3 files changed, 158 insertions, 5 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
new file mode 100644
index 0000000000..f40fe582c5
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
@@ -0,0 +1,151 @@
+From 5dcc443dba039b305a510c01883e9f34e42656ae Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Fri, 26 May 2023 19:36:58 +0200
+Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+CVE: CVE-2021-42380
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ editors/awk.c       | 26 ++++++++++++++++-----
+ testsuite/awk.tests | 55 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 75 insertions(+), 6 deletions(-)
+diff --git a/editors/awk.c b/editors/awk.c
+index 728ee8685..2af823808 100644
+--- a/editors/awk.c
+++ b/editors/awk.c
+@@ -555,7 +555,7 @@ struct globals {
+        const char *g_progname;
+        int g_lineno;
+        int nfields;
+-       int maxfields; /* used in fsrealloc() only */
+       unsigned maxfields;
+        var *Fields;
+        char *g_pos;
+        char g_saved_ch;
+@@ -1917,9 +1917,9 @@ static void fsrealloc(int size)
+ {
+        int i, newsize;
+ 
+-       if (size >= maxfields) {
+-               /* Sanity cap, easier than catering for overflows */
+-               if (size > 0xffffff)
+       if ((unsigned)size >= maxfields) {
+               /* Sanity cap, easier than catering for over/underflows */
+               if ((unsigned)size > 0xffffff)
+                        bb_die_memory_exhausted();
+ 
+                i = maxfields;
+@@ -2877,6 +2877,7 @@ static var *evaluate(node *op, var *res)
+                uint32_t opinfo;
+                int opn;
+                node *op1;
+               var *old_Fields_ptr;
+ 
+                opinfo = op->info;
+                opn = (opinfo & OPNMASK);
+@@ -2885,10 +2886,16 @@ static var *evaluate(node *op, var *res)
+                debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn);
+ 
+                /* execute inevitable things */
+               old_Fields_ptr = NULL;
+                if (opinfo & OF_RES1) {
+                        if ((opinfo & OF_REQUIRED) && !op1)
+                                syntax_error(EMSG_TOO_FEW_ARGS);
+                        L.v = evaluate(op1, TMPVAR0);
+                       /* Does L.v point to $n variable? */
+                       if ((size_t)(L.v - Fields) < maxfields) {
+                               /* yes, remember where Fields[] is */
+                               old_Fields_ptr = Fields;
+                       }
+                        if (opinfo & OF_STR1) {
+                                L.s = getvar_s(L.v);
+                                debug_printf_eval("L.s:'%s'\n", L.s);
+@@ -2907,8 +2914,15 @@ static var *evaluate(node *op, var *res)
+                 */
+                if (opinfo & OF_RES2) {
+                        R.v = evaluate(op->r.n, TMPVAR1);
+-                       //TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
+-                       //L.v = NULL;
+                       /* Seen in $5=$$5=$0:
+                        * Evaluation of R.v ($$5=$0 expression)
+                        * made L.v ($5) invalid. It's detected here.
