3 files changed, 295 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
new file mode 100644
index 0000000000..5836cf8a00
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
@@ -0,0 +1,197 @@
+From dedc9380c76834ba64c8b526aef6f461ea4e7f2e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 30 May 2023 16:42:18 +0200
+Subject: [PATCH 1/2] awk: fix precedence of = relative to ==
+Discovered while adding code to disallow assignments to non-lvalues
+function                                             old     new   delta
+parse_expr                                           936     991     +55
+.rodata                                           105243  105247      +4
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0)               Total: 59 bytes
+CVE: CVE-2023-42364 CVE-2023-42365
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4]
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4)
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ editors/awk.c       | 66 ++++++++++++++++++++++++++++++---------------
+ testsuite/awk.tests |  5 ++++
+ 2 files changed, 50 insertions(+), 21 deletions(-)
+diff --git a/editors/awk.c b/editors/awk.c
+index ec9301e..aff86fe 100644
+--- a/editors/awk.c
+++ b/editors/awk.c
+@@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n)
+ #undef P
+ #undef PRIMASK
+ #undef PRIMASK2
+-#define P(x)      (x << 24)
+/* Smaller 'x' means _higher_ operator precedence */
+#define PRECEDENCE(x) (x << 24)
+#define P(x)      PRECEDENCE(x)
+ #define PRIMASK   0x7F000000
+ #define PRIMASK2  0x7E000000
+ 
+@@ -360,7 +362,7 @@ enum {
+        OC_MOVE = 0x1f00,       OC_PGETLINE = 0x2000,   OC_REGEXP = 0x2100,
+        OC_REPLACE = 0x2200,    OC_RETURN = 0x2300,     OC_SPRINTF = 0x2400,
+        OC_TERNARY = 0x2500,    OC_UNARY = 0x2600,      OC_VAR = 0x2700,
+-       OC_DONE = 0x2800,
+       OC_CONST = 0x2800,      OC_DONE = 0x2900,
+ 
+        ST_IF = 0x3000,         ST_DO = 0x3100,         ST_FOR = 0x3200,
+        ST_WHILE = 0x3300
+@@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = {
+ #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
+ #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
+        TI_PREINC,               TI_PREDEC,               OC_FIELD|xV|P(5),
+-       OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(74),        OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
+-       OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
+-       OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
+       OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(38),        OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
+       OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
+       OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
+        OC_BINARY|NV|P(25)|'/',  OC_BINARY|NV|P(25)|'%',  OC_BINARY|NV|P(15)|'&',  OC_BINARY|NV|P(25)|'*',
+        OC_COMPARE|VV|P(39)|4,   OC_COMPARE|VV|P(39)|3,   OC_COMPARE|VV|P(39)|0,   OC_COMPARE|VV|P(39)|1,
+ #define TI_LESS     (OC_COMPARE|VV|P(39)|2)
+@@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected)
+                        save_tclass = tc;
+                        save_info = t_info;
+                        tc = TC_BINOPX;
+-                       t_info = OC_CONCAT | SS | P(35);
+                       t_info = OC_CONCAT | SS | PRECEDENCE(35);
+                }
+ 
+                t_tclass = tc;
+@@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc)
+ {
+        node sn;
+        node *cn = &sn;
+-       node *vn, *glptr;
+       node *glptr;
+        uint32_t tc, expected_tc;
+-       var *v;
+ 
+        debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
+        debug_parse_print_tc(term_tc);
+@@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc)
+        expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc;
+ 
+        while (!((tc = next_token(expected_tc)) & term_tc)) {
+               node *vn;
+ 
+                if (glptr && (t_info == TI_LESS)) {
+                        /* input redirection (<) attached to glptr node */
+                        debug_printf_parse("%s: input redir\n", __func__);
+-                       cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37));
+                       cn = glptr->l.n = new_node(OC_CONCAT | SS | PRECEDENCE(37));
+                        cn->a.n = glptr;
+                        expected_tc = TS_OPERAND | TS_UOPPRE;
+                        glptr = NULL;
+@@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc)
+                         * previous operators with higher priority */
+                        vn = cn;
+                        while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
+-                           || ((t_info == vn->info) && t_info == TI_COLON)
+                           || (t_info == vn->info && t_info == TI_COLON)
+                        ) {
+                                vn = vn->a.n;
+                                if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
+                        }
+                        if (t_info == TI_TERNARY)
+ //TODO: why?
