summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/busybox/busybox-inittab_1.29.2.bb (renamed from meta/recipes-core/busybox/busybox-inittab_1.27.2.bb)0
-rw-r--r--meta/recipes-core/busybox/busybox.inc2
-rwxr-xr-xmeta/recipes-core/busybox/busybox/CVE-2011-5325.patch481
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2017-15873.patch95
-rw-r--r--meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch43
-rw-r--r--meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch106
-rw-r--r--meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch48
-rw-r--r--meta/recipes-core/busybox/busybox/defconfig46
-rw-r--r--meta/recipes-core/busybox/busybox/umount-ignore-c.patch40
-rw-r--r--meta/recipes-core/busybox/busybox_1.29.2.bb (renamed from meta/recipes-core/busybox/busybox_1.27.2.bb)9
10 files changed, 67 insertions, 803 deletions
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
index a83620e859..a83620e859 100644
--- a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb
+++ b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 8c6dbbaf9b..586d5342e6 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -3,7 +3,7 @@ DESCRIPTION = "BusyBox combines tiny versions of many common UNIX utilities into
3HOMEPAGE = "http://www.busybox.net" 3HOMEPAGE = "http://www.busybox.net"
4BUGTRACKER = "https://bugs.busybox.net/" 4BUGTRACKER = "https://bugs.busybox.net/"
5 5
6DEPENDS += "kern-tools-native" 6DEPENDS += "kern-tools-native virtual/crypt"
7 7
8# bzip2 applet in busybox is based on lightly-modified bzip2 source 8# bzip2 applet in busybox is based on lightly-modified bzip2 source
9# the GPL is version 2 only 9# the GPL is version 2 only
diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
deleted file mode 100755
index 0926107bea..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
+++ /dev/null
@@ -1,481 +0,0 @@
1busybox-1.27.2: Fix CVE-2011-5325
2
3[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
4
5libarchive: do not extract unsafe symlinks
6
7Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
8is not set. Untarring file with -C DESTDIR parameter could be extracted with
9unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
10Include necessary changes from previous commits.
11
12Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
13CVE: CVE-2011-5325
14bug: 8411
15Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
16Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
17
18diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
19index 942e755..e1a8a75 100644
20--- a/archival/libarchive/Kbuild.src
21+++ b/archival/libarchive/Kbuild.src
22@@ -12,6 +12,8 @@ COMMON_FILES:= \
23 data_extract_all.o \
24 data_extract_to_stdout.o \
25 \
26+ unsafe_symlink_target.o \
27+\
28 filter_accept_all.o \
29 filter_accept_list.o \
30 filter_accept_reject_list.o \
31diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
32index 1830ffb..b828b65 100644
33--- a/archival/libarchive/data_extract_all.c
34+++ b/archival/libarchive/data_extract_all.c
35@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
36 res = link(hard_link, dst_name);
37 if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
38 /* shared message */
39- bb_perror_msg("can't create %slink "
40- "%s to %s", "hard",
41- dst_name,
42- hard_link);
43+ bb_perror_msg("can't create %slink '%s' to '%s'",
44+ "hard", dst_name, hard_link
45+ );
46 }
47 /* Hardlinks have no separate mode/ownership, skip chown/chmod */
48 goto ret;
49@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
50 case S_IFLNK:
51 /* Symlink */
52 //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
53- res = symlink(file_header->link_target, dst_name);
54- if (res != 0
55- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
56- ) {
57- /* shared message */
58- bb_perror_msg("can't create %slink "
59- "%s to %s", "sym",
60- dst_name,
61- file_header->link_target);
62+ if (!unsafe_symlink_target(file_header->link_target)) {
63+ res = symlink(file_header->link_target, dst_name);
64+ if (res != 0
65+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
66+ ) {
67+ /* shared message */
68+ bb_perror_msg("can't create %slink '%s' to '%s'",
69+ "sym",
70+ dst_name, file_header->link_target
71+ );
72+ }
73 }
74 break;
75 case S_IFSOCK:
76diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
77new file mode 100644
78index 0000000..ee46e28
79--- /dev/null
80+++ b/archival/libarchive/unsafe_symlink_target.c
81@@ -0,0 +1,48 @@
82+/* vi: set sw=4 ts=4: */
83+/*
84+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
85+ */
86+#include "libbb.h"
87+#include "bb_archive.h"
88+
89+int FAST_FUNC unsafe_symlink_target(const char *target)
90+{
91+ const char *dot;
92+
93+ if (target[0] == '/') {
94+ const char *var;
95+unsafe:
96+ var = getenv("EXTRACT_UNSAFE_SYMLINKS");
97+ if (var) {
98+ if (LONE_CHAR(var, '1'))
99+ return 0; /* pretend it's safe */
100+ return 1; /* "UNSAFE!" */
101+ }
102+ bb_error_msg("skipping unsafe symlink to '%s' in archive,"
103+ " set %s=1 to extract",
104+ target,
105+ "EXTRACT_UNSAFE_SYMLINKS"
106+ );
107+ /* Prevent further messages */
108+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
109+ return 1; /* "UNSAFE!" */
110+ }
111+
112+ dot = target;
113+ for (;;) {
114+ dot = strchr(dot, '.');
115+ if (!dot)
116+ return 0; /* safe target */
117+
118+ /* Is it a path component starting with ".."? */
119+ if ((dot[1] == '.')
