7 files changed, 115 insertions, 278 deletions
diff --git a/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch b/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch
deleted file mode 100644
index 66f9a716c9..0000000000
--- a/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Subject: local.mk: fix cross compiling problem
-We meet the following error when cross compiling.
-| Makefile:3418: *** Recursive variable 'INSTALL' references itself (eventually).  Stop.
-This patch fixes this problem.
-Upstream-Status: Pending
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
- src/local.mk | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/local.mk b/src/local.mk
-index 36dfa4e..c5898cc 100644
--- a/src/local.mk
-+++ b/src/local.mk
-@@ -649,4 +649,4 @@ cu_install_program = @INSTALL_PROGRAM@
- else
- cu_install_program = src/ginstall
- endif
-INSTALL = $(cu_install_program) -c
-+INSTALL_PROGRAM = $(cu_install_program)
-- 
-2.1.0
diff --git a/meta/recipes-core/coreutils/coreutils/0001-ls-restore-8.31-behavior-on-removed-directories.patch b/meta/recipes-core/coreutils/coreutils/0001-ls-restore-8.31-behavior-on-removed-directories.patch
deleted file mode 100644
index fa900e3a76..0000000000
--- a/meta/recipes-core/coreutils/coreutils/0001-ls-restore-8.31-behavior-on-removed-directories.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 7c273e5c6041f8c70f73f5b280fbb8f27d9b5a36 Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Thu, 5 Mar 2020 17:25:29 -0800
-Subject: [PATCH] ls: restore 8.31 behavior on removed directories
-* NEWS: Mention this.
-* src/ls.c: Do not include <sys/sycall.h>
-(print_dir): Don't worry about whether the directory is removed.
-* tests/ls/removed-directory.sh: Adjust to match new (i.e., old)
-behavior.
-Upstream-Status: Backport [https://github.com/coreutils/coreutils/commit/10fcb97bd728f09d4a027eddf8ad2900f0819b0a]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
- src/ls.c                      | 22 ----------------------
- tests/ls/removed-directory.sh | 10 ++--------
- 2 files changed, 2 insertions(+), 30 deletions(-)
-diff --git a/src/ls.c b/src/ls.c
-index 637fe7a..0111f49 100644
--- a/src/ls.c
-+++ b/src/ls.c
-@@ -49,10 +49,6 @@
- # include <sys/ptem.h>
- #endif
- 
-#ifdef __linux__
-# include <sys/syscall.h>
-#endif
-
- #include <stdio.h>
- #include <assert.h>
- #include <setjmp.h>
-@@ -2895,7 +2891,6 @@ print_dir (char const *name, char const *realname, bool command_line_arg)
-   struct dirent *next;
-   uintmax_t total_blocks = 0;
-   static bool first = true;
-  bool found_any_entries = false;
- 
-   errno = 0;
-   dirp = opendir (name);
-@@ -2971,7 +2966,6 @@ print_dir (char const *name, char const *realname, bool command_line_arg)
-       next = readdir (dirp);
-       if (next)
-         {
-          found_any_entries = true;
-           if (! file_ignored (next->d_name))
-             {
-               enum filetype type = unknown;
-@@ -3017,22 +3011,6 @@ print_dir (char const *name, char const *realname, bool command_line_arg)
-           if (errno != EOVERFLOW)
-             break;
-         }
-#ifdef __linux__
-      else if (! found_any_entries)
-        {
-          /* If readdir finds no directory entries at all, not even "." or
-             "..", then double check that the directory exists.  */
-          if (syscall (SYS_getdents, dirfd (dirp), NULL, 0) == -1
-              && errno != EINVAL)
-            {
-              /* We exclude EINVAL as that pertains to buffer handling,
-                 and we've passed NULL as the buffer for simplicity.