+                        */
+                       if (old_Fields_ptr) {
+                               //if (old_Fields_ptr != Fields)
+                               //      debug_printf_eval("L.v moved\n");
+                               L.v += Fields - old_Fields_ptr;
+                       }
+                        if (opinfo & OF_STR2) {
+                                R.s = getvar_s(R.v);
+                                debug_printf_eval("R.s:'%s'\n", R.s);
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index bcaafe8..08afdb2 100755
+--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
+@@ -469,4 +469,59 @@ testing 'awk printf %% prints one %' \
+        "%\n" \
+        '' ''
+ 
+# User-supplied bug (SEGV) example, was causing use-after-realloc
+testing 'awk assign while assign' \
+       "awk '\$5=\$\$5=\$0'; echo \$?" \
+       "\
+─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐
+│ run time : │        run time : 0 days, 0 hrs, 0 min, 56 sec      │  cycles done : 0     │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
+│ last new find │   last new find : 0 days, 0 hrs, 0 min, 1 sec       │ corpus count : 208   │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
+│last saved crash : │last saved crash : none seen yet                     │saved crashes : 0     │ seen yet │saved crashes : 0 │
+│ last saved hang │ last saved hang : none seen yet                     │  saved hangs : 0     │ none seen yet │ saved hangs : 0 │
+├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤
+│ now processing : │  now processing : 184.1 (88.5%)      │    map density : 0.30% / 0.52%      │ (88.5%) │ map density : 0.30% / 0.52% │                                                                                                                                                                          │  now processing : 184.1 (88.5%)      │    map density : 0.30% / 0.52%      │
+│ runs timed out │  runs timed out : 0 (0.00%)          │ count coverage : 2.18 bits/tuple    │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │
+├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤
+│ now trying : │  now trying : havoc                  │ favored items : 43 (20.67%)         │ │ favored items : 43 (20.67%) │
+│ stage execs : │ stage execs : 11.2k/131k (8.51%)     │  new edges on : 52 (25.00%)         │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%)     │  new edges on : 52 (25.00%)         │ 52 (25.00%) │
+│ total execs : │ total execs : 179k                   │ total crashes : 0 (0 saved)         │ │ total crashes : 0 (0 saved) │                                                                                                                                                                      │ total execs : 179k                   │ total crashes : 0 (0 saved)         │
+│ exec speed : │  exec speed : 3143/sec               │  total tmouts : 0 (0 saved)         │ │ total tmouts : 0 (0 saved) │                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          │  exec speed : 3143/sec               │  total tmouts : 0 (0 saved)         │
+├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤
+│ bit flips : │   bit flips : 11/648, 4/638, 5/618                 │    levels : 4         │ 4/638, 5/618 │ levels : │   bit flips : 11/648, 4/638, 5/618                 │    levels : 4         │ │
+│ byte flips : │  byte flips : 0/81, 0/71, 0/52                     │   pending : 199       │ 0/71, 0/52 │ pending : 199 │
+│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0                 │  pend fav : 35        │ 0/0 │ pend fav : 35 │
+│  known ints : 1/448, 0/1986, 0/2288                │ own finds : 207       │ known ints : │  known ints : 1/448, 0/1986, 0/2288                │ own finds : 207       │ 0/1986, 0/2288 │ own finds : 207 │
+│ dictionary : 0/0, │  dictionary : 0/0, 0/0, 0/0, 0/0                   │  imported : 0         │ 0/0, 0/0 │ imported : 0 │
+│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616                    │ stability : 100.00%   │ stability : 100.00% │
+│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused       ├───────────────────────┘ unused ├───────────────────────┘
+│ trim/eff : 57.02%/26, │    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%] │ [cpu000:100%]
+└────────────────────────────────────────────────────┘^C    └────────────────────────────────────────────────────┘^C
+0
+" \
+       "" \
+       "\
+─ process timing ────────────────────────────────────┬─ overall results ────┐
+│        run time : 0 days, 0 hrs, 0 min, 56 sec      │  cycles done : 0     │
+│   last new find : 0 days, 0 hrs, 0 min, 1 sec       │ corpus count : 208   │
