diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-16 17:11:34 -0800 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-08 18:21:44 -0500 |
commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-core/busybox | |
parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
download | talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.gz talos-openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.zip |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-core/busybox')
13 files changed, 135 insertions, 908 deletions
diff --git a/poky/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb index a83620e85..a83620e85 100644 --- a/poky/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb +++ b/poky/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc index f1b09d95c..09433dd82 100644 --- a/poky/meta/recipes-core/busybox/busybox.inc +++ b/poky/meta/recipes-core/busybox/busybox.inc @@ -3,7 +3,7 @@ DESCRIPTION = "BusyBox combines tiny versions of many common UNIX utilities into HOMEPAGE = "http://www.busybox.net" BUGTRACKER = "https://bugs.busybox.net/" -DEPENDS += "kern-tools-native" +DEPENDS += "kern-tools-native virtual/crypt" # bzip2 applet in busybox is based on lightly-modified bzip2 source # the GPL is version 2 only @@ -41,12 +41,13 @@ INITSCRIPT_NAME_${PN}-udhcpd = "busybox-udhcpd" SYSTEMD_PACKAGES = "${PN}-syslog" SYSTEMD_SERVICE_${PN}-syslog = "${@bb.utils.contains('SRC_URI', 'file://syslog.cfg', 'busybox-syslog.service', '', d)}" +RDEPENDS_${PN}-syslog = "busybox" CONFFILES_${PN}-syslog = "${sysconfdir}/syslog-startup.conf" RCONFLICTS_${PN}-syslog = "rsyslog sysklogd syslog-ng" CONFFILES_${PN}-mdev = "${sysconfdir}/mdev.conf" -RRECOMMENDS_${PN} = "${PN}-syslog ${PN}-udhcpc" +RRECOMMENDS_${PN} = "${PN}-udhcpc" RDEPENDS_${PN} = "${@["", "busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]}" @@ -116,13 +117,13 @@ do_prepare_config () { ${S}/.config sed -i -e '${configmangle}' ${S}/.config if test ${DO_IPv4} -eq 0 && test ${DO_IPv6} -eq 0; then - # disable networking applets - mv ${S}/.config ${S}/.config.oe-tmp - awk 'BEGIN{net=0} - /^# Networking Utilities/{net=1} - /^#$/{if(net){net=net+1}} - {if(net==2&&$0 !~ /^#/&&$1){print("# "$1" is not set")}else{print}}' \ - ${S}/.config.oe-tmp > ${S}/.config + # disable networking applets + mv ${S}/.config ${S}/.config.oe-tmp + awk 'BEGIN{net=0} + /^# Networking Utilities/{net=1} + /^#$/{if(net){net=net+1}} + {if(net==2&&$0 !~ /^#/&&$1){print("# "$1" is not set")}else{print}}' \ + ${S}/.config.oe-tmp > ${S}/.config fi sed -i 's/CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"/CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -b"/' ${S}/.config sed -i 's|${DEBUG_PREFIX_MAP}||g' ${S}/.config @@ -150,7 +151,7 @@ do_compile() { export KCONFIG_NOTIMESTAMP=1 fi if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then - # split the .config into two parts, and make two busybox binaries + # split the .config into two parts, and make two busybox binaries if [ -e .config.orig ]; then # Need to guard again an interrupted do_compile - restore any backup cp .config.orig .config @@ -209,6 +210,10 @@ do_install () { sed -i "s:^/usr/bin/:BINDIR/:" busybox.links* sed -i "s:^/usr/sbin/:SBINDIR/:" busybox.links* + # Move arch/link to BINDIR to match coreutils + sed -i "s:^BASE_BINDIR/arch:BINDIR/arch:" busybox.links* + sed -i "s:^BASE_BINDIR/link:BINDIR/link:" busybox.links* + sed -i "s:^BASE_BINDIR/:${base_bindir}/:" busybox.links* sed -i "s:^BASE_SBINDIR/:${base_sbindir}/:" busybox.links* sed -i "s:^BINDIR/:${bindir}/:" busybox.links* @@ -250,8 +255,7 @@ do_install () { ln -sf busybox ${D}${base_bindir}/busybox.nosuid fi else - install -d ${D}${base_bindir} ${D}${base_sbindir} - install -d ${D}${libdir} ${D}${bindir} ${D}${sbindir} + install -d ${D}${base_bindir} ${D}${bindir} ${D}${libdir} cat busybox.links | while read FILE; do NAME=`basename "$FILE"` install -m 0755 "0_lib/$NAME" "${D}$FILE.${BPN}" @@ -275,77 +279,76 @@ do_install () { install -m 644 ${WORKDIR}/syslog-startup.conf ${D}${sysconfdir}/syslog-startup.conf install -m 644 ${WORKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf fi - if grep "CONFIG_CROND=y" ${B}/.config; then + if grep -q "CONFIG_CROND=y" ${B}/.config; then install -m 0755 ${WORKDIR}/busybox-cron ${D}${sysconfdir}/init.d/ fi - if grep "CONFIG_HTTPD=y" ${B}/.config; then + if grep -q "CONFIG_HTTPD=y" ${B}/.config; then install -m 0755 ${WORKDIR}/busybox-httpd ${D}${sysconfdir}/init.d/ install -d ${D}/srv/www fi - if grep "CONFIG_UDHCPD=y" ${B}/.config; then + if grep -q "CONFIG_UDHCPD=y" ${B}/.config; then install -m 0755 ${WORKDIR}/busybox-udhcpd ${D}${sysconfdir}/init.d/ fi - if grep "CONFIG_HWCLOCK=y" ${B}/.config; then + if grep -q "CONFIG_HWCLOCK=y" ${B}/.config; then install -m 0755 ${WORKDIR}/hwclock.sh ${D}${sysconfdir}/init.d/ fi - if grep "CONFIG_UDHCPC=y" ${B}/.config; then + if grep -q "CONFIG_UDHCPC=y" ${B}/.config; then install -d ${D}${sysconfdir}/udhcpc.d install -d ${D}${datadir}/udhcpc install -m 0755 ${WORKDIR}/simple.script ${D}${sysconfdir}/udhcpc.d/50default sed -i "s:/SBIN_DIR/:${base_sbindir}/:" ${D}${sysconfdir}/udhcpc.d/50default install -m 0755 ${WORKDIR}/default.script ${D}${datadir}/udhcpc/default.script fi - if grep "CONFIG_INETD=y" ${B}/.config; then + if grep -q "CONFIG_INETD=y" ${B}/.config; then install -m 0755 ${WORKDIR}/inetd ${D}${sysconfdir}/init.d/inetd.${BPN} sed -i "s:/usr/sbin/:${sbindir}/:" ${D}${sysconfdir}/init.d/inetd.