diff options
Diffstat (limited to 'meta/recipes-core/busybox')
12 files changed, 753 insertions, 28 deletions
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb b/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb index 6904a91930..4ffc44c808 100644 --- a/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb +++ b/meta/recipes-core/busybox/busybox-inittab_1.36.1.bb | |||
@@ -4,7 +4,8 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;m | |||
4 | 4 | ||
5 | SRC_URI = "file://inittab" | 5 | SRC_URI = "file://inittab" |
6 | 6 | ||
7 | S = "${WORKDIR}" | 7 | S = "${WORKDIR}/sources" |
8 | UNPACKDIR = "${S}" | ||
8 | 9 | ||
9 | INHIBIT_DEFAULT_DEPS = "1" | 10 | INHIBIT_DEFAULT_DEPS = "1" |
10 | 11 | ||
@@ -14,7 +15,7 @@ do_compile() { | |||
14 | 15 | ||
15 | do_install() { | 16 | do_install() { |
16 | install -d ${D}${sysconfdir} | 17 | install -d ${D}${sysconfdir} |
17 | install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab | 18 | install -D -m 0644 ${S}/inittab ${D}${sysconfdir}/inittab |
18 | 19 | ||
19 | CONSOLES="${SERIAL_CONSOLES}" | 20 | CONSOLES="${SERIAL_CONSOLES}" |
20 | for s in $CONSOLES | 21 | for s in $CONSOLES |
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index f5d7c3f9c8..67a9111e5b 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc | |||
@@ -114,7 +114,7 @@ do_prepare_config () { | |||
114 | export KCONFIG_NOTIMESTAMP=1 | 114 | export KCONFIG_NOTIMESTAMP=1 |
115 | 115 | ||
116 | sed -e '/CONFIG_STATIC/d' \ | 116 | sed -e '/CONFIG_STATIC/d' \ |
117 | < ${WORKDIR}/defconfig > ${S}/.config | 117 | < ${UNPACKDIR}/defconfig > ${S}/.config |
118 | echo "# CONFIG_STATIC is not set" >> .config | 118 | echo "# CONFIG_STATIC is not set" >> .config |
119 | for i in 'CROSS' 'DISTRO FEATURES'; do echo "### $i"; done >> \ | 119 | for i in 'CROSS' 'DISTRO FEATURES'; do echo "### $i"; done >> \ |
120 | ${S}/.config | 120 | ${S}/.config |
@@ -280,67 +280,67 @@ do_install () { | |||
280 | fi | 280 | fi |
281 | 281 | ||
282 | if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then | 282 | if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then |
283 | install -m 0755 ${WORKDIR}/syslog ${D}${sysconfdir}/init.d/syslog | 283 | install -m 0755 ${UNPACKDIR}/syslog ${D}${sysconfdir}/init.d/syslog |
284 | install -m 644 ${WORKDIR}/syslog-startup.conf ${D}${sysconfdir}/syslog-startup.conf | 284 | install -m 644 ${UNPACKDIR}/syslog-startup.conf ${D}${sysconfdir}/syslog-startup.conf |
285 | install -m 644 ${WORKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf | 285 | install -m 644 ${UNPACKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf |
286 | fi | 286 | fi |
287 | if grep -q "CONFIG_CROND=y" ${B}/.config; then | 287 | if grep -q "CONFIG_CROND=y" ${B}/.config; then |
288 | install -m 0755 ${WORKDIR}/busybox-cron ${D}${sysconfdir}/init.d/ | 288 | install -m 0755 ${UNPACKDIR}/busybox-cron ${D}${sysconfdir}/init.d/ |
289 | fi | 289 | fi |
290 | if grep -q "CONFIG_HTTPD=y" ${B}/.config; then | 290 | if grep -q "CONFIG_HTTPD=y" ${B}/.config; then |
291 | install -m 0755 ${WORKDIR}/busybox-httpd ${D}${sysconfdir}/init.d/ | 291 | install -m 0755 ${UNPACKDIR}/busybox-httpd ${D}${sysconfdir}/init.d/ |
292 | install -d ${D}/srv/www | 292 | install -d ${D}/srv/www |
293 | fi | 293 | fi |
294 | if grep -q "CONFIG_UDHCPD=y" ${B}/.config; then | 294 | if grep -q "CONFIG_UDHCPD=y" ${B}/.config; then |
295 | install -m 0755 ${WORKDIR}/busybox-udhcpd ${D}${sysconfdir}/init.d/ | 295 | install -m 0755 ${UNPACKDIR}/busybox-udhcpd ${D}${sysconfdir}/init.d/ |
296 | fi | 296 | fi |
297 | if grep -q "CONFIG_HWCLOCK=y" ${B}/.config; then | 297 | if grep -q "CONFIG_HWCLOCK=y" ${B}/.config; then |
298 | install -m 0755 ${WORKDIR}/hwclock.sh ${D}${sysconfdir}/init.d/ | 298 | install -m 0755 ${UNPACKDIR}/hwclock.sh ${D}${sysconfdir}/init.d/ |
299 | fi | 299 | fi |
300 | if grep -q "CONFIG_UDHCPC=y" ${B}/.config; then | 300 | if grep -q "CONFIG_UDHCPC=y" ${B}/.config; then |
301 | install -d ${D}${sysconfdir}/udhcpc.d | 301 | install -d ${D}${sysconfdir}/udhcpc.d |
302 | install -d ${D}${datadir}/udhcpc | 302 | install -d ${D}${datadir}/udhcpc |
303 | install -m 0755 ${WORKDIR}/simple.script ${D}${sysconfdir}/udhcpc.d/50default | 303 | install -m 0755 ${UNPACKDIR}/simple.script ${D}${sysconfdir}/udhcpc.d/50default |
304 | sed -i "s:/SBIN_DIR/:${base_sbindir}/:" ${D}${sysconfdir}/udhcpc.d/50default | 304 | sed -i "s:/SBIN_DIR/:${base_sbindir}/:" ${D}${sysconfdir}/udhcpc.d/50default |
305 | install -m 0755 ${WORKDIR}/default.script ${D}${datadir}/udhcpc/default.script | 305 | install -m 0755 ${UNPACKDIR}/default.script ${D}${datadir}/udhcpc/default.script |
306 | fi | 306 | fi |
307 | if grep -q "CONFIG_INETD=y" ${B}/.config; then | 307 | if grep -q "CONFIG_INETD=y" ${B}/.config; then |
308 | install -m 0755 ${WORKDIR}/inetd ${D}${sysconfdir}/init.d/inetd.${BPN} | 308 | install -m 0755 ${UNPACKDIR}/inetd ${D}${sysconfdir}/init.d/inetd.${BPN} |
309 | sed -i "s:/usr/sbin/:${sbindir}/:" ${D}${sysconfdir}/init.d/inetd.${BPN} | 309 | sed -i "s:/usr/sbin/:${sbindir}/:" ${D}${sysconfdir}/init.d/inetd.${BPN} |
310 | install -m 0644 ${WORKDIR}/inetd.conf ${D}${sysconfdir}/ | 310 | install -m 0644 ${UNPACKDIR}/inetd.conf ${D}${sysconfdir}/ |
311 | fi | 311 | fi |
312 | if grep -q "CONFIG_MDEV=y" ${B}/.config; then | 312 | if grep -q "CONFIG_MDEV=y" ${B}/.config; then |
313 | install -m 0755 ${WORKDIR}/mdev ${D}${sysconfdir}/init.d/mdev | 313 | install -m 0755 ${UNPACKDIR}/mdev ${D}${sysconfdir}/init.d/mdev |
314 | if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then | 314 | if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then |
315 | install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf | 315 | install -m 644 ${UNPACKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf |
316 | install -d ${D}${sysconfdir}/mdev | 316 | install -d ${D}${sysconfdir}/mdev |
317 | install -m 0755 ${WORKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev | 317 | install -m 0755 ${UNPACKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev |
318 | install -m 0755 ${WORKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev | 318 | install -m 0755 ${UNPACKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev |
319 | fi | 319 | fi |
320 | fi | 320 | fi |
321 | if grep -q "CONFIG_INIT=y" ${B}/.config && ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','busybox','true','false',d)}; then | 321 | if grep -q "CONFIG_INIT=y" ${B}/.config && ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','busybox','true','false',d)}; then |
322 | install -D -m 0755 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS | 322 | install -D -m 0755 ${UNPACKDIR}/rcS ${D}${sysconfdir}/init.d/rcS |
323 | install -D -m 0755 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK | 323 | install -D -m 0755 ${UNPACKDIR}/rcK ${D}${sysconfdir}/init.d/rcK |
324 | install -D -m 0755 ${WORKDIR}/rcS.default ${D}${sysconfdir}/default/rcS | 324 | install -D -m 0755 ${UNPACKDIR}/rcS.default ${D}${sysconfdir}/default/rcS |
325 | fi | 325 | fi |
326 | 326 | ||
327 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | 327 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then |
328 | if grep -q "CONFIG_KLOGD=y" ${B}/.config; then | 328 | if grep -q "CONFIG_KLOGD=y" ${B}/.config; then |
329 | install -d ${D}${systemd_system_unitdir} | 329 | install -d ${D}${systemd_system_unitdir} |
330 | sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \ | 330 | sed 's,@base_sbindir@,${base_sbindir},g' < ${UNPACKDIR}/busybox-klogd.service.in \ |
331 | > ${D}${systemd_system_unitdir}/busybox-klogd.service | 331 | > ${D}${systemd_system_unitdir}/busybox-klogd.service |
332 | fi | 332 | fi |
333 | 333 | ||
334 | if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then | 334 | if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then |
335 | install -d ${D}${systemd_system_unitdir} | 335 | install -d ${D}${systemd_system_unitdir} |
336 | sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \ | 336 | sed 's,@base_sbindir@,${base_sbindir},g' < ${UNPACKDIR}/busybox-syslog.service.in \ |
337 | > ${D}${systemd_system_unitdir}/busybox-syslog.service | 337 | > ${D}${systemd_system_unitdir}/busybox-syslog.service |
338 | if [ ! -e ${D}${systemd_system_unitdir}/busybox-klogd.service ] ; then | 338 | if [ ! -e ${D}${systemd_system_unitdir}/busybox-klogd.service ] ; then |
339 | sed -i '/klog/d' ${D}${systemd_system_unitdir}/busybox-syslog.service | 339 | sed -i '/klog/d' ${D}${systemd_system_unitdir}/busybox-syslog.service |
340 | fi | 340 | fi |
341 | if [ -f ${WORKDIR}/busybox-syslog.default ] ; then | 341 | if [ -f ${UNPACKDIR}/busybox-syslog.default ] ; then |
342 | install -d ${D}${sysconfdir}/default | 342 | install -d ${D}${sysconfdir}/default |
343 | install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog | 343 | install -m 0644 ${UNPACKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog |
344 | fi | 344 | fi |
345 | fi | 345 | fi |
346 | fi | 346 | fi |
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch new file mode 100644 index 0000000000..5836cf8a00 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch | |||
@@ -0,0 +1,197 @@ | |||
1 | From dedc9380c76834ba64c8b526aef6f461ea4e7f2e Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Tue, 30 May 2023 16:42:18 +0200 | ||
4 | Subject: [PATCH 1/2] awk: fix precedence of = relative to == | ||
5 | |||
6 | Discovered while adding code to disallow assignments to non-lvalues | ||
7 | |||
8 | function old new delta | ||
9 | parse_expr 936 991 +55 | ||
10 | .rodata 105243 105247 +4 | ||
11 | ------------------------------------------------------------------------------ | ||
12 | (add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0) Total: 59 bytes | ||
13 | |||
14 | CVE: CVE-2023-42364 CVE-2023-42365 | ||
15 | |||
16 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4] | ||
17 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
18 | (cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4) | ||
19 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
20 | --- | ||
21 | editors/awk.c | 66 ++++++++++++++++++++++++++++++--------------- | ||
22 | testsuite/awk.tests | 5 ++++ | ||
23 | 2 files changed, 50 insertions(+), 21 deletions(-) | ||
24 | |||
25 | diff --git a/editors/awk.c b/editors/awk.c | ||
26 | index ec9301e..aff86fe 100644 | ||
27 | --- a/editors/awk.c | ||
28 | +++ b/editors/awk.c | ||
29 | @@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n) | ||
30 | #undef P | ||
31 | #undef PRIMASK | ||
32 | #undef PRIMASK2 | ||
33 | -#define P(x) (x << 24) | ||
34 | +/* Smaller 'x' means _higher_ operator precedence */ | ||
35 | +#define PRECEDENCE(x) (x << 24) | ||
36 | +#define P(x) PRECEDENCE(x) | ||
37 | #define PRIMASK 0x7F000000 | ||
38 | #define PRIMASK2 0x7E000000 | ||
39 | |||
40 | @@ -360,7 +362,7 @@ enum { | ||
41 | OC_MOVE = 0x1f00, OC_PGETLINE = 0x2000, OC_REGEXP = 0x2100, | ||
42 | OC_REPLACE = 0x2200, OC_RETURN = 0x2300, OC_SPRINTF = 0x2400, | ||
43 | OC_TERNARY = 0x2500, OC_UNARY = 0x2600, OC_VAR = 0x2700, | ||
44 | - OC_DONE = 0x2800, | ||
45 | + OC_CONST = 0x2800, OC_DONE = 0x2900, | ||
46 | |||
47 | ST_IF = 0x3000, ST_DO = 0x3100, ST_FOR = 0x3200, | ||
48 | ST_WHILE = 0x3300 | ||
49 | @@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = { | ||
50 | #define TI_PREINC (OC_UNARY|xV|P(9)|'P') | ||
51 | #define TI_PREDEC (OC_UNARY|xV|P(9)|'M') | ||
52 | TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5), | ||
