summaryrefslogtreecommitdiffstats
path: root/poky/meta/recipes-core/busybox
diff options
context:
space:
mode:
authorBrad Bishop <bradleyb@fuzziesquirrel.com>2018-12-16 17:11:34 -0800
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2019-01-08 18:21:44 -0500
commit1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch)
tree79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-core/busybox
parent5b9ede0403237c7dace972affa65cf64a1aadd0e (diff)
downloadtalos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.gz
talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.zip
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD: poky: 87e3a9739d meta-openembedded: 6094ae18c8 meta-security: 31dc4e7532 meta-raspberrypi: a48743dc36 meta-xilinx: c42016e2e6 Also re-apply backports that didn't make it into thud: poky: 17726d0 systemd-systemctl-native: handle Install wildcards meta-openembedded: 4321a5d libtinyxml2: update to 7.0.1 042f0a3 libcereal: Add native and nativesdk classes e23284f libcereal: Allow empty package 030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG 179a1b9 gtest: update to 1.8.1 Squashed OpenBMC subtree compatibility updates: meta-aspeed: Brad Bishop (1): aspeed: add yocto 2.6 compatibility meta-ibm: Brad Bishop (1): ibm: prepare for yocto 2.6 meta-ingrasys: Brad Bishop (1): ingrasys: set layer compatibility to yocto 2.6 meta-openpower: Brad Bishop (1): openpower: set layer compatibility to yocto 2.6 meta-phosphor: Brad Bishop (3): phosphor: set layer compatibility to thud phosphor: libgpg-error: drop patches phosphor: react to fitimage artifact rename Ed Tanous (4): Dropbear: upgrade options for latest upgrade yocto2.6: update openssl options busybox: remove upstream watchdog patch systemd: Rebase CONFIG_CGROUP_BPF patch Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7 Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-core/busybox')
-rw-r--r--poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb (renamed from poky/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb)0
-rw-r--r--poky/meta/recipes-core/busybox/busybox.inc128
-rwxr-xr-xpoky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch481
-rw-r--r--poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch95
-rw-r--r--poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch30
-rw-r--r--poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch43
-rw-r--r--poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch106
-rw-r--r--poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch48
-rw-r--r--poky/meta/recipes-core/busybox/busybox/defconfig48
-rw-r--r--poky/meta/recipes-core/busybox/busybox/init.cfg2
-rw-r--r--poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch40
-rw-r--r--poky/meta/recipes-core/busybox/busybox_1.29.2.bb (renamed from poky/meta/recipes-core/busybox/busybox_1.27.2.bb)11
-rw-r--r--poky/meta/recipes-core/busybox/files/runlevel11
13 files changed, 135 insertions, 908 deletions
diff --git a/poky/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
index a83620e85..a83620e85 100644
--- a/poky/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb
+++ b/poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc
index f1b09d95c..09433dd82 100644
--- a/poky/meta/recipes-core/busybox/busybox.inc
+++ b/poky/meta/recipes-core/busybox/busybox.inc
@@ -3,7 +3,7 @@ DESCRIPTION = "BusyBox combines tiny versions of many common UNIX utilities into
HOMEPAGE = "http://www.busybox.net"
BUGTRACKER = "https://bugs.busybox.net/"
-DEPENDS += "kern-tools-native"
+DEPENDS += "kern-tools-native virtual/crypt"
# bzip2 applet in busybox is based on lightly-modified bzip2 source
# the GPL is version 2 only
@@ -41,12 +41,13 @@ INITSCRIPT_NAME_${PN}-udhcpd = "busybox-udhcpd"
SYSTEMD_PACKAGES = "${PN}-syslog"
SYSTEMD_SERVICE_${PN}-syslog = "${@bb.utils.contains('SRC_URI', 'file://syslog.cfg', 'busybox-syslog.service', '', d)}"
+RDEPENDS_${PN}-syslog = "busybox"
CONFFILES_${PN}-syslog = "${sysconfdir}/syslog-startup.conf"
RCONFLICTS_${PN}-syslog = "rsyslog sysklogd syslog-ng"
CONFFILES_${PN}-mdev = "${sysconfdir}/mdev.conf"
-RRECOMMENDS_${PN} = "${PN}-syslog ${PN}-udhcpc"
+RRECOMMENDS_${PN} = "${PN}-udhcpc"
RDEPENDS_${PN} = "${@["", "busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]}"
@@ -116,13 +117,13 @@ do_prepare_config () {
${S}/.config
sed -i -e '${configmangle}' ${S}/.config
if test ${DO_IPv4} -eq 0 && test ${DO_IPv6} -eq 0; then
- # disable networking applets
- mv ${S}/.config ${S}/.config.oe-tmp
- awk 'BEGIN{net=0}
- /^# Networking Utilities/{net=1}
- /^#$/{if(net){net=net+1}}
- {if(net==2&&$0 !~ /^#/&&$1){print("# "$1" is not set")}else{print}}' \
- ${S}/.config.oe-tmp > ${S}/.config
+ # disable networking applets
+ mv ${S}/.config ${S}/.config.oe-tmp
+ awk 'BEGIN{net=0}
+ /^# Networking Utilities/{net=1}
+ /^#$/{if(net){net=net+1}}
+ {if(net==2&&$0 !~ /^#/&&$1){print("# "$1" is not set")}else{print}}' \
+ ${S}/.config.oe-tmp > ${S}/.config
fi
sed -i 's/CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"/CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -b"/' ${S}/.config
sed -i 's|${DEBUG_PREFIX_MAP}||g' ${S}/.config
@@ -150,7 +151,7 @@ do_compile() {