+-                               t_info += P(6);
+                               t_info += PRECEDENCE(6);
+                        cn = vn->a.n->r.n = new_node(t_info);
+                        cn->a.n = vn->a.n;
+                        if (tc & TS_BINOP) {
+                                cn->l.n = vn;
+-//FIXME: this is the place to detect and reject assignments to non-lvalues.
+-//Currently we allow "assignments" to consts and temporaries, nonsense like this:
+-// awk 'BEGIN { "qwe" = 1 }'
+-// awk 'BEGIN { 7 *= 7 }'
+-// awk 'BEGIN { length("qwe") = 1 }'
+-// awk 'BEGIN { (1+1) += 3 }'
+
+                               /* Prevent:
+                                * awk 'BEGIN { "qwe" = 1 }'
+                                * awk 'BEGIN { 7 *= 7 }'
+                                * awk 'BEGIN { length("qwe") = 1 }'
+                                * awk 'BEGIN { (1+1) += 3 }'
+                                */
+                               /* Assignment? (including *= and friends) */
+                               if (((t_info & OPCLSMASK) == OC_MOVE)
+                                || ((t_info & OPCLSMASK) == OC_REPLACE)
+                               ) {
+                                       debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info);
+                                       /* Left side is a (variable or array element)
+                                        * or function argument
+                                        * or $FIELD ?
+                                        */
+                                       if ((vn->info & OPCLSMASK) != OC_VAR
+                                        && (vn->info & OPCLSMASK) != OC_FNARG
+                                        && (vn->info & OPCLSMASK) != OC_FIELD
+                                       ) {
+                                               syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
+                                       }
+                               }
+
+                                expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
+                                if (t_info == TI_PGETLINE) {
+                                        /* it's a pipe */
+@@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc)
+                /* one should be very careful with switch on tclass -
+                 * only simple tclasses should be used (TC_xyz, not TS_xyz) */
+                switch (tc) {
+                       var *v;
+
+                case TC_VARIABLE:
+                case TC_ARRAY:
+                        debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
+@@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc)
+                case TC_NUMBER:
+                case TC_STRING:
+                        debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
+-                       cn->info = OC_VAR;
+                       cn->info = OC_CONST;
+                        v = cn->l.v = xzalloc(sizeof(var));
+-                       if (tc & TC_NUMBER)
+                       if (tc & TC_NUMBER) {
+                                setvar_i(v, t_double);
+-                       else {
+                        } else {
+                                setvar_s(v, t_string);
+-                               expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
+                        }
+                       expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */
+                        break;
+ 
+                case TC_REGEXP:
+@@ -3107,6 +3129,8 @@ static var *evaluate(node *op, var *res)
+ 
+                /* -- recursive node type -- */
+ 
+               case XC( OC_CONST ):
+                       debug_printf_eval("CONST ");
+                case XC( OC_VAR ):
+                        debug_printf_eval("VAR\n");
+                        L.v = op->l.v;
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index ddc5104..a78fdcd 100755
+--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
+@@ -540,4 +540,9 @@ testing 'awk assign while assign' \
+ │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+ └────────────────────────────────────────────────────┘^C"
+ 
+testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
+       "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
+       '0\n1\n2\n1\n3\n' \
+       '' ''
+
+ exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
new file mode 100644
index 0000000000..ea3c84897b
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
@@ -0,0 +1,96 @@
+From c3bfdac8e0e9a21d524ad72036953f68d2193e52 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 21 May 2024 14:46:08 +0200
+Subject: [PATCH 2/2] awk: fix ternary operator and precedence of =
+Adjust the = precedence test to match behavior of gawk, mawk and
+FreeBSD.  awk 'BEGIN {print v=3==3; print v}' should print two '1'.