120+ && (dot == target || dot[-1] == '/')
121+ /* Is it exactly ".."? */
122+ && (dot[2] == '/' || dot[2] == '\0')
123+ ) {
124+ goto unsafe;
125+ }
126+ /* NB: it can even be trailing ".", should only add 1 */
127+ dot += 1;
128+ }
129+}
130\ No newline at end of file
131diff --git a/archival/unzip.c b/archival/unzip.c
132index 9037262..270e261 100644
133--- a/archival/unzip.c
134+++ b/archival/unzip.c
135@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
136 free(name);
137 }
138
139+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
140+{
141+ char *target;
142+
143+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
144+ bb_error_msg_and_die("bad archive");
145+
146+ if (zip->fmt.method == 0) {
147+ /* Method 0 - stored (not compressed) */
148+ target = xzalloc(zip->fmt.ucmpsize + 1);
149+ xread(zip_fd, target, zip->fmt.ucmpsize);
150+ } else {
151+#if 1
152+ bb_error_msg_and_die("compressed symlink is not supported");
153+#else
154+ transformer_state_t xstate;
155+ init_transformer_state(&xstate);
156+ xstate.mem_output_size_max = zip->fmt.ucmpsize;
157+ /* ...unpack... */
158+ if (!xstate.mem_output_buf)
159+ WTF();
160+ target = xstate.mem_output_buf;
161+ target = xrealloc(target, xstate.mem_output_size + 1);
162+ target[xstate.mem_output_size] = '\0';
163+#endif
164+ }
165+ if (!unsafe_symlink_target(target)) {
166+//TODO: libbb candidate
167+ if (symlink(target, dst_fn)) {
168+ /* shared message */
169+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
170+ "sym", dst_fn, target
171+ );
172+ }
173+ }
174+ free(target);
175+}
176+
177 static void unzip_extract(zip_header_t *zip, int dst_fd)
178 {
179 transformer_state_t xstate;
180@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
181 }
182 check_file:
183 /* Extract file */
184- if (stat(dst_fn, &stat_buf) == -1) {
185+ if (lstat(dst_fn, &stat_buf) == -1) {
186 /* File does not exist */
187 if (errno != ENOENT) {
188 bb_perror_msg_and_die("can't stat '%s'", dst_fn);
189@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
190 goto do_open_and_extract;
191 printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
192 my_fgets80(key_buf);
193+//TODO: redo lstat + ISREG check! user input could have taken a long time!
194
195 switch (key_buf[0]) {
196 case 'A':
197@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
198 do_open_and_extract:
199 unzip_create_leading_dirs(dst_fn);
200 #if ENABLE_FEATURE_UNZIP_CDF
201- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
202+ if (!S_ISLNK(file_mode))
203+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
204 #else
205 dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
206 #endif
207@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
208 ? " extracting: %s\n"
209 : */ " inflating: %s\n", dst_fn);
210 }
211- unzip_extract(&zip, dst_fd);
212- if (dst_fd != STDOUT_FILENO) {
213- /* closing STDOUT is potentially bad for future business */
214- close(dst_fd);
215+#if ENABLE_FEATURE_UNZIP_CDF
216+ if (S_ISLNK(file_mode)) {
217+ if (dst_fd != STDOUT_FILENO) /* no -p */
218+ unzip_extract_symlink(&zip, dst_fn);
219+ } else
220+#endif
221+ {
222+ unzip_extract(&zip, dst_fd);
223+ if (dst_fd != STDOUT_FILENO) {
224+ /* closing STDOUT is potentially bad for future business */
225+ close(dst_fd);
226+ };
227 }
228 break;
229
230diff --git a/coreutils/link.c b/coreutils/link.c
231index ac3ef85..aab249d 100644
232--- a/coreutils/link.c
233+++ b/coreutils/link.c
234@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
235 argv += optind;
236 if (link(argv[0], argv[1]) != 0) {
237 /* shared message */
238- bb_perror_msg_and_die("can't create %slink "
239- "%s to %s", "hard",
240- argv[1], argv[0]
241+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
242+ "hard", argv[1], argv[0]
243 );
244 }
245 return EXIT_SUCCESS;
246diff --git a/include/bb_archive.h b/include/bb_archive.h
247index 2b9c5f0..1e4da3c 100644
248--- a/include/bb_archive.h
249+++ b/include/bb_archive.h
250@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
251 void seek_by_read(int fd, off_t amount) FAST_FUNC;
252
253 const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
254+int unsafe_symlink_target(const char *target) FAST_FUNC;
255
256 void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
257 const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
258diff --git a/libbb/copy_file.c b/libbb/copy_file.c
259index 23c0f83..be90066 100644
260--- a/libbb/copy_file.c
261+++ b/libbb/copy_file.c
262@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
263 int r = symlink(lpath, dest);
264 free(lpath);
265 if (r < 0) {
266- bb_perror_msg("can't create symlink '%s'", dest);
267+ /* shared message */
268+ bb_perror_msg("can't create %slink '%s' to '%s'",
269+ "sym", dest, lpath
270+ );
271 return -1;
272 }
273 if (flags & FILEUTILS_PRESERVE_STATUS)
274diff --git a/testsuite/tar.tests b/testsuite/tar.tests
275index 9f7ce15..b7cd74c 100755
276--- a/testsuite/tar.tests
277+++ b/testsuite/tar.tests
278@@ -10,9 +10,6 @@ unset LC_COLLATE
279 unset LC_ALL
280 umask 022
281
282-rm -rf tar.tempdir 2>/dev/null
283-mkdir tar.tempdir && cd tar.tempdir || exit 1
284-
285 # testing "test name" "script" "expected result" "file input" "stdin"
286
287 testing "Empty file is not a tarball" '\
288@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
289 "" ""
290 SKIP=
291
292+mkdir tar.tempdir && cd tar.tempdir || exit 1
293 # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