export KCONFIG_NOTIMESTAMP=1
fi
if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
- # split the .config into two parts, and make two busybox binaries
+ # split the .config into two parts, and make two busybox binaries
if [ -e .config.orig ]; then
# Need to guard again an interrupted do_compile - restore any backup
cp .config.orig .config
@@ -209,6 +210,10 @@ do_install () {
sed -i "s:^/usr/bin/:BINDIR/:" busybox.links*
sed -i "s:^/usr/sbin/:SBINDIR/:" busybox.links*
+ # Move arch/link to BINDIR to match coreutils
+ sed -i "s:^BASE_BINDIR/arch:BINDIR/arch:" busybox.links*
+ sed -i "s:^BASE_BINDIR/link:BINDIR/link:" busybox.links*
+
sed -i "s:^BASE_BINDIR/:${base_bindir}/:" busybox.links*
sed -i "s:^BASE_SBINDIR/:${base_sbindir}/:" busybox.links*
sed -i "s:^BINDIR/:${bindir}/:" busybox.links*
@@ -250,8 +255,7 @@ do_install () {
ln -sf busybox ${D}${base_bindir}/busybox.nosuid
fi
else
- install -d ${D}${base_bindir} ${D}${base_sbindir}
- install -d ${D}${libdir} ${D}${bindir} ${D}${sbindir}
+ install -d ${D}${base_bindir} ${D}${bindir} ${D}${libdir}
cat busybox.links | while read FILE; do
NAME=`basename "$FILE"`
install -m 0755 "0_lib/$NAME" "${D}$FILE.${BPN}"
@@ -275,77 +279,76 @@ do_install () {
install -m 644 ${WORKDIR}/syslog-startup.conf ${D}${sysconfdir}/syslog-startup.conf
install -m 644 ${WORKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf
fi
- if grep "CONFIG_CROND=y" ${B}/.config; then
+ if grep -q "CONFIG_CROND=y" ${B}/.config; then
install -m 0755 ${WORKDIR}/busybox-cron ${D}${sysconfdir}/init.d/
fi
- if grep "CONFIG_HTTPD=y" ${B}/.config; then
+ if grep -q "CONFIG_HTTPD=y" ${B}/.config; then
install -m 0755 ${WORKDIR}/busybox-httpd ${D}${sysconfdir}/init.d/
install -d ${D}/srv/www
fi
- if grep "CONFIG_UDHCPD=y" ${B}/.config; then
+ if grep -q "CONFIG_UDHCPD=y" ${B}/.config; then
install -m 0755 ${WORKDIR}/busybox-udhcpd ${D}${sysconfdir}/init.d/
fi
- if grep "CONFIG_HWCLOCK=y" ${B}/.config; then
+ if grep -q "CONFIG_HWCLOCK=y" ${B}/.config; then
install -m 0755 ${WORKDIR}/hwclock.sh ${D}${sysconfdir}/init.d/
fi
- if grep "CONFIG_UDHCPC=y" ${B}/.config; then
+ if grep -q "CONFIG_UDHCPC=y" ${B}/.config; then
install -d ${D}${sysconfdir}/udhcpc.d
install -d ${D}${datadir}/udhcpc
install -m 0755 ${WORKDIR}/simple.script ${D}${sysconfdir}/udhcpc.d/50default
sed -i "s:/SBIN_DIR/:${base_sbindir}/:" ${D}${sysconfdir}/udhcpc.d/50default
install -m 0755 ${WORKDIR}/default.script ${D}${datadir}/udhcpc/default.script
fi
- if grep "CONFIG_INETD=y" ${B}/.config; then
+ if grep -q "CONFIG_INETD=y" ${B}/.config; then
install -m 0755 ${WORKDIR}/inetd ${D}${sysconfdir}/init.d/inetd.${BPN}
sed -i "s:/usr/sbin/:${sbindir}/:" ${D}${sysconfdir}/init.d/inetd.${BPN}
install -m 0644 ${WORKDIR}/inetd.conf ${D}${sysconfdir}/
fi
- if grep "CONFIG_MDEV=y" ${B}/.config; then
- install -m 0755 ${WORKDIR}/mdev ${D}${sysconfdir}/init.d/mdev
- if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then
- install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf
- install -d ${D}${sysconfdir}/mdev
- install -m 0755 ${WORKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev
- install -m 0755 ${WORKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev
- fi
+ if grep -q "CONFIG_MDEV=y" ${B}/.config; then
+ install -m 0755 ${WORKDIR}/mdev ${D}${sysconfdir}/init.d/mdev
+ if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then
+ install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf
+ install -d ${D}${sysconfdir}/mdev
+ install -m 0755 ${WORKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev
+ install -m 0755 ${WORKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev
+ fi
+ fi
+ if grep -q "CONFIG_INIT=y" ${B}/.config; then
+ install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS
+ install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ if grep -q "CONFIG_KLOGD=y" ${B}/.config; then
+ install -d ${D}${systemd_unitdir}/system
+ sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \
+ > ${D}${systemd_unitdir}/system/busybox-klogd.service
+ fi
+
+ if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
+ install -d ${D}${systemd_unitdir}/system
+ sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \
+ > ${D}${systemd_unitdir}/system/busybox-syslog.service
+ if [ ! -e ${D}${systemd_unitdir}/system/busybox-klogd.service ] ; then
+ sed -i '/klog/d' ${D}${systemd_unitdir}/system/busybox-syslog.service
+ fi
+ if [ -f ${WORKDIR}/busybox-syslog.default ] ; then
+ install -d ${D}${sysconfdir}/default
+ install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog
+ fi
+ fi
+ fi
+
+ # Remove the sysvinit specific configuration file for systemd systems to avoid confusion
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'false', 'true', d)}; then
+ rm -f ${D}${sysconfdir}/syslog-startup.conf
fi
- if grep "CONFIG_INIT=y" ${B}/.config; then
- install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS
- install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK
- install -D -m 0755 ${WORKDIR}/runlevel ${D}${base_sbindir}/runlevel
- fi
-
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- if grep -q "CONFIG_KLOGD=y" ${B}/.config; then
