summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/busybox
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core/busybox')
-rw-r--r--meta/recipes-core/busybox/busybox-inittab_1.36.1.bb5
-rw-r--r--meta/recipes-core/busybox/busybox.inc46
-rw-r--r--meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch197
-rw-r--r--meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch41
-rw-r--r--meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch37
-rw-r--r--meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch66
-rw-r--r--meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch96
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2021-42380.patch151
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2023-42363.patch67
-rw-r--r--meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch61
-rw-r--r--meta/recipes-core/busybox/busybox/defconfig6
-rw-r--r--meta/recipes-core/busybox/busybox_1.36.1.bb8
12 files changed, 753 insertions, 28 deletions
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb b/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb
index 6904a91930..4ffc44c808 100644
--- a/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb
+++ b/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb
@@ -4,7 +4,8 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;m
4 4
5SRC_URI = "file://inittab" 5SRC_URI = "file://inittab"
6 6
7S = "${WORKDIR}" 7S = "${WORKDIR}/sources"
8UNPACKDIR = "${S}"
8 9
9INHIBIT_DEFAULT_DEPS = "1" 10INHIBIT_DEFAULT_DEPS = "1"
10 11
@@ -14,7 +15,7 @@ do_compile() {
14 15
15do_install() { 16do_install() {
16 install -d ${D}${sysconfdir} 17 install -d ${D}${sysconfdir}
17 install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab 18 install -D -m 0644 ${S}/inittab ${D}${sysconfdir}/inittab
18 19
19 CONSOLES="${SERIAL_CONSOLES}" 20 CONSOLES="${SERIAL_CONSOLES}"
20 for s in $CONSOLES 21 for s in $CONSOLES
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index f5d7c3f9c8..67a9111e5b 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -114,7 +114,7 @@ do_prepare_config () {
114 export KCONFIG_NOTIMESTAMP=1 114 export KCONFIG_NOTIMESTAMP=1
115 115
116 sed -e '/CONFIG_STATIC/d' \ 116 sed -e '/CONFIG_STATIC/d' \
117 < ${WORKDIR}/defconfig > ${S}/.config 117 < ${UNPACKDIR}/defconfig > ${S}/.config
118 echo "# CONFIG_STATIC is not set" >> .config 118 echo "# CONFIG_STATIC is not set" >> .config
119 for i in 'CROSS' 'DISTRO FEATURES'; do echo "### $i"; done >> \ 119 for i in 'CROSS' 'DISTRO FEATURES'; do echo "### $i"; done >> \
120 ${S}/.config 120 ${S}/.config
@@ -280,67 +280,67 @@ do_install () {
280 fi 280 fi
281 281
282 if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then 282 if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
283 install -m 0755 ${WORKDIR}/syslog ${D}${sysconfdir}/init.d/syslog 283 install -m 0755 ${UNPACKDIR}/syslog ${D}${sysconfdir}/init.d/syslog
284 install -m 644 ${WORKDIR}/syslog-startup.conf ${D}${sysconfdir}/syslog-startup.conf 284 install -m 644 ${UNPACKDIR}/syslog-startup.conf ${D}${sysconfdir}/syslog-startup.conf
285 install -m 644 ${WORKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf 285 install -m 644 ${UNPACKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf
286 fi 286 fi
287 if grep -q "CONFIG_CROND=y" ${B}/.config; then 287 if grep -q "CONFIG_CROND=y" ${B}/.config; then
288 install -m 0755 ${WORKDIR}/busybox-cron ${D}${sysconfdir}/init.d/ 288 install -m 0755 ${UNPACKDIR}/busybox-cron ${D}${sysconfdir}/init.d/
289 fi 289 fi
290 if grep -q "CONFIG_HTTPD=y" ${B}/.config; then 290 if grep -q "CONFIG_HTTPD=y" ${B}/.config; then
291 install -m 0755 ${WORKDIR}/busybox-httpd ${D}${sysconfdir}/init.d/ 291 install -m 0755 ${UNPACKDIR}/busybox-httpd ${D}${sysconfdir}/init.d/
292 install -d ${D}/srv/www 292 install -d ${D}/srv/www
293 fi 293 fi
294 if grep -q "CONFIG_UDHCPD=y" ${B}/.config; then 294 if grep -q "CONFIG_UDHCPD=y" ${B}/.config; then
295 install -m 0755 ${WORKDIR}/busybox-udhcpd ${D}${sysconfdir}/init.d/ 295 install -m 0755 ${UNPACKDIR}/busybox-udhcpd ${D}${sysconfdir}/init.d/
296 fi 296 fi
297 if grep -q "CONFIG_HWCLOCK=y" ${B}/.config; then 297 if grep -q "CONFIG_HWCLOCK=y" ${B}/.config; then
298 install -m 0755 ${WORKDIR}/hwclock.sh ${D}${sysconfdir}/init.d/ 298 install -m 0755 ${UNPACKDIR}/hwclock.sh ${D}${sysconfdir}/init.d/
299 fi 299 fi
300 if grep -q "CONFIG_UDHCPC=y" ${B}/.config; then 300 if grep -q "CONFIG_UDHCPC=y" ${B}/.config; then
301 install -d ${D}${sysconfdir}/udhcpc.d 301 install -d ${D}${sysconfdir}/udhcpc.d
302 install -d ${D}${datadir}/udhcpc 302 install -d ${D}${datadir}/udhcpc
303 install -m 0755 ${WORKDIR}/simple.script ${D}${sysconfdir}/udhcpc.d/50default 303 install -m 0755 ${UNPACKDIR}/simple.script ${D}${sysconfdir}/udhcpc.d/50default