+To fix this, and to unbreak the ternary conditional operator, we restore
+the precedence of = in the token list, but override this with a lower
+priority when the assignment is on the right side of a compare.
+This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1]
+CVE: CVE-2023-42364 CVE-2023-42365
+Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
+[1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+(cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95)
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ editors/awk.c       | 18 ++++++++++++++----
+ testsuite/awk.tests |  9 +++++++--
+ 2 files changed, 21 insertions(+), 6 deletions(-)
+diff --git a/editors/awk.c b/editors/awk.c
+index aff86fe..f320d8c 100644
+--- a/editors/awk.c
+++ b/editors/awk.c
+@@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = {
+ #define TI_PREINC (OC_UNARY|xV|P(9)|'P')
+ #define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
+        TI_PREINC,               TI_PREDEC,               OC_FIELD|xV|P(5),
+-       OC_COMPARE|VV|P(39)|5,   OC_MOVE|VV|P(38),        OC_REPLACE|NV|P(38)|'+', OC_REPLACE|NV|P(38)|'-',
+-       OC_REPLACE|NV|P(38)|'*', OC_REPLACE|NV|P(38)|'/', OC_REPLACE|NV|P(38)|'%', OC_REPLACE|NV|P(38)|'&',
+-       OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(38)|'&', OC_BINARY|NV|P(15)|'&',
+#define TI_ASSIGN (OC_MOVE|VV|P(74))
+       OC_COMPARE|VV|P(39)|5,   TI_ASSIGN,               OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
+       OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
+       OC_BINARY|NV|P(29)|'+',  OC_BINARY|NV|P(29)|'-',  OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
+        OC_BINARY|NV|P(25)|'/',  OC_BINARY|NV|P(25)|'%',  OC_BINARY|NV|P(15)|'&',  OC_BINARY|NV|P(25)|'*',
+        OC_COMPARE|VV|P(39)|4,   OC_COMPARE|VV|P(39)|3,   OC_COMPARE|VV|P(39)|0,   OC_COMPARE|VV|P(39)|1,
+ #define TI_LESS     (OC_COMPARE|VV|P(39)|2)
+@@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc)
+                        continue;
+                }
+                if (tc & (TS_BINOP | TC_UOPPOST)) {
+                       int prio;
+                        debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
+                        /* for binary and postfix-unary operators, jump back over
+                         * previous operators with higher priority */
+                        vn = cn;
+-                       while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
+                       /* Let assignment get higher priority when used on right
+                        * side in compare. i.e: 2==v=3 */
+                       if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) {
+                               prio = PRECEDENCE(38);
+                       } else {
+                               prio = (t_info & PRIMASK);
+                       }
+                       while ((prio > (vn->a.n->info & PRIMASK2))
+                            || (t_info == vn->info && t_info == TI_COLON)
+                        ) {
+                                vn = vn->a.n;
+@@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc)
+                                        if ((vn->info & OPCLSMASK) != OC_VAR
+                                         && (vn->info & OPCLSMASK) != OC_FNARG
+                                         && (vn->info & OPCLSMASK) != OC_FIELD