- install -d ${D}${systemd_unitdir}/system
- sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \
- > ${D}${systemd_unitdir}/system/busybox-klogd.service
- fi
-
- if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
- install -d ${D}${systemd_unitdir}/system
- sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \
- > ${D}${systemd_unitdir}/system/busybox-syslog.service
- if [ ! -e ${D}${systemd_unitdir}/system/busybox-klogd.service ] ; then
- sed -i '/klog/d' ${D}${systemd_unitdir}/system/busybox-syslog.service
- fi
- if [ -f ${WORKDIR}/busybox-syslog.default ] ; then
- install -d ${D}${sysconfdir}/default
- install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog
- fi
- fi
- fi
-
- # Remove the sysvinit specific configuration file for systemd systems to avoid confusion
- if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'false', 'true', d)}; then
- rm -f ${D}${sysconfdir}/syslog-startup.conf
- fi
}
do_install_ptest () {
- cp -r ${B}/testsuite ${D}${PTEST_PATH}/
- cp ${B}/.config ${D}${PTEST_PATH}/
- ln -s /bin/busybox ${D}${PTEST_PATH}/busybox
+ cp -r ${B}/testsuite ${D}${PTEST_PATH}/
+ cp ${B}/.config ${D}${PTEST_PATH}/
+ ln -s /bin/busybox ${D}${PTEST_PATH}/busybox
}
inherit update-alternatives
@@ -368,7 +371,10 @@ python do_package_prepend () {
# Match coreutils
if alt_name == '[':
alt_name = 'lbracket'
- d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
+ if alt_name == 'klogd' or alt_name == 'syslogd':
+ d.appendVar('ALTERNATIVE_%s-syslog' % (pn), ' ' + alt_name)
+ else:
+ d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
if os.path.exists('%s%s' % (dvar, target)):
d.setVarFlag('ALTERNATIVE_TARGET', alt_name, target)
diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
deleted file mode 100755
index 0926107be..000000000
--- a/poky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-busybox-1.27.2: Fix CVE-2011-5325
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
-
-libarchive: do not extract unsafe symlinks
-
-Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
-is not set. Untarring file with -C DESTDIR parameter could be extracted with
-unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
-Include necessary changes from previous commits.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
-CVE: CVE-2011-5325
-bug: 8411
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
-index 942e755..e1a8a75 100644
---- a/archival/libarchive/Kbuild.src
-+++ b/archival/libarchive/Kbuild.src
-@@ -12,6 +12,8 @@ COMMON_FILES:= \
- data_extract_all.o \
- data_extract_to_stdout.o \
- \
-+ unsafe_symlink_target.o \
-+\
- filter_accept_all.o \
- filter_accept_list.o \
- filter_accept_reject_list.o \
-diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
-index 1830ffb..b828b65 100644
---- a/archival/libarchive/data_extract_all.c
-+++ b/archival/libarchive/data_extract_all.c
-@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- res = link(hard_link, dst_name);
- if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
- /* shared message */
-- bb_perror_msg("can't create %slink "
-- "%s to %s", "hard",
-- dst_name,
-- hard_link);
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "hard", dst_name, hard_link
-+ );
- }
- /* Hardlinks have no separate mode/ownership, skip chown/chmod */
- goto ret;
-@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
- case S_IFLNK:
- /* Symlink */
- //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
-- res = symlink(file_header->link_target, dst_name);
-- if (res != 0
-- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-- ) {
-- /* shared message */
-- bb_perror_msg("can't create %slink "
-- "%s to %s", "sym",
-- dst_name,
-- file_header->link_target);
-+ if (!unsafe_symlink_target(file_header->link_target)) {
-+ res = symlink(file_header->link_target, dst_name);
-+ if (res != 0
-+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
-+ ) {
-+ /* shared message */
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "sym",
-+ dst_name, file_header->link_target
-+ );
-+ }
- }
- break;
- case S_IFSOCK:
-diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
-new file mode 100644
-index 0000000..ee46e28
---- /dev/null
-+++ b/archival/libarchive/unsafe_symlink_target.c
-@@ -0,0 +1,48 @@
-+/* vi: set sw=4 ts=4: */
-+/*
-+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
-+ */
-+#include "libbb.h"
-+#include "bb_archive.h"
-+
-+int FAST_FUNC unsafe_symlink_target(const char *target)
-+{
-+ const char *dot;
-+
-+ if (target[0] == '/') {
-+ const char *var;
-+unsafe:
-+ var = getenv("EXTRACT_UNSAFE_SYMLINKS");
-+ if (var) {
-+ if (LONE_CHAR(var, '1'))
-+ return 0; /* pretend it's safe */
-+ return 1; /* "UNSAFE!" */
-+ }
-+ bb_error_msg("skipping unsafe symlink to '%s' in archive,"
-+ " set %s=1 to extract",
-+ target,
-+ "EXTRACT_UNSAFE_SYMLINKS"
-+ );
-+ /* Prevent further messages */
-+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
-+ return 1; /* "UNSAFE!" */
-+ }
-+
-+ dot = target;
-+ for (;;) {
-+ dot = strchr(dot, '.');
-+ if (!dot)
-+ return 0; /* safe target */
-+
-+ /* Is it a path component starting with ".."? */
-+ if ((dot[1] == '.')