${BPN} install -m 0644 ${WORKDIR}/inetd.conf ${D}${sysconfdir}/ fi - if grep "CONFIG_MDEV=y" ${B}/.config; then - install -m 0755 ${WORKDIR}/mdev ${D}${sysconfdir}/init.d/mdev - if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then - install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf - install -d ${D}${sysconfdir}/mdev - install -m 0755 ${WORKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev - install -m 0755 ${WORKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev - fi + if grep -q "CONFIG_MDEV=y" ${B}/.config; then + install -m 0755 ${WORKDIR}/mdev ${D}${sysconfdir}/init.d/mdev + if grep "CONFIG_FEATURE_MDEV_CONF=y" ${B}/.config; then + install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf + install -d ${D}${sysconfdir}/mdev + install -m 0755 ${WORKDIR}/find-touchscreen.sh ${D}${sysconfdir}/mdev + install -m 0755 ${WORKDIR}/mdev-mount.sh ${D}${sysconfdir}/mdev + fi + fi + if grep -q "CONFIG_INIT=y" ${B}/.config; then + install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS + install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK + fi + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + if grep -q "CONFIG_KLOGD=y" ${B}/.config; then + install -d ${D}${systemd_unitdir}/system + sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \ + > ${D}${systemd_unitdir}/system/busybox-klogd.service + fi + + if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then + install -d ${D}${systemd_unitdir}/system + sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \ + > ${D}${systemd_unitdir}/system/busybox-syslog.service + if [ ! -e ${D}${systemd_unitdir}/system/busybox-klogd.service ] ; then + sed -i '/klog/d' ${D}${systemd_unitdir}/system/busybox-syslog.service + fi + if [ -f ${WORKDIR}/busybox-syslog.default ] ; then + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog + fi + fi + fi + + # Remove the sysvinit specific configuration file for systemd systems to avoid confusion + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'false', 'true', d)}; then + rm -f ${D}${sysconfdir}/syslog-startup.conf fi - if grep "CONFIG_INIT=y" ${B}/.config; then - install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS - install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK - install -D -m 0755 ${WORKDIR}/runlevel ${D}${base_sbindir}/runlevel - fi - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - if grep -q "CONFIG_KLOGD=y" ${B}/.config; then - install -d ${D}${systemd_unitdir}/system - sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \ - > ${D}${systemd_unitdir}/system/busybox-klogd.service - fi - - if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then - install -d ${D}${systemd_unitdir}/system - sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \ - > ${D}${systemd_unitdir}/system/busybox-syslog.service - if [ ! -e ${D}${systemd_unitdir}/system/busybox-klogd.service ] ; then - sed -i '/klog/d' ${D}${systemd_unitdir}/system/busybox-syslog.service - fi - if [ -f ${WORKDIR}/busybox-syslog.default ] ; then - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog - fi - fi - fi - - # Remove the sysvinit specific configuration file for systemd systems to avoid confusion - if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'false', 'true', d)}; then - rm -f ${D}${sysconfdir}/syslog-startup.conf - fi } do_install_ptest () { - cp -r ${B}/testsuite ${D}${PTEST_PATH}/ - cp ${B}/.config ${D}${PTEST_PATH}/ - ln -s /bin/busybox ${D}${PTEST_PATH}/busybox + cp -r ${B}/testsuite ${D}${PTEST_PATH}/ + cp ${B}/.config ${D}${PTEST_PATH}/ + ln -s /bin/busybox ${D}${PTEST_PATH}/busybox } inherit update-alternatives @@ -368,7 +371,10 @@ python do_package_prepend () { # Match coreutils if alt_name == '[': alt_name = 'lbracket' - d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name) + if alt_name == 'klogd' or alt_name == 'syslogd': + d.appendVar('ALTERNATIVE_%s-syslog' % (pn), ' ' + alt_name) + else: + d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name) d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name) if os.path.exists('%s%s' % (dvar, target)): d.setVarFlag('ALTERNATIVE_TARGET', alt_name, target) diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch deleted file mode 100755 index 0926107be..000000000 --- a/poky/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch +++ /dev/null @@ -1,481 +0,0 @@ -busybox-1.27.2: Fix CVE-2011-5325 - -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411 - -libarchive: do not extract unsafe symlinks - -Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1 -is not set. Untarring file with -C DESTDIR parameter could be extracted with -unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that. -Include necessary changes from previous commits. - -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7] -CVE: CVE-2011-5325 -bug: 8411 -Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com> -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src -index 942e755..e1a8a75 100644 ---- a/archival/libarchive/Kbuild.src -+++ b/archival/libarchive/Kbuild.src -@@ -12,6 +12,8 @@ COMMON_FILES:= \ - data_extract_all.o \ - data_extract_to_stdout.o \ - \ -+ unsafe_symlink_target.o \ -+\ - filter_accept_all.o \ - filter_accept_list.o \ - filter_accept_reject_list.o \ -diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c -index 1830ffb..b828b65 100644 ---- a/archival/libarchive/data_extract_all.c -+++ b/archival/libarchive/data_extract_all.c -@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle) - res = link(hard_link, dst_name); - if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) { - /* shared message */ -- bb_perror_msg("can't create %slink " -- "%s to %s", "hard", -- dst_name, -- hard_link); -+ bb_perror_msg("can't create %slink '%s' to '%s'", -+ "hard", dst_name, hard_link -+ ); - } - /* Hardlinks have no separate mode/ownership, skip chown/chmod */ - goto ret; -@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle) - case S_IFLNK: - /* Symlink */ - //TODO: what if file_header->link_target == NULL (say, corrupted tarball?) -- res = symlink(file_header->link_target, dst_name); -- if (res != 0 -- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET) -- ) { -- /* shared message */ -- bb_perror_msg("can't create %slink " -- "%s to %s", "sym", -- dst_name, -- file_header->link_target); -+ if (!unsafe_symlink_target(file_header->link_target)) { -+ res = symlink(file_header->link_target, dst_name); -+ if (res != 0 -+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET) -+ ) { -+ /* shared message */ -+ bb_perror_msg("can't create %slink '%s' to '%s'", -+ "sym", -+ dst_name, file_header->link_target -+ ); -+ } - } - break; - case S_IFSOCK: -diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c -new file mode 100644 -index 0000000..ee46e28 ---- /dev/null -+++ b/archival/libarchive/unsafe_symlink_target.c -@@ -0,0 +1,48 @@ -+/* vi: set sw=4 ts=4: */ -+/* -+ * Licensed under GPLv2 or later, see file LICENSE in this source tree. -+ */ -+#include "libbb.h" -+#include "bb_archive.h" -+ -+int FAST_FUNC unsafe_symlink_target(const char *target) -+{ -+ const char *dot; -+ -+ if (target[0] == '/') { -+ const char *var; -+unsafe: -+ var = getenv("EXTRACT_UNSAFE_SYMLINKS"); -+ if (var) { -+ if (LONE_CHAR(var, '1')) -+ return 0; /* pretend it's safe */ -+ return 1; /* "UNSAFE!" */ -+ } -+ bb_error_msg("skipping unsafe symlink to '%s' in archive," -+ " set %s=1 to extract", -+ target, -+ "EXTRACT_UNSAFE_SYMLINKS" -+ ); -+ /* Prevent further messages */ -+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0); -+ return 1; /* "UNSAFE!" */ -+ } -+ -+ dot = target; -+ for (;;) { -+ dot = strchr(dot, '.'); -+ if (!dot) -+ return 0; /* safe target */ -+ -+ /* Is it a path component starting with ".."? */ -+ if ((dot[1] == '.') -+ && (dot == target || dot[-1] == '/') -+ /* Is it exactly ".."? */ -+ && (dot[2] == '/' || dot[2] == '\0') -+ ) { -+ goto unsafe; -+ } -+ /* NB: it can even be trailing ".", should only add 1 */ -+ dot += 1; -+ } -+} -\ No newline at end of file -diff --git a/archival/unzip.c b/archival/unzip.c -index 9037262..270e261 100644 ---- a/archival/unzip.c -+++ b/archival/unzip.c -@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn) - free(name); - } - -+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn) -+{ -+ char *target; -+ -+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */ -+ bb_error_msg_and_die("bad archive"); -+ -+ if (zip->fmt.method == 0) { -+ /* Method 0 - stored (not compressed) */ -+ target = xzalloc(zip->fmt.ucmpsize + 1); -+ xread(zip_fd, target, zip->fmt.ucmpsize); -+ } else { -+#if 1 -+ bb_error_msg_and_die("compressed symlink is not supported"); -+#else -+ transformer_state_t xstate; -+ init_transformer_state(&xstate); -+ xstate.mem_output_size_max = zip->fmt.ucmpsize; -+ /* ...unpack... */ -+ if (!xstate.mem_output_buf) -+ WTF(); -+ target = xstate.mem_output_buf; -+ target = xrealloc(target, xstate.mem_output_size + 1); -+ target[xstate.mem_output_size] = '\0'; -+#endif -+ } -+ if (!unsafe_symlink_target(target)) { -+//TODO: libbb candidate -+ if (symlink(target, dst_fn)) { -+ /* shared message */ -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'", -+ "sym", dst_fn, target -+ ); -+ } -+ } -+ free(target); -+} -+ - static void unzip_extract(zip_header_t *zip, int dst_fd) - { - transformer_state_t xstate; -@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv) - } - check_file: - /* Extract file */ -- if (stat(dst_fn, &stat_buf) == -1) { -+ if (lstat(dst_fn, &stat_buf) == -1) { - /* File does not exist */ - if (errno != ENOENT) { - bb_perror_msg_and_die("can't stat '%s'", dst_fn); -@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv) - goto do_open_and_extract; - printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn); - my_fgets80(key_buf); -+//TODO: redo lstat + ISREG check! user input could have taken a long time! - - switch (key_buf[0]) { - case 'A': -@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv) - do_open_and_extract: - unzip_create_leading_dirs(dst_fn); - #if ENABLE_FEATURE_UNZIP_CDF -- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode); -+ if (!S_ISLNK(file_mode)) -+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode); - #else - dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC); - #endif -@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv) - ? " extracting: %s\n" - : */ " inflating: %s\n", dst_fn); - } -- unzip_extract(&zip, dst_fd); -- if (dst_fd != STDOUT_FILENO) { -- /* closing STDOUT is potentially bad for future business */ -- close(dst_fd); -+#if ENABLE_FEATURE_UNZIP_CDF -+ if (S_ISLNK(file_mode)) { -+ if (dst_fd != STDOUT_FILENO) /* no -p */ -+ unzip_extract_symlink(&zip, dst_fn); -+ } else -+#endif -+ { -+ unzip_extract(&zip, dst_fd); -+ if (dst_fd != STDOUT_FILENO) { -+ /* closing STDOUT is potentially bad for future business */ -+ close(dst_fd); -+ }; - } - break; - -diff --git a/coreutils/link.c b/coreutils/link.c -index ac3ef85..aab249d 100644 ---- a/coreutils/link.c -+++ b/coreutils/link.c -@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv) - argv += optind; - if (link(argv[0], argv[1]) != 0) { - /* shared message */ -- bb_perror_msg_and_die("can't create %slink " -- "%s to %s", "hard", -- argv[1], argv[0] -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'", -+ "hard", argv[1], argv[0] - ); - } - return EXIT_SUCCESS; -diff --git a/include/bb_archive.h b/include/bb_archive.h -index 2b9c5f0..1e4da3c 100644 ---- a/include/bb_archive.h -+++ b/include/bb_archive.h -@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC; - void seek_by_read(int fd, off_t amount) FAST_FUNC; - - const char *strip_unsafe_prefix(const char *str) FAST_FUNC; -+int unsafe_symlink_target(const char *target) FAST_FUNC; - - void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC; - const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC; -diff --git a/libbb/copy_file.c b/libbb/copy_file.c -index 23c0f83..be90066 100644 ---- a/libbb/copy_file.c -+++ b/libbb/copy_file.c -@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags) - int r = symlink(lpath, dest); - free(lpath); - if (r < 0) { -- bb_perror_msg("can't create symlink '%s'", dest); -+ /* shared message */ -+ bb_perror_msg("can't create %slink '%s' to '%s'", -+ "sym", dest, lpath -+ ); - return -1; - } - if (flags & FILEUTILS_PRESERVE_STATUS) -diff --git a/testsuite/tar.tests b/testsuite/tar.tests -index 9f7ce15..b7cd74c 100755 ---- a/testsuite/tar.tests -+++ b/testsuite/tar.tests -@@ -10,9 +10,6 @@ unset LC_COLLATE - unset LC_ALL - umask 022 - --rm -rf tar.tempdir 2>/dev/null --mkdir tar.tempdir && cd tar.tempdir || exit 1 -- - # testing "test name" "script" "expected result" "file input" "stdin" - - testing "Empty file is not a tarball" '\ -@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $? - "" "" - SKIP= - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input": - # GNU tar 1.26 records as hardlinks: - # input_hard2 -> input_hard1 -@@ -64,7 +62,6 @@ SKIP= - # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing. - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES - testing "tar hardlinks and repeated files" '\ --rm -rf input_* test.tar 2>/dev/null - >input_hard1 - ln input_hard1 input_hard2 - mkdir input_dir -@@ -95,10 +92,11 @@ drwxr-xr-x input_dir - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES - testing "tar hardlinks mode" '\ --rm -rf input_* test.tar 2>/dev/null - >input_hard1 - chmod 741 input_hard1 - ln input_hard1 input_hard2 -@@ -128,10 +126,11 @@ Ok: 0 - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES - testing "tar symlinks mode" '\ --rm -rf input_* test.tar 2>/dev/null - >input_file - chmod 741 input_file - ln -s input_file input_soft -@@ -159,10 +158,11 @@ lrwxrwxrwx input_file - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS - testing "tar --overwrite" "\ --rm -rf input_* test.tar 2>/dev/null - ln input input_hard - tar cf test.tar input_hard - echo WRONG >input -@@ -174,12 +174,13 @@ Ok - " \ - "Ok\n" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - test x"$SKIP_KNOWN_BUGS" = x"" && { - # Needs to be run under non-root for meaningful test - optional FEATURE_TAR_CREATE - testing "tar writing into read-only dir" '\ --rm -rf input_* test.tar 2>/dev/null - mkdir input_dir - >input_dir/input_file - chmod 550 input_dir -@@ -201,7 +202,9 @@ dr-xr-x--- input_dir - "" "" - SKIP= - } -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # Had a bug where on extract autodetect first "switched off" -z - # and then failed to recognize .tgz extension - optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP -@@ -217,7 +220,9 @@ Ok - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)? - # (the uuencoded hello_world.txz contains one empty file named "hello_world") - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ -@@ -236,7 +241,9 @@ AAAEWVo= - ==== - " - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # On extract, everything up to and including last ".." component is stripped - optional FEATURE_TAR_CREATE - testing "tar strips /../ on extract" "\ -@@ -255,7 +262,9 @@ Ok - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # attack.tar.bz2 has symlink pointing to a system file - # followed by a regular file with the same name - # containing "root::0:0::/root:/bin/sh": -@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2 - testing "tar does not extract into symlinks" "\ - >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$? - " "\ -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract - 0 - " \ - "" "\ -@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= - ==== - " - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null -+ -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # And same with -k - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2 - testing "tar -k does not extract into symlinks" "\ - >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$? - " "\ --tar: can't open 'passwd': File exists -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract - 0 - " \ - "" "\ -@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= - ==== - " - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT - testing "Pax-encoded UTF8 names and symlinks" '\ - tar xvf ../tar.utf8.tar.bz2 2>&1; echo $? -@@ -309,17 +324,45 @@ rm -rf etc usr - ' "\ - etc/ssl/certs/3b2716e5.0 - etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract - etc/ssl/certs/f80cc7f6.0 - usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt - 0 - etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem --etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt - etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -- --cd .. && rm -rf tar.tempdir || exit 1 -+mkdir tar.tempdir && cd tar.tempdir || exit 1 -+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT -+testing "Symlink attack: create symlink and then write through it" '\ -+exec 2>&1 -+uudecode -o input && tar xvf input; echo $? -+ls /tmp/bb_test_evilfile -+ls bb_test_evilfile -+ls symlink/bb_test_evilfile -+' "\ -+anything.txt -+symlink -+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract -+symlink/bb_test_evilfile -+0 -+ls: /tmp/bb_test_evilfile: No such file or directory -+ls: bb_test_evilfile: No such file or directory -+symlink/bb_test_evilfile -+" \ -+"" "\ -+begin-base64 644 tar_symlink_attack.tar.bz2 -+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR -+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk -+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa -+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS -+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA= -+==== -+" -+SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - - exit $FAILCOUNT diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch deleted file mode 100644 index 5a027c9bc..000000000 --- a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch +++ /dev/null @@ -1,95 +0,0 @@ -busybox-1.27.2: Fix CVE-2017-15873 - -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431 - -bunzip2: fix runCnt overflow - -The get_next_block function in archival/libarchive/decompress_bunzip2.c -in BusyBox 1.27.2 has an Integer Overflow that may lead to a write -access violation. - -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0] -CVE: CVE-2017-15873 -bug: 10431 -Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com> - -diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c -index 7cd18f5..bec89ed 100644 ---- a/archival/libarchive/decompress_bunzip2.c -+++ b/archival/libarchive/decompress_bunzip2.c -@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted) - static int get_next_block(bunzip_data *bd) - { - struct group_data *hufGroup; -- int dbufCount, dbufSize, groupCount, *base, *limit, selector, -- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256]; -- int runCnt = runCnt; /* for compiler */ -+ int groupCount, *base, *limit, selector, -+ i, j, symCount, symTotal, nSelectors, byteCount[256]; - uint8_t uc, symToByte[256], mtfSymbol[256], *selectors; - uint32_t *dbuf; - unsigned origPtr, t; -+ unsigned dbufCount, runPos; -+ unsigned runCnt = runCnt; /* for compiler */ - - dbuf = bd->dbuf; -- dbufSize = bd->dbufSize; - selectors = bd->selectors; - - /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */ -@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd) - it didn't actually work. */ - if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT; - origPtr = get_bits(bd, 24); -- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR; -+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR; - - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer -@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd) - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */ -- if (runPos < dbufSize) runPos <<= 1; -+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen. -+//This would be the fix (catches too large count way before it can overflow): -+// if (runCnt > bd->dbufSize) { -+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR", -+// runCnt, bd->dbufSize); -+// return RETVAL_DATA_ERROR; -+// } -+ if (runPos < bd->dbufSize) runPos <<= 1; - goto end_of_huffman_loop; - } - -@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd) - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos != 0) { - uint8_t tmp_byte; -- if (dbufCount + runCnt > dbufSize) { -- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR", -- dbufCount, runCnt, dbufCount + runCnt, dbufSize); -+ if (dbufCount + runCnt > bd->dbufSize) { -+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR", -+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize); - return RETVAL_DATA_ERROR; - } - tmp_byte = symToByte[mtfSymbol[0]]; - byteCount[tmp_byte] += runCnt; -- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte; -+ while ((int)--runCnt >= 0) -+ dbuf[dbufCount++] = (uint32_t)tmp_byte; - runPos = 0; - } - -@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd) - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ -- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR; -+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR; - i = nextSym - 1; - uc = mtfSymbol[i]; - --- -cgit v0.12 diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch deleted file mode 100644 index 67b4ed7e1..000000000 --- a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e75c01bb3249df16201b482b79bb24bec3b58188 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Fri, 27 Oct 2017 15:37:03 +0200 -Subject: [PATCH] unlzma: fix SEGV, closes 10436 - -Upstream-Status: Backport [ https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b] -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> -Signed-off-by: Sinan Kaya <okaya@kernel.org> ---- - archival/libarchive/decompress_unlzma.