow_deconfig)
+ udhcp_run_script(NULL, "deconfig");
++ }
change_listen_mode(LISTEN_RAW);
state = INIT_SELECTING;
client_config.first_secs = 0; /* make secs field count from 0 */
-@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1818,8 +1831,10 @@
+ /* return to init state */
bb_error_msg("received %s", "DHCP NAK");
udhcp_run_script(&packet, "nak");
- if (state != REQUESTING)
+- if (state != REQUESTING)
- udhcp_run_script(NULL, "deconfig");
++ if (state != REQUESTING) {
+ if (allow_deconfig)
+ udhcp_run_script(NULL, "deconfig");
++ }
change_listen_mode(LISTEN_RAW);
sleep(3); /* avoid excessive network traffic */
state = INIT_SELECTING;
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
index 59d93c7079..f081f281cc 100644
--- a/meta/recipes-core/busybox/busybox/defconfig
+++ b/meta/recipes-core/busybox/busybox/defconfig
@@ -1,12 +1,12 @@
#
# Automatically generated make config: don't edit
-# Busybox version: 1.27.2
-# Wed Sep 27 08:56:13 2017
+# Busybox version: 1.29.1
+# Thu Jul 19 11:09:46 2018
#
CONFIG_HAVE_DOT_CONFIG=y
#
-# Busybox Settings
+# Settings
#
# CONFIG_DESKTOP is not set
# CONFIG_EXTRA_COMPAT is not set
@@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y
# CONFIG_EFENCE is not set
#
-# Busybox Library Tuning
+# Library Tuning
#
# CONFIG_FEATURE_USE_BSS_TAIL is not set
CONFIG_FEATURE_RTMINMAX=y
@@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
CONFIG_FEATURE_FAST_TOP=y
# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_ETC_SERVICES is not set
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
# CONFIG_FEATURE_EDITING_VI is not set
@@ -321,6 +322,7 @@ CONFIG_TRUE=y
CONFIG_TTY=y
CONFIG_UNAME=y
CONFIG_UNAME_OSNAME="GNU/Linux"
+# CONFIG_BB_ARCH is not set
CONFIG_UNIQ=y
CONFIG_UNLINK=y
CONFIG_USLEEP=y
@@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
+# klibc-utils
+#
+# CONFIG_MINIPS is not set
+# CONFIG_NUKE is not set
+# CONFIG_RESUME is not set
+# CONFIG_RUN_INIT is not set
+
+#
# Editors
#
CONFIG_AWK=y
@@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y
CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
# CONFIG_FEATURE_MTAB_SUPPORT is not set
# CONFIG_VOLUMEID is not set
+
+#
+# Filesystem/Volume identification
+#
# CONFIG_FEATURE_VOLUMEID_BCACHE is not set
# CONFIG_FEATURE_VOLUMEID_BTRFS is not set
# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
@@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
+# CONFIG_HEXEDIT is not set
# CONFIG_I2CGET is not set
# CONFIG_I2CSET is not set
# CONFIG_I2CDUMP is not set
@@ -807,6 +822,7 @@ CONFIG_MICROCOM=y
# CONFIG_RUNLEVEL is not set
# CONFIG_RX is not set
# CONFIG_SETSID is not set
+# CONFIG_SETFATTR is not set
CONFIG_STRINGS=y
CONFIG_TIME=y
# CONFIG_TIMEOUT is not set
@@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
+# CONFIG_TC is not set
+# CONFIG_FEATURE_TC_INGRESS is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
@@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
-# CONFIG_UDHCPC6 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
CONFIG_UDHCPD=y
-# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
+# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
CONFIG_DUMPLEASES=y
# CONFIG_DHCPRELAY is not set
@@ -963,6 +977,15 @@ CONFIG_UDHCPC=y
CONFIG_FEATURE_UDHCPC_ARPING=y
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
+# CONFIG_UDHCPC6 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
+
+#
+# Common options for DHCP applets
+#
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=0
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
@@ -1045,6 +1068,7 @@ CONFIG_WATCH=y
# CONFIG_SV is not set
CONFIG_SV_DEFAULT_SERVICE_DIR=""
# CONFIG_SVC is not set
+# CONFIG_SVOK is not set
# CONFIG_SVLOGD is not set
# CONFIG_CHCON is not set
# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
@@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y
# System Logging Utilities
#
CONFIG_KLOGD=y
+
+#
+# klogd should not be used together with syslog to kernel printk buffer
+#
CONFIG_FEATURE_KLOGD_KLOGCTL=y
CONFIG_LOGGER=y
# CONFIG_LOGREAD is not set
diff --git a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
deleted file mode 100644
index 9fe7998df3..0000000000
--- a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
-
-From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
-From: Shawn Landden <slandden@gmail.com>
-Date: Mon, 8 Jan 2018 13:31:58 +0100
-Subject: [PATCH] umount: ignore -c
-Organization: O.S. Systems Software LTDA.
-
-"-c, --no-canonicalize: Do not canonicalize paths."
-
-As busybox doesn't canonicalize paths in the first place it is safe to ignore
-this option.
-
-See https://github.com/systemd/systemd/issues/7786
-
-Signed-off-by: Shawn Landden <slandden@gmail.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- util-linux/umount.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util-linux/umount.c b/util-linux/umount.c
-index 0c50dc9ee..0425c5b76 100644
---- a/util-linux/umount.c
-+++ b/util-linux/umount.c
-@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
- }
- #endif
-
--/* ignored: -v -t -i */
--#define OPTION_STRING "fldnra" "vt:i"
-+/* ignored: -c -v -t -i */
-+#define OPTION_STRING "fldnra" "cvt:i"
- #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
- #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
- #define OPT_FREELOOP (1 << 2)
---
-2.18.0
-
diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.29.2.bb
similarity index 82%
rename from meta/recipes-core/busybox/busybox_1.27.2.bb
rename to meta/recipes-core/busybox/busybox_1.29.2.bb
index 1ce4823d47..3496a857c4 100644
--- a/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.29.2.bb
@@ -42,13 +42,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://rcK \
file://runlevel \
file://makefile-libbb-race.patch \
- file://CVE-2011-5325.patch \
- file://CVE-2017-15873.patch \
- file://busybox-CVE-2017-16544.patch \
- file://busybox-fix-lzma-segfaults.patch \
- file://umount-ignore-c.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
-SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
-SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
+SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
+SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-09-06 10:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-30 15:57 [PATCH] busybox: update to 1.29.2 Andrej Valek
2018-08-31 7:42 ` Andrej Valek
2018-09-04 19:31 ` Randy MacLeod
2018-09-06 0:05 ` Randy MacLeod
2018-09-06 10:38 ` Richard Purdie
2018-08-30 16:02 Andrej Valek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.