-+ && (dot == target || dot[-1] == '/')
-+ /* Is it exactly ".."? */
-+ && (dot[2] == '/' || dot[2] == '\0')
-+ ) {
-+ goto unsafe;
-+ }
-+ /* NB: it can even be trailing ".", should only add 1 */
-+ dot += 1;
-+ }
-+}
-\ No newline at end of file
-diff --git a/archival/unzip.c b/archival/unzip.c
-index 9037262..270e261 100644
---- a/archival/unzip.c
-+++ b/archival/unzip.c
-@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
- free(name);
- }
-
-+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
-+{
-+ char *target;
-+
-+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
-+ bb_error_msg_and_die("bad archive");
-+
-+ if (zip->fmt.method == 0) {
-+ /* Method 0 - stored (not compressed) */
-+ target = xzalloc(zip->fmt.ucmpsize + 1);
-+ xread(zip_fd, target, zip->fmt.ucmpsize);
-+ } else {
-+#if 1
-+ bb_error_msg_and_die("compressed symlink is not supported");
-+#else
-+ transformer_state_t xstate;
-+ init_transformer_state(&xstate);
-+ xstate.mem_output_size_max = zip->fmt.ucmpsize;
-+ /* ...unpack... */
-+ if (!xstate.mem_output_buf)
-+ WTF();
-+ target = xstate.mem_output_buf;
-+ target = xrealloc(target, xstate.mem_output_size + 1);
-+ target[xstate.mem_output_size] = '\0';
-+#endif
-+ }
-+ if (!unsafe_symlink_target(target)) {
-+//TODO: libbb candidate
-+ if (symlink(target, dst_fn)) {
-+ /* shared message */
-+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+ "sym", dst_fn, target
-+ );
-+ }
-+ }
-+ free(target);
-+}
-+
- static void unzip_extract(zip_header_t *zip, int dst_fd)
- {
- transformer_state_t xstate;
-@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
- }
- check_file:
- /* Extract file */
-- if (stat(dst_fn, &stat_buf) == -1) {
-+ if (lstat(dst_fn, &stat_buf) == -1) {
- /* File does not exist */
- if (errno != ENOENT) {
- bb_perror_msg_and_die("can't stat '%s'", dst_fn);
-@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
- goto do_open_and_extract;
- printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
- my_fgets80(key_buf);
-+//TODO: redo lstat + ISREG check! user input could have taken a long time!
-
- switch (key_buf[0]) {
- case 'A':
-@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
- do_open_and_extract:
- unzip_create_leading_dirs(dst_fn);
- #if ENABLE_FEATURE_UNZIP_CDF
-- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
-+ if (!S_ISLNK(file_mode))
-+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
- #else
- dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
- #endif
-@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
- ? " extracting: %s\n"
- : */ " inflating: %s\n", dst_fn);
- }
-- unzip_extract(&zip, dst_fd);
-- if (dst_fd != STDOUT_FILENO) {
-- /* closing STDOUT is potentially bad for future business */
-- close(dst_fd);
-+#if ENABLE_FEATURE_UNZIP_CDF
-+ if (S_ISLNK(file_mode)) {
-+ if (dst_fd != STDOUT_FILENO) /* no -p */
-+ unzip_extract_symlink(&zip, dst_fn);
-+ } else
-+#endif
-+ {
-+ unzip_extract(&zip, dst_fd);
-+ if (dst_fd != STDOUT_FILENO) {
-+ /* closing STDOUT is potentially bad for future business */
-+ close(dst_fd);
-+ };
- }
- break;
-
-diff --git a/coreutils/link.c b/coreutils/link.c
-index ac3ef85..aab249d 100644
---- a/coreutils/link.c
-+++ b/coreutils/link.c
-@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
- argv += optind;
- if (link(argv[0], argv[1]) != 0) {
- /* shared message */
-- bb_perror_msg_and_die("can't create %slink "
-- "%s to %s", "hard",
-- argv[1], argv[0]
-+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
-+ "hard", argv[1], argv[0]
- );
- }
- return EXIT_SUCCESS;
-diff --git a/include/bb_archive.h b/include/bb_archive.h
-index 2b9c5f0..1e4da3c 100644
---- a/include/bb_archive.h
-+++ b/include/bb_archive.h
-@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
- void seek_by_read(int fd, off_t amount) FAST_FUNC;
-
- const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
-+int unsafe_symlink_target(const char *target) FAST_FUNC;
-
- void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
- const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
-diff --git a/libbb/copy_file.c b/libbb/copy_file.c
-index 23c0f83..be90066 100644
---- a/libbb/copy_file.c
-+++ b/libbb/copy_file.c
-@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
- int r = symlink(lpath, dest);
- free(lpath);
- if (r < 0) {
-- bb_perror_msg("can't create symlink '%s'", dest);
-+ /* shared message */
-+ bb_perror_msg("can't create %slink '%s' to '%s'",
-+ "sym", dest, lpath
-+ );
- return -1;
- }
- if (flags & FILEUTILS_PRESERVE_STATUS)
-diff --git a/testsuite/tar.tests b/testsuite/tar.tests
-index 9f7ce15..b7cd74c 100755
---- a/testsuite/tar.tests
-+++ b/testsuite/tar.tests
-@@ -10,9 +10,6 @@ unset LC_COLLATE
- unset LC_ALL
- umask 022
-
--rm -rf tar.tempdir 2>/dev/null
--mkdir tar.tempdir && cd tar.tempdir || exit 1
--
- # testing "test name" "script" "expected result" "file input" "stdin"
-
- testing "Empty file is not a tarball" '\
-@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
- "" ""
- SKIP=
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
- # GNU tar 1.26 records as hardlinks:
- # input_hard2 -> input_hard1
-@@ -64,7 +62,6 @@ SKIP=
- # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks and repeated files" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- ln input_hard1 input_hard2
- mkdir input_dir
-@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar hardlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_hard1
- chmod 741 input_hard1
- ln input_hard1 input_hard2
-@@ -128,10 +126,11 @@ Ok: 0
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
- testing "tar symlinks mode" '\
--rm -rf input_* test.tar 2>/dev/null
- >input_file
- chmod 741 input_file
- ln -s input_file input_soft
-@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
- testing "tar --overwrite" "\
--rm -rf input_* test.tar 2>/dev/null
- ln input input_hard
- tar cf test.tar input_hard
- echo WRONG >input
-@@ -174,12 +174,13 @@ Ok
- " \
- "Ok\n" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- test x"$SKIP_KNOWN_BUGS" = x"" && {
- # Needs to be run under non-root for meaningful test
- optional FEATURE_TAR_CREATE