-                 ENOENT is returned if appropriate before buffer handling.  */
-              file_failure (command_line_arg, _("reading directory %s"), name);
-            }
-          break;
-        }
-#endif
-       else
-         break;
- 
-diff --git a/tests/ls/removed-directory.sh b/tests/ls/removed-directory.sh
-index e8c835d..fe8f929 100755
--- a/tests/ls/removed-directory.sh
-+++ b/tests/ls/removed-directory.sh
-@@ -26,20 +26,14 @@ case $host_triplet in
-   *) skip_ 'non linux kernel' ;;
- esac
- 
-LS_FAILURE=2
-
-cat <<\EOF >exp-err || framework_failure_
-ls: reading directory '.': No such file or directory
-EOF
-
- cwd=$(pwd)
- mkdir d || framework_failure_
- cd d || framework_failure_
- rmdir ../d || framework_failure_
- 
-returns_ $LS_FAILURE ls >../out 2>../err || fail=1
-+ls >../out 2>../err || fail=1
- cd "$cwd" || framework_failure_
- compare /dev/null out || fail=1
-compare exp-err err || fail=1
-+compare /dev/null err || fail=1
- 
- Exit $fail
diff --git a/meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch b/meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch
new file mode 100644
index 0000000000..41be1635b5
--- /dev/null
+++ b/meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch
@@ -0,0 +1,112 @@
+From 8763c305c29d0abb7e2be4695212b42917d054b2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Tue, 20 May 2025 16:03:44 +0100
+Subject: [PATCH] sort: fix buffer under-read (CWE-127)
+* src/sort.c (begfield): Check pointer adjustment
+to avoid Out-of-range pointer offset (CWE-823).
+(limfield): Likewise.
+* tests/sort/sort-field-limit.sh: Add a new test,
+which triggers with ASAN or Valgrind.
+* tests/local.mk: Reference the new test.
+* NEWS: Mention bug fix introduced in v7.2 (2009).
+Fixes https://bugs.gnu.org/78507
+CVE: CVE-2025-5278
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/sort.c                     | 12 ++++++++++--
+ tests/local.mk                 |  1 +
+ tests/sort/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 46 insertions(+), 2 deletions(-)
+ create mode 100755 tests/sort/sort-field-limit.sh
+diff --git a/src/sort.c b/src/sort.c
+index b10183b6f..7af1a2512 100644
+--- a/src/sort.c
+++ b/src/sort.c
+@@ -1644,7 +1644,11 @@ begfield (struct line const *line, struct keyfield const *key)
+       ++ptr;
+ 
+   /* Advance PTR by SCHAR (if possible), but no further than LIM.  */
+-  ptr = MIN (lim, ptr + schar);
+  size_t remaining_bytes = lim - ptr;
+  if (schar < remaining_bytes)
+    ptr += schar;
+  else
+    ptr = lim;
+ 
+   return ptr;
+ }
+@@ -1746,7 +1750,11 @@ limfield (struct line const *line, struct keyfield const *key)
+           ++ptr;
+ 
+       /* Advance PTR by ECHAR (if possible), but no further than LIM.  */
+-      ptr = MIN (lim, ptr + echar);
+      size_t remaining_bytes = lim - ptr;
+      if (echar < remaining_bytes)
+        ptr += echar;
+      else
+        ptr = lim;
+     }
+ 
+   return ptr;
+diff --git a/tests/local.mk b/tests/local.mk
+index 4da6756ac..642d225fa 100644
+--- a/tests/local.mk
+++ b/tests/local.mk
+@@ -388,6 +388,7 @@ all_tests =                                 \
+   tests/sort/sort-debug-keys.sh                        \
+   tests/sort/sort-debug-warn.sh                        \
+   tests/sort/sort-discrim.sh                   \
+  tests/sort/sort-field-limit.sh               \
+   tests/sort/sort-files0-from.pl               \
+   tests/sort/sort-float.sh                     \
+   tests/sort/sort-h-thousands-sep.sh           \
+diff --git a/tests/sort/sort-field-limit.sh b/tests/sort/sort-field-limit.sh
+new file mode 100755
+index 000000000..52d8e1d17
+--- /dev/null
+++ b/tests/sort/sort-field-limit.sh
+@@ -0,0 +1,35 @@
+#!/bin/sh
+# From 7.2-9.7, this would trigger an out of bounds mem read
+
+# Copyright (C) 2025 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ sort
+getlimits_
+
+# This issue triggers with valgrind or ASAN
+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
+  VALGRIND='valgrind --error-exitcode=1'
+
+{ printf '%s\n' aa bb; } > in || framework_failure_
+
+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
+compare in out || fail=1
+
+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
+compare in out || fail=1
+
+Exit $fail
+-- 
+2.34.1
diff --git a/meta/recipes-core/coreutils/coreutils/0001-uname-report-processor-and-hardware-correctly.patch b/meta/recipes-core/coreutils/coreutils/0001-uname-report-processor-and-hardware-correctly.patch
deleted file mode 100644
index 3c43e1d5da..0000000000
--- a/meta/recipes-core/coreutils/coreutils/0001-uname-report-processor-and-hardware-correctly.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Upstream-Status: Denied
-Subject: uname: report processor and hardware correctly
-This patch is rejected by coreutils upstream, but distros like debian and fedora
-uses this patch to make `uname -i' and `uname -p' to not report 'unknown'.