304 sed -i "s:/SBIN_DIR/:${base_sbindir}/:" ${D}${sysconfdir}/udhcpc.d/50default 304 sed -i "s:/SBIN_DIR/:${base_sbindir}/:" ${D}${sysconfdir}/udhcpc.d/50default
305 install -m 0755 ${WORKDIR}/default.script ${D}${datadir}/udhcpc/default.script 305 install -m 0755 ${UNPACKDIR}/default.script ${D}${datadir}/udhcpc/default.script
306 fi 306 fi
307 if grep -q "CONFIG_INETD=y" ${B}/.config; then 307 if grep -q "CONFIG_INETD=y" ${B}/.config; then
308 install -m 0755 ${WORKDIR}/inetd ${D}${sysconfdir}/init.d/inetd.${BPN} 308 install -m 0755 ${UNPACKDIR}/inetd ${D}${sysconfdir}/init.d/inetd.${BPN}
309 sed -i "s:/usr/sbin/:${sbindir}/:" ${D}${sysconfdir}/init.d/inetd.${BPN} 309 sed -i "s:/usr/sbin/:${sbindir}/:" ${D}${sysconfdir}/init.d/inetd.${BPN}
310 install -m 0644 ${WORKDIR}/inetd.conf ${D}${sysconfdir}/ 310 install -m 0644 ${UNPACKDIR}/inetd.conf ${D}${sysconfdir}/
311 fi 311 fi
312 if grep -q "CONFIG_MDEV=y" ${B}/.config; then 312 if grep -q "CONFIG_MDEV=y" ${B}/.config; then
313 install -m 0755 ${WORKDIR}/mdev ${D}${sysconfdir}/init.d/mdev 313 install -m 0755 ${UNPACKDIR}/mdev ${D}${sysconfdir}/init.d/mdev
314 if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then 314 if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then
315 install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf 315 install -m 644 ${UNPACKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf
316 install -d ${D}${sysconfdir}/mdev 316 install -d ${D}${sysconfdir}/mdev
317 install -m 0755 ${WORKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev 317 install -m 0755 ${UNPACKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev
318 install -m 0755 ${WORKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev 318 install -m 0755 ${UNPACKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev
319 fi 319 fi
320 fi 320 fi
321 if grep -q "CONFIG_INIT=y" ${B}/.config && ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','busybox','true','false',d)}; then 321 if grep -q "CONFIG_INIT=y" ${B}/.config && ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','busybox','true','false',d)}; then
322 install -D -m 0755 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS 322 install -D -m 0755 ${UNPACKDIR}/rcS ${D}${sysconfdir}/init.d/rcS
323 install -D -m 0755 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK 323 install -D -m 0755 ${UNPACKDIR}/rcK ${D}${sysconfdir}/init.d/rcK
324 install -D -m 0755 ${WORKDIR}/rcS.default ${D}${sysconfdir}/default/rcS 324 install -D -m 0755 ${UNPACKDIR}/rcS.default ${D}${sysconfdir}/default/rcS
325 fi 325 fi
326 326
327 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then 327 if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
328 if grep -q "CONFIG_KLOGD=y" ${B}/.config; then 328 if grep -q "CONFIG_KLOGD=y" ${B}/.config; then
329 install -d ${D}${systemd_system_unitdir} 329 install -d ${D}${systemd_system_unitdir}
330 sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \ 330 sed 's,@base_sbindir@,${base_sbindir},g' < ${UNPACKDIR}/busybox-klogd.service.in \
331 > ${D}${systemd_system_unitdir}/busybox-klogd.service 331 > ${D}${systemd_system_unitdir}/busybox-klogd.service
332 fi 332 fi
333 333
334 if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then 334 if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
335 install -d ${D}${systemd_system_unitdir} 335 install -d ${D}${systemd_system_unitdir}
336 sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \ 336 sed 's,@base_sbindir@,${base_sbindir},g' < ${UNPACKDIR}/busybox-syslog.service.in \
337 > ${D}${systemd_system_unitdir}/busybox-syslog.service 337 > ${D}${systemd_system_unitdir}/busybox-syslog.service
338 if [ ! -e ${D}${systemd_system_unitdir}/busybox-klogd.service ] ; then 338 if [ ! -e ${D}${systemd_system_unitdir}/busybox-klogd.service ] ; then
339 sed -i '/klog/d' ${D}${systemd_system_unitdir}/busybox-syslog.service 339 sed -i '/klog/d' ${D}${systemd_system_unitdir}/busybox-syslog.service
340 fi 340 fi
341 if [ -f ${WORKDIR}/busybox-syslog.default ] ; then 341 if [ -f ${UNPACKDIR}/busybox-syslog.default ] ; then
342 install -d ${D}${sysconfdir}/default 342 install -d ${D}${sysconfdir}/default
343 install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog 343 install -m 0644 ${UNPACKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog
344 fi 344 fi
345 fi 345 fi
346 fi 346 fi
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
new file mode 100644
index 0000000000..5836cf8a00
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
@@ -0,0 +1,197 @@
1From dedc9380c76834ba64c8b526aef6f461ea4e7f2e Mon Sep 17 00:00:00 2001
2From: Denys Vlasenko <vda.linux@googlemail.com>
3Date: Tue, 30 May 2023 16:42:18 +0200
4Subject: [PATCH 1/2] awk: fix precedence of = relative to ==
5