294 # GNU tar 1.26 records as hardlinks:
295 # input_hard2 -> input_hard1
296@@ -64,7 +62,6 @@ SKIP=
297 # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
298 optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
299 testing "tar hardlinks and repeated files" '\
300-rm -rf input_* test.tar 2>/dev/null
301 >input_hard1
302 ln input_hard1 input_hard2
303 mkdir input_dir
304@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
305 " \
306 "" ""
307 SKIP=
308+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
309
310+mkdir tar.tempdir && cd tar.tempdir || exit 1
311 optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
312 testing "tar hardlinks mode" '\
313-rm -rf input_* test.tar 2>/dev/null
314 >input_hard1
315 chmod 741 input_hard1
316 ln input_hard1 input_hard2
317@@ -128,10 +126,11 @@ Ok: 0
318 " \
319 "" ""
320 SKIP=
321+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
322
323+mkdir tar.tempdir && cd tar.tempdir || exit 1
324 optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
325 testing "tar symlinks mode" '\
326-rm -rf input_* test.tar 2>/dev/null
327 >input_file
328 chmod 741 input_file
329 ln -s input_file input_soft
330@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
331 " \
332 "" ""
333 SKIP=
334+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
335
336+mkdir tar.tempdir && cd tar.tempdir || exit 1
337 optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
338 testing "tar --overwrite" "\
339-rm -rf input_* test.tar 2>/dev/null
340 ln input input_hard
341 tar cf test.tar input_hard
342 echo WRONG >input
343@@ -174,12 +174,13 @@ Ok
344 " \
345 "Ok\n" ""
346 SKIP=
347+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
348
349+mkdir tar.tempdir && cd tar.tempdir || exit 1
350 test x"$SKIP_KNOWN_BUGS" = x"" && {
351 # Needs to be run under non-root for meaningful test
352 optional FEATURE_TAR_CREATE
353 testing "tar writing into read-only dir" '\
354-rm -rf input_* test.tar 2>/dev/null
355 mkdir input_dir
356 >input_dir/input_file
357 chmod 550 input_dir
358@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
359 "" ""
360 SKIP=
361 }
362+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
363
364+mkdir tar.tempdir && cd tar.tempdir || exit 1
365 # Had a bug where on extract autodetect first "switched off" -z
366 # and then failed to recognize .tgz extension
367 optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
368@@ -217,7 +220,9 @@ Ok
369 " \
370 "" ""
371 SKIP=
372+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
373
374+mkdir tar.tempdir && cd tar.tempdir || exit 1
375 # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
376 # (the uuencoded hello_world.txz contains one empty file named "hello_world")
377 optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
378@@ -236,7 +241,9 @@ AAAEWVo=
379 ====
380 "
381 SKIP=
382+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
383
384+mkdir tar.tempdir && cd tar.tempdir || exit 1
385 # On extract, everything up to and including last ".." component is stripped
386 optional FEATURE_TAR_CREATE
387 testing "tar strips /../ on extract" "\
388@@ -255,7 +262,9 @@ Ok
389 " \
390 "" ""
391 SKIP=
392+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
393
394+mkdir tar.tempdir && cd tar.tempdir || exit 1
395 # attack.tar.bz2 has symlink pointing to a system file
396 # followed by a regular file with the same name
397 # containing "root::0:0::/root:/bin/sh":
398@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
399 testing "tar does not extract into symlinks" "\
400 >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
401 " "\
402+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
403 0
404 " \
405 "" "\
406@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
407 ====
408 "
409 SKIP=
410+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
411+
412+mkdir tar.tempdir && cd tar.tempdir || exit 1
413 # And same with -k
414 optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
415 testing "tar -k does not extract into symlinks" "\
416 >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
417 " "\
418-tar: can't open 'passwd': File exists
419+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
420 0
421 " \
422 "" "\
423@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
424 ====
425 "
426 SKIP=
427+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
428
429+mkdir tar.tempdir && cd tar.tempdir || exit 1
430 optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
431 testing "Pax-encoded UTF8 names and symlinks" '\
432 tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
433@@ -309,17 +324,45 @@ rm -rf etc usr
434 ' "\
435 etc/ssl/certs/3b2716e5.0
436 etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
437+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
438 etc/ssl/certs/f80cc7f6.0
439 usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
440 0
441 etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
442-etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
443 etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
444 " \
445 "" ""
446 SKIP=
447+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
448
449-
450-cd .. && rm -rf tar.tempdir || exit 1
451+mkdir tar.tempdir && cd tar.tempdir || exit 1
452+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
453+testing "Symlink attack: create symlink and then write through it" '\
454+exec 2>&1
455+uudecode -o input && tar xvf input; echo $?