+                                        && (vn->info & OPCLSMASK) != OC_COMPARE
+                                        ) {
+                                                syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
+                                        }
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index a78fdcd..d2706de 100755
+--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
+@@ -540,9 +540,14 @@ testing 'awk assign while assign' \
+ │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+ └────────────────────────────────────────────────────┘^C"
+ 
+-testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
+testing "awk = has higher precedence than == on right side" \
+        "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
+-       '0\n1\n2\n1\n3\n' \
+       '0\n1\n2\n1\n1\n' \
+       '' ''
+
+testing 'awk ternary precedence' \
+       "awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \
+       'no\n' \
+        '' ''
+ 
+ exit $FAILCOUNT
diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb
index 67bc5c0cad..6972eef81f 100644
--- a/meta/recipes-core/busybox/busybox_1.36.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.36.1.bb
@@ -53,6 +53,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
           file://0001-awk-fix-segfault-when-compiled-by-clang.patch \
           file://CVE-2023-42363.patch \
           file://busybox-1.36.1-no-cbq.patch \
+           file://0001-awk-fix-precedence-of-relative-to.patch \
+           file://0002-awk-fix-ternary-operator-and-precedence-of.patch \
           "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 # TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html

diff --git a/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch new file mode 100644 index 0000000000..5836cf8a00 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-awk-fix-precedence-of-relative-to.patch
@@ -0,0 +1,197 @@
		1	From dedc9380c76834ba64c8b526aef6f461ea4e7f2e Mon Sep 17 00:00:00 2001
		2	From: Denys Vlasenko <vda.linux@googlemail.com>
		3	Date: Tue, 30 May 2023 16:42:18 +0200
		4	Subject: [PATCH 1/2] awk: fix precedence of = relative to ==
		5
		6	Discovered while adding code to disallow assignments to non-lvalues
		7
		8	function old new delta
		9	parse_expr 936 991 +55
		10	.rodata 105243 105247 +4
		11	------------------------------------------------------------------------------
		12	(add/remove: 0/0 grow/shrink: 2/0 up/down: 59/0) Total: 59 bytes
		13
		14	CVE: CVE-2023-42364 CVE-2023-42365
		15
		16	Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4]
		17	Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
		18	(cherry picked from commit 0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4)
		19	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		20	---
		21	editors/awk.c \| 66 ++++++++++++++++++++++++++++++---------------
		22	testsuite/awk.tests \| 5 ++++
		23	2 files changed, 50 insertions(+), 21 deletions(-)
		24
		25	diff --git a/editors/awk.c b/editors/awk.c
		26	index ec9301e..aff86fe 100644
		27	--- a/editors/awk.c
		28	+++ b/editors/awk.c
		29	@@ -337,7 +337,9 @@ static void debug_parse_print_tc(uint32_t n)
		30	#undef P
		31	#undef PRIMASK
		32	#undef PRIMASK2
		33	-#define P(x) (x << 24)
		34	+/* Smaller 'x' means _higher_ operator precedence */
		35	+#define PRECEDENCE(x) (x << 24)
		36	+#define P(x) PRECEDENCE(x)
		37	#define PRIMASK 0x7F000000
		38	#define PRIMASK2 0x7E000000
		39