6Discovered while adding code to disallow assignments to non-lvalues
7
8function old new delta
9parse_expr 936 991 +55
10.rodata 105243 105247 +4
11------------------------------------------------------------------------------
12(add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0) Total: 59 bytes
13
14CVE: CVE-2023-42364 CVE-2023-42365
15
16Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4]
17Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
18(cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4)
19Signed-off-by: Khem Raj <raj.khem@gmail.com>
20---
21 editors/awk.c | 66 ++++++++++++++++++++++++++++++---------------
22 testsuite/awk.tests | 5 ++++
23 2 files changed, 50 insertions(+), 21 deletions(-)
24
25diff --git a/editors/awk.c b/editors/awk.c
26index ec9301e..aff86fe 100644
27--- a/editors/awk.c
28+++ b/editors/awk.c
29@@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n)
30 #undef P
31 #undef PRIMASK
32 #undef PRIMASK2
33-#define P(x) (x << 24)
34+/* Smaller 'x' means _higher_ operator precedence */
35+#define PRECEDENCE(x) (x << 24)
36+#define P(x) PRECEDENCE(x)
37 #define PRIMASK 0x7F000000
38 #define PRIMASK2 0x7E000000
39
40@@ -360,7 +362,7 @@ enum {
41 OC_MOVE = 0x1f00, OC_PGETLINE = 0x2000, OC_REGEXP = 0x2100,
42 OC_REPLACE = 0x2200, OC_RETURN = 0x2300, OC_SPRINTF = 0x2400,
43 OC_TERNARY = 0x2500, OC_UNARY = 0x2600, OC_VAR = 0x2700,
44- OC_DONE = 0x2800,
45+ OC_CONST = 0x2800, OC_DONE = 0x2900,
46
47 ST_IF = 0x3000, ST_DO = 0x3100, ST_FOR = 0x3200,
48 ST_WHILE = 0x3300
49@@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = {
50 #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
51 #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
52 TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5),
53- OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(74), OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
54- OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
55- OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
56+ OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
57+ OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
58+ OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
59 OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*',
60 OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1,
61 #define TI_LESS (OC_COMPARE|VV|P(39)|2)
62@@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected)
63 save_tclass = tc;
64 save_info = t_info;
65 tc = TC_BINOPX;
66- t_info = OC_CONCAT | SS | P(35);
67+ t_info = OC_CONCAT | SS | PRECEDENCE(35);
68 }
69
70 t_tclass = tc;
71@@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc)
72 {
73 node sn;
74 node *cn = &sn;
75- node *vn, *glptr;
76+ node *glptr;
77 uint32_t tc, expected_tc;
78- var *v;
79
80 debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
81 debug_parse_print_tc(term_tc);
82@@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc)
83 expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc;
84
85 while (!((tc = next_token(expected_tc)) & term_tc)) {
86+ node *vn;
87
88 if (glptr && (t_info == TI_LESS)) {
89 /* input redirection (<) attached to glptr node */
90 debug_printf_parse("%s: input redir\n", __func__);
91- cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37));
92+ cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37));
93 cn->a.n = glptr;
94 expected_tc = TS_OPERAND | TS_UOPPRE;
95 glptr = NULL;
96@@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc)
97 * previous operators with higher priority */
98 vn = cn;
99 while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
100- || ((t_info == vn->info) && t_info == TI_COLON)
101+ || (t_info == vn->info && t_info == TI_COLON)
102 ) {
103 vn = vn->a.n;
104 if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
105 }
106 if (t_info == TI_TERNARY)
107 //TODO: why?
108- t_info += P(6);
109+ t_info += PRECEDENCE(6);
110 cn = vn->a.n->r.n = new_node(t_info);
111 cn->a.n = vn->a.n;
112 if (tc & TS_BINOP) {
113 cn->l.n = vn;
114-//FIXME: this is the place to detect and reject assignments to non-lvalues.
115-//Currently we allow "assignments" to consts and temporaries, nonsense like this:
116-// awk 'BEGIN { "qwe" = 1 }'
117-// awk 'BEGIN { 7 *= 7 }'
118-// awk 'BEGIN { length("qwe") = 1 }'
119-// awk 'BEGIN { (1+1) += 3 }'
120+
121+ /* Prevent:
122+ * awk 'BEGIN { "qwe" = 1 }'
123+ * awk 'BEGIN { 7 *= 7 }'
124+ * awk 'BEGIN { length("qwe") = 1 }'
125+ * awk 'BEGIN { (1+1) += 3 }'
126+ */
127+ /* Assignment? (including *= and friends) */
128+ if (((t_info & OPCLSMASK) == OC_MOVE)
129+ || ((t_info & OPCLSMASK) == OC_REPLACE)
130+ ) {
131+ debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info);
132+ /* Left side is a (variable or array element)
133+ * or function argument
134+ * or $FIELD ?