456+ls /tmp/bb_test_evilfile
457+ls bb_test_evilfile
458+ls symlink/bb_test_evilfile
459+' "\
460+anything.txt
461+symlink
462+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
463+symlink/bb_test_evilfile
464+0
465+ls: /tmp/bb_test_evilfile: No such file or directory
466+ls: bb_test_evilfile: No such file or directory
467+symlink/bb_test_evilfile
468+" \
469+"" "\
470+begin-base64 644 tar_symlink_attack.tar.bz2
471+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
472+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
473+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
474+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
475+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
476+====
477+"
478+SKIP=
479+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
480
481 exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
deleted file mode 100644
index 5a027c9bcc..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
+++ /dev/null
@@ -1,95 +0,0 @@
1busybox-1.27.2: Fix CVE-2017-15873
2
3[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
4
5bunzip2: fix runCnt overflow
6
7The get_next_block function in archival/libarchive/decompress_bunzip2.c
8in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
9access violation.
10
11Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
12CVE: CVE-2017-15873
13bug: 10431
14Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
15
16diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
17index 7cd18f5..bec89ed 100644
18--- a/archival/libarchive/decompress_bunzip2.c
19+++ b/archival/libarchive/decompress_bunzip2.c
20@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
21 static int get_next_block(bunzip_data *bd)
22 {
23 struct group_data *hufGroup;
24- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
25- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
26- int runCnt = runCnt; /* for compiler */
27+ int groupCount, *base, *limit, selector,
28+ i, j, symCount, symTotal, nSelectors, byteCount[256];
29 uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
30 uint32_t *dbuf;
31 unsigned origPtr, t;
32+ unsigned dbufCount, runPos;
33+ unsigned runCnt = runCnt; /* for compiler */
34
35 dbuf = bd->dbuf;
36- dbufSize = bd->dbufSize;
37 selectors = bd->selectors;
38
39 /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
40@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
41 it didn't actually work. */
42 if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
43 origPtr = get_bits(bd, 24);
44- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
45+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
46
47 /* mapping table: if some byte values are never used (encoding things
48 like ascii text), the compression code removes the gaps to have fewer
49@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
50 symbols, but a run of length 0 doesn't mean anything in this
51 context). Thus space is saved. */
52 runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
53- if (runPos < dbufSize) runPos <<= 1;
54+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
55+//This would be the fix (catches too large count way before it can overflow):
56+// if (runCnt > bd->dbufSize) {
57+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
58+// runCnt, bd->dbufSize);
59+// return RETVAL_DATA_ERROR;
60+// }
61+ if (runPos < bd->dbufSize) runPos <<= 1;
62 goto end_of_huffman_loop;
63 }
64
65@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
66 literal used is the one at the head of the mtfSymbol array.) */
67 if (runPos != 0) {
68 uint8_t tmp_byte;
69- if (dbufCount + runCnt > dbufSize) {
70- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
71- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
72+ if (dbufCount + runCnt > bd->dbufSize) {
73+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
74+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
75 return RETVAL_DATA_ERROR;
76 }
77 tmp_byte = symToByte[mtfSymbol[0]];
78 byteCount[tmp_byte] += runCnt;
79- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
80+ while ((int)--runCnt >= 0)
81+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
82 runPos = 0;
83 }
84
85@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
86 first symbol in the mtf array, position 0, would have been handled
87 as part of a run above. Therefore 1 unused mtf position minus
88 2 non-literal nextSym values equals -1.) */
89- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
90+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
91 i = nextSym - 1;
92 uc = mtfSymbol[i];
93
94--
95cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
deleted file mode 100644
index fc19ee3356..0000000000
--- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
2From: Denys Vlasenko <vda.linux@googlemail.com>
3Date: Tue, 7 Nov 2017 18:09:29 +0100
4Subject: lineedit: do not tab-complete any strings which have control
5 characters
6
7function old new delta
8add_match 41 68 +27
9
10CVE: CVE-2017-16544
11Upstream-Status: Backport
12
13Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
14Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
15---
16 libbb/lineedit.c | 12 ++++++++++++
17 1 file changed, 12 insertions(+)
18
19diff --git a/libbb/lineedit.c b/libbb/lineedit.c
20index c0e35bb..56e8140 100644
21--- a/libbb/lineedit.c
22+++ b/libbb/lineedit.c
23@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
24
25 static void add_match(char *matched)
26 {
27+ unsigned char *p = (unsigned char*)matched;
28+ while (*p) {
29+ /* ESC attack fix: drop any string with control chars */
30+ if (*p < ' '
31+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
32+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
33+ ) {
34+ free(matched);
35+ return;
36+ }
37+ p++;
38+ }
39 matches = xrealloc_vector(matches, 4, num_matches);
40 matches[num_matches] = matched;
41 num_matches++;
42--
43cgit v0.12
diff --git a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
deleted file mode 100644
index da6dfa8023..0000000000
--- a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
+++ /dev/null
@@ -1,106 +0,0 @@
1busybox-1.27.2: Fix lzma segfaults
2
3[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
4
5libarchive: check buffer index in lzma_decompress
6
7With specific defconfig busybox fails to check zip fileheader magic
8(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
9for decompression which leads to segmentation fault. It prevents accessing into
10buffer, which is smaller than pos index. Patch includes multiple segmentation
11fault fixes.