		40	@@ -360,7 +362,7 @@ enum {
		41	OC_MOVE = 0x1f00, OC_PGETLINE = 0x2000, OC_REGEXP = 0x2100,
		42	OC_REPLACE = 0x2200, OC_RETURN = 0x2300, OC_SPRINTF = 0x2400,
		43	OC_TERNARY = 0x2500, OC_UNARY = 0x2600, OC_VAR = 0x2700,
		44	- OC_DONE = 0x2800,
		45	+ OC_CONST = 0x2800, OC_DONE = 0x2900,
		46
		47	ST_IF = 0x3000, ST_DO = 0x3100, ST_FOR = 0x3200,
		48	ST_WHILE = 0x3300
		49	@@ -440,9 +442,9 @@ static const uint32_t tokeninfo[] ALIGN4 = {
		50	#define TI_PREINC (OC_UNARY\|xV\|P(9)\|'P')
		51	#define TI_PREDEC (OC_UNARY\|xV\|P(9)\|'M')
		52	TI_PREINC, TI_PREDEC, OC_FIELD\|xV\|P(5),
		53	- OC_COMPARE\|VV\|P(39)\|5, OC_MOVE\|VV\|P(74), OC_REPLACE\|NV\|P(74)\|'+', OC_REPLACE\|NV\|P(74)\|'-',
		54	- OC_REPLACE\|NV\|P(74)\|'*', OC_REPLACE\|NV\|P(74)\|'/', OC_REPLACE\|NV\|P(74)\|'%', OC_REPLACE\|NV\|P(74)\|'&',
		55	- OC_BINARY\|NV\|P(29)\|'+', OC_BINARY\|NV\|P(29)\|'-', OC_REPLACE\|NV\|P(74)\|'&', OC_BINARY\|NV\|P(15)\|'&',
		56	+ OC_COMPARE\|VV\|P(39)\|5, OC_MOVE\|VV\|P(38), OC_REPLACE\|NV\|P(38)\|'+', OC_REPLACE\|NV\|P(38)\|'-',
		57	+ OC_REPLACE\|NV\|P(38)\|'*', OC_REPLACE\|NV\|P(38)\|'/', OC_REPLACE\|NV\|P(38)\|'%', OC_REPLACE\|NV\|P(38)\|'&',
		58	+ OC_BINARY\|NV\|P(29)\|'+', OC_BINARY\|NV\|P(29)\|'-', OC_REPLACE\|NV\|P(38)\|'&', OC_BINARY\|NV\|P(15)\|'&',
		59	OC_BINARY\|NV\|P(25)\|'/', OC_BINARY\|NV\|P(25)\|'%', OC_BINARY\|NV\|P(15)\|'&', OC_BINARY\|NV\|P(25)\|'*',
		60	OC_COMPARE\|VV\|P(39)\|4, OC_COMPARE\|VV\|P(39)\|3, OC_COMPARE\|VV\|P(39)\|0, OC_COMPARE\|VV\|P(39)\|1,
		61	#define TI_LESS (OC_COMPARE\|VV\|P(39)\|2)
		62	@@ -1290,7 +1292,7 @@ static uint32_t next_token(uint32_t expected)
		63	save_tclass = tc;
		64	save_info = t_info;
		65	tc = TC_BINOPX;
		66	- t_info = OC_CONCAT \| SS \| P(35);
		67	+ t_info = OC_CONCAT \| SS \| PRECEDENCE(35);
		68	}
		69
		70	t_tclass = tc;
		71	@@ -1350,9 +1352,8 @@ static node *parse_expr(uint32_t term_tc)
		72	{
		73	node sn;
		74	node *cn = &sn;
		75	- node vn, glptr;
		76	+ node *glptr;
		77	uint32_t tc, expected_tc;
		78	- var *v;
		79
		80	debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
		81	debug_parse_print_tc(term_tc);
		82	@@ -1363,11 +1364,12 @@ static node *parse_expr(uint32_t term_tc)
		83	expected_tc = TS_OPERAND \| TS_UOPPRE \| TC_REGEXP \| term_tc;
		84
		85	while (!((tc = next_token(expected_tc)) & term_tc)) {
		86	+ node *vn;
		87
		88	if (glptr && (t_info == TI_LESS)) {
		89	/* input redirection (<) attached to glptr node */
		90	debug_printf_parse("%s: input redir\n", __func__);
		91	- cn = glptr->l.n = new_node(OC_CONCAT \| SS \| P(37));
		92	+ cn = glptr->l.n = new_node(OC_CONCAT \| SS \| PRECEDENCE(37));
		93	cn->a.n = glptr;
		94	expected_tc = TS_OPERAND \| TS_UOPPRE;
		95	glptr = NULL;
		96	@@ -1379,24 +1381,42 @@ static node *parse_expr(uint32_t term_tc)
		97	* previous operators with higher priority */
		98	vn = cn;
		99	while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
		100	- \|\| ((t_info == vn->info) && t_info == TI_COLON)
		101	+ \|\| (t_info == vn->info && t_info == TI_COLON)
		102	) {
		103	vn = vn->a.n;
		104	if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
		105	}
		106	if (t_info == TI_TERNARY)
		107	//TODO: why?
		108	- t_info += P(6);
		109	+ t_info += PRECEDENCE(6);
		110	cn = vn->a.n->r.n = new_node(t_info);
		111	cn->a.n = vn->a.n;
		112	if (tc & TS_BINOP) {
		113	cn->l.n = vn;
		114	-//FIXME: this is the place to detect and reject assignments to non-lvalues.