53 | - OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(74), OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-', | ||
54 | - OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&', | ||
55 | - OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&', | ||
56 | + OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-', | ||
57 | + OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&', | ||
58 | + OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&', | ||
59 | OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*', | ||
60 | OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1, | ||
61 | #define TI_LESS (OC_COMPARE|VV|P(39)|2) | ||
62 | @@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected) | ||
63 | save_tclass = tc; | ||
64 | save_info = t_info; | ||
65 | tc = TC_BINOPX; | ||
66 | - t_info = OC_CONCAT | SS | P(35); | ||
67 | + t_info = OC_CONCAT | SS | PRECEDENCE(35); | ||
68 | } | ||
69 | |||
70 | t_tclass = tc; | ||
71 | @@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc) | ||
72 | { | ||
73 | node sn; | ||
74 | node *cn = &sn; | ||
75 | - node *vn, *glptr; | ||
76 | + node *glptr; | ||
77 | uint32_t tc, expected_tc; | ||
78 | - var *v; | ||
79 | |||
80 | debug_printf_parse("%s() term_tc(%x):", __func__, term_tc); | ||
81 | debug_parse_print_tc(term_tc); | ||
82 | @@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc) | ||
83 | expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc; | ||
84 | |||
85 | while (!((tc = next_token(expected_tc)) & term_tc)) { | ||
86 | + node *vn; | ||
87 | |||
88 | if (glptr && (t_info == TI_LESS)) { | ||
89 | /* input redirection (<) attached to glptr node */ | ||
90 | debug_printf_parse("%s: input redir\n", __func__); | ||
91 | - cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37)); | ||
92 | + cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37)); | ||
93 | cn->a.n = glptr; | ||
94 | expected_tc = TS_OPERAND | TS_UOPPRE; | ||
95 | glptr = NULL; | ||
96 | @@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc) | ||
97 | * previous operators with higher priority */ | ||
98 | vn = cn; | ||
99 | while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2)) | ||
100 | - || ((t_info == vn->info) && t_info == TI_COLON) | ||
101 | + || (t_info == vn->info && t_info == TI_COLON) | ||
102 | ) { | ||
103 | vn = vn->a.n; | ||
104 | if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN); | ||
105 | } | ||
106 | if (t_info == TI_TERNARY) | ||
107 | //TODO: why? | ||
108 | - t_info += P(6); | ||
109 | + t_info += PRECEDENCE(6); | ||
110 | cn = vn->a.n->r.n = new_node(t_info); | ||
111 | cn->a.n = vn->a.n; | ||
112 | if (tc & TS_BINOP) { | ||
113 | cn->l.n = vn; | ||
114 | -//FIXME: this is the place to detect and reject assignments to non-lvalues. | ||
115 | -//Currently we allow "assignments" to consts and temporaries, nonsense like this: | ||
116 | -// awk 'BEGIN { "qwe" = 1 }' | ||
117 | -// awk 'BEGIN { 7 *= 7 }' | ||
118 | -// awk 'BEGIN { length("qwe") = 1 }' | ||
119 | -// awk 'BEGIN { (1+1) += 3 }' | ||
120 | + | ||
121 | + /* Prevent: | ||
122 | + * awk 'BEGIN { "qwe" = 1 }' | ||
123 | + * awk 'BEGIN { 7 *= 7 }' | ||
124 | + * awk 'BEGIN { length("qwe") = 1 }' | ||
125 | + * awk 'BEGIN { (1+1) += 3 }' | ||
126 | + */ | ||
127 | + /* Assignment? (including *= and friends) */ | ||
128 | + if (((t_info & OPCLSMASK) == OC_MOVE) | ||
129 | + || ((t_info & OPCLSMASK) == OC_REPLACE) | ||
130 | + ) { | ||
131 | + debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info); | ||
132 | + /* Left side is a (variable or array element) | ||
133 | + * or function argument | ||
134 | + * or $FIELD ? | ||
135 | + */ | ||
136 | + if ((vn->info & OPCLSMASK) != OC_VAR | ||
137 | + && (vn->info & OPCLSMASK) != OC_FNARG | ||
138 | + && (vn->info & OPCLSMASK) != OC_FIELD | ||
139 | + ) { | ||
140 | + syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */ | ||
141 | + } | ||
142 | + } | ||
143 | + | ||
144 | expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP; | ||
145 | if (t_info == TI_PGETLINE) { | ||
146 | /* it's a pipe */ | ||
147 | @@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc) | ||
148 | /* one should be very careful with switch on tclass - | ||
149 | * only simple tclasses should be used (TC_xyz, not TS_xyz) */ | ||
150 | switch (tc) { | ||
151 | + var *v; | ||
152 | + | ||
153 | case TC_VARIABLE: | ||
154 | case TC_ARRAY: | ||
155 | debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__); | ||
156 | @@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc) | ||
157 | case TC_NUMBER: | ||
158 | case TC_STRING: | ||
159 | debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__); | ||
160 | - cn->info = OC_VAR; | ||
161 | + cn->info = OC_CONST; | ||
162 | v = cn->l.v = xzalloc(sizeof(var)); | ||
163 | - if (tc & TC_NUMBER) | ||
164 | + if (tc & TC_NUMBER) { | ||
165 | setvar_i(v, t_double); | ||
166 | - else { | ||
167 | + } else { | ||
168 | setvar_s(v, t_string); | ||
169 | - expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */ | ||
170 | } | ||
171 | + expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */ | ||
172 | break; | ||
173 | |||
174 | case TC_REGEXP: | ||
175 | @@ -3107,6 +3129,8 @@ static var *evaluate(node *op, var *res) | ||
176 | |||
177 | /* -- recursive node type -- */ | ||
178 | |||
179 | + case XC( OC_CONST ): | ||
180 | + debug_printf_eval("CONST "); | ||
181 | case XC( OC_VAR ): | ||
182 | debug_printf_eval("VAR\n"); | ||
183 | L.v = op->l.v; | ||
184 | diff --git a/testsuite/awk.tests b/testsuite/awk.tests | ||
185 | index ddc5104..a78fdcd 100755 | ||
186 | --- a/testsuite/awk.tests | ||
187 | +++ b/testsuite/awk.tests | ||
188 | @@ -540,4 +540,9 @@ testing 'awk assign while assign' \ | ||
189 | │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] | ||