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
- src/uname.c | 18 ++++++++++++++++--
- 1 file changed, 16 insertions(+), 2 deletions(-)
-diff --git a/src/uname.c b/src/uname.c
-index 39bd28c..c84582d 100644
--- a/src/uname.c
-+++ b/src/uname.c
-@@ -299,13 +299,19 @@ main (int argc, char **argv)
- 
-   if (toprint & PRINT_PROCESSOR)
-     {
-      char const *element = unknown;
-+      char *element = unknown;
- #if HAVE_SYSINFO && defined SI_ARCHITECTURE
-       {
-         static char processor[257];
-         if (0 <= sysinfo (SI_ARCHITECTURE, processor, sizeof processor))
-           element = processor;
-       }
-+#else
-+      {
-+       static struct utsname u;
-+       uname(&u);
-+       element = u.machine;
-+      }
- #endif
- #ifdef UNAME_PROCESSOR
-       if (element == unknown)
-@@ -343,7 +349,7 @@ main (int argc, char **argv)
- 
-   if (toprint & PRINT_HARDWARE_PLATFORM)
-     {
-      char const *element = unknown;
-+      char *element = unknown;
- #if HAVE_SYSINFO && defined SI_PLATFORM
-       {
-         static char hardware_platform[257];
-@@ -361,6 +367,14 @@ main (int argc, char **argv)
-           if (sysctl (mib, 2, hardware_platform, &s, 0, 0) >= 0)
-             element = hardware_platform;
-         }
-+#else
-+      {
-+       static struct utsname u;
-+       uname(&u);
-+       element = u.machine;
-+       if(strlen(element)==4 && element[0]=='i' && element[2]=='8' && element[3]=='6')
-+         element[1]='3';
-+      }
- #endif
-       if (! (toprint == UINT_MAX && element == unknown))
-         print_element (element);
-- 
-1.9.1
diff --git a/meta/recipes-core/coreutils/coreutils/disable-ls-output-quoting.patch b/meta/recipes-core/coreutils/coreutils/disable-ls-output-quoting.patch
deleted file mode 100644
index e68c213550..0000000000
--- a/meta/recipes-core/coreutils/coreutils/disable-ls-output-quoting.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Subject: revert inconsistent ls quoting
-This is a revert of upstream commit 109b9220cead6e979d22d16327c4d9f8350431cc.
-Bug-Debian: https://bugs.debian.org/813164
-Upstream-Status: Submitted
-Originally-by: Adam Borowski <kilobyte@angband.pl>
-[PG: patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813164#78 ]
-Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
--- coreutils-8.25.orig/NEWS
-+++ coreutils-8.25/NEWS
-@@ -71,9 +71,6 @@ GNU coreutils NEWS
-   df now prefers sources towards the root of a device when
-   eliding duplicate bind mounted entries.
- 
-  ls now quotes file names unambiguously and appropriate for use in a shell,
-  when outputting to a terminal.
-
-   join, sort, uniq with --zero-terminated, now treat '\n' as a field delimiter.
- 
- ** Improvements
--- coreutils-8.25.orig/doc/coreutils.texi
-+++ coreutils-8.25/doc/coreutils.texi
-@@ -7750,8 +7750,8 @@ this"} in the default C locale.  This lo
- 
- You can specify the default value of the @option{--quoting-style} option
- with the environment variable @env{QUOTING_STYLE}@.  If that environment
-variable is not set, the default value is @samp{shell-escape} when the
-output is a terminal, and @samp{literal} otherwise.
-+variable is not set, the default value is @samp{literal}, but this
-+default may change to @samp{shell} in a future version of this package.
- 
- @item --show-control-chars
- @opindex --show-control-chars
--- coreutils-8.25.orig/src/ls.c
-+++ coreutils-8.25/src/ls.c
-@@ -1581,7 +1581,6 @@ decode_switches (int argc, char **argv)
-       if (isatty (STDOUT_FILENO))
-         {
-           format = many_per_line;
-          set_quoting_style (NULL, shell_escape_quoting_style);
-           /* See description of qmark_funny_chars, above.  */
-           qmark_funny_chars = true;
-         }
diff --git a/meta/recipes-core/coreutils/coreutils/fix-selinux-flask.patch b/meta/recipes-core/coreutils/coreutils/fix-selinux-flask.patch
deleted file mode 100644
index 173a57925b..0000000000
--- a/meta/recipes-core/coreutils/coreutils/fix-selinux-flask.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 7e20a7242ba2657f73311bbf5278093da67f0721 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Tue, 16 Sep 2014 01:59:08 -0700
-Subject: [PATCH] gnulib-comp.m4: selinux/flask.h should respect to
- with_selinux
-Fixed when build with meta-selinux even when --without-selinux:
-runcon.c:49:28: fatal error: selinux/flask.h: No such file or directory
- # include <selinux/flask.h>
-                            ^
-compilation terminated.