		115	-//Currently we allow "assignments" to consts and temporaries, nonsense like this:
		116	-// awk 'BEGIN { "qwe" = 1 }'
		117	-// awk 'BEGIN { 7 *= 7 }'
		118	-// awk 'BEGIN { length("qwe") = 1 }'
		119	-// awk 'BEGIN { (1+1) += 3 }'
		120	+
		121	+ /* Prevent:
		122	+ * awk 'BEGIN { "qwe" = 1 }'
		123	+ * awk 'BEGIN { 7 *= 7 }'
		124	+ * awk 'BEGIN { length("qwe") = 1 }'
		125	+ * awk 'BEGIN { (1+1) += 3 }'
		126	+ */
		127	+ /* Assignment? (including = and friends) /
		128	+ if (((t_info & OPCLSMASK) == OC_MOVE)
		129	+ \|\| ((t_info & OPCLSMASK) == OC_REPLACE)
		130	+ ) {
		131	+ debug_printf_parse("%s: MOVE/REPLACE vn->info:%08x\n", __func__, vn->info);
		132	+ /* Left side is a (variable or array element)
		133	+ * or function argument
		134	+ * or $FIELD ?
		135	+ */
		136	+ if ((vn->info & OPCLSMASK) != OC_VAR
		137	+ && (vn->info & OPCLSMASK) != OC_FNARG
		138	+ && (vn->info & OPCLSMASK) != OC_FIELD
		139	+ ) {
		140	+ syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
		141	+ }
		142	+ }
		143	+
		144	expected_tc = TS_OPERAND \| TS_UOPPRE \| TC_REGEXP;
		145	if (t_info == TI_PGETLINE) {
		146	/* it's a pipe */
		147	@@ -1432,6 +1452,8 @@ static node *parse_expr(uint32_t term_tc)
		148	/* one should be very careful with switch on tclass -
		149	* only simple tclasses should be used (TC_xyz, not TS_xyz) */
		150	switch (tc) {
		151	+ var *v;
		152	+
		153	case TC_VARIABLE:
		154	case TC_ARRAY:
		155	debug_printf_parse("%s: TC_VARIABLE \| TC_ARRAY\n", __func__);
		156	@@ -1452,14 +1474,14 @@ static node *parse_expr(uint32_t term_tc)
		157	case TC_NUMBER:
		158	case TC_STRING:
		159	debug_printf_parse("%s: TC_NUMBER \| TC_STRING\n", __func__);
		160	- cn->info = OC_VAR;
		161	+ cn->info = OC_CONST;
		162	v = cn->l.v = xzalloc(sizeof(var));
		163	- if (tc & TC_NUMBER)
		164	+ if (tc & TC_NUMBER) {
		165	setvar_i(v, t_double);
		166	- else {
		167	+ } else {
		168	setvar_s(v, t_string);
		169	- expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
		170	}
		171	+ expected_tc &= ~TC_UOPPOST; /* NUM++, "str"++ not allowed */
		172	break;
		173
		174	case TC_REGEXP:
		175	@@ -3107,6 +3129,8 @@ static var evaluate(node op, var *res)
		176
		177	/* -- recursive node type -- */
		178
		179	+ case XC( OC_CONST ):
		180	+ debug_printf_eval("CONST ");
		181	case XC( OC_VAR ):
		182	debug_printf_eval("VAR\n");
		183	L.v = op->l.v;
		184	diff --git a/testsuite/awk.tests b/testsuite/awk.tests
		185	index ddc5104..a78fdcd 100755
		186	--- a/testsuite/awk.tests
		187	+++ b/testsuite/awk.tests
		188	@@ -540,4 +540,9 @@ testing 'awk assign while assign' \
		189	│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
		190	└────────────────────────────────────────────────────┘^C"
		191
		192	+testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
		193	+ "awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
		194	+ '0\n1\n2\n1\n3\n' \
		195	+ '' ''
		196	+
		197	exit $FAILCOUNT


diff --git a/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch new file mode 100644 index 0000000000..ea3c84897b --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0002-awk-fix-ternary-operator-and-precedence-of.patch