- testing "tar writing into read-only dir" '\
--rm -rf input_* test.tar 2>/dev/null
- mkdir input_dir
- >input_dir/input_file
- chmod 550 input_dir
-@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
- "" ""
- SKIP=
- }
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Had a bug where on extract autodetect first "switched off" -z
- # and then failed to recognize .tgz extension
- optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
-@@ -217,7 +220,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
- # (the uuencoded hello_world.txz contains one empty file named "hello_world")
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
-@@ -236,7 +241,9 @@ AAAEWVo=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # On extract, everything up to and including last ".." component is stripped
- optional FEATURE_TAR_CREATE
- testing "tar strips /../ on extract" "\
-@@ -255,7 +262,9 @@ Ok
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # attack.tar.bz2 has symlink pointing to a system file
- # followed by a regular file with the same name
- # containing "root::0:0::/root:/bin/sh":
-@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-+
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- # And same with -k
- optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
- testing "tar -k does not extract into symlinks" "\
- >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
- " "\
--tar: can't open 'passwd': File exists
-+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- 0
- " \
- "" "\
-@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
- ====
- "
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
- optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
- testing "Pax-encoded UTF8 names and symlinks" '\
- tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
-@@ -309,17 +324,45 @@ rm -rf etc usr
- ' "\
- etc/ssl/certs/3b2716e5.0
- etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
-+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
- etc/ssl/certs/f80cc7f6.0
- usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- 0
- etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
--etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
- etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
- " \
- "" ""
- SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
--
--cd .. && rm -rf tar.tempdir || exit 1
-+mkdir tar.tempdir && cd tar.tempdir || exit 1
-+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
-+testing "Symlink attack: create symlink and then write through it" '\
-+exec 2>&1
-+uudecode -o input && tar xvf input; echo $?
-+ls /tmp/bb_test_evilfile
-+ls bb_test_evilfile
-+ls symlink/bb_test_evilfile
-+' "\
-+anything.txt
-+symlink
-+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
-+symlink/bb_test_evilfile
-+0
-+ls: /tmp/bb_test_evilfile: No such file or directory
-+ls: bb_test_evilfile: No such file or directory
-+symlink/bb_test_evilfile
-+" \
-+"" "\
-+begin-base64 644 tar_symlink_attack.tar.bz2
-+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
-+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
-+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
-+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
-+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
-+====
-+"
-+SKIP=
-+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
-
- exit $FAILCOUNT
diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
deleted file mode 100644
index 5a027c9bc..000000000
--- a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-busybox-1.27.2: Fix CVE-2017-15873
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
-
-bunzip2: fix runCnt overflow
-
-The get_next_block function in archival/libarchive/decompress_bunzip2.c
-in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
-access violation.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
-CVE: CVE-2017-15873
-bug: 10431
-Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
-
-diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
-index 7cd18f5..bec89ed 100644
---- a/archival/libarchive/decompress_bunzip2.c
-+++ b/archival/libarchive/decompress_bunzip2.c
-@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
- static int get_next_block(bunzip_data *bd)
- {
- struct group_data *hufGroup;
-- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
-- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
-- int runCnt = runCnt; /* for compiler */
-+ int groupCount, *base, *limit, selector,
-+ i, j, symCount, symTotal, nSelectors, byteCount[256];
- uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
- uint32_t *dbuf;
- unsigned origPtr, t;
-+ unsigned dbufCount, runPos;
-+ unsigned runCnt = runCnt; /* for compiler */
-
- dbuf = bd->dbuf;
-- dbufSize = bd->dbufSize;
- selectors = bd->selectors;
-
- /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
-@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
- it didn't actually work. */
- if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
- origPtr = get_bits(bd, 24);
-- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
-+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
-
- /* mapping table: if some byte values are never used (encoding things
- like ascii text), the compression code removes the gaps to have fewer
-@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
- symbols, but a run of length 0 doesn't mean anything in this
- context). Thus space is saved. */
- runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
-- if (runPos < dbufSize) runPos <<= 1;
-+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
-+//This would be the fix (catches too large count way before it can overflow):
-+// if (runCnt > bd->dbufSize) {
-+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
-+// runCnt, bd->dbufSize);
-+// return RETVAL_DATA_ERROR;
-+// }
-+ if (runPos < bd->dbufSize) runPos <<= 1;
- goto end_of_huffman_loop;
- }
-
-@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
- literal used is the one at the head of the mtfSymbol array.) */
- if (runPos != 0) {
- uint8_t tmp_byte;
-- if (dbufCount + runCnt > dbufSize) {
-- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
-- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
-+ if (dbufCount + runCnt > bd->dbufSize) {
-+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
-+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
- return RETVAL_DATA_ERROR;
- }
- tmp_byte = symToByte[mtfSymbol[0]];
- byteCount[tmp_byte] += runCnt;
-- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
-+ while ((int)--runCnt >= 0)
-+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
- runPos = 0;
- }
-
-@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
- first symbol in the mtf array, position 0, would have been handled
- as part of a run above. Therefore 1 unused mtf position minus
- 2 non-literal nextSym values equals -1.) */
-- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
-+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
- i = nextSym - 1;
- uc = mtfSymbol[i];
-
---
-cgit v0.12
diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch
deleted file mode 100644
index 67b4ed7e1..000000000
--- a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From e75c01bb3249df16201b482b79bb24bec3b58188 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Fri, 27 Oct 2017 15:37:03 +0200
-Subject: [PATCH] unlzma: fix SEGV, closes 10436
-
-Upstream-Status: Backport [ https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b]
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Sinan Kaya <okaya@kernel.org>
----
- archival/libarchive/decompress_unlzma.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
-index 29eee2a..41e492f 100644
---- a/archival/libarchive/decompress_unlzma.c
-+++ b/archival/libarchive/decompress_unlzma.c
-@@ -353,6 +353,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
- pos = buffer_pos - rep0;
- if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* bug 10436 has an example file where this triggers: */
-+ if ((int32_t)pos < 0)
-+ goto bad;
-+
- /* see unzip_bad_lzma_2.zip: */
- if (pos >= buffer_size)
- goto bad;
---
-2.19.0
-
diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
deleted file mode 100644
index fc19ee335..000000000
--- a/poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Tue, 7 Nov 2017 18:09:29 +0100
-Subject: lineedit: do not tab-complete any strings which have control
- characters
-
-function old new delta
-add_match 41 68 +27
-
-CVE: CVE-2017-16544
-Upstream-Status: Backport
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- libbb/lineedit.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/libbb/lineedit.c b/libbb/lineedit.c
-index c0e35bb..56e8140 100644
---- a/libbb/lineedit.c
-+++ b/libbb/lineedit.c
-@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
-
- static void add_match(char *matched)
- {
-+ unsigned char *p = (unsigned char*)matched;
-+ while (*p) {
-+ /* ESC attack fix: drop any string with control chars */
-+ if (*p < ' '
-+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
-+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
-+ ) {
-+ free(matched);
-+ return;
-+ }
-+ p++;
-+ }
- matches = xrealloc_vector(matches, 4, num_matches);
- matches[num_matches] = matched;
- num_matches++;
---
-cgit v0.12
diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
deleted file mode 100644
index da6dfa802..000000000
--- a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-busybox-1.27.2: Fix lzma segfaults
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
-
-libarchive: check buffer index in lzma_decompress
-
-With specific defconfig busybox fails to check zip fileheader magic
-(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
-for decompression which leads to segmentation fault. It prevents accessing into
-buffer, which is smaller than pos index. Patch includes multiple segmentation
-fault fixes.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
-bug: 10436 10871
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
-index a904087..29eee2a 100644
---- a/archival/libarchive/decompress_unlzma.c
-+++ b/archival/libarchive/decompress_unlzma.c
-@@ -11,6 +11,14 @@
- #include "libbb.h"
- #include "bb_archive.h"
-
-+
-+#if 0
-+# define dbg(...) bb_error_msg(__VA_ARGS__)
-+#else
-+# define dbg(...) ((void)0)
-+#endif
-+
-+
- #if ENABLE_FEATURE_LZMA_FAST
- # define speed_inline ALWAYS_INLINE
- # define size_inline
-@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
- rc_t *rc;
- int i;
- uint8_t *buffer;
-+ uint32_t buffer_size;
- uint8_t previous_byte = 0;
- size_t buffer_pos = 0, global_pos = 0;
- int len = 0;
-@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
- if (header.dict_size == 0)
- header.dict_size++;
-
-- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
-+ buffer_size = MIN(header.dst_size, header.dict_size);
-+ buffer = xmalloc(buffer_size);
-
- {
- int num_probs;
-@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
-
- pos = buffer_pos - rep0;
-- if ((int32_t)pos < 0)
-+ if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* see unzip_bad_lzma_2.zip: */
-+ if (pos >= buffer_size)
-+ goto bad;
-+ }
- previous_byte = buffer[pos];
- goto one_byte1;
- #else
-@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
- for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
- rep0 = (rep0 << 1) | rc_direct_bit(rc);
- rep0 <<= LZMA_NUM_ALIGN_BITS;
-+ if ((int32_t)rep0 < 0) {
-+ dbg("%d rep0:%d", __LINE__, rep0);
-+ goto bad;
-+ }
- prob3 = p + LZMA_ALIGN;
- }
- i2 = 1;
-@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- IF_NOT_FEATURE_LZMA_FAST(string:)
- do {
- uint32_t pos = buffer_pos - rep0;
-- if ((int32_t)pos < 0)
-+ if ((int32_t)pos < 0) {
- pos += header.dict_size;
-+ /* more stringent test (see unzip_bad_lzma_1.zip): */
-+ if (pos >= buffer_size)
-+ goto bad;
-+ }
- previous_byte = buffer[pos];
- IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
- buffer[buffer_pos++] = previous_byte;
-@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
- IF_DESKTOP(total_written += buffer_pos;)
- if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
- bad:
-+ /* One of our users, bbunpack(), expects _us_ to emit
-+ * the error message (since it's the best place to give
-+ * potentially more detailed information).
-+ * Do not fail silently.