-Upstream-Status: Pending
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
- m4/gnulib-comp.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/m4/gnulib-comp.m4 b/m4/gnulib-comp.m4
-index dead90e..0abf0bd 100644
--- a/m4/gnulib-comp.m4
-+++ b/m4/gnulib-comp.m4
-@@ -1860,10 +1860,10 @@ AC_DEFUN([gl_INIT],
-     AC_LIBOBJ([select])
-   fi
-   gl_SYS_SELECT_MODULE_INDICATOR([select])
-  AC_CHECK_HEADERS([selinux/flask.h])
-   gl_HEADERS_SELINUX_SELINUX_H
-   gl_HEADERS_SELINUX_CONTEXT_H
-   if test "$with_selinux" != no && test "$ac_cv_header_selinux_selinux_h" = yes; then
-+    AC_CHECK_HEADERS([selinux/flask.h])
-     AC_LIBOBJ([getfilecon])
-   fi
-   gl_SERVENT
diff --git a/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch b/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch
index 1a8a9b9983..718de0ab78 100644
--- a/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch
+++ b/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch
@@ -1,4 +1,4 @@
-From a26530083a29eeee910bfd606ecc621acecd547a Mon Sep 17 00:00:00 2001
+From f53ffb5b27ab7d4a4c62df00ebd6a1a6936d1709 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 3 Aug 2011 14:12:30 -0700
 Subject: [PATCH] coreutils: Fix build on uclibc
@@ -12,16 +12,15 @@ and make life easier for cross compilation process.
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 Upstream-Status: Inappropriate [Upstream does care for AIX while we may not]
 ---
 m4/getloadavg.m4 | 12 ------------
 1 file changed, 12 deletions(-)
 diff --git a/m4/getloadavg.m4 b/m4/getloadavg.m4
-index 8e96965..63782a2 100644
+index 9d0236f..68f7c52 100644
 --- a/m4/getloadavg.m4
 +++ b/m4/getloadavg.m4
-@@ -41,18 +41,6 @@ AC_CHECK_FUNC([getloadavg], [],
+@@ -46,18 +46,6 @@ if test $ac_cv_func_getloadavg != yes; then
        [LIBS="-lutil $LIBS" gl_func_getloadavg_done=yes])
    fi

diff --git a/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch b/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch deleted file mode 100644 index 66f9a716c9..0000000000 --- a/meta/recipes-core/coreutils/coreutils/0001-local.mk-fix-cross-compiling-problem.patch +++ /dev/null
@@ -1,26 +0,0 @@
1	Subject: local.mk: fix cross compiling problem
2
3	We meet the following error when cross compiling.
4	\| Makefile:3418: *** Recursive variable 'INSTALL' references itself (eventually). Stop.
5	This patch fixes this problem.
6
7	Upstream-Status: Pending
8
9	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
10	---
11	src/local.mk \| 2 +-
12	1 file changed, 1 insertion(+), 1 deletion(-)
13
14	diff --git a/src/local.mk b/src/local.mk
15	index 36dfa4e..c5898cc 100644
16	--- a/src/local.mk
17	+++ b/src/local.mk
18	@@ -649,4 +649,4 @@ cu_install_program = @INSTALL_PROGRAM@
19	else
20	cu_install_program = src/ginstall
21	endif
22	-INSTALL = $(cu_install_program) -c
23	+INSTALL_PROGRAM = $(cu_install_program)
24	--
25	2.1.0
26


diff --git a/meta/recipes-core/coreutils/coreutils/0001-ls-restore-8.31-behavior-on-removed-directories.patch b/meta/recipes-core/coreutils/coreutils/0001-ls-restore-8.31-behavior-on-removed-directories.patch deleted file mode 100644 index fa900e3a76..0000000000 --- a/meta/recipes-core/coreutils/coreutils/0001-ls-restore-8.31-behavior-on-removed-directories.patch +++ /dev/null
@@ -1,99 +0,0 @@
1	From 7c273e5c6041f8c70f73f5b280fbb8f27d9b5a36 Mon Sep 17 00:00:00 2001
2	From: Paul Eggert <eggert@cs.ucla.edu>
3	Date: Thu, 5 Mar 2020 17:25:29 -0800
4	Subject: [PATCH] ls: restore 8.31 behavior on removed directories
5
6	* NEWS: Mention this.