190 | └────────────────────────────────────────────────────┘^C" | ||
191 | |||
192 | +testing "awk = has higher precedence than == (despite what gawk manpage claims)" \ | ||
193 | + "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \ | ||
194 | + '0\n1\n2\n1\n3\n' \ | ||
195 | + '' '' | ||
196 | + | ||
197 | exit $FAILCOUNT | ||
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch new file mode 100644 index 0000000000..3f6145b250 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-segfault-when-compiled-by-clang.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From e1a68741067167dc4837e0a26d3d5c318a631fc7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ron Yorston <rmy@pobox.com> | ||
3 | Date: Fri, 19 Jan 2024 15:41:17 +0000 | ||
4 | Subject: [PATCH] awk: fix segfault when compiled by clang | ||
5 | |||
6 | A 32-bit build of BusyBox using clang segfaulted in the test | ||
7 | "awk assign while assign". Specifically, on line 7 of the test | ||
8 | input where the adjustment of the L.v pointer when the Fields | ||
9 | array was reallocated | ||
10 | |||
11 | L.v += Fields - old_Fields_ptr; | ||
12 | |||
13 | was out by 4 bytes. | ||
14 | |||
15 | Rearrange to code so both gcc and clang generate code that works. | ||
16 | |||
17 | Signed-off-by: Ron Yorston <rmy@pobox.com> | ||
18 | Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> | ||
19 | |||
20 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae] | ||
21 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
22 | --- | ||
23 | editors/awk.c | 2 +- | ||
24 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
25 | |||
26 | diff --git a/editors/awk.c b/editors/awk.c | ||
27 | index aa485c782..0981c6735 100644 | ||
28 | --- a/editors/awk.c | ||
29 | +++ b/editors/awk.c | ||
30 | @@ -2935,7 +2935,7 @@ static var *evaluate(node *op, var *res) | ||
31 | if (old_Fields_ptr) { | ||
32 | //if (old_Fields_ptr != Fields) | ||
33 | // debug_printf_eval("L.v moved\n"); | ||
34 | - L.v += Fields - old_Fields_ptr; | ||
35 | + L.v = Fields + (L.v - old_Fields_ptr); | ||
36 | } | ||
37 | if (opinfo & OF_STR2) { | ||
38 | R.s = getvar_s(R.v); | ||
39 | -- | ||
40 | 2.30.2 | ||
41 | |||
diff --git a/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch new file mode 100644 index 0000000000..282c2fde5a --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk.c-fix-CVE-2023-42366-bug-15874.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 8542236894a8d5f7393327117bc7f64787444efc Mon Sep 17 00:00:00 2001 | ||
2 | From: Valery Ushakov <uwe@stderr.spb.ru> | ||
3 | Date: Wed, 24 Jan 2024 22:24:41 +0300 | ||
4 | Subject: [PATCH] awk.c: fix CVE-2023-42366 (bug #15874) | ||
5 | |||
6 | Make sure we don't read past the end of the string in next_token() | ||
7 | when backslash is the last character in an (invalid) regexp. | ||
8 | a fix and issue reported in bugzilla | ||
9 | |||
10 | https://bugs.busybox.net/show_bug.cgi?id=15874 | ||
11 | |||
12 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html] | ||
13 | |||
14 | CVE: CVE-2023-42366 | ||
15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
16 | --- | ||
17 | editors/awk.c | 6 ++++-- | ||
18 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/editors/awk.c b/editors/awk.c | ||
21 | index f320d8c..a53b193 100644 | ||
22 | --- a/editors/awk.c | ||
23 | +++ b/editors/awk.c | ||
24 | @@ -1168,9 +1168,11 @@ static uint32_t next_token(uint32_t expected) | ||
25 | s[-1] = bb_process_escape_sequence((const char **)&pp); | ||
26 | if (*p == '\\') | ||
27 | *s++ = '\\'; | ||
28 | - if (pp == p) | ||
29 | + if (pp == p) { | ||
30 | + if (*p == '\0') | ||
31 | + syntax_error(EMSG_UNEXP_EOS); | ||
32 | *s++ = *p++; | ||
33 | - else | ||
34 | + } else | ||
35 | p = pp; | ||
36 | } | ||
37 | } | ||
diff --git a/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch new file mode 100644 index 0000000000..a0a8607b23 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 199606e960942c29fd8085be812edd3d3697825c Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin McAllister <colinmca242@gmail.com> | ||
3 | Date: Wed, 17 Jul 2024 07:58:52 -0500 | ||
4 | Subject: [PATCH 1/1] cut: Fix "-s" flag to omit blank lines | ||
5 | |||
6 | Using cut with the delimiter flag ("-d") with the "-s" flag to only | ||
7 | output lines containing the delimiter will print blank lines. This is | ||
8 | deviant behavior from cut provided by GNU Coreutils. Blank lines should | ||
9 | be omitted if "-s" is used with "-d". | ||
10 | |||
11 | This change introduces a somewhat naiive, yet efficient solution, where | ||
12 | line length is checked before looping though bytes. If line length is | ||
13 | zero and the "-s" flag is used, the code will jump to parsing the next | ||
14 | line to avoid printing a newline character. | ||
15 | |||
16 | In addition, a test to cut.tests has been added to ensure that this | ||
17 | regression is fixed and will not happen again in the future. | ||
18 | |||
19 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-July/090834.html] | ||
20 | |||
21 | Signed-off-by: Colin McAllister <colinmca242@gmail.com> | ||
22 | --- | ||
23 | coreutils/cut.c | 6 ++++++ | ||
24 | testsuite/cut.tests | 9 +++++++++ | ||
25 | 2 files changed, 15 insertions(+) | ||
26 | |||
27 | diff --git a/coreutils/cut.c b/coreutils/cut.c | ||
28 | index 55bdd9386..b7f986f26 100644 | ||
29 | --- a/coreutils/cut.c | ||
30 | +++ b/coreutils/cut.c | ||
31 | @@ -152,6 +152,12 @@ static void cut_file(FILE *file, const char *delim, const char *odelim, | ||
32 | unsigned uu = 0, start = 0, end = 0, out = 0; | ||
33 | int dcount = 0; | ||
34 | |||
35 | + /* Blank line? */ | ||
36 | + if (!linelen) { | ||
37 | + if (option_mask32 & CUT_OPT_SUPPRESS_FLGS) | ||