@@ -0,0 +1,96 @@
		1	From c3bfdac8e0e9a21d524ad72036953f68d2193e52 Mon Sep 17 00:00:00 2001
		2	From: Natanael Copa <ncopa@alpinelinux.org>
		3	Date: Tue, 21 May 2024 14:46:08 +0200
		4	Subject: [PATCH 2/2] awk: fix ternary operator and precedence of =
		5
		6	Adjust the = precedence test to match behavior of gawk, mawk and
		7	FreeBSD. awk 'BEGIN {print v=3==3; print v}' should print two '1'.
		8
		9	To fix this, and to unbreak the ternary conditional operator, we restore
		10	the precedence of = in the token list, but override this with a lower
		11	priority when the assignment is on the right side of a compare.
		12
		13	This fixes commit 0256e00a9d07 (awk: fix precedence of = relative to ==) [1]
		14
		15	CVE: CVE-2023-42364 CVE-2023-42365
		16
		17	Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2024-May/090766.html]
		18
		19	[1] https://bugs.busybox.net/show_bug.cgi?id=15871#c6
		20
		21	Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
		22	(cherry picked from commit 1714301c405ef03b39605c85c23f22a190cddd95)
		23	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		24	---
		25	editors/awk.c \| 18 ++++++++++++++----
		26	testsuite/awk.tests \| 9 +++++++--
		27	2 files changed, 21 insertions(+), 6 deletions(-)
		28
		29	diff --git a/editors/awk.c b/editors/awk.c
		30	index aff86fe..f320d8c 100644
		31	--- a/editors/awk.c
		32	+++ b/editors/awk.c
		33	@@ -442,9 +442,10 @@ static const uint32_t tokeninfo[] ALIGN4 = {
		34	#define TI_PREINC (OC_UNARY\|xV\|P(9)\|'P')
		35	#define TI_PREDEC (OC_UNARY\|xV\|P(9)\|'M')
		36	TI_PREINC, TI_PREDEC, OC_FIELD\|xV\|P(5),
		37	- OC_COMPARE\|VV\|P(39)\|5, OC_MOVE\|VV\|P(38), OC_REPLACE\|NV\|P(38)\|'+', OC_REPLACE\|NV\|P(38)\|'-',
		38	- OC_REPLACE\|NV\|P(38)\|'*', OC_REPLACE\|NV\|P(38)\|'/', OC_REPLACE\|NV\|P(38)\|'%', OC_REPLACE\|NV\|P(38)\|'&',
		39	- OC_BINARY\|NV\|P(29)\|'+', OC_BINARY\|NV\|P(29)\|'-', OC_REPLACE\|NV\|P(38)\|'&', OC_BINARY\|NV\|P(15)\|'&',
		40	+#define TI_ASSIGN (OC_MOVE\|VV\|P(74))
		41	+ OC_COMPARE\|VV\|P(39)\|5, TI_ASSIGN, OC_REPLACE\|NV\|P(74)\|'+', OC_REPLACE\|NV\|P(74)\|'-',
		42	+ OC_REPLACE\|NV\|P(74)\|'*', OC_REPLACE\|NV\|P(74)\|'/', OC_REPLACE\|NV\|P(74)\|'%', OC_REPLACE\|NV\|P(74)\|'&',
		43	+ OC_BINARY\|NV\|P(29)\|'+', OC_BINARY\|NV\|P(29)\|'-', OC_REPLACE\|NV\|P(74)\|'&', OC_BINARY\|NV\|P(15)\|'&',
		44	OC_BINARY\|NV\|P(25)\|'/', OC_BINARY\|NV\|P(25)\|'%', OC_BINARY\|NV\|P(15)\|'&', OC_BINARY\|NV\|P(25)\|'*',
		45	OC_COMPARE\|VV\|P(39)\|4, OC_COMPARE\|VV\|P(39)\|3, OC_COMPARE\|VV\|P(39)\|0, OC_COMPARE\|VV\|P(39)\|1,
		46	#define TI_LESS (OC_COMPARE\|VV\|P(39)\|2)
		47	@@ -1376,11 +1377,19 @@ static node *parse_expr(uint32_t term_tc)
		48	continue;
		49	}
		50	if (tc & (TS_BINOP \| TC_UOPPOST)) {
		51	+ int prio;