+│last saved crash : none seen yet                     │saved crashes : 0     │
+│ last saved hang : none seen yet                     │  saved hangs : 0     │
+├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤
+│  now processing : 184.1 (88.5%)      │    map density : 0.30% / 0.52%      │
+│  runs timed out : 0 (0.00%)          │ count coverage : 2.18 bits/tuple    │
+├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤
+│  now trying : havoc                  │ favored items : 43 (20.67%)         │
+│ stage execs : 11.2k/131k (8.51%)     │  new edges on : 52 (25.00%)         │
+│ total execs : 179k                   │ total crashes : 0 (0 saved)         │
+│  exec speed : 3143/sec               │  total tmouts : 0 (0 saved)         │
+├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤
+│   bit flips : 11/648, 4/638, 5/618                 │    levels : 4         │
+│  byte flips : 0/81, 0/71, 0/52                     │   pending : 199       │
+│ arithmetics : 11/4494, 0/1153, 0/0                 │  pend fav : 35        │
+│  known ints : 1/448, 0/1986, 0/2288                │ own finds : 207       │
+│  dictionary : 0/0, 0/0, 0/0, 0/0                   │  imported : 0         │
+│havoc/splice : 142/146k, 23/7616                    │ stability : 100.00%   │
+│py/custom/rq : unused, unused, unused, unused       ├───────────────────────┘
+│    trim/eff : 57.02%/26, 0.00%                     │          [cpu000:100%]
+└────────────────────────────────────────────────────┘^C"
+
+ exit $FAILCOUNT
+-- 
+2.30.2
diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
index b401a6e3e5..08e41415df 100644
--- a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
@@ -14,6 +14,7 @@ Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
 Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa]
 CVE: CVE-2023-42363
 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
 ---
 editors/awk.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)
@@ -22,10 +23,10 @@ diff --git a/editors/awk.c b/editors/awk.c
 index 654cbac..4fbc11d 100644
 --- a/editors/awk.c
 +++ b/editors/awk.c
-@@ -2889,19 +2889,14 @@ static var *evaluate(node *op, var *res)
+@@ -2896,19 +2896,14 @@ static var *evaluate(node *op, var *res)
-                        if ((opinfo & OF_REQUIRED) && !op1)
+                                /* yes, remember where Fields[] is */
-                                syntax_error(EMSG_TOO_FEW_ARGS);
+                                old_Fields_ptr = Fields;
-                        L.v = evaluate(op1, TMPVAR0);
+                        }
 -                       if (opinfo & OF_STR1) {
 -                               L.s = getvar_s(L.v);
 -                               debug_printf_eval("L.s:'%s'\n", L.s);
@@ -45,7 +46,7 @@ index 654cbac..4fbc11d 100644
                 * R.v points to Fields[NNN2] but L.v now points to freed mem!
                 * (Seen trying to evaluate "$444 $44444")
                 */
-@@ -2914,6 +2909,16 @@ static var *evaluate(node *op, var *res)
+@@ -2928,6 +2923,16 @@ static var *evaluate(node *op, var *res)
                                debug_printf_eval("R.s:'%s'\n", R.s);
                        }
                }
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index 842562c4c4..1c7fe2f43e 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -52,6 +52,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
           file://CVE-2022-30065.patch \
           file://0001-devmem-add-128-bit-width.patch \
           file://CVE-2022-48174.patch \
+           file://CVE-2021-42380.patch \
           file://CVE-2023-42363.patch \
           "
 SRC_URI:append:libc-musl = " file://musl.cfg "

diff --git a/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch new file mode 100644 index 0000000000..f40fe582c5 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2021-42380.patch
@@ -0,0 +1,151 @@
		1	From 5dcc443dba039b305a510c01883e9f34e42656ae Mon Sep 17 00:00:00 2001
		2	From: Denys Vlasenko <vda.linux@googlemail.com>
		3	Date: Fri, 26 May 2023 19:36:58 +0200
		4	Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601
		5
		6	Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
		7
		8	CVE: CVE-2021-42380
		9	Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=5dcc443dba039b305a510c01883e9f34e42656ae]
		10	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		11	---
		12	editors/awk.c \| 26 ++++++++++++++++-----
		13	testsuite/awk.tests \| 55 +++++++++++++++++++++++++++++++++++++++++++++
		14	2 files changed, 75 insertions(+), 6 deletions(-)
		15
		16	diff --git a/editors/awk.c b/editors/awk.c
		17	index 728ee8685..2af823808 100644