135+ */
136+ if ((vn->info & OPCLSMASK) != OC_VAR
137+ && (vn->info & OPCLSMASK) != OC_FNARG
138+ && (vn->info & OPCLSMASK) != OC_FIELD
139+ ) {
140+ syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
141+ }
142+ }
143+
144 expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
145 if (t_info == TI_PGETLINE) {
146 /* it's a pipe */
147@@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc)
148 /* one should be very careful with switch on tclass -
149 * only simple tclasses should be used (TC_xyz, not TS_xyz) */
150 switch (tc) {
151+ var *v;
152+
153 case TC_VARIABLE:
154 case TC_ARRAY:
155 debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
156@@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc)
157 case TC_NUMBER:
158 case TC_STRING:
159 debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
160- cn->info = OC_VAR;
161+ cn->info = OC_CONST;
162 v = cn->l.v = xzalloc(sizeof(var));
163- if (tc & TC_NUMBER)
164+ if (tc & TC_NUMBER) {
165 setvar_i(v, t_double);
166- else {
167+ } else {
168 setvar_s(v, t_string);
169- expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
170 }
171+ expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */
172 break;
173
174 case TC_REGEXP:
175@@ -3107,6 +3129,8 @@ static var *evaluate(node *op, var *res)
176
177 /* -- recursive node type -- */
178
179+ case XC( OC_CONST ):
180+ debug_printf_eval("CONST ");
181 case XC( OC_VAR ):
182 debug_printf_eval("VAR\n");
183 L.v = op->l.v;
184diff --git a/testsuite/awk.tests b/testsuite/awk.tests
185index ddc5104..a78fdcd 100755
186--- a/testsuite/awk.tests
187+++ b/testsuite/awk.tests
188@@ -540,4 +540,9 @@ testing 'awk assign while assign' \
189 │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
190 └────────────────────────────────────────────────────┘^C"
191
192+testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
193+ "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
194+ '0\n1\n2\n1\n3\n' \
195+ '' ''
196+
197 exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch
new file mode 100644
index 0000000000..3f6145b250
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch
@@ -0,0 +1,41 @@
1From e1a68741067167dc4837e0a26d3d5c318a631fc7 Mon Sep 17 00:00:00 2001
2From: Ron Yorston <rmy@pobox.com>
3Date: Fri, 19 Jan 2024 15:41:17 +0000
4Subject: [PATCH] awk: fix segfault when compiled by clang
5
6A 32-bit build of BusyBox using clang segfaulted in the test
7"awk assign while assign". Specifically, on line 7 of the test
8input where the adjustment of the L.v pointer when the Fields
9array was reallocated
10
11 L.v += Fields - old_Fields_ptr;
12
13was out by 4 bytes.
14
15Rearrange to code so both gcc and clang generate code that works.
16
17Signed-off-by: Ron Yorston <rmy@pobox.com>
18Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
19
20Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae]
21Signed-off-by: Peter Marko <peter.marko@siemens.com>
22---
23 editors/awk.c | 2 +-
24 1 file changed, 1 insertion(+), 1 deletion(-)
25
26diff --git a/editors/awk.c b/editors/awk.c
27index aa485c782..0981c6735 100644
28--- a/editors/awk.c
29+++ b/editors/awk.c
30@@ -2935,7 +2935,7 @@ static var *evaluate(node *op, var *res)
31 if (old_Fields_ptr) {
32 //if (old_Fields_ptr != Fields)
33 // debug_printf_eval("L.v moved\n");
34- L.v += Fields - old_Fields_ptr;
35+ L.v = Fields + (L.v - old_Fields_ptr);
36 }
37 if (opinfo & OF_STR2) {
38 R.s = getvar_s(R.v);
39--
402.30.2
41
diff --git a/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch
new file mode 100644
index 0000000000..282c2fde5a
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch
@@ -0,0 +1,37 @@
1From 8542236894a8d5f7393327117bc7f64787444efc Mon Sep 17 00:00:00 2001
2From: Valery Ushakov <uwe@stderr.spb.ru>
3Date: Wed, 24 Jan 2024 22:24:41 +0300
4Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874)
5
6Make sure we don't read past the end of the string in next_token()
7when backslash is the last character in an (invalid) regexp.
8a fix and issue reported in bugzilla
9
10https://bugs.busybox.net/show_bug.cgi?id=15874
11
12Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
13
14CVE: CVE-2023-42366
15Signed-off-by: Khem Raj <raj.khem@gmail.com>
16---
17 editors/awk.c | 6 ++++--
18 1 file changed, 4 insertions(+), 2 deletions(-)
19
20diff --git a/editors/awk.c b/editors/awk.c
21index f320d8c..a53b193 100644
22--- a/editors/awk.c
23+++ b/editors/awk.c
24@@ -1168,9 +1168,11 @@ static uint32_t next_token(uint32_t expected)
25 s[-1] = bb_process_escape_sequence((const char **)&pp);
26 if (*p == '\\')
27 *s++ = '\\';
28- if (pp == p)
29+ if (pp == p) {
30+ if (*p == '\0')
31+ syntax_error(EMSG_UNEXP_EOS);
32 *s++ = *p++;
33- else
34+ } else
35 p = pp;
36 }
37 }
diff --git a/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch
new file mode 100644
index 0000000000..a0a8607b23
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch
@@ -0,0 +1,66 @@
1From 199606e960942c29fd8085be812edd3d3697825c Mon Sep 17 00:00:00 2001
2From: Colin McAllister <colinmca242@gmail.com>
3Date: Wed, 17 Jul 2024 07:58:52 -0500
4Subject: [PATCH 1/1] cut: Fix "-s" flag to omit blank lines
5
6Using cut with the delimiter flag ("-d") with the "-s" flag to only
7output lines containing the delimiter will print blank lines. This is
8deviant behavior from cut provided by GNU Coreutils. Blank lines should
9be omitted if "-s" is used with "-d".