38 | + goto next_line; | ||
39 | + } | ||
40 | + | ||
41 | /* Loop through bytes, finding next delimiter */ | ||
42 | for (;;) { | ||
43 | /* End of current range? */ | ||
44 | diff --git a/testsuite/cut.tests b/testsuite/cut.tests | ||
45 | index 2458c019c..0b401bc00 100755 | ||
46 | --- a/testsuite/cut.tests | ||
47 | +++ b/testsuite/cut.tests | ||
48 | @@ -65,6 +65,15 @@ testing "cut with -d -f( ) -s" "cut -d' ' -f3 -s input && echo yes" "yes\n" "$in | ||
49 | testing "cut with -d -f(a) -s" "cut -da -f3 -s input" "n\nsium:Jim\n\ncion:Ed\n" "$input" "" | ||
50 | testing "cut with -d -f(a) -s -n" "cut -da -f3 -s -n input" "n\nsium:Jim\n\ncion:Ed\n" "$input" "" | ||
51 | |||
52 | +input="\ | ||
53 | + | ||
54 | +foo bar baz | ||
55 | + | ||
56 | +bing bong boop | ||
57 | + | ||
58 | +" | ||
59 | +testing "cut with -d -s omits blank lines" "cut -d' ' -f2 -s input" "bar\nbong\n" "$input" "" | ||
60 | + | ||
61 | # substitute for awk | ||
62 | optional FEATURE_CUT_REGEX | ||
63 | testing "cut -DF" "cut -DF 2,7,5" \ | ||
64 | -- | ||
65 | 2.43.0 | ||
66 | |||
diff --git a/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch new file mode 100644 index 0000000000..ea3c84897b --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch | |||
@@ -0,0 +1,96 @@ | |||
1 | From c3bfdac8e0e9a21d524ad72036953f68d2193e52 Mon Sep 17 00:00:00 2001 | ||
2 | From: Natanael Copa <ncopa@alpinelinux.org> | ||
3 | Date: Tue, 21 May 2024 14:46:08 +0200 | ||
4 | Subject: [PATCH 2/2] awk: fix ternary operator and precedence of = | ||
5 | |||
6 | Adjust the = precedence test to match behavior of gawk, mawk and | ||
7 | FreeBSD. awk 'BEGIN {print v=3==3; print v}' should print two '1'. | ||
8 | |||
9 | To fix this, and to unbreak the ternary conditional operator, we restore | ||
10 | the precedence of = in the token list, but override this with a lower | ||
11 | priority when the assignment is on the right side of a compare. | ||
12 | |||
13 | This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1] | ||
14 | |||
15 | CVE: CVE-2023-42364 CVE-2023-42365 | ||
16 | |||
17 | Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html] | ||
18 | |||
19 | [1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6 | ||
20 | |||
21 | Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> | ||
22 | (cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95) | ||
23 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
24 | --- | ||
25 | editors/awk.c | 18 ++++++++++++++---- | ||
26 | testsuite/awk.tests | 9 +++++++-- | ||
27 | 2 files changed, 21 insertions(+), 6 deletions(-) | ||
28 | |||
29 | diff --git a/editors/awk.c b/editors/awk.c | ||
30 | index aff86fe..f320d8c 100644 | ||
31 | --- a/editors/awk.c | ||
32 | +++ b/editors/awk.c | ||
33 | @@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = { | ||
34 | #define TI_PREINC (OC_UNARY|xV|P(9)|'P') | ||
35 | #define TI_PREDEC (OC_UNARY|xV|P(9)|'M') | ||
36 | TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5), | ||
37 | - OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(38), OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-', | ||
38 | - OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&', | ||
39 | - OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&', | ||
40 | +#define TI_ASSIGN (OC_MOVE|VV|P(74)) | ||
41 | + OC_COMPARE|VV|P(39)|5, TI_ASSIGN, OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-', | ||
42 | + OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&', | ||
43 | + OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&', | ||
44 | OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*', | ||
45 | OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1, | ||
46 | #define TI_LESS (OC_COMPARE|VV|P(39)|2) | ||
47 | @@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc) | ||
48 | continue; | ||
49 | } | ||
50 | if (tc & (TS_BINOP | TC_UOPPOST)) { | ||
51 | + int prio; | ||
52 | debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc); | ||
53 | /* for binary and postfix-unary operators, jump back over | ||
54 | * previous operators with higher priority */ | ||
55 | vn = cn; | ||
56 | - while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2)) | ||
57 | + /* Let assignment get higher priority when used on right | ||
58 | + * side in compare. i.e: 2==v=3 */ | ||
59 | + if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) { | ||
60 | + prio = PRECEDENCE(38); | ||
61 | + } else { | ||
62 | + prio = (t_info & PRIMASK); | ||
63 | + } | ||
64 | + while ((prio > (vn->a.n->info & PRIMASK2)) | ||
65 | || (t_info == vn->info && t_info == TI_COLON) | ||
66 | ) { | ||
67 | vn = vn->a.n; | ||
68 | @@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc) | ||
69 | if ((vn->info & OPCLSMASK) != OC_VAR | ||
70 | && (vn->info & OPCLSMASK) != OC_FNARG | ||
71 | && (vn->info & OPCLSMASK) != OC_FIELD | ||
72 | + && (vn->info & OPCLSMASK) != OC_COMPARE | ||
73 | ) { | ||
74 | syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */ | ||
75 | } | ||
76 | diff --git a/testsuite/awk.tests b/testsuite/awk.tests | ||
77 | index a78fdcd..d2706de 100755 | ||
78 | --- a/testsuite/awk.tests | ||
79 | +++ b/testsuite/awk.tests | ||
80 | @@ -540,9 +540,14 @@ testing 'awk assign while assign' \ | ||
81 | │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] | ||
82 | └────────────────────────────────────────────────────┘^C" | ||
83 | |||
84 | -testing "awk = has higher precedence than == (despite what gawk manpage claims)" \ | ||
85 | +testing "awk = has higher precedence than == on right side" \ | ||
86 | "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \ | ||
87 | - '0\n1\n2\n1\n3\n' \ | ||
88 | + '0\n1\n2\n1\n1\n' \ | ||
89 | + '' '' | ||
90 | + | ||
91 | +testing 'awk ternary precedence' \ | ||