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c -index 29eee2a..41e492f 100644 ---- a/archival/libarchive/decompress_unlzma.c -+++ b/archival/libarchive/decompress_unlzma.c -@@ -353,6 +353,10 @@ unpack_lzma_stream(transformer_state_t *xstate) - pos = buffer_pos - rep0; - if ((int32_t)pos < 0) { - pos += header.dict_size; -+ /* bug 10436 has an example file where this triggers: */ -+ if ((int32_t)pos < 0) -+ goto bad; -+ - /* see unzip_bad_lzma_2.zip: */ - if (pos >= buffer_size) - goto bad; --- -2.19.0 - diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch deleted file mode 100644 index fc19ee335..000000000 --- a/poky/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Tue, 7 Nov 2017 18:09:29 +0100 -Subject: lineedit: do not tab-complete any strings which have control - characters - -function old new delta -add_match 41 68 +27 - -CVE: CVE-2017-16544 -Upstream-Status: Backport - -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - libbb/lineedit.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/libbb/lineedit.c b/libbb/lineedit.c -index c0e35bb..56e8140 100644 ---- a/libbb/lineedit.c -+++ b/libbb/lineedit.c -@@ -645,6 +645,18 @@ static void free_tab_completion_data(void) - - static void add_match(char *matched) - { -+ unsigned char *p = (unsigned char*)matched; -+ while (*p) { -+ /* ESC attack fix: drop any string with control chars */ -+ if (*p < ' ' -+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) -+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) -+ ) { -+ free(matched); -+ return; -+ } -+ p++; -+ } - matches = xrealloc_vector(matches, 4, num_matches); - matches[num_matches] = matched; - num_matches++; --- -cgit v0.12 diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch deleted file mode 100644 index da6dfa802..000000000 --- a/poky/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch +++ /dev/null @@ -1,106 +0,0 @@ -busybox-1.27.2: Fix lzma segfaults - -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871 - -libarchive: check buffer index in lzma_decompress - -With specific defconfig busybox fails to check zip fileheader magic -(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c) -for decompression which leads to segmentation fault. It prevents accessing into -buffer, which is smaller than pos index. Patch includes multiple segmentation -fault fixes. - -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b] -bug: 10436 10871 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c -index a904087..29eee2a 100644 ---- a/archival/libarchive/decompress_unlzma.c -+++ b/archival/libarchive/decompress_unlzma.c -@@ -11,6 +11,14 @@ - #include "libbb.h" - #include "bb_archive.h" - -+ -+#if 0 -+# define dbg(...) bb_error_msg(__VA_ARGS__) -+#else -+# define dbg(...) ((void)0) -+#endif -+ -+ - #if ENABLE_FEATURE_LZMA_FAST - # define speed_inline ALWAYS_INLINE - # define size_inline -@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate) - rc_t *rc; - int i; - uint8_t *buffer; -+ uint32_t buffer_size; - uint8_t previous_byte = 0; - size_t buffer_pos = 0, global_pos = 0; - int len = 0; -@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate) - if (header.dict_size == 0) - header.dict_size++; - -- buffer = xmalloc(MIN(header.dst_size, header.dict_size)); -+ buffer_size = MIN(header.dst_size, header.dict_size); -+ buffer = xmalloc(buffer_size); - - { - int num_probs; -@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate) - state = state < LZMA_NUM_LIT_STATES ? 9 : 11; - - pos = buffer_pos - rep0; -- if ((int32_t)pos < 0) -+ if ((int32_t)pos < 0) { - pos += header.dict_size; -+ /* see unzip_bad_lzma_2.zip: */ -+ if (pos >= buffer_size) -+ goto bad; -+ } - previous_byte = buffer[pos]; - goto one_byte1; - #else -@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate) - for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--) - rep0 = (rep0 << 1) | rc_direct_bit(rc); - rep0 <<= LZMA_NUM_ALIGN_BITS; -+ if ((int32_t)rep0 < 0) { -+ dbg("%d rep0:%d", __LINE__, rep0); -+ goto bad; -+ } - prob3 = p + LZMA_ALIGN; - } - i2 = 1; -@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate) - IF_NOT_FEATURE_LZMA_FAST(string:) - do { - uint32_t pos = buffer_pos - rep0; -- if ((int32_t)pos < 0) -+ if ((int32_t)pos < 0) { - pos += header.dict_size; -+ /* more stringent test (see unzip_bad_lzma_1.zip): */ -+ if (pos >= buffer_size) -+ goto bad; -+ } - previous_byte = buffer[pos]; - IF_NOT_FEATURE_LZMA_FAST(one_byte2:) - buffer[buffer_pos++] = previous_byte; -@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate) - IF_DESKTOP(total_written += buffer_pos;) - if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) { - bad: -+ /* One of our users, bbunpack(), expects _us_ to emit -+ * the error message (since it's the best place to give -+ * potentially more detailed information). -+ * Do not fail silently. -+ */ -+ bb_error_msg("corrupted data"); - total_written = -1; /* failure */ - } - rc_free(rc); - diff --git a/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch index 582a25893..76daaf1f0 100644 --- a/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch +++ b/poky/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch @@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org> networking/udhcp/dhcpc.c | 29 ++++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) -Index: busybox-1.27.2/networking/udhcp/dhcpc.c +Index: busybox-1.29.1/networking/udhcp/dhcpc.c =================================================================== ---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c -+++ busybox-1.27.2/networking/udhcp/dhcpc.c -@@ -49,6 +49,8 @@ struct tpacket_auxdata { +--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c ++++ busybox-1.29.1/networking/udhcp/dhcpc.c +@@ -48,6 +48,8 @@ }; #endif @@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c /* "struct