diff options
Diffstat (limited to 'meta/recipes-core/busybox/busybox')
3 files changed, 209 insertions, 1 deletions
diff --git a/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch b/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch index 354f83a4a5..d76118f85b 100644 --- a/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch +++ b/meta/recipes-core/busybox/busybox/0001-depmod-Ignore-.debug-directories.patch @@ -21,7 +21,7 @@ index bb42bbe..aa5a2de 100644 /* Arbitrary. Was sb->st_size, but that breaks .gz etc */ size_t len = (64*1024*1024 - 4096); -+ if (strstr(fname, ".debug") == NULL) ++ if (strstr(fname, ".debug") != NULL) + return TRUE; + if (strrstr(fname, ".ko") == NULL) diff --git a/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch b/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch new file mode 100644 index 0000000000..985e2bf1d9 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/0001-devmem-add-128-bit-width.patch @@ -0,0 +1,128 @@ +From d432049f288c9acdc4a7caa729c68ceba3c5dca1 Mon Sep 17 00:00:00 2001 +From: Aaro Koskinen <aaro.koskinen@nokia.com> +Date: Thu, 25 Aug 2022 18:47:02 +0300 +Subject: [PATCH] devmem: add 128-bit width + +Add 128-bit width if the compiler provides the needed type. + +function old new delta +devmem_main 405 464 +59 +.rodata 109025 109043 +18 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/0 up/down: 77/0) Total: 77 bytes + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=d432049f288c9acdc4a7caa729c68ceba3c5dca1] + +Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com> +Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + miscutils/devmem.c | 68 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 44 insertions(+), 24 deletions(-) + +diff --git a/miscutils/devmem.c b/miscutils/devmem.c +index f9f0276bc..f21621bd6 100644 +--- a/miscutils/devmem.c ++++ b/miscutils/devmem.c +@@ -29,7 +29,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + { + void *map_base, *virt_addr; + uint64_t read_result; +- uint64_t writeval = writeval; /* for compiler */ + off_t target; + unsigned page_size, mapped_size, offset_in_page; + int fd; +@@ -64,9 +63,6 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + width = strchrnul(bhwl, (argv[2][0] | 0x20)) - bhwl; + width = sizes[width]; + } +- /* VALUE */ +- if (argv[3]) +- writeval = bb_strtoull(argv[3], NULL, 0); + } else { /* argv[2] == NULL */ + /* make argv[3] to be a valid thing to fetch */ + argv--; +@@ -96,28 +92,46 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + virt_addr = (char*)map_base + offset_in_page; + + if (!argv[3]) { +- switch (width) { +- case 8: +- read_result = *(volatile uint8_t*)virt_addr; +- break; +- case 16: +- read_result = *(volatile uint16_t*)virt_addr; +- break; +- case 32: +- read_result = *(volatile uint32_t*)virt_addr; +- break; +- case 64: +- read_result = *(volatile uint64_t*)virt_addr; +- break; +- default: +- bb_simple_error_msg_and_die("bad width"); ++#ifdef __SIZEOF_INT128__ ++ if (width == 128) { ++ unsigned __int128 rd = ++ *(volatile unsigned __int128 *)virt_addr; ++ printf("0x%016llX%016llX\n", ++ (unsigned long long)(uint64_t)(rd >> 64), ++ (unsigned long long)(uint64_t)rd ++ ); ++ } else ++#endif ++ { ++ switch (width) { ++ case 8: ++ read_result = *(volatile uint8_t*)virt_addr; ++ break; ++ case 16: ++ read_result = *(volatile uint16_t*)virt_addr; ++ break; ++ case 32: ++ read_result = *(volatile uint32_t*)virt_addr; ++ break; ++ case 64: ++ read_