92 | + "awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \ | ||
93 | + 'no\n' \ | ||
94 | '' '' | ||
95 | |||
96 | exit $FAILCOUNT | ||
diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch new file mode 100644 index 0000000000..3baef86415 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch | |||
@@ -0,0 +1,151 @@ | |||
1 | From 5dcc443dba039b305a510c01883e9f34e42656ae Mon Sep 17 00:00:00 2001 | ||
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Fri, 26 May 2023 19:36:58 +0200 | ||
4 | Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601 | ||
5 | |||
6 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
7 | |||
8 | CVE: CVE-2021-42380 | ||
9 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae] | ||
10 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
11 | --- | ||
12 | editors/awk.c | 26 ++++++++++++++++----- | ||
13 | testsuite/awk.tests | 55 +++++++++++++++++++++++++++++++++++++++++++++ | ||
14 | 2 files changed, 75 insertions(+), 6 deletions(-) | ||
15 | |||
16 | diff --git a/editors/awk.c b/editors/awk.c | ||
17 | index 728ee8685..2af823808 100644 | ||
18 | --- a/editors/awk.c | ||
19 | +++ b/editors/awk.c | ||
20 | @@ -555,7 +555,7 @@ struct globals { | ||
21 | const char *g_progname; | ||
22 | int g_lineno; | ||
23 | int nfields; | ||
24 | - int maxfields; /* used in fsrealloc() only */ | ||
25 | + unsigned maxfields; | ||
26 | var *Fields; | ||
27 | char *g_pos; | ||
28 | char g_saved_ch; | ||
29 | @@ -1931,9 +1931,9 @@ static void fsrealloc(int size) | ||
30 | { | ||
31 | int i, newsize; | ||
32 | |||
33 | - if (size >= maxfields) { | ||
34 | - /* Sanity cap, easier than catering for overflows */ | ||
35 | - if (size > 0xffffff) | ||
36 | + if ((unsigned)size >= maxfields) { | ||
37 | + /* Sanity cap, easier than catering for over/underflows */ | ||
38 | + if ((unsigned)size > 0xffffff) | ||
39 | bb_die_memory_exhausted(); | ||
40 | |||
41 | i = maxfields; | ||
42 | @@ -2891,6 +2891,7 @@ static var *evaluate(node *op, var *res) | ||
43 | uint32_t opinfo; | ||
44 | int opn; | ||
45 | node *op1; | ||
46 | + var *old_Fields_ptr; | ||
47 | |||
48 | opinfo = op->info; | ||
49 | opn = (opinfo & OPNMASK); | ||
50 | @@ -2899,10 +2900,16 @@ static var *evaluate(node *op, var *res) | ||
51 | debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn); | ||
52 | |||
53 | /* execute inevitable things */ | ||
54 | + old_Fields_ptr = NULL; | ||
55 | if (opinfo & OF_RES1) { | ||
56 | if ((opinfo & OF_REQUIRED) && !op1) | ||
57 | syntax_error(EMSG_TOO_FEW_ARGS); | ||
58 | L.v = evaluate(op1, TMPVAR0); | ||
59 | + /* Does L.v point to $n variable? */ | ||
60 | + if ((size_t)(L.v - Fields) < maxfields) { | ||
61 | + /* yes, remember where Fields[] is */ | ||
62 | + old_Fields_ptr = Fields; | ||
63 | + } | ||
64 | if (opinfo & OF_STR1) { | ||
65 | L.s = getvar_s(L.v); | ||
66 | debug_printf_eval("L.s:'%s'\n", L.s); | ||
67 | @@ -2921,8 +2928,15 @@ static var *evaluate(node *op, var *res) | ||
68 | */ | ||
69 | if (opinfo & OF_RES2) { | ||
70 | R.v = evaluate(op->r.n, TMPVAR1); | ||
71 | - //TODO: L.v may be invalid now, set L.v to NULL to catch bugs? | ||
72 | - //L.v = NULL; | ||
73 | + /* Seen in $5=$$5=$0: | ||
74 | + * Evaluation of R.v ($$5=$0 expression) | ||
75 | + * made L.v ($5) invalid. It's detected here. | ||
76 | + */ | ||
77 | + if (old_Fields_ptr) { | ||
78 | + //if (old_Fields_ptr != Fields) | ||
79 | + // debug_printf_eval("L.v moved\n"); | ||
80 | + L.v += Fields - old_Fields_ptr; | ||
81 | + } | ||
82 | if (opinfo & OF_STR2) { | ||
83 | R.s = getvar_s(R.v); | ||
84 | debug_printf_eval("R.s:'%s'\n", R.s); | ||
85 | diff --git a/testsuite/awk.tests b/testsuite/awk.tests | ||
86 | index bbf0fbff1..ddc51047b 100755 | ||
87 | --- a/testsuite/awk.tests | ||
88 | +++ b/testsuite/awk.tests | ||
89 | @@ -485,4 +485,59 @@ testing 'awk assign while test' \ | ||
90 | "" \ | ||
91 | "foo" | ||
92 | |||
93 | +# User-supplied bug (SEGV) example, was causing use-after-realloc | ||
94 | +testing 'awk assign while assign' \ | ||
95 | + "awk '\$5=\$\$5=\$0'; echo \$?" \ | ||
96 | + "\ | ||
97 | +─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐ | ||
98 | +│ run time : │ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ | ||
99 | +│ last new find │ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ | ||
100 | +│last saved crash : │last saved crash : none seen yet │saved crashes : 0 │ seen yet │saved crashes : 0 │ | ||
101 | +│ last saved hang │ last saved hang : none seen yet │ saved hangs : 0 │ none seen yet │ saved hangs : 0 │ | ||
102 | +├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤ | ||
103 | +│ now processing : │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ (88.5%) │ map density : 0.30% / 0.52% │ │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ | ||
104 | +│ runs timed out │ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │ | ||
105 | +├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤ | ||
106 | +│ now trying : │ now trying : havoc │ favored items : 43 (20.67%) │ │ favored items : 43 (20.67%) │ | ||
107 | +│ stage execs : │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ 52 (25.00%) │ | ||
108 | +│ total execs : │ total execs : 179k │ total crashes : 0 (0 saved) │ │ total crashes : 0 (0 saved) │ │ total execs : 179k │ total crashes : 0 (0 saved) │ | ||
109 | +│ exec speed : │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ │ total tmouts : 0 (0 saved) │ │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ | ||
110 | +├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤ | ||
111 | +│ bit flips : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ 4/638, 5/618 │ levels : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ │ | ||