10
11This change introduces a somewhat naiive, yet efficient solution, where
12line length is checked before looping though bytes. If line length is
13zero and the "-s" flag is used, the code will jump to parsing the next
14line to avoid printing a newline character.
15
16In addition, a test to cut.tests has been added to ensure that this
17regression is fixed and will not happen again in the future.
18
19Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-July/090834.html]
20
21Signed-off-by: Colin McAllister <colinmca242@gmail.com>
22---
23 coreutils/cut.c | 6 ++++++
24 testsuite/cut.tests | 9 +++++++++
25 2 files changed, 15 insertions(+)
26
27diff --git a/coreutils/cut.c b/coreutils/cut.c
28index 55bdd9386..b7f986f26 100644
29--- a/coreutils/cut.c
30+++ b/coreutils/cut.c
31@@ -152,6 +152,12 @@ static void cut_file(FILE *file, const char *delim, const char *odelim,
32 unsigned uu = 0, start = 0, end = 0, out = 0;
33 int dcount = 0;
34
35+ /* Blank line? */
36+ if (!linelen) {
37+ if (option_mask32 & CUT_OPT_SUPPRESS_FLGS)
38+ goto next_line;
39+ }
40+
41 /* Loop through bytes, finding next delimiter */
42 for (;;) {
43 /* End of current range? */
44diff --git a/testsuite/cut.tests b/testsuite/cut.tests
45index 2458c019c..0b401bc00 100755
46--- a/testsuite/cut.tests
47+++ b/testsuite/cut.tests
48@@ -65,6 +65,15 @@ testing "cut with -d -f( ) -s" "cut -d' ' -f3 -s input && echo yes" "yes\n" "$in
49 testing "cut with -d -f(a) -s" "cut -da -f3 -s input" "n\nsium:Jim\n\ncion:Ed\n" "$input" ""
50 testing "cut with -d -f(a) -s -n" "cut -da -f3 -s -n input" "n\nsium:Jim\n\ncion:Ed\n" "$input" ""
51
52+input="\
53+
54+foo bar baz
55+
56+bing bong boop
57+
58+"
59+testing "cut with -d -s omits blank lines" "cut -d' ' -f2 -s input" "bar\nbong\n" "$input" ""
60+
61 # substitute for awk
62 optional FEATURE_CUT_REGEX
63 testing "cut -DF" "cut -DF 2,7,5" \
64--
652.43.0
66
diff --git a/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
new file mode 100644
index 0000000000..ea3c84897b
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
@@ -0,0 +1,96 @@
1From c3bfdac8e0e9a21d524ad72036953f68d2193e52 Mon Sep 17 00:00:00 2001
2From: Natanael Copa <ncopa@alpinelinux.org>
3Date: Tue, 21 May 2024 14:46:08 +0200
4Subject: [PATCH 2/2] awk: fix ternary operator and precedence of =
5
6Adjust the = precedence test to match behavior of gawk, mawk and
7FreeBSD. awk 'BEGIN {print v=3==3; print v}' should print two '1'.
8
9To fix this, and to unbreak the ternary conditional operator, we restore
10the precedence of = in the token list, but override this with a lower
11priority when the assignment is on the right side of a compare.
12
13This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1]
14
15CVE: CVE-2023-42364 CVE-2023-42365
16
17Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
18
19[1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6
20
21Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
22(cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95)
23Signed-off-by: Khem Raj <raj.khem@gmail.com>
24---
25 editors/awk.c | 18 ++++++++++++++----
26 testsuite/awk.tests | 9 +++++++--
27 2 files changed, 21 insertions(+), 6 deletions(-)
28
29diff --git a/editors/awk.c b/editors/awk.c
30index aff86fe..f320d8c 100644
31--- a/editors/awk.c
32+++ b/editors/awk.c
33@@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = {
34 #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
35 #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
36 TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5),
37- OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
38- OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
39- OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
40+#define TI_ASSIGN (OC_MOVE|VV|P(74))
41+ OC_COMPARE|VV|P(39)|5, TI_ASSIGN, OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
42+ OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
43+ OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
44 OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*',
45 OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1,
46 #define TI_LESS (OC_COMPARE|VV|P(39)|2)
47@@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc)
48 continue;
49 }
50 if (tc & (TS_BINOP | TC_UOPPOST)) {
51+ int prio;
52 debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
53 /* for binary and postfix-unary operators, jump back over
54 * previous operators with higher priority */
55 vn = cn;
56- while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
57+ /* Let assignment get higher priority when used on right
58+ * side in compare. i.e: 2==v=3 */
59+ if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) {
60+ prio = PRECEDENCE(38);
61+ } else {
62+ prio = (t_info & PRIMASK);
63+ }
64+ while ((prio > (vn->a.n->info & PRIMASK2))
65 || (t_info == vn->info && t_info == TI_COLON)
66 ) {
67 vn = vn->a.n;
68@@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc)
69 if ((vn->info & OPCLSMASK) != OC_VAR
70 && (vn->info & OPCLSMASK) != OC_FNARG
71 && (vn->info & OPCLSMASK) != OC_FIELD
72+ && (vn->info & OPCLSMASK) != OC_COMPARE
73 ) {
74 syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