12
13Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
14bug: 10436 10871
15Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
16
17diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
18index a904087..29eee2a 100644
19--- a/archival/libarchive/decompress_unlzma.c
20+++ b/archival/libarchive/decompress_unlzma.c
21@@ -11,6 +11,14 @@
22 #include "libbb.h"
23 #include "bb_archive.h"
24
25+
26+#if 0
27+# define dbg(...) bb_error_msg(__VA_ARGS__)
28+#else
29+# define dbg(...) ((void)0)
30+#endif
31+
32+
33 #if ENABLE_FEATURE_LZMA_FAST
34 # define speed_inline ALWAYS_INLINE
35 # define size_inline
36@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
37 rc_t *rc;
38 int i;
39 uint8_t *buffer;
40+ uint32_t buffer_size;
41 uint8_t previous_byte = 0;
42 size_t buffer_pos = 0, global_pos = 0;
43 int len = 0;
44@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
45 if (header.dict_size == 0)
46 header.dict_size++;
47
48- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
49+ buffer_size = MIN(header.dst_size, header.dict_size);
50+ buffer = xmalloc(buffer_size);
51
52 {
53 int num_probs;
54@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
55 state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
56
57 pos = buffer_pos - rep0;
58- if ((int32_t)pos < 0)
59+ if ((int32_t)pos < 0) {
60 pos += header.dict_size;
61+ /* see unzip_bad_lzma_2.zip: */
62+ if (pos >= buffer_size)
63+ goto bad;
64+ }
65 previous_byte = buffer[pos];
66 goto one_byte1;
67 #else
68@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
69 for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
70 rep0 = (rep0 << 1) | rc_direct_bit(rc);
71 rep0 <<= LZMA_NUM_ALIGN_BITS;
72+ if ((int32_t)rep0 < 0) {
73+ dbg("%d rep0:%d", __LINE__, rep0);
74+ goto bad;
75+ }
76 prob3 = p + LZMA_ALIGN;
77 }
78 i2 = 1;
79@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
80 IF_NOT_FEATURE_LZMA_FAST(string:)
81 do {
82 uint32_t pos = buffer_pos - rep0;
83- if ((int32_t)pos < 0)
84+ if ((int32_t)pos < 0) {
85 pos += header.dict_size;
86+ /* more stringent test (see unzip_bad_lzma_1.zip): */
87+ if (pos >= buffer_size)
88+ goto bad;
89+ }
90 previous_byte = buffer[pos];
91 IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
92 buffer[buffer_pos++] = previous_byte;
93@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
94 IF_DESKTOP(total_written += buffer_pos;)
95 if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
96 bad:
97+ /* One of our users, bbunpack(), expects _us_ to emit
98+ * the error message (since it's the best place to give
99+ * potentially more detailed information).
100+ * Do not fail silently.
101+ */
102+ bb_error_msg("corrupted data");
103 total_written = -1; /* failure */
104 }
105 rc_free(rc);
106
diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
index 582a258939..76daaf1f02 100644
--- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
+++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
@@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
31 networking/udhcp/dhcpc.c | 29 ++++++++++++++++------ 31 networking/udhcp/dhcpc.c | 29 ++++++++++++++++------
32 1 file changed, 21 insertions(+), 8 deletions(-) 32 1 file changed, 21 insertions(+), 8 deletions(-)
33 33
34Index: busybox-1.27.2/networking/udhcp/dhcpc.c 34Index: busybox-1.29.1/networking/udhcp/dhcpc.c
35=================================================================== 35===================================================================
36--- busybox-1.27.2.orig/networking/udhcp/dhcpc.c 36--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c
37+++ busybox-1.27.2/networking/udhcp/dhcpc.c 37+++ busybox-1.29.1/networking/udhcp/dhcpc.c
38@@ -49,6 +49,8 @@ struct tpacket_auxdata { 38@@ -48,6 +48,8 @@
39 }; 39 };
40 #endif 40 #endif
41 41
@@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
44 44
45 /* "struct client_config_t client_config" is in bb_common_bufsiz1 */ 45 /* "struct client_config_t client_config" is in bb_common_bufsiz1 */
46 46
47@@ -104,8 +106,9 @@ enum { 47@@ -103,8 +105,9 @@
48 OPT_x = 1 << 18, 48 OPT_x = 1 << 18,
49 OPT_f = 1 << 19, 49 OPT_f = 1 << 19,
50 OPT_B = 1 << 20, 50 OPT_B = 1 << 20,
@@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
55 USE_FOR_MMU( OPTBIT_b,) 55 USE_FOR_MMU( OPTBIT_b,)
56 IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,) 56 IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
57 IF_FEATURE_UDHCP_PORT( OPTBIT_P,) 57 IF_FEATURE_UDHCP_PORT( OPTBIT_P,)
58@@ -1110,7 +1113,8 @@ static void perform_renew(void) 58@@ -1116,7 +1119,8 @@
59 state = RENEW_REQUESTED; 59 state = RENEW_REQUESTED;
60 break; 60 break;
61 case RENEW_REQUESTED: /* impatient are we? fine, square 1 */ 61 case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
@@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
65 case REQUESTING: 65 case REQUESTING:
66 case RELEASED: 66 case RELEASED:
67 change_listen_mode(LISTEN_RAW); 67 change_listen_mode(LISTEN_RAW);
68@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip) 68@@ -1152,7 +1156,8 @@
69 * Users requested to be notified in all cases, even if not in one 69 * Users requested to be notified in all cases, even if not in one
70 * of the states above. 70 * of the states above.