112 | +│ byte flips : │ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ 0/71, 0/52 │ pending : 199 │ | ||
113 | +│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ 0/0 │ pend fav : 35 │ | ||
114 | +│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ known ints : │ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ 0/1986, 0/2288 │ own finds : 207 │ | ||
115 | +│ dictionary : 0/0, │ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ 0/0, 0/0 │ imported : 0 │ | ||
116 | +│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ stability : 100.00% │ | ||
117 | +│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ unused ├───────────────────────┘ | ||
118 | +│ trim/eff : 57.02%/26, │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] │ [cpu000:100%] | ||
119 | +└────────────────────────────────────────────────────┘^C └────────────────────────────────────────────────────┘^C | ||
120 | +0 | ||
121 | +" \ | ||
122 | + "" \ | ||
123 | + "\ | ||
124 | +─ process timing ────────────────────────────────────┬─ overall results ────┐ | ||
125 | +│ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ | ||
126 | +│ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ | ||
127 | +│last saved crash : none seen yet │saved crashes : 0 │ | ||
128 | +│ last saved hang : none seen yet │ saved hangs : 0 │ | ||
129 | +├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ | ||
130 | +│ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ | ||
131 | +│ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ | ||
132 | +├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ | ||
133 | +│ now trying : havoc │ favored items : 43 (20.67%) │ | ||
134 | +│ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ | ||
135 | +│ total execs : 179k │ total crashes : 0 (0 saved) │ | ||
136 | +│ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ | ||
137 | +├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ | ||
138 | +│ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ | ||
139 | +│ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ | ||
140 | +│ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ | ||
141 | +│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ | ||
142 | +│ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ | ||
143 | +│havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ | ||
144 | +│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ | ||
145 | +│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] | ||
146 | +└────────────────────────────────────────────────────┘^C" | ||
147 | + | ||
148 | exit $FAILCOUNT | ||
149 | -- | ||
150 | 2.30.2 | ||
151 | |||
diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch new file mode 100644 index 0000000000..379f6f83b1 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa Mon Sep 17 00:00:00 2001 | ||
2 | From: Natanael Copa <ncopa@alpinelinux.org> | ||
3 | Date: Mon, 20 May 2024 17:55:28 +0200 | ||
4 | Subject: [PATCH] awk: fix use after free (CVE-2023-42363) | ||
5 | |||
6 | function old new delta | ||
7 | evaluate 3377 3385 +8 | ||
8 | |||
9 | Fixes https://bugs.busybox.net/show_bug.cgi?id=15865 | ||
10 | |||
11 | Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> | ||
12 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
13 | |||
14 | CVE: CVE-2023-42363 | ||
15 | Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa] | ||
16 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
17 | --- | ||
18 | editors/awk.c | 21 +++++++++++++-------- | ||
19 | 1 file changed, 13 insertions(+), 8 deletions(-) | ||
20 | |||
21 | diff --git a/editors/awk.c b/editors/awk.c | ||
22 | index 0981c6735..ff6d6350b 100644 | ||
23 | --- a/editors/awk.c | ||
24 | +++ b/editors/awk.c | ||
25 | @@ -2910,19 +2910,14 @@ static var *evaluate(node *op, var *res) | ||
26 | /* yes, remember where Fields[] is */ | ||
27 | old_Fields_ptr = Fields; | ||
28 | } | ||
29 | - if (opinfo & OF_STR1) { | ||
30 | - L.s = getvar_s(L.v); | ||
31 | - debug_printf_eval("L.s:'%s'\n", L.s); | ||
32 | - } | ||
33 | if (opinfo & OF_NUM1) { | ||
34 | L_d = getvar_i(L.v); | ||
35 | debug_printf_eval("L_d:%f\n", L_d); | ||
36 | } | ||
37 | } | ||
38 | - /* NB: Must get string/numeric values of L (done above) | ||
39 | - * _before_ evaluate()'ing R.v: if both L and R are $NNNs, | ||
40 | - * and right one is large, then L.v points to Fields[NNN1], | ||
41 | - * second evaluate() reallocates and moves (!) Fields[], | ||
42 | + /* NB: if both L and R are $NNNs, and right one is large, | ||
43 | + * then at this pint L.v points to Fields[NNN1], second | ||
44 | + * evaluate() below reallocates and moves (!) Fields[], | ||
45 | * R.v points to Fields[NNN2] but L.v now points to freed mem! | ||
46 | * (Seen trying to evaluate "$444 $44444") | ||
47 | */ | ||
48 | @@ -2942,6 +2937,16 @@ static var *evaluate(node *op, var *res) | ||
49 | debug_printf_eval("R.s:'%s'\n", R.s); | ||
50 | } | ||
51 | } | ||
52 | + /* Get L.s _after_ R.v is evaluated: it may have realloc'd L.v | ||
53 | + * so we must get the string after "old_Fields_ptr" correction | ||
54 | + * above. Testcase: x = (v = "abc", gsub("b", "X", v)); | ||
55 | + */ | ||
56 | + if (opinfo & OF_RES1) { | ||
57 | + if (opinfo & OF_STR1) { | ||
58 | + L.s = getvar_s(L.v); | ||
59 | + debug_printf_eval("L.s:'%s'\n", L.s); | ||
60 | + } | ||
61 | + } | ||
62 | |||
63 | debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK)); | ||
64 | switch (XC(opinfo & OPCLSMASK)) { | ||
65 | -- | ||
66 | 2.30.2 | ||
67 | |||
diff --git a/meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch b/meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch new file mode 100644 index 0000000000..80cbc73fc4 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/busybox-1.36.1-no-cbq.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | Remove CBQ functionality from tc | ||