75 }
76diff --git a/testsuite/awk.tests b/testsuite/awk.tests
77index a78fdcd..d2706de 100755
78--- a/testsuite/awk.tests
79+++ b/testsuite/awk.tests
80@@ -540,9 +540,14 @@ testing 'awk assign while assign' \
81 │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
82 └────────────────────────────────────────────────────┘^C"
83
84-testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
85+testing "awk = has higher precedence than == on right side" \
86 "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
87- '0\n1\n2\n1\n3\n' \
88+ '0\n1\n2\n1\n1\n' \
89+ '' ''
90+
91+testing 'awk ternary precedence' \
92+ "awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \
93+ 'no\n' \
94 '' ''
95
96 exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
new file mode 100644
index 0000000000..3baef86415
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
@@ -0,0 +1,151 @@
1From 5dcc443dba039b305a510c01883e9f34e42656ae Mon Sep 17 00:00:00 2001
2From: Denys Vlasenko <vda.linux@googlemail.com>
3Date: Fri, 26 May 2023 19:36:58 +0200
4Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601
5
6Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
7
8CVE: CVE-2021-42380
9Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae]
10Signed-off-by: Peter Marko <peter.marko@siemens.com>
11---
12 editors/awk.c | 26 ++++++++++++++++-----
13 testsuite/awk.tests | 55 +++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 75 insertions(+), 6 deletions(-)
15
16diff --git a/editors/awk.c b/editors/awk.c
17index 728ee8685..2af823808 100644
18--- a/editors/awk.c
19+++ b/editors/awk.c
20@@ -555,7 +555,7 @@ struct globals {
21 const char *g_progname;
22 int g_lineno;
23 int nfields;
24- int maxfields; /* used in fsrealloc() only */
25+ unsigned maxfields;
26 var *Fields;
27 char *g_pos;
28 char g_saved_ch;
29@@ -1931,9 +1931,9 @@ static void fsrealloc(int size)
30 {
31 int i, newsize;
32
33- if (size >= maxfields) {
34- /* Sanity cap, easier than catering for overflows */
35- if (size > 0xffffff)
36+ if ((unsigned)size >= maxfields) {
37+ /* Sanity cap, easier than catering for over/underflows */
38+ if ((unsigned)size > 0xffffff)
39 bb_die_memory_exhausted();
40
41 i = maxfields;
42@@ -2891,6 +2891,7 @@ static var *evaluate(node *op, var *res)
43 uint32_t opinfo;
44 int opn;
45 node *op1;
46+ var *old_Fields_ptr;
47
48 opinfo = op->info;
49 opn = (opinfo & OPNMASK);
50@@ -2899,10 +2900,16 @@ static var *evaluate(node *op, var *res)
51 debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn);
52
53 /* execute inevitable things */
54+ old_Fields_ptr = NULL;
55 if (opinfo & OF_RES1) {
56 if ((opinfo & OF_REQUIRED) && !op1)
57 syntax_error(EMSG_TOO_FEW_ARGS);
58 L.v = evaluate(op1, TMPVAR0);
59+ /* Does L.v point to $n variable? */
60+ if ((size_t)(L.v - Fields) < maxfields) {
61+ /* yes, remember where Fields[] is */
62+ old_Fields_ptr = Fields;
63+ }
64 if (opinfo & OF_STR1) {
65 L.s = getvar_s(L.v);
66 debug_printf_eval("L.s:'%s'\n", L.s);
67@@ -2921,8 +2928,15 @@ static var *evaluate(node *op, var *res)
68 */
69 if (opinfo & OF_RES2) {
70 R.v = evaluate(op->r.n, TMPVAR1);
71- //TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
72- //L.v = NULL;
73+ /* Seen in $5=$$5=$0:
74+ * Evaluation of R.v ($$5=$0 expression)
75+ * made L.v ($5) invalid. It's detected here.
76+ */
77+ if (old_Fields_ptr) {
78+ //if (old_Fields_ptr != Fields)
79+ // debug_printf_eval("L.v moved\n");
80+ L.v += Fields - old_Fields_ptr;
81+ }
82 if (opinfo & OF_STR2) {
83 R.s = getvar_s(R.v);
84 debug_printf_eval("R.s:'%s'\n", R.s);
85diff --git a/testsuite/awk.tests b/testsuite/awk.tests
86index bbf0fbff1..ddc51047b 100755
87--- a/testsuite/awk.tests
88+++ b/testsuite/awk.tests
89@@ -485,4 +485,59 @@ testing 'awk assign while test' \
90 "" \
91 "foo"
92
93+# User-supplied bug (SEGV) example, was causing use-after-realloc
94+testing 'awk assign while assign' \
95+ "awk '\$5=\$\$5=\$0'; echo \$?" \
96+ "\
97+─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐
98+│ run time : │ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
99+│ last new find │ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
100+│last saved crash : │last saved crash : none seen yet │saved crashes : 0 │ seen yet │saved crashes : 0 │
101+│ last saved hang │ last saved hang : none seen yet │ saved hangs : 0 │ none seen yet │ saved hangs : 0 │
102+├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤
103+│ now processing : │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ (88.5%) │ map density : 0.30% / 0.52% │ │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │
104+│ runs timed out │ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │
105+├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤
106+│ now trying : │ now trying : havoc │ favored items : 43 (20.67%) │ │ favored items : 43 (20.67%) │
107+│ stage execs : │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ 52 (25.00%) │
108+│ total execs : │ total execs : 179k │ total crashes : 0 (0 saved) │ │ total crashes : 0 (0 saved) │ │ total execs : 179k │ total crashes : 0 (0 saved) │