71 */ 71 */
@@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
75 75
76 change_listen_mode(LISTEN_NONE); 76 change_listen_mode(LISTEN_NONE);
77 state = RELEASED; 77 state = RELEASED;
78@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) 78@@ -1265,7 +1270,7 @@
79 /* O,x: list; -T,-t,-A take numeric param */ 79 /* Parse command line */
80 IF_UDHCP_VERBOSE(opt_complementary = "vv";) 80 opt = getopt32long(argv, "^"
81 IF_LONG_OPTS(applet_long_options = udhcpc_longopts;) 81 /* O,x: list; -T,-t,-A take numeric param */
82- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB" 82- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
83+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD" 83+ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
84 USE_FOR_MMU("b") 84 USE_FOR_MMU("b")
85 IF_FEATURE_UDHCPC_ARPING("a::") 85 IF_FEATURE_UDHCPC_ARPING("a::")
86 IF_FEATURE_UDHCP_PORT("P:") 86 IF_FEATURE_UDHCP_PORT("P:")
87@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) 87@@ -1376,6 +1381,10 @@
88 logmode |= LOGMODE_SYSLOG; 88 logmode |= LOGMODE_SYSLOG;
89 } 89 }
90 90
@@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
94+ 94+
95 /* Make sure fd 0,1,2 are open */ 95 /* Make sure fd 0,1,2 are open */
96 bb_sanitize_stdio(); 96 bb_sanitize_stdio();
97 /* Equivalent of doing a fflush after every \n */ 97 /* Create pidfile */
98@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) 98@@ -1388,7 +1397,8 @@
99 srand(monotonic_us()); 99 srand(monotonic_us());
100 100
101 state = INIT_SELECTING; 101 state = INIT_SELECTING;
@@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
105 change_listen_mode(LISTEN_RAW); 105 change_listen_mode(LISTEN_RAW);
106 packet_num = 0; 106 packet_num = 0;
107 timeout = 0; 107 timeout = 0;
108@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) 108@@ -1555,7 +1565,8 @@
109 } 109 }
110 /* Timed out, enter init state */ 110 /* Timed out, enter init state */
111 bb_error_msg("lease lost, entering init state"); 111 bb_error_msg("lease lost, entering init state");
@@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
115 state = INIT_SELECTING; 115 state = INIT_SELECTING;
116 client_config.first_secs = 0; /* make secs field count from 0 */ 116 client_config.first_secs = 0; /* make secs field count from 0 */
117 /*timeout = 0; - already is */ 117 /*timeout = 0; - already is */
118@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) 118@@ -1748,8 +1759,10 @@
119 "(got ARP reply), declining");
119 send_decline(/*xid,*/ server_addr, packet.yiaddr); 120 send_decline(/*xid,*/ server_addr, packet.yiaddr);
120 121
121 if (state != REQUESTING) 122- if (state != REQUESTING)
122- udhcp_run_script(NULL, "deconfig"); 123- udhcp_run_script(NULL, "deconfig");
124+ if (state != REQUESTING) {
123+ if (allow_deconfig) 125+ if (allow_deconfig)
124+ udhcp_run_script(NULL, "deconfig"); 126+ udhcp_run_script(NULL, "deconfig");
127+ }
125 change_listen_mode(LISTEN_RAW); 128 change_listen_mode(LISTEN_RAW);
126 state = INIT_SELECTING; 129 state = INIT_SELECTING;
127 client_config.first_secs = 0; /* make secs field count from 0 */ 130 client_config.first_secs = 0; /* make secs field count from 0 */
128@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) 131@@ -1818,8 +1831,10 @@
132 /* return to init state */
129 bb_error_msg("received %s", "DHCP NAK"); 133 bb_error_msg("received %s", "DHCP NAK");
130 udhcp_run_script(&packet, "nak"); 134 udhcp_run_script(&packet, "nak");
131 if (state != REQUESTING) 135- if (state != REQUESTING)
132- udhcp_run_script(NULL, "deconfig"); 136- udhcp_run_script(NULL, "deconfig");
137+ if (state != REQUESTING) {
133+ if (allow_deconfig) 138+ if (allow_deconfig)
134+ udhcp_run_script(NULL, "deconfig"); 139+ udhcp_run_script(NULL, "deconfig");
140+ }
135 change_listen_mode(LISTEN_RAW); 141 change_listen_mode(LISTEN_RAW);
136 sleep(3); /* avoid excessive network traffic */ 142 sleep(3); /* avoid excessive network traffic */
137 state = INIT_SELECTING; 143 state = INIT_SELECTING;
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
index 59d93c7079..f081f281cc 100644
--- a/meta/recipes-core/busybox/busybox/defconfig
+++ b/meta/recipes-core/busybox/busybox/defconfig
@@ -1,12 +1,12 @@
1# 1#
2# Automatically generated make config: don't edit 2# Automatically generated make config: don't edit
3# Busybox version: 1.27.2 3# Busybox version: 1.29.1
4# Wed Sep 27 08:56:13 2017 4# Thu Jul 19 11:09:46 2018
5# 5#
6CONFIG_HAVE_DOT_CONFIG=y 6CONFIG_HAVE_DOT_CONFIG=y