		18	--- a/editors/awk.c
		19	+++ b/editors/awk.c
		20	@@ -555,7 +555,7 @@ struct globals {
		21	const char *g_progname;
		22	int g_lineno;
		23	int nfields;
		24	- int maxfields; /* used in fsrealloc() only */
		25	+ unsigned maxfields;
		26	var *Fields;
		27	char *g_pos;
		28	char g_saved_ch;
		29	@@ -1917,9 +1917,9 @@ static void fsrealloc(int size)
		30	{
		31	int i, newsize;
		32
		33	- if (size >= maxfields) {
		34	- /* Sanity cap, easier than catering for overflows */
		35	- if (size > 0xffffff)
		36	+ if ((unsigned)size >= maxfields) {
		37	+ /* Sanity cap, easier than catering for over/underflows */
		38	+ if ((unsigned)size > 0xffffff)
		39	bb_die_memory_exhausted();
		40
		41	i = maxfields;
		42	@@ -2877,6 +2877,7 @@ static var evaluate(node op, var *res)
		43	uint32_t opinfo;
		44	int opn;
		45	node *op1;
		46	+ var *old_Fields_ptr;
		47
		48	opinfo = op->info;
		49	opn = (opinfo & OPNMASK);
		50	@@ -2885,10 +2886,16 @@ static var evaluate(node op, var *res)
		51	debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn);
		52
		53	/* execute inevitable things */
		54	+ old_Fields_ptr = NULL;
		55	if (opinfo & OF_RES1) {
		56	if ((opinfo & OF_REQUIRED) && !op1)
		57	syntax_error(EMSG_TOO_FEW_ARGS);
		58	L.v = evaluate(op1, TMPVAR0);
		59	+ /* Does L.v point to $n variable? */
		60	+ if ((size_t)(L.v - Fields) < maxfields) {
		61	+ /* yes, remember where Fields[] is */
		62	+ old_Fields_ptr = Fields;
		63	+ }
		64	if (opinfo & OF_STR1) {
		65	L.s = getvar_s(L.v);
		66	debug_printf_eval("L.s:'%s'\n", L.s);
		67	@@ -2907,8 +2914,15 @@ static var evaluate(node op, var *res)
		68	*/
		69	if (opinfo & OF_RES2) {
		70	R.v = evaluate(op->r.n, TMPVAR1);
		71	- //TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
		72	- //L.v = NULL;
		73	+ /* Seen in $5=$$5=$0:
		74	+ * Evaluation of R.v ($$5=$0 expression)
		75	+ * made L.v ($5) invalid. It's detected here.
		76	+ */
		77	+ if (old_Fields_ptr) {
		78	+ //if (old_Fields_ptr != Fields)
		79	+ // debug_printf_eval("L.v moved\n");
		80	+ L.v += Fields - old_Fields_ptr;
		81	+ }
		82	if (opinfo & OF_STR2) {
		83	R.s = getvar_s(R.v);
		84	debug_printf_eval("R.s:'%s'\n", R.s);
		85	diff --git a/testsuite/awk.tests b/testsuite/awk.tests
		86	index bcaafe8..08afdb2 100755
		87	--- a/testsuite/awk.tests
		88	+++ b/testsuite/awk.tests
		89	@@ -469,4 +469,59 @@ testing 'awk printf %% prints one %' \
		90	"%\n" \
		91	'' ''
		92
		93	+# User-supplied bug (SEGV) example, was causing use-after-realloc
		94	+testing 'awk assign while assign' \
		95	+ "awk '\$5=\$\$5=\$0'; echo \$?" \
		96	+ "\
		97	+─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐
		98	+│ run time : │ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
		99	+│ last new find │ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
		100	+│last saved crash : │last saved crash : none seen yet │saved crashes : 0 │ seen yet │saved crashes : 0 │
		101	+│ last saved hang │ last saved hang : none seen yet │ saved hangs : 0 │ none seen yet │ saved hangs : 0 │
		102	+├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤
		103	+│ now processing : │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ (88.5%) │ map density : 0.30% / 0.52% │ │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │
		104	+│ runs timed out │ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │
		105	+├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤
		106	+│ now trying : │ now trying : havoc │ favored items : 43 (20.67%) │ │ favored items : 43 (20.67%) │
		107	+│ stage execs : │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ 52 (25.00%) │
		108	+│ total execs : │ total execs : 179k │ total crashes : 0 (0 saved) │ │ total crashes : 0 (0 saved) │ │ total execs : 179k │ total crashes : 0 (0 saved) │
		109	+│ exec speed : │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ │ total tmouts : 0 (0 saved) │ │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │
		110	+├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤
		111	+│ bit flips : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ 4/638, 5/618 │ levels : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ │
		112	+│ byte flips : │ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ 0/71, 0/52 │ pending : 199 │
		113	+│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ 0/0 │ pend fav : 35 │
		114	+│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ known ints : │ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ 0/1986, 0/2288 │ own finds : 207 │
		115	+│ dictionary : 0/0, │ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ 0/0, 0/0 │ imported : 0 │
		116	+│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ stability : 100.00% │