client_config_t client_config" is in bb_common_bufsiz1 */ -@@ -104,8 +106,9 @@ enum { +@@ -103,8 +105,9 @@ OPT_x = 1 << 18, OPT_f = 1 << 19, OPT_B = 1 << 20, @@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c USE_FOR_MMU( OPTBIT_b,) IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,) IF_FEATURE_UDHCP_PORT( OPTBIT_P,) -@@ -1110,7 +1113,8 @@ static void perform_renew(void) +@@ -1116,7 +1119,8 @@ state = RENEW_REQUESTED; break; case RENEW_REQUESTED: /* impatient are we? fine, square 1 */ @@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c case REQUESTING: case RELEASED: change_listen_mode(LISTEN_RAW); -@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip) +@@ -1152,7 +1156,8 @@ * Users requested to be notified in all cases, even if not in one * of the states above. */ @@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c change_listen_mode(LISTEN_NONE); state = RELEASED; -@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) - /* O,x: list; -T,-t,-A take numeric param */ - IF_UDHCP_VERBOSE(opt_complementary = "vv";) - IF_LONG_OPTS(applet_long_options = udhcpc_longopts;) -- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB" -+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD" +@@ -1265,7 +1270,7 @@ + /* Parse command line */ + opt = getopt32long(argv, "^" + /* O,x: list; -T,-t,-A take numeric param */ +- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB" ++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD" USE_FOR_MMU("b") IF_FEATURE_UDHCPC_ARPING("a::") IF_FEATURE_UDHCP_PORT("P:") -@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1376,6 +1381,10 @@ logmode |= LOGMODE_SYSLOG; } @@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c + /* Make sure fd 0,1,2 are open */ bb_sanitize_stdio(); - /* Equivalent of doing a fflush after every \n */ -@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) + /* Create pidfile */ +@@ -1388,7 +1397,8 @@ srand(monotonic_us()); state = INIT_SELECTING; @@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c change_listen_mode(LISTEN_RAW); packet_num = 0; timeout = 0; -@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1555,7 +1565,8 @@ } /* Timed out, enter init state */ bb_error_msg("lease lost, entering init state"); @@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c state = INIT_SELECTING; client_config.first_secs = 0; /* make secs field count from 0 */ /*timeout = 0; - already is */ -@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1748,8 +1759,10 @@ + "(got ARP reply), declining"); send_decline(/*xid,*/ server_addr, packet.yiaddr); - if (state != REQUESTING) +- if (state != REQUESTING) - udhcp_run_script(NULL, "deconfig"); ++ if (state != REQUESTING) { + if (allow_deconfig) + udhcp_run_script(NULL, "deconfig"); ++ } change_listen_mode(LISTEN_RAW); state = INIT_SELECTING; client_config.first_secs = 0; /* make secs field count from 0 */ -@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1818,8 +1831,10 @@ + /* return to init state */ bb_error_msg("received %s", "DHCP NAK"); udhcp_run_script(&packet, "nak"); - if (state != REQUESTING) +- if (state != REQUESTING) - udhcp_run_script(NULL, "deconfig"); ++ if (state != REQUESTING) { + if (allow_deconfig) + udhcp_run_script(NULL, "deconfig"); ++ } change_listen_mode(LISTEN_RAW); sleep(3); /* avoid excessive network traffic */ state = INIT_SELECTING; diff --git a/poky/meta/recipes-core/busybox/busybox/defconfig b/poky/meta/recipes-core/busybox/busybox/defconfig index 59d93c707..32213c067 100644 --- a/poky/meta/recipes-core/busybox/busybox/defconfig +++ b/poky/meta/recipes-core/busybox/busybox/defconfig @@ -1,12 +1,12 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.27.2 -# Wed Sep 27 08:56:13 2017 +# Busybox version: 1.29.1 +# Thu Jul 19 11:09:46 2018 # CONFIG_HAVE_DOT_CONFIG=y # -# Busybox Settings +# Settings # # CONFIG_DESKTOP is not set # CONFIG_EXTRA_COMPAT is not set @@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y # CONFIG_EFENCE is not set # -# Busybox Library Tuning +# Library Tuning # # CONFIG_FEATURE_USE_BSS_TAIL is not set CONFIG_FEATURE_RTMINMAX=y @@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1 CONFIG_SHA3_SMALL=1 CONFIG_FEATURE_FAST_TOP=y # CONFIG_FEATURE_ETC_NETWORKS is not set +# CONFIG_FEATURE_ETC_SERVICES is not set CONFIG_FEATURE_EDITING=y CONFIG_FEATURE_EDITING_MAX_LEN=1024 # CONFIG_FEATURE_EDITING_VI is not set @@ -321,6 +322,7 @@ CONFIG_TRUE=y CONFIG_TTY=y CONFIG_UNAME=y CONFIG_UNAME_OSNAME="GNU/Linux" +# CONFIG_BB_ARCH is not set CONFIG_UNIQ=y CONFIG_UNLINK=y CONFIG_USLEEP=y @@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y CONFIG_WHICH=y # +# klibc-utils +# +# CONFIG_MINIPS is not set +# CONFIG_NUKE is not set +# CONFIG_RESUME is not set +# CONFIG_RUN_INIT is not set + +# # Editors # CONFIG_AWK=y @@ -470,7 +480,7 @@ CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR=y # CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set # CONFIG_HALT is not set # CONFIG_POWEROFF is not set -# CONFIG_REBOOT is not set +CONFIG_REBOOT=y # CONFIG_FEATURE_CALL_TELINIT is not set # CONFIG_TELINIT_PATH is not set # CONFIG_INIT is not set @@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y CONFIG_FEATURE_MOUNT_LOOP_CREATE=y # CONFIG_FEATURE_MTAB_SUPPORT is not set # CONFIG_VOLUMEID is not set + +# +# Filesystem/Volume identification +# # CONFIG_FEATURE_VOLUMEID_BCACHE is not set # CONFIG_FEATURE_VOLUMEID_BTRFS is not set # CONFIG_FEATURE_VOLUMEID_CRAMFS is not set @@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR="" # CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set # CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set # CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set +# CONFIG_HEXEDIT is not set # CONFIG_I2CGET is not set # CONFIG_I2CSET is not set # CONFIG_I2CDUMP is not set @@ -807,6 +822,7 @@ CONFIG_MICROCOM=y # CONFIG_RUNLEVEL is not set # CONFIG_RX is not set # CONFIG_SETSID is not set +# CONFIG_SETFATTR is not set CONFIG_STRINGS=y CONFIG_TIME=y # CONFIG_TIMEOUT is not set @@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y CONFIG_ROUTE=y # CONFIG_SLATTACH is not set # CONFIG_SSL_CLIENT is not set +# CONFIG_TC is not set +# CONFIG_FEATURE_TC_INGRESS is not set # CONFIG_TCPSVD is not set # CONFIG_UDPSVD is not set CONFIG_TELNET=y @@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y # CONFIG_FEATURE_WGET_OPENSSL is not set # CONFIG_WHOIS is not set # CONFIG_ZCIP is not set -# CONFIG_UDHCPC6 is not set -# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set CONFIG_UDHCPD=y -# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set +# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases" CONFIG_DUMPLEASES=y # CONFIG_DHCPRELAY is not set @@ -963,6 +977,15 @@ CONFIG_UDHCPC=y CONFIG_FEATURE_UDHCPC_ARPING=y CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" +# CONFIG_UDHCPC6 is not set +# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set +# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set +# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set +# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set + +# +# Common options for DHCP applets +# # CONFIG_FEATURE_UDHCP_PORT is not set CONFIG_UDHCP_DEBUG=0 # CONFIG_FEATURE_UDHCP_RFC3397 is not set @@ -1045,6 +1068,7 @@ CONFIG_WATCH=y # CONFIG_SV is not set CONFIG_SV_DEFAULT_SERVICE_DIR="" # CONFIG_SVC is not set +# CONFIG_SVOK is not set # CONFIG_SVLOGD is not set # CONFIG_CHCON is not set # CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set @@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y # System Logging Utilities # CONFIG_KLOGD=y + +# +# klogd should not be used together with syslog to kernel printk buffer +# CONFIG_FEATURE_KLOGD_KLOGCTL=y CONFIG_LOGGER=y # CONFIG_LOGREAD is not set diff --git a/poky/meta/recipes-core/busybox/busybox/init.cfg b/poky/meta/recipes-core/busybox/busybox/init.cfg index 3c1fdd42b..e96700682 100644 --- a/poky/meta/recipes-core/busybox/busybox/init.cfg +++ b/poky/meta/recipes-core/busybox/busybox/init.cfg @@ -1,8 +1,8 @@ CONFIG_INIT=y +CONFIG_RUNLEVEL=y CONFIG_FEATURE_USE_INITTAB=y CONFIG_HALT=y CONFIG_POWEROFF=y -CONFIG_REBOOT=y CONFIG_FEATURE_KILL_DELAY=0 CONFIG_TELINIT_PATH="" CONFIG_INIT_TERMINAL_TYPE="" diff --git a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch deleted file mode 100644 index 9fe7998df..000000000 --- a/poky/meta/recipes-core/busybox/busybox/umount-ignore-c.patch +++ /dev/null @@ -1,40 +0,0 @@ -Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d] - -From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001 -From: Shawn Landden <slandden@gmail.com> -Date: Mon, 8 Jan 2018 13:31:58 +0100 -Subject: [PATCH] umount: ignore -c -Organization: O.S. Systems Software LTDA. - -"-c, --no-canonicalize: Do not canonicalize paths." - -As busybox doesn't canonicalize paths in the first place it is safe to ignore -this option. - -See https://github.com/systemd/systemd/issues/7786 - -Signed-off-by: Shawn Landden <slandden@gmail.com> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> ---- - util-linux/umount.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util-linux/umount.c b/util-linux/umount.c -index 0c50dc9ee..0425c5b76 100644 ---- a/util-linux/umount.c -+++ b/util-linux/umount.c -@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result, - } - #endif - --/* ignored: -v -t -i */ --#define OPTION_STRING "fldnra" "vt:i" -+/* ignored: -c -v -t -i */ -+#define OPTION_STRING "fldnra" "cvt:i" - #define OPT_FORCE (1 << 0) // Same as MNT_FORCE - #define OPT_LAZY (1 << 1) // Same as MNT_DETACH - #define OPT_FREELOOP (1 << 2) --- -2.18.0 - diff --git a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox_1.29.2.bb index bab29728e..df3ea5906 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.29.2.bb @@ -40,16 +40,9 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://inittab \ file://rcS \ file://rcK \ - file://runlevel \ file://makefile-libbb-race.patch \ - file://CVE-2011-5325.patch \ - file://CVE-2017-15873.patch \ - file://busybox-CVE-2017-16544.patch \ - file://busybox-fix-lzma-segfaults.patch \ - file://umount-ignore-c.patch \ - file://CVE-2017-15874.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " -SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e" -SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df" +SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e" +SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61" diff --git a/poky/meta/recipes-core/busybox/files/runlevel b/poky/meta/recipes-core/busybox/files/runlevel deleted file mode 100644 index 866f3b594..000000000 --- a/poky/meta/recipes-core/busybox/files/runlevel +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# busybox init does not have LSB ( sysvinit ) like initlevels -# so lets fake it to 5 which is what we default anyway -# this helps with opkg post installs where it tries to invoke -# update-rc.d ad post install step. -# for package upgrades -# See code in update-rc.d around line 190 where it calls runlevel -# program -# -echo "5" - |