		52	debug_printf_parse("%s: TS_BINOP \| TC_UOPPOST tc:%x\n", __func__, tc);
		53	/* for binary and postfix-unary operators, jump back over
		54	* previous operators with higher priority */
		55	vn = cn;
		56	- while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
		57	+ /* Let assignment get higher priority when used on right
		58	+ * side in compare. i.e: 2==v=3 */
		59	+ if (t_info == TI_ASSIGN && (vn->a.n->info & OPCLSMASK) == OC_COMPARE) {
		60	+ prio = PRECEDENCE(38);
		61	+ } else {
		62	+ prio = (t_info & PRIMASK);
		63	+ }
		64	+ while ((prio > (vn->a.n->info & PRIMASK2))
		65	\|\| (t_info == vn->info && t_info == TI_COLON)
		66	) {
		67	vn = vn->a.n;
		68	@@ -1412,6 +1421,7 @@ static node *parse_expr(uint32_t term_tc)
		69	if ((vn->info & OPCLSMASK) != OC_VAR
		70	&& (vn->info & OPCLSMASK) != OC_FNARG
		71	&& (vn->info & OPCLSMASK) != OC_FIELD
		72	+ && (vn->info & OPCLSMASK) != OC_COMPARE
		73	) {
		74	syntax_error(EMSG_UNEXP_TOKEN); /* no. bad */
		75	}
		76	diff --git a/testsuite/awk.tests b/testsuite/awk.tests
		77	index a78fdcd..d2706de 100755
		78	--- a/testsuite/awk.tests
		79	+++ b/testsuite/awk.tests
		80	@@ -540,9 +540,14 @@ testing 'awk assign while assign' \
		81	│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
		82	└────────────────────────────────────────────────────┘^C"
		83
		84	-testing "awk = has higher precedence than == (despite what gawk manpage claims)" \
		85	+testing "awk = has higher precedence than == on right side" \
		86	"awk 'BEGIN { v=1; print 2==v; print 2==v=2; print v; print v=3==3; print v}'" \
		87	- '0\n1\n2\n1\n3\n' \
		88	+ '0\n1\n2\n1\n1\n' \
		89	+ '' ''
		90	+
		91	+testing 'awk ternary precedence' \
		92	+ "awk 'BEGIN { a = 0 ? \"yes\": \"no\"; print a }'" \
		93	+ 'no\n' \
		94	'' ''
		95
		96	exit $FAILCOUNT


diff --git a/meta/recipes-core/busybox/busybox_1.36.1.bb b/meta/recipes-core/busybox/busybox_1.36.1.bb index 67bc5c0cad..6972eef81f 100644 --- a/meta/recipes-core/busybox/busybox_1.36.1.bb +++ b/meta/recipes-core/busybox/busybox_1.36.1.bb
@@ -53,6 +53,8 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
53	file://0001-awk-fix-segfault-when-compiled-by-clang.patch \	53	file://0001-awk-fix-segfault-when-compiled-by-clang.patch \
54	file://CVE-2023-42363.patch \	54	file://CVE-2023-42363.patch \
55	file://busybox-1.36.1-no-cbq.patch \	55	file://busybox-1.36.1-no-cbq.patch \
		56	file://0001-awk-fix-precedence-of-relative-to.patch \
		57	file://0002-awk-fix-ternary-operator-and-precedence-of.patch \
56	"	58	"
57	SRC_URI:append:libc-musl = " file://musl.cfg "	59	SRC_URI:append:libc-musl = " file://musl.cfg "
58	# TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html	60	# TODO http://lists.busybox.net/pipermail/busybox/2023-January/090078.html