7	* src/ls.c: Do not include <sys/sycall.h>
8	(print_dir): Don't worry about whether the directory is removed.
9	* tests/ls/removed-directory.sh: Adjust to match new (i.e., old)
10	behavior.
11
12	Upstream-Status: Backport [https://github.com/coreutils/coreutils/commit/10fcb97bd728f09d4a027eddf8ad2900f0819b0a]
13	Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
14	---
15	src/ls.c \| 22 ----------------------
16	tests/ls/removed-directory.sh \| 10 ++--------
17	2 files changed, 2 insertions(+), 30 deletions(-)
18
19	diff --git a/src/ls.c b/src/ls.c
20	index 637fe7a..0111f49 100644
21	--- a/src/ls.c
22	+++ b/src/ls.c
23	@@ -49,10 +49,6 @@
24	# include <sys/ptem.h>
25	#endif
26
27	-#ifdef __linux__
28	-# include <sys/syscall.h>
29	-#endif
30	-
31	#include <stdio.h>
32	#include <assert.h>
33	#include <setjmp.h>
34	@@ -2895,7 +2891,6 @@ print_dir (char const name, char const realname, bool command_line_arg)
35	struct dirent *next;
36	uintmax_t total_blocks = 0;
37	static bool first = true;
38	- bool found_any_entries = false;
39
40	errno = 0;
41	dirp = opendir (name);
42	@@ -2971,7 +2966,6 @@ print_dir (char const name, char const realname, bool command_line_arg)
43	next = readdir (dirp);
44	if (next)
45	{
46	- found_any_entries = true;
47	if (! file_ignored (next->d_name))
48	{
49	enum filetype type = unknown;
50	@@ -3017,22 +3011,6 @@ print_dir (char const name, char const realname, bool command_line_arg)
51	if (errno != EOVERFLOW)
52	break;
53	}
54	-#ifdef __linux__
55	- else if (! found_any_entries)
56	- {
57	- /* If readdir finds no directory entries at all, not even "." or
58	- "..", then double check that the directory exists. */
59	- if (syscall (SYS_getdents, dirfd (dirp), NULL, 0) == -1
60	- && errno != EINVAL)
61	- {
62	- /* We exclude EINVAL as that pertains to buffer handling,
63	- and we've passed NULL as the buffer for simplicity.
64	- ENOENT is returned if appropriate before buffer handling. */
65	- file_failure (command_line_arg, _("reading directory %s"), name);
66	- }
67	- break;
68	- }
69	-#endif
70	else
71	break;
72
73	diff --git a/tests/ls/removed-directory.sh b/tests/ls/removed-directory.sh
74	index e8c835d..fe8f929 100755
75	--- a/tests/ls/removed-directory.sh
76	+++ b/tests/ls/removed-directory.sh
77	@@ -26,20 +26,14 @@ case $host_triplet in
78	*) skip_ 'non linux kernel' ;;
79	esac
80
81	-LS_FAILURE=2
82	-
83	-cat <<\EOF >exp-err \|\| framework_failure_
84	-ls: reading directory '.': No such file or directory
85	-EOF
86	-
87	cwd=$(pwd)
88	mkdir d \|\| framework_failure_
89	cd d \|\| framework_failure_
90	rmdir ../d \|\| framework_failure_
91
92	-returns_ $LS_FAILURE ls >../out 2>../err \|\| fail=1
93	+ls >../out 2>../err \|\| fail=1
94	cd "$cwd" \|\| framework_failure_
95	compare /dev/null out \|\| fail=1
96	-compare exp-err err \|\| fail=1
97	+compare /dev/null err \|\| fail=1
98
99	Exit $fail


diff --git a/meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch b/meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch new file mode 100644 index 0000000000..41be1635b5 --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch
@@ -0,0 +1,112 @@
		1	From 8763c305c29d0abb7e2be4695212b42917d054b2 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
		3	Date: Tue, 20 May 2025 16:03:44 +0100
		4	Subject: [PATCH] sort: fix buffer under-read (CWE-127)
		5
		6	* src/sort.c (begfield): Check pointer adjustment
		7	to avoid Out-of-range pointer offset (CWE-823).
		8	(limfield): Likewise.
		9	* tests/sort/sort-field-limit.sh: Add a new test,
		10	which triggers with ASAN or Valgrind.
		11	* tests/local.mk: Reference the new test.
		12	* NEWS: Mention bug fix introduced in v7.2 (2009).