109+│ exec speed : │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ │ total tmouts : 0 (0 saved) │ │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │
110+├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤
111+│ bit flips : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ 4/638, 5/618 │ levels : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ │
112+│ byte flips : │ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ 0/71, 0/52 │ pending : 199 │
113+│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ 0/0 │ pend fav : 35 │
114+│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ known ints : │ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ 0/1986, 0/2288 │ own finds : 207 │
115+│ dictionary : 0/0, │ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ 0/0, 0/0 │ imported : 0 │
116+│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ stability : 100.00% │
117+│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ unused ├───────────────────────┘
118+│ trim/eff : 57.02%/26, │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] │ [cpu000:100%]
119+└────────────────────────────────────────────────────┘^C └────────────────────────────────────────────────────┘^C
120+0
121+" \
122+ "" \
123+ "\
124+─ process timing ────────────────────────────────────┬─ overall results ────┐
125+│ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
126+│ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
127+│last saved crash : none seen yet │saved crashes : 0 │
128+│ last saved hang : none seen yet │ saved hangs : 0 │
129+├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤
130+│ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │
131+│ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │
132+├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤
133+│ now trying : havoc │ favored items : 43 (20.67%) │
134+│ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │
135+│ total execs : 179k │ total crashes : 0 (0 saved) │
136+│ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │
137+├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤
138+│ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │
139+│ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │
140+│ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │
141+│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │
142+│ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │
143+│havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │
144+│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘
145+│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
146+└────────────────────────────────────────────────────┘^C"
147+
148 exit $FAILCOUNT
149--
1502.30.2
151
diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
new file mode 100644
index 0000000000..379f6f83b1
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
@@ -0,0 +1,67 @@
1From fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa Mon Sep 17 00:00:00 2001
2From: Natanael Copa <ncopa@alpinelinux.org>
3Date: Mon, 20 May 2024 17:55:28 +0200
4Subject: [PATCH] awk: fix use after free (CVE-2023-42363)
5
6function old new delta
7evaluate 3377 3385 +8
8
9Fixes https://bugs.busybox.net/show_bug.cgi?id=15865
10
11Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
12Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
13
14CVE: CVE-2023-42363
15Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa]
16Signed-off-by: Peter Marko <peter.marko@siemens.com>
17---
18 editors/awk.c | 21 +++++++++++++--------
19 1 file changed, 13 insertions(+), 8 deletions(-)
20
21diff --git a/editors/awk.c b/editors/awk.c
22index 0981c6735..ff6d6350b 100644
23--- a/editors/awk.c
24+++ b/editors/awk.c
25@@ -2910,19 +2910,14 @@ static var *evaluate(node *op, var *res)
26 /* yes, remember where Fields[] is */
27 old_Fields_ptr = Fields;
28 }
29- if (opinfo & OF_STR1) {
30- L.s = getvar_s(L.v);
31- debug_printf_eval("L.s:'%s'\n", L.s);
32- }
33 if (opinfo & OF_NUM1) {
34 L_d = getvar_i(L.v);
35 debug_printf_eval("L_d:%f\n", L_d);
36 }
37 }
38- /* NB: Must get string/numeric values of L (done above)
39- * _before_ evaluate()'ing R.v: if both L and R are $NNNs,
40- * and right one is large, then L.v points to Fields[NNN1],
41- * second evaluate() reallocates and moves (!) Fields[],
42+ /* NB: if both L and R are $NNNs, and right one is large,
43+ * then at this pint L.v points to Fields[NNN1], second
44+ * evaluate() below reallocates and moves (!) Fields[],
45 * R.v points to Fields[NNN2] but L.v now points to freed mem!
46 * (Seen trying to evaluate "$444 $44444")
47 */
48@@ -2942,6 +2937,16 @@ static var *evaluate(node *op, var *res)
49 debug_printf_eval("R.s:'%s'\n", R.s);
50 }
51 }
52+ /* Get L.s _after_ R.v is evaluated: it may have realloc'd L.v
53+ * so we must get the string after "old_Fields_ptr" correction
54+ * above. Testcase: x = (v = "abc", gsub("b", "X", v));
55+ */
56+ if (opinfo & OF_RES1) {
57+ if (opinfo & OF_STR1) {
58+ L.s = getvar_s(L.v);
59+ debug_printf_eval("L.s:'%s'\n", L.s);
60+ }
61+ }
62
63 debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK));
64 switch (XC(opinfo & OPCLSMASK)) {
65--
662.30.2
67
diff --git a/meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch b/meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch
new file mode 100644
index 0000000000..80cbc73fc4
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch
@@ -0,0 +1,61 @@
1Remove CBQ functionality from tc
2
36.8+ kernel has dropped CBQ support [1], Now that OE uses 6.9 for
4kernel-headers means we are hitting the undefined symbol
5TCA_CBQ_MAX [2]
6
7[1] https://github.com/torvalds/linux/commit/33241dca486264193ed68167c8eeae1fb197f3df
8[2] https://bugs.busybox.net/show_bug.cgi?id=15934
9
10Upstream-Status: Submitted [https://bugs.busybox.net/show_bug.cgi?id=15931]
11Signed-off-by: Khem Raj <raj.khem@gmail.com>
12
13diff -up busybox-1.36.1/networking/tc.c.no-cbq busybox-1.36.1/networking/tc.c
14--- busybox-1.36.1/networking/tc.c.no-cbq 2024-01-29 10:24:09.135082923 -0500
15+++ busybox-1.36.1/networking/tc.c 2024-01-29 10:28:12.009502552 -0500
16@@ -31,7 +31,7 @@
17 //usage: "qdisc [handle QHANDLE] [root|"IF_FEATURE_TC_INGRESS("ingress|")"parent CLASSID]\n"
18 /* //usage: "[estimator INTERVAL TIME_CONSTANT]\n" */
19 //usage: " [[QDISC_KIND] [help|OPTIONS]]\n"
20-//usage: " QDISC_KIND := [p|b]fifo|tbf|prio|cbq|red|etc.\n"
21+//usage: " QDISC_KIND := [p|b]fifo|tbf|prio|red|etc.\n"
22 //usage: "qdisc show [dev STRING]"IF_FEATURE_TC_INGRESS(" [ingress]")"\n"
23 //usage: "class [classid CLASSID] [root|parent CLASSID]\n"
24 //usage: " [[QDISC_KIND] [help|OPTIONS] ]\n"
25@@ -230,7 +230,7 @@ static int cbq_parse_opt(int argc, char
26 {
27 return 0;
28 }
29-#endif
30+
31 static int cbq_print_opt(struct rtattr *opt)
32 {
33 struct rtattr *tb[TCA_CBQ_MAX+1];
34@@ -322,6 +322,7 @@ static int cbq_print_opt(struct rtattr *
35 done:
36 return 0;
37 }
38+#endif
39
40 static FAST_FUNC int print_qdisc(
41 const struct sockaddr_nl *who UNUSED_PARAM,
42@@ -373,7 +374,8 @@ static FAST_FUNC int print_qdisc(
43 if (qqq == 0) { /* pfifo_fast aka prio */
44 prio_print_opt(tb[TCA_OPTIONS]);
45 } else if (qqq == 1) { /* class based queuing */
46- cbq_print_opt(tb[TCA_OPTIONS]);
47+ /* cbq_print_opt(tb[TCA_OPTIONS]); */
48+ printf("cbq not supported");
49 } else {
50 /* don't know how to print options for this qdisc */
51 printf("(options for %s)", name);
52@@ -444,7 +446,8 @@ static FAST_FUNC int print_class(
53 /* nothing. */ /*prio_print_opt(tb[TCA_OPTIONS]);*/
54 } else if (qqq == 1) { /* class based queuing */
55 /* cbq_print_copt() is identical to cbq_print_opt(). */
56- cbq_print_opt(tb[TCA_OPTIONS]);
57+ /* cbq_print_opt(tb[TCA_OPTIONS]); */
58+ printf("cbq not supported");
59 } else {
60 /* don't know how to print options for this class */
61 printf("(options for %s)", name);
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
index f3d545dc3f..8e3b6e480c 100644
--- a/meta/recipes-core/busybox/busybox/defconfig
+++ b/meta/recipes-core/busybox/busybox/defconfig
@@ -983,7 +983,7 @@ CONFIG_FEATURE_TFTP_GET=y
983CONFIG_FEATURE_TFTP_PUT=y 983CONFIG_FEATURE_TFTP_PUT=y
984# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set 984# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
985# CONFIG_TFTP_DEBUG is not set 985# CONFIG_TFTP_DEBUG is not set
986CONFIG_TLS=y 986# CONFIG_TLS is not set
987CONFIG_TRACEROUTE=y 987CONFIG_TRACEROUTE=y
988# CONFIG_TRACEROUTE6 is not set 988# CONFIG_TRACEROUTE6 is not set
989# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set 989# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -997,8 +997,8 @@ CONFIG_FEATURE_WGET_STATUSBAR=y
997CONFIG_FEATURE_WGET_FTP=y 997CONFIG_FEATURE_WGET_FTP=y
998CONFIG_FEATURE_WGET_AUTHENTICATION=y 998CONFIG_FEATURE_WGET_AUTHENTICATION=y
999CONFIG_FEATURE_WGET_TIMEOUT=y 999CONFIG_FEATURE_WGET_TIMEOUT=y
1000CONFIG_FEATURE_WGET_HTTPS=y 1000# CONFIG_FEATURE_WGET_HTTPS is not set
1001# CONFIG_FEATURE_WGET_OPENSSL is not set 1001CONFIG_FEATURE_WGET_OPENSSL=y
1002# CONFIG_WHOIS is not set 1002# CONFIG_WHOIS is not set
1003# CONFIG_ZCIP is not set 1003# CONFIG_ZCIP is not set
1004CONFIG_UDHCPD=y 1004CONFIG_UDHCPD=y
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb
index 373a6b7781..f7c3eff29e 100644
--- a/meta/recipes-core/busybox/busybox_1.36.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.36.1.bb
@@ -49,6 +49,14 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
49 file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ 49 file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \
50 file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ 50 file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \
51 file://start-stop-false.patch \ 51 file://start-stop-false.patch \
52 file://CVE-2021-42380.patch \
53 file://0001-awk-fix-segfault-when-compiled-by-clang.patch \
54 file://CVE-2023-42363.patch \
55 file://busybox-1.36.1-no-cbq.patch \
56 file://0001-awk-fix-precedence-of-relative-to.patch \
57 file://0002-awk-fix-ternary-operator-and-precedence-of.patch \
58 file://0001-awk.c-fix-CVE-2023-42366-bug-15874.patch \
59 file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \
52 " 60 "
53SRC_URI:append:libc-musl = " file://musl.cfg " 61SRC_URI:append:libc-musl = " file://musl.cfg "
54# TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html 62# TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-20 16:23:02 +0000