-+ */
-+ bb_error_msg("corrupted data");
- total_written = -1; /* failure */
- }
- rc_free(rc);
-
diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
index 582a25893..76daaf1f0 100644
--- a/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
+++ b/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
@@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
networking/udhcp/dhcpc.c | 29 ++++++++++++++++------
1 file changed, 21 insertions(+), 8 deletions(-)
-Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+Index: busybox-1.29.1/networking/udhcp/dhcpc.c
===================================================================
---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c
-+++ busybox-1.27.2/networking/udhcp/dhcpc.c
-@@ -49,6 +49,8 @@ struct tpacket_auxdata {
+--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c
++++ busybox-1.29.1/networking/udhcp/dhcpc.c
+@@ -48,6 +48,8 @@
};
#endif
@@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
/* "struct client_config_t client_config" is in bb_common_bufsiz1 */
-@@ -104,8 +106,9 @@ enum {
+@@ -103,8 +105,9 @@
OPT_x = 1 << 18,
OPT_f = 1 << 19,
OPT_B = 1 << 20,
@@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
USE_FOR_MMU( OPTBIT_b,)
IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
IF_FEATURE_UDHCP_PORT( OPTBIT_P,)
-@@ -1110,7 +1113,8 @@ static void perform_renew(void)
+@@ -1116,7 +1119,8 @@
state = RENEW_REQUESTED;
break;
case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
@@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
case REQUESTING:
case RELEASED:
change_listen_mode(LISTEN_RAW);
-@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip)
+@@ -1152,7 +1156,8 @@
* Users requested to be notified in all cases, even if not in one
* of the states above.
*/
@@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
change_listen_mode(LISTEN_NONE);
state = RELEASED;
-@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
- /* O,x: list; -T,-t,-A take numeric param */
- IF_UDHCP_VERBOSE(opt_complementary = "vv";)
- IF_LONG_OPTS(applet_long_options = udhcpc_longopts;)
-- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
-+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
+@@ -1265,7 +1270,7 @@
+ /* Parse command line */
+ opt = getopt32long(argv, "^"
+ /* O,x: list; -T,-t,-A take numeric param */
+- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
USE_FOR_MMU("b")
IF_FEATURE_UDHCPC_ARPING("a::")
IF_FEATURE_UDHCP_PORT("P:")
-@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1376,6 +1381,10 @@
logmode |= LOGMODE_SYSLOG;
}
@@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
+
/* Make sure fd 0,1,2 are open */
bb_sanitize_stdio();
- /* Equivalent of doing a fflush after every \n */
-@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ /* Create pidfile */
+@@ -1388,7 +1397,8 @@
srand(monotonic_us());
state = INIT_SELECTING;
@@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
change_listen_mode(LISTEN_RAW);
packet_num = 0;
timeout = 0;
-@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1555,7 +1565,8 @@
}
/* Timed out, enter init state */
bb_error_msg("lease lost, entering init state");
@@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
state = INIT_SELECTING;
client_config.first_secs = 0; /* make secs field count from 0 */
/*timeout = 0; - already is */
-@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1748,8 +1759,10 @@
+ "(got ARP reply), declining");
send_decline(/*xid,*/ server_addr, packet.yiaddr);
- if (state != REQUESTING)
+- if (state != REQUESTING)
- udhcp_run_script(NULL, "deconfig");
++ if (state != REQUESTING) {
+ if (allow_deconfig)
+ udhcp_run_script(NULL, "deconfig");
++ }
change_listen_mode(LISTEN_RAW);
state = INIT_SELECTING;
client_config.first_secs = 0; /* make secs field count from 0 */
-@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+@@ -1818,8 +1831,10 @@
+ /* return to init state */
bb_error_msg("received %s", "DHCP NAK");
udhcp_run_script(&packet, "nak");
- if (state != REQUESTING)
+- if (state != REQUESTING)
- udhcp_run_script(NULL, "deconfig");
++ if (state != REQUESTING) {
+ if (allow_deconfig)
+ udhcp_run_script(NULL, "deconfig");
++ }
change_listen_mode(LISTEN_RAW);
sleep(3); /* avoid excessive network traffic */
state = INIT_SELECTING;
diff --git a/poky/meta/recipes-core/busybox/busybox/defconfig b/poky/meta/recipes-core/busybox/busybox/defconfig
index 59d93c707..32213c067 100644
--- a/poky/meta/recipes-core/busybox/busybox/defconfig
+++ b/poky/meta/recipes-core/busybox/busybox/defconfig
@@ -1,12 +1,12 @@
#
# Automatically generated make config: don't edit
-# Busybox version: 1.27.2
-# Wed Sep 27 08:56:13 2017
+# Busybox version: 1.29.1
+# Thu Jul 19 11:09:46 2018
#
CONFIG_HAVE_DOT_CONFIG=y
#
-# Busybox Settings
+# Settings
#
# CONFIG_DESKTOP is not set
# CONFIG_EXTRA_COMPAT is not set
@@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y
# CONFIG_EFENCE is not set
#
-# Busybox Library Tuning
+# Library Tuning
#
# CONFIG_FEATURE_USE_BSS_TAIL is not set
CONFIG_FEATURE_RTMINMAX=y
@@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
CONFIG_FEATURE_FAST_TOP=y
# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_ETC_SERVICES is not set
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
# CONFIG_FEATURE_EDITING_VI is not set
@@ -321,6 +322,7 @@ CONFIG_TRUE=y
CONFIG_TTY=y
CONFIG_UNAME=y
CONFIG_UNAME_OSNAME="GNU/Linux"
+# CONFIG_BB_ARCH is not set
CONFIG_UNIQ=y
CONFIG_UNLINK=y
CONFIG_USLEEP=y
@@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
CONFIG_WHICH=y
#
+# klibc-utils
+#
+# CONFIG_MINIPS is not set
+# CONFIG_NUKE is not set
+# CONFIG_RESUME is not set
+# CONFIG_RUN_INIT is not set
+
+#
# Editors
#
CONFIG_AWK=y
@@ -470,7 +480,7 @@ CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR=y
# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set