		13	Fixes https://bugs.gnu.org/78507
		14
		15	CVE: CVE-2025-5278
		16
		17	Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
		18
		19	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		20	---
		21	src/sort.c \| 12 ++++++++++--
		22	tests/local.mk \| 1 +
		23	tests/sort/sort-field-limit.sh \| 35 ++++++++++++++++++++++++++++++++++
		24	3 files changed, 46 insertions(+), 2 deletions(-)
		25	create mode 100755 tests/sort/sort-field-limit.sh
		26
		27	diff --git a/src/sort.c b/src/sort.c
		28	index b10183b6f..7af1a2512 100644
		29	--- a/src/sort.c
		30	+++ b/src/sort.c
		31	@@ -1644,7 +1644,11 @@ begfield (struct line const line, struct keyfield const key)
		32	++ptr;
		33
		34	/* Advance PTR by SCHAR (if possible), but no further than LIM. */
		35	- ptr = MIN (lim, ptr + schar);
		36	+ size_t remaining_bytes = lim - ptr;
		37	+ if (schar < remaining_bytes)
		38	+ ptr += schar;
		39	+ else
		40	+ ptr = lim;
		41
		42	return ptr;
		43	}
		44	@@ -1746,7 +1750,11 @@ limfield (struct line const line, struct keyfield const key)
		45	++ptr;
		46
		47	/* Advance PTR by ECHAR (if possible), but no further than LIM. */
		48	- ptr = MIN (lim, ptr + echar);
		49	+ size_t remaining_bytes = lim - ptr;
		50	+ if (echar < remaining_bytes)
		51	+ ptr += echar;
		52	+ else
		53	+ ptr = lim;
		54	}
		55
		56	return ptr;
		57	diff --git a/tests/local.mk b/tests/local.mk
		58	index 4da6756ac..642d225fa 100644
		59	--- a/tests/local.mk
		60	+++ b/tests/local.mk
		61	@@ -388,6 +388,7 @@ all_tests = \
		62	tests/sort/sort-debug-keys.sh \
		63	tests/sort/sort-debug-warn.sh \
		64	tests/sort/sort-discrim.sh \
		65	+ tests/sort/sort-field-limit.sh \
		66	tests/sort/sort-files0-from.pl \
		67	tests/sort/sort-float.sh \
		68	tests/sort/sort-h-thousands-sep.sh \
		69	diff --git a/tests/sort/sort-field-limit.sh b/tests/sort/sort-field-limit.sh
		70	new file mode 100755
		71	index 000000000..52d8e1d17
		72	--- /dev/null
		73	+++ b/tests/sort/sort-field-limit.sh
		74	@@ -0,0 +1,35 @@
		75	+#!/bin/sh
		76	+# From 7.2-9.7, this would trigger an out of bounds mem read
		77	+
		78	+# Copyright (C) 2025 Free Software Foundation, Inc.
		79	+
		80	+# This program is free software: you can redistribute it and/or modify
		81	+# it under the terms of the GNU General Public License as published by
		82	+# the Free Software Foundation, either version 3 of the License, or
		83	+# (at your option) any later version.
		84	+
		85	+# This program is distributed in the hope that it will be useful,
		86	+# but WITHOUT ANY WARRANTY; without even the implied warranty of
		87	+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		88	+# GNU General Public License for more details.
		89	+
		90	+# You should have received a copy of the GNU General Public License
		91	+# along with this program. If not, see <https://www.gnu.org/licenses/>.
		92	+
		93	+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
		94	+print_ver_ sort
		95	+getlimits_
		96	+
		97	+# This issue triggers with valgrind or ASAN
		98	+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
		99	+ VALGRIND='valgrind --error-exitcode=1'
		100	+
		101	+{ printf '%s\n' aa bb; } > in \|\| framework_failure_
		102	+
		103	+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out \|\| fail=1
		104	+compare in out \|\| fail=1
		105	+
		106	+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out \|\| fail=1
		107	+compare in out \|\| fail=1
		108	+
		109	+Exit $fail
		110	--
		111	2.34.1
		112


diff --git a/meta/recipes-core/coreutils/coreutils/0001-uname-report-processor-and-hardware-correctly.patch b/meta/recipes-core/coreutils/coreutils/0001-uname-report-processor-and-hardware-correctly.patch deleted file mode 100644 index 3c43e1d5da..0000000000 --- a/meta/recipes-core/coreutils/coreutils/0001-uname-report-processor-and-hardware-correctly.patch +++ /dev/null
@@ -1,64 +0,0 @@
1	Upstream-Status: Denied
2
3	Subject: uname: report processor and hardware correctly
4
5	This patch is rejected by coreutils upstream, but distros like debian and fedora
6	uses this patch to make `uname -i' and `uname -p' to not report 'unknown'.