		117	+│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ unused ├───────────────────────┘
		118	+│ trim/eff : 57.02%/26, │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] │ [cpu000:100%]
		119	+└────────────────────────────────────────────────────┘^C └────────────────────────────────────────────────────┘^C
		120	+0
		121	+" \
		122	+ "" \
		123	+ "\
		124	+─ process timing ────────────────────────────────────┬─ overall results ────┐
		125	+│ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
		126	+│ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
		127	+│last saved crash : none seen yet │saved crashes : 0 │
		128	+│ last saved hang : none seen yet │ saved hangs : 0 │
		129	+├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤
		130	+│ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │
		131	+│ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │
		132	+├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤
		133	+│ now trying : havoc │ favored items : 43 (20.67%) │
		134	+│ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │
		135	+│ total execs : 179k │ total crashes : 0 (0 saved) │
		136	+│ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │
		137	+├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤
		138	+│ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │
		139	+│ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │
		140	+│ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │
		141	+│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │
		142	+│ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │
		143	+│havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │
		144	+│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘
		145	+│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
		146	+└────────────────────────────────────────────────────┘^C"
		147	+
		148	exit $FAILCOUNT
		149	--
		150	2.30.2
		151


diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch index b401a6e3e5..08e41415df 100644 --- a/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch +++ b/meta/recipes-core/busybox/busybox/CVE-2023-42363.patch
@@ -14,6 +14,7 @@ Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
14	Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa]	14	Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa]
15	CVE: CVE-2023-42363	15	CVE: CVE-2023-42363
16	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>	16	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		17	Signed-off-by: Peter Marko <peter.marko@siemens.com>
17	---	18	---
18	editors/awk.c \| 21 +++++++++++++--------	19	editors/awk.c \| 21 +++++++++++++--------
19	1 file changed, 13 insertions(+), 8 deletions(-)	20	1 file changed, 13 insertions(+), 8 deletions(-)
@@ -22,10 +23,10 @@ diff --git a/editors/awk.c b/editors/awk.c
22	index 654cbac..4fbc11d 100644	23	index 654cbac..4fbc11d 100644
23	--- a/editors/awk.c	24	--- a/editors/awk.c
24	+++ b/editors/awk.c	25	+++ b/editors/awk.c
25	@@ -2889,19 +2889,14 @@ static var evaluate(node op, var *res)	26	@@ -2896,19 +2896,14 @@ static var evaluate(node op, var *res)
26	if ((opinfo & OF_REQUIRED) && !op1)	27	/* yes, remember where Fields[] is */
27	syntax_error(EMSG_TOO_FEW_ARGS);	28	old_Fields_ptr = Fields;
28	L.v = evaluate(op1, TMPVAR0);	29	}
29	- if (opinfo & OF_STR1) {	30	- if (opinfo & OF_STR1) {
30	- L.s = getvar_s(L.v);	31	- L.s = getvar_s(L.v);
31	- debug_printf_eval("L.s:'%s'\n", L.s);	32	- debug_printf_eval("L.s:'%s'\n", L.s);
@@ -45,7 +46,7 @@ index 654cbac..4fbc11d 100644
45	* R.v points to Fields[NNN2] but L.v now points to freed mem!	46	* R.v points to Fields[NNN2] but L.v now points to freed mem!
46	* (Seen trying to evaluate "$444 $44444")	47	* (Seen trying to evaluate "$444 $44444")
47	*/	48	*/
48	@@ -2914,6 +2909,16 @@ static var evaluate(node op, var *res)	49	@@ -2928,6 +2923,16 @@ static var evaluate(node op, var *res)
49	debug_printf_eval("R.s:'%s'\n", R.s);	50	debug_printf_eval("R.s:'%s'\n", R.s);
50	}	51	}
51	}	52	}


diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb index 842562c4c4..1c7fe2f43e 100644 --- a/meta/recipes-core/busybox/busybox_1.35.0.bb +++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -52,6 +52,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
52	file://CVE-2022-30065.patch \	52	file://CVE-2022-30065.patch \
53	file://0001-devmem-add-128-bit-width.patch \	53	file://0001-devmem-add-128-bit-width.patch \
54	file://CVE-2022-48174.patch \	54	file://CVE-2022-48174.patch \
		55	file://CVE-2021-42380.patch \
55	file://CVE-2023-42363.patch \	56	file://CVE-2023-42363.patch \
56	"	57	"
57	SRC_URI:append:libc-musl = " file://musl.cfg "	58	SRC_URI:append:libc-musl = " file://musl.cfg "