2 | |||
3 | 6.8+ kernel has dropped CBQ support [1], Now that OE uses 6.9 for | ||
4 | kernel-headers means we are hitting the undefined symbol | ||
5 | TCA_CBQ_MAX [2] | ||
6 | |||
7 | [1] https://github.com/torvalds/linux/commit/33241dca486264193ed68167c8eeae1fb197f3df | ||
8 | [2] https://bugs.busybox.net/show_bug.cgi?id=15934 | ||
9 | |||
10 | Upstream-Status: Submitted [https://bugs.busybox.net/show_bug.cgi?id=15931] | ||
11 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
12 | |||
13 | diff -up busybox-1.36.1/networking/tc.c.no-cbq busybox-1.36.1/networking/tc.c | ||
14 | --- busybox-1.36.1/networking/tc.c.no-cbq 2024-01-29 10:24:09.135082923 -0500 | ||
15 | +++ busybox-1.36.1/networking/tc.c 2024-01-29 10:28:12.009502552 -0500 | ||
16 | @@ -31,7 +31,7 @@ | ||
17 | //usage: "qdisc [handle QHANDLE] [root|"IF_FEATURE_TC_INGRESS("ingress|")"parent CLASSID]\n" | ||
18 | /* //usage: "[estimator INTERVAL TIME_CONSTANT]\n" */ | ||
19 | //usage: " [[QDISC_KIND] [help|OPTIONS]]\n" | ||
20 | -//usage: " QDISC_KIND := [p|b]fifo|tbf|prio|cbq|red|etc.\n" | ||
21 | +//usage: " QDISC_KIND := [p|b]fifo|tbf|prio|red|etc.\n" | ||
22 | //usage: "qdisc show [dev STRING]"IF_FEATURE_TC_INGRESS(" [ingress]")"\n" | ||
23 | //usage: "class [classid CLASSID] [root|parent CLASSID]\n" | ||
24 | //usage: " [[QDISC_KIND] [help|OPTIONS] ]\n" | ||
25 | @@ -230,7 +230,7 @@ static int cbq_parse_opt(int argc, char | ||
26 | { | ||
27 | return 0; | ||
28 | } | ||
29 | -#endif | ||
30 | + | ||
31 | static int cbq_print_opt(struct rtattr *opt) | ||
32 | { | ||
33 | struct rtattr *tb[TCA_CBQ_MAX+1]; | ||
34 | @@ -322,6 +322,7 @@ static int cbq_print_opt(struct rtattr * | ||
35 | done: | ||
36 | return 0; | ||
37 | } | ||
38 | +#endif | ||
39 | |||
40 | static FAST_FUNC int print_qdisc( | ||
41 | const struct sockaddr_nl *who UNUSED_PARAM, | ||
42 | @@ -373,7 +374,8 @@ static FAST_FUNC int print_qdisc( | ||
43 | if (qqq == 0) { /* pfifo_fast aka prio */ | ||
44 | prio_print_opt(tb[TCA_OPTIONS]); | ||
45 | } else if (qqq == 1) { /* class based queuing */ | ||
46 | - cbq_print_opt(tb[TCA_OPTIONS]); | ||
47 | + /* cbq_print_opt(tb[TCA_OPTIONS]); */ | ||
48 | + printf("cbq not supported"); | ||
49 | } else { | ||
50 | /* don't know how to print options for this qdisc */ | ||
51 | printf("(options for %s)", name); | ||
52 | @@ -444,7 +446,8 @@ static FAST_FUNC int print_class( | ||
53 | /* nothing. */ /*prio_print_opt(tb[TCA_OPTIONS]);*/ | ||
54 | } else if (qqq == 1) { /* class based queuing */ | ||
55 | /* cbq_print_copt() is identical to cbq_print_opt(). */ | ||
56 | - cbq_print_opt(tb[TCA_OPTIONS]); | ||
57 | + /* cbq_print_opt(tb[TCA_OPTIONS]); */ | ||
58 | + printf("cbq not supported"); | ||
59 | } else { | ||
60 | /* don't know how to print options for this class */ | ||
61 | printf("(options for %s)", name); | ||
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig index f3d545dc3f..8e3b6e480c 100644 --- a/meta/recipes-core/busybox/busybox/defconfig +++ b/meta/recipes-core/busybox/busybox/defconfig | |||
@@ -983,7 +983,7 @@ CONFIG_FEATURE_TFTP_GET=y | |||
983 | CONFIG_FEATURE_TFTP_PUT=y | 983 | CONFIG_FEATURE_TFTP_PUT=y |
984 | # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set | 984 | # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set |
985 | # CONFIG_TFTP_DEBUG is not set | 985 | # CONFIG_TFTP_DEBUG is not set |
986 | CONFIG_TLS=y | 986 | # CONFIG_TLS is not set |
987 | CONFIG_TRACEROUTE=y | 987 | CONFIG_TRACEROUTE=y |
988 | # CONFIG_TRACEROUTE6 is not set | 988 | # CONFIG_TRACEROUTE6 is not set |
989 | # CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set | 989 | # CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set |
@@ -997,8 +997,8 @@ CONFIG_FEATURE_WGET_STATUSBAR=y | |||
997 | CONFIG_FEATURE_WGET_FTP=y | 997 | CONFIG_FEATURE_WGET_FTP=y |
998 | CONFIG_FEATURE_WGET_AUTHENTICATION=y | 998 | CONFIG_FEATURE_WGET_AUTHENTICATION=y |
999 | CONFIG_FEATURE_WGET_TIMEOUT=y | 999 | CONFIG_FEATURE_WGET_TIMEOUT=y |
1000 | CONFIG_FEATURE_WGET_HTTPS=y | 1000 | # CONFIG_FEATURE_WGET_HTTPS is not set |
1001 | # CONFIG_FEATURE_WGET_OPENSSL is not set | 1001 | CONFIG_FEATURE_WGET_OPENSSL=y |
1002 | # CONFIG_WHOIS is not set | 1002 | # CONFIG_WHOIS is not set |
1003 | # CONFIG_ZCIP is not set | 1003 | # CONFIG_ZCIP is not set |
1004 | CONFIG_UDHCPD=y | 1004 | CONFIG_UDHCPD=y |
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb index 373a6b7781..f7c3eff29e 100644 --- a/meta/recipes-core/busybox/busybox_1.36.1.bb +++ b/meta/recipes-core/busybox/busybox_1.36.1.bb | |||
@@ -49,6 +49,14 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ | |||
49 | file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ | 49 | file://0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch \ |
50 | file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ | 50 | file://0002-nslookup-sanitize-all-printed-strings-with-printable.patch \ |
51 | file://start-stop-false.patch \ | 51 | file://start-stop-false.patch \ |
52 | file://CVE-2021-42380.patch \ | ||
53 | file://0001-awk-fix-segfault-when-compiled-by-clang.patch \ | ||
54 | file://CVE-2023-42363.patch \ | ||
55 | file://busybox-1.36.1-no-cbq.patch \ | ||
56 | file://0001-awk-fix-precedence-of-relative-to.patch \ | ||
57 | file://0002-awk-fix-ternary-operator-and-precedence-of.patch \ | ||
58 | file://0001-awk.c-fix-CVE-2023-42366-bug-15874.patch \ | ||
59 | file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \ | ||
52 | " | 60 | " |
53 | SRC_URI:append:libc-musl = " file://musl.cfg " | 61 | SRC_URI:append:libc-musl = " file://musl.cfg " |
54 | # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html | 62 | # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html |