7
8	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
9	---
10	src/uname.c \| 18 ++++++++++++++++--
11	1 file changed, 16 insertions(+), 2 deletions(-)
12
13	diff --git a/src/uname.c b/src/uname.c
14	index 39bd28c..c84582d 100644
15	--- a/src/uname.c
16	+++ b/src/uname.c
17	@@ -299,13 +299,19 @@ main (int argc, char **argv)
18
19	if (toprint & PRINT_PROCESSOR)
20	{
21	- char const *element = unknown;
22	+ char *element = unknown;
23	#if HAVE_SYSINFO && defined SI_ARCHITECTURE
24	{
25	static char processor[257];
26	if (0 <= sysinfo (SI_ARCHITECTURE, processor, sizeof processor))
27	element = processor;
28	}
29	+#else
30	+ {
31	+ static struct utsname u;
32	+ uname(&u);
33	+ element = u.machine;
34	+ }
35	#endif
36	#ifdef UNAME_PROCESSOR
37	if (element == unknown)
38	@@ -343,7 +349,7 @@ main (int argc, char **argv)
39
40	if (toprint & PRINT_HARDWARE_PLATFORM)
41	{
42	- char const *element = unknown;
43	+ char *element = unknown;
44	#if HAVE_SYSINFO && defined SI_PLATFORM
45	{
46	static char hardware_platform[257];
47	@@ -361,6 +367,14 @@ main (int argc, char **argv)
48	if (sysctl (mib, 2, hardware_platform, &s, 0, 0) >= 0)
49	element = hardware_platform;
50	}
51	+#else
52	+ {
53	+ static struct utsname u;
54	+ uname(&u);
55	+ element = u.machine;
56	+ if(strlen(element)==4 && element[0]=='i' && element[2]=='8' && element[3]=='6')
57	+ element[1]='3';
58	+ }
59	#endif
60	if (! (toprint == UINT_MAX && element == unknown))
61	print_element (element);
62	--
63	1.9.1
64


diff --git a/meta/recipes-core/coreutils/coreutils/disable-ls-output-quoting.patch b/meta/recipes-core/coreutils/coreutils/disable-ls-output-quoting.patch deleted file mode 100644 index e68c213550..0000000000 --- a/meta/recipes-core/coreutils/coreutils/disable-ls-output-quoting.patch +++ /dev/null
@@ -1,49 +0,0 @@
1	Subject: revert inconsistent ls quoting
2
3	This is a revert of upstream commit 109b9220cead6e979d22d16327c4d9f8350431cc.
4
5	Bug-Debian: https://bugs.debian.org/813164
6
7	Upstream-Status: Submitted
8
9	Originally-by: Adam Borowski <kilobyte@angband.pl>
10	[PG: patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813164#78 ]
11	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
12
13	---
14
15	--- coreutils-8.25.orig/NEWS
16	+++ coreutils-8.25/NEWS
17	@@ -71,9 +71,6 @@ GNU coreutils NEWS
18	df now prefers sources towards the root of a device when
19	eliding duplicate bind mounted entries.
20
21	- ls now quotes file names unambiguously and appropriate for use in a shell,
22	- when outputting to a terminal.
23	-
24	join, sort, uniq with --zero-terminated, now treat '\n' as a field delimiter.
25
26	** Improvements
27	--- coreutils-8.25.orig/doc/coreutils.texi
28	+++ coreutils-8.25/doc/coreutils.texi
29	@@ -7750,8 +7750,8 @@ this"} in the default C locale. This lo
30
31	You can specify the default value of the @option{--quoting-style} option
32	with the environment variable @env{QUOTING_STYLE}@. If that environment
33	-variable is not set, the default value is @samp{shell-escape} when the
34	-output is a terminal, and @samp{literal} otherwise.
35	+variable is not set, the default value is @samp{literal}, but this
36	+default may change to @samp{shell} in a future version of this package.