# CONFIG_HALT is not set
# CONFIG_POWEROFF is not set
-# CONFIG_REBOOT is not set
+CONFIG_REBOOT=y
# CONFIG_FEATURE_CALL_TELINIT is not set
# CONFIG_TELINIT_PATH is not set
# CONFIG_INIT is not set
@@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y
CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
# CONFIG_FEATURE_MTAB_SUPPORT is not set
# CONFIG_VOLUMEID is not set
+
+#
+# Filesystem/Volume identification
+#
# CONFIG_FEATURE_VOLUMEID_BCACHE is not set
# CONFIG_FEATURE_VOLUMEID_BTRFS is not set
# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
@@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
+# CONFIG_HEXEDIT is not set
# CONFIG_I2CGET is not set
# CONFIG_I2CSET is not set
# CONFIG_I2CDUMP is not set
@@ -807,6 +822,7 @@ CONFIG_MICROCOM=y
# CONFIG_RUNLEVEL is not set
# CONFIG_RX is not set
# CONFIG_SETSID is not set
+# CONFIG_SETFATTR is not set
CONFIG_STRINGS=y
CONFIG_TIME=y
# CONFIG_TIMEOUT is not set
@@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y
CONFIG_ROUTE=y
# CONFIG_SLATTACH is not set
# CONFIG_SSL_CLIENT is not set
+# CONFIG_TC is not set
+# CONFIG_FEATURE_TC_INGRESS is not set
# CONFIG_TCPSVD is not set
# CONFIG_UDPSVD is not set
CONFIG_TELNET=y
@@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y
# CONFIG_FEATURE_WGET_OPENSSL is not set
# CONFIG_WHOIS is not set
# CONFIG_ZCIP is not set
-# CONFIG_UDHCPC6 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
-# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
CONFIG_UDHCPD=y
-# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
+# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
CONFIG_DUMPLEASES=y
# CONFIG_DHCPRELAY is not set
@@ -963,6 +977,15 @@ CONFIG_UDHCPC=y
CONFIG_FEATURE_UDHCPC_ARPING=y
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
+# CONFIG_UDHCPC6 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
+# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
+
+#
+# Common options for DHCP applets
+#
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=0
# CONFIG_FEATURE_UDHCP_RFC3397 is not set
@@ -1045,6 +1068,7 @@ CONFIG_WATCH=y
# CONFIG_SV is not set
CONFIG_SV_DEFAULT_SERVICE_DIR=""
# CONFIG_SVC is not set
+# CONFIG_SVOK is not set
# CONFIG_SVLOGD is not set
# CONFIG_CHCON is not set
# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
@@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y
# System Logging Utilities
#
CONFIG_KLOGD=y
+
+#
+# klogd should not be used together with syslog to kernel printk buffer
+#
CONFIG_FEATURE_KLOGD_KLOGCTL=y
CONFIG_LOGGER=y
# CONFIG_LOGREAD is not set
diff --git a/poky/meta/recipes-core/busybox/busybox/init.cfg b/poky/meta/recipes-core/busybox/busybox/init.cfg
index 3c1fdd42b..e96700682 100644
--- a/poky/meta/recipes-core/busybox/busybox/init.cfg
+++ b/poky/meta/recipes-core/busybox/busybox/init.cfg
@@ -1,8 +1,8 @@
CONFIG_INIT=y
+CONFIG_RUNLEVEL=y
CONFIG_FEATURE_USE_INITTAB=y
CONFIG_HALT=y
CONFIG_POWEROFF=y
-CONFIG_REBOOT=y
CONFIG_FEATURE_KILL_DELAY=0
CONFIG_TELINIT_PATH=""
CONFIG_INIT_TERMINAL_TYPE=""
diff --git a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
deleted file mode 100644
index 9fe7998df..000000000
--- a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
-
-From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
-From: Shawn Landden <slandden@gmail.com>
-Date: Mon, 8 Jan 2018 13:31:58 +0100
-Subject: [PATCH] umount: ignore -c
-Organization: O.S. Systems Software LTDA.
-
-"-c, --no-canonicalize: Do not canonicalize paths."
-
-As busybox doesn't canonicalize paths in the first place it is safe to ignore
-this option.
-
-See https://github.com/systemd/systemd/issues/7786
-
-Signed-off-by: Shawn Landden <slandden@gmail.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- util-linux/umount.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util-linux/umount.c b/util-linux/umount.c
-index 0c50dc9ee..0425c5b76 100644
---- a/util-linux/umount.c
-+++ b/util-linux/umount.c
-@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
- }
- #endif
-
--/* ignored: -v -t -i */
--#define OPTION_STRING "fldnra" "vt:i"
-+/* ignored: -c -v -t -i */
-+#define OPTION_STRING "fldnra" "cvt:i"
- #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
- #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
- #define OPT_FREELOOP (1 << 2)
---
-2.18.0
-
diff --git a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox_1.29.2.bb
index bab29728e..df3ea5906 100644
--- a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb
+++ b/poky/meta/recipes-core/busybox/busybox_1.29.2.bb
@@ -40,16 +40,9 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://inittab \
file://rcS \
file://rcK \
- file://runlevel \
file://makefile-libbb-race.patch \
- file://CVE-2011-5325.patch \
- file://CVE-2017-15873.patch \
- file://busybox-CVE-2017-16544.patch \
- file://busybox-fix-lzma-segfaults.patch \
- file://umount-ignore-c.patch \
- file://CVE-2017-15874.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
-SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
-SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
+SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
+SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"
diff --git a/poky/meta/recipes-core/busybox/files/runlevel b/poky/meta/recipes-core/busybox/files/runlevel
deleted file mode 100644
index 866f3b594..000000000
--- a/poky/meta/recipes-core/busybox/files/runlevel
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-# busybox init does not have LSB ( sysvinit ) like initlevels
-# so lets fake it to 5 which is what we default anyway
-# this helps with opkg post installs where it tries to invoke
-# update-rc.d ad post install step.
-# for package upgrades
-# See code in update-rc.d around line 190 where it calls runlevel
-# program
-#
-echo "5"
-
OpenPOWER on IntegriCloud