7 7
8# 8#
9# Busybox Settings 9# Settings
10# 10#
11# CONFIG_DESKTOP is not set 11# CONFIG_DESKTOP is not set
12# CONFIG_EXTRA_COMPAT is not set 12# CONFIG_EXTRA_COMPAT is not set
@@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y
78# CONFIG_EFENCE is not set 78# CONFIG_EFENCE is not set
79 79
80# 80#
81# Busybox Library Tuning 81# Library Tuning
82# 82#
83# CONFIG_FEATURE_USE_BSS_TAIL is not set 83# CONFIG_FEATURE_USE_BSS_TAIL is not set
84CONFIG_FEATURE_RTMINMAX=y 84CONFIG_FEATURE_RTMINMAX=y
@@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1
90CONFIG_SHA3_SMALL=1 90CONFIG_SHA3_SMALL=1
91CONFIG_FEATURE_FAST_TOP=y 91CONFIG_FEATURE_FAST_TOP=y
92# CONFIG_FEATURE_ETC_NETWORKS is not set 92# CONFIG_FEATURE_ETC_NETWORKS is not set
93# CONFIG_FEATURE_ETC_SERVICES is not set
93CONFIG_FEATURE_EDITING=y 94CONFIG_FEATURE_EDITING=y
94CONFIG_FEATURE_EDITING_MAX_LEN=1024 95CONFIG_FEATURE_EDITING_MAX_LEN=1024
95# CONFIG_FEATURE_EDITING_VI is not set 96# CONFIG_FEATURE_EDITING_VI is not set
@@ -321,6 +322,7 @@ CONFIG_TRUE=y
321CONFIG_TTY=y 322CONFIG_TTY=y
322CONFIG_UNAME=y 323CONFIG_UNAME=y
323CONFIG_UNAME_OSNAME="GNU/Linux" 324CONFIG_UNAME_OSNAME="GNU/Linux"
325# CONFIG_BB_ARCH is not set
324CONFIG_UNIQ=y 326CONFIG_UNIQ=y
325CONFIG_UNLINK=y 327CONFIG_UNLINK=y
326CONFIG_USLEEP=y 328CONFIG_USLEEP=y
@@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
393CONFIG_WHICH=y 395CONFIG_WHICH=y
394 396
395# 397#
398# klibc-utils
399#
400# CONFIG_MINIPS is not set
401# CONFIG_NUKE is not set
402# CONFIG_RESUME is not set
403# CONFIG_RUN_INIT is not set
404
405#
396# Editors 406# Editors
397# 407#
398CONFIG_AWK=y 408CONFIG_AWK=y
@@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y
678CONFIG_FEATURE_MOUNT_LOOP_CREATE=y 688CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
679# CONFIG_FEATURE_MTAB_SUPPORT is not set 689# CONFIG_FEATURE_MTAB_SUPPORT is not set
680# CONFIG_VOLUMEID is not set 690# CONFIG_VOLUMEID is not set
691
692#
693# Filesystem/Volume identification
694#
681# CONFIG_FEATURE_VOLUMEID_BCACHE is not set 695# CONFIG_FEATURE_VOLUMEID_BCACHE is not set
682# CONFIG_FEATURE_VOLUMEID_BTRFS is not set 696# CONFIG_FEATURE_VOLUMEID_BTRFS is not set
683# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set 697# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
@@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR=""
725# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set 739# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
726# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set 740# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
727# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set 741# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
742# CONFIG_HEXEDIT is not set
728# CONFIG_I2CGET is not set 743# CONFIG_I2CGET is not set
729# CONFIG_I2CSET is not set 744# CONFIG_I2CSET is not set
730# CONFIG_I2CDUMP is not set 745# CONFIG_I2CDUMP is not set
@@ -807,6 +822,7 @@ CONFIG_MICROCOM=y
807# CONFIG_RUNLEVEL is not set 822# CONFIG_RUNLEVEL is not set
808# CONFIG_RX is not set 823# CONFIG_RX is not set
809# CONFIG_SETSID is not set 824# CONFIG_SETSID is not set
825# CONFIG_SETFATTR is not set
810CONFIG_STRINGS=y 826CONFIG_STRINGS=y
811CONFIG_TIME=y 827CONFIG_TIME=y
812# CONFIG_TIMEOUT is not set 828# CONFIG_TIMEOUT is not set
@@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y
912CONFIG_ROUTE=y 928CONFIG_ROUTE=y
913# CONFIG_SLATTACH is not set 929# CONFIG_SLATTACH is not set
914# CONFIG_SSL_CLIENT is not set 930# CONFIG_SSL_CLIENT is not set
931# CONFIG_TC is not set
932# CONFIG_FEATURE_TC_INGRESS is not set
915# CONFIG_TCPSVD is not set 933# CONFIG_TCPSVD is not set
916# CONFIG_UDPSVD is not set 934# CONFIG_UDPSVD is not set
917CONFIG_TELNET=y 935CONFIG_TELNET=y
@@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y
949# CONFIG_FEATURE_WGET_OPENSSL is not set 967# CONFIG_FEATURE_WGET_OPENSSL is not set
950# CONFIG_WHOIS is not set 968# CONFIG_WHOIS is not set
951# CONFIG_ZCIP is not set 969# CONFIG_ZCIP is not set
952# CONFIG_UDHCPC6 is not set
953# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
954# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
955# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
956CONFIG_UDHCPD=y 970CONFIG_UDHCPD=y
957# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
958# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set 971# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
972# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
959CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases" 973CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
960CONFIG_DUMPLEASES=y 974CONFIG_DUMPLEASES=y
961# CONFIG_DHCPRELAY is not set 975# CONFIG_DHCPRELAY is not set
@@ -963,6 +977,15 @@ CONFIG_UDHCPC=y
963CONFIG_FEATURE_UDHCPC_ARPING=y 977CONFIG_FEATURE_UDHCPC_ARPING=y
964CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y 978CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
965CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" 979CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
980# CONFIG_UDHCPC6 is not set
981# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
982# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
983# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
984# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
985
986#
987# Common options for DHCP applets
988#
966# CONFIG_FEATURE_UDHCP_PORT is not set 989# CONFIG_FEATURE_UDHCP_PORT is not set
967CONFIG_UDHCP_DEBUG=0 990CONFIG_UDHCP_DEBUG=0
968# CONFIG_FEATURE_UDHCP_RFC3397 is not set 991# CONFIG_FEATURE_UDHCP_RFC3397 is not set
@@ -1045,6 +1068,7 @@ CONFIG_WATCH=y
1045# CONFIG_SV is not set 1068# CONFIG_SV is not set
1046CONFIG_SV_DEFAULT_SERVICE_DIR="" 1069CONFIG_SV_DEFAULT_SERVICE_DIR=""
1047# CONFIG_SVC is not set 1070# CONFIG_SVC is not set
1071# CONFIG_SVOK is not set
1048# CONFIG_SVLOGD is not set 1072# CONFIG_SVLOGD is not set
1049# CONFIG_CHCON is not set 1073# CONFIG_CHCON is not set
1050# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set 1074# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
@@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y
1134# System Logging Utilities 1158# System Logging Utilities
1135# 1159#
1136CONFIG_KLOGD=y 1160CONFIG_KLOGD=y
1161
1162#
1163# klogd should not be used together with syslog to kernel printk buffer
1164#
1137CONFIG_FEATURE_KLOGD_KLOGCTL=y 1165CONFIG_FEATURE_KLOGD_KLOGCTL=y
1138CONFIG_LOGGER=y 1166CONFIG_LOGGER=y
1139# CONFIG_LOGREAD is not set 1167# CONFIG_LOGREAD is not set
diff --git a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
deleted file mode 100644
index 9fe7998df3..0000000000
--- a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
+++ /dev/null
@@ -1,40 +0,0 @@
1Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
2Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
3
4From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
5From: Shawn Landden <slandden@gmail.com>
6Date: Mon, 8 Jan 2018 13:31:58 +0100
7Subject: [PATCH] umount: ignore -c
8Organization: O.S. Systems Software LTDA.
9
10"-c, --no-canonicalize: Do not canonicalize paths."
11
12As busybox doesn't canonicalize paths in the first place it is safe to ignore
13this option.
14
15See https://github.com/systemd/systemd/issues/7786
16
17Signed-off-by: Shawn Landden <slandden@gmail.com>
18Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
19---
20 util-linux/umount.c | 4 ++--
21 1 file changed, 2 insertions(+), 2 deletions(-)
22
23diff --git a/util-linux/umount.c b/util-linux/umount.c
24index 0c50dc9ee..0425c5b76 100644
25--- a/util-linux/umount.c
26+++ b/util-linux/umount.c
27@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
28 }
29 #endif
30
31-/* ignored: -v -t -i */
32-#define OPTION_STRING "fldnra" "vt:i"
33+/* ignored: -c -v -t -i */
34+#define OPTION_STRING "fldnra" "cvt:i"
35 #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
36 #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
37 #define OPT_FREELOOP (1 << 2)
38--
392.18.0
40
diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.29.2.bb
index 1ce4823d47..3496a857c4 100644
--- a/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.29.2.bb
@@ -42,13 +42,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
42 file://rcK \ 42 file://rcK \
43 file://runlevel \ 43 file://runlevel \
44 file://makefile-libbb-race.patch \ 44 file://makefile-libbb-race.patch \
45 file://CVE-2011-5325.patch \
46 file://CVE-2017-15873.patch \
47 file://busybox-CVE-2017-16544.patch \
48 file://busybox-fix-lzma-segfaults.patch \
49 file://umount-ignore-c.patch \
50" 45"
51SRC_URI_append_libc-musl = " file://musl.cfg " 46SRC_URI_append_libc-musl = " file://musl.cfg "
52 47
53SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e" 48SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
54SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df" 49SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"