37
38	@item --show-control-chars
39	@opindex --show-control-chars
40	--- coreutils-8.25.orig/src/ls.c
41	+++ coreutils-8.25/src/ls.c
42	@@ -1581,7 +1581,6 @@ decode_switches (int argc, char **argv)
43	if (isatty (STDOUT_FILENO))
44	{
45	format = many_per_line;
46	- set_quoting_style (NULL, shell_escape_quoting_style);
47	/* See description of qmark_funny_chars, above. */
48	qmark_funny_chars = true;
49	}


diff --git a/meta/recipes-core/coreutils/coreutils/fix-selinux-flask.patch b/meta/recipes-core/coreutils/coreutils/fix-selinux-flask.patch deleted file mode 100644 index 173a57925b..0000000000 --- a/meta/recipes-core/coreutils/coreutils/fix-selinux-flask.patch +++ /dev/null
@@ -1,36 +0,0 @@
1	From 7e20a7242ba2657f73311bbf5278093da67f0721 Mon Sep 17 00:00:00 2001
2	From: Robert Yang <liezhi.yang@windriver.com>
3	Date: Tue, 16 Sep 2014 01:59:08 -0700
4	Subject: [PATCH] gnulib-comp.m4: selinux/flask.h should respect to
5	with_selinux
6
7	Fixed when build with meta-selinux even when --without-selinux:
8	runcon.c:49:28: fatal error: selinux/flask.h: No such file or directory
9	# include <selinux/flask.h>
10	^
11	compilation terminated.
12
13	Upstream-Status: Pending
14
15	Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
16
17	---
18	m4/gnulib-comp.m4 \| 2 +-
19	1 file changed, 1 insertion(+), 1 deletion(-)
20
21	diff --git a/m4/gnulib-comp.m4 b/m4/gnulib-comp.m4
22	index dead90e..0abf0bd 100644
23	--- a/m4/gnulib-comp.m4
24	+++ b/m4/gnulib-comp.m4
25	@@ -1860,10 +1860,10 @@ AC_DEFUN([gl_INIT],
26	AC_LIBOBJ([select])
27	fi
28	gl_SYS_SELECT_MODULE_INDICATOR([select])
29	- AC_CHECK_HEADERS([selinux/flask.h])
30	gl_HEADERS_SELINUX_SELINUX_H
31	gl_HEADERS_SELINUX_CONTEXT_H
32	if test "$with_selinux" != no && test "$ac_cv_header_selinux_selinux_h" = yes; then
33	+ AC_CHECK_HEADERS([selinux/flask.h])
34	AC_LIBOBJ([getfilecon])
35	fi
36	gl_SERVENT


diff --git a/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch b/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch index 1a8a9b9983..718de0ab78 100644 --- a/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch +++ b/meta/recipes-core/coreutils/coreutils/remove-usr-local-lib-from-m4.patch
@@ -1,4 +1,4 @@
1	From a26530083a29eeee910bfd606ecc621acecd547a Mon Sep 17 00:00:00 2001	1	From f53ffb5b27ab7d4a4c62df00ebd6a1a6936d1709 Mon Sep 17 00:00:00 2001
2	From: Khem Raj <raj.khem@gmail.com>	2	From: Khem Raj <raj.khem@gmail.com>
3	Date: Wed, 3 Aug 2011 14:12:30 -0700	3	Date: Wed, 3 Aug 2011 14:12:30 -0700
4	Subject: [PATCH] coreutils: Fix build on uclibc	4	Subject: [PATCH] coreutils: Fix build on uclibc
@@ -12,16 +12,15 @@ and make life easier for cross compilation process.
12	Signed-off-by: Khem Raj <raj.khem@gmail.com>	12	Signed-off-by: Khem Raj <raj.khem@gmail.com>
13		13
14	Upstream-Status: Inappropriate [Upstream does care for AIX while we may not]	14	Upstream-Status: Inappropriate [Upstream does care for AIX while we may not]
15
16	---	15	---
17	m4/getloadavg.m4 \| 12 ------------	16	m4/getloadavg.m4 \| 12 ------------
18	1 file changed, 12 deletions(-)	17	1 file changed, 12 deletions(-)
19		18
20	diff --git a/m4/getloadavg.m4 b/m4/getloadavg.m4	19	diff --git a/m4/getloadavg.m4 b/m4/getloadavg.m4
21	index 8e96965..63782a2 100644	20	index 9d0236f..68f7c52 100644
22	--- a/m4/getloadavg.m4	21	--- a/m4/getloadavg.m4
23	+++ b/m4/getloadavg.m4	22	+++ b/m4/getloadavg.m4
24	@@ -41,18 +41,6 @@ AC_CHECK_FUNC([getloadavg], [],	23	@@ -46,18 +46,6 @@ if test $ac_cv_func_getloadavg != yes; then
25	[LIBS="-lutil $LIBS" gl_func_getloadavg_done=yes])	24	[LIBS="-lutil $LIBS" gl_func_getloadavg_done=yes])
26	fi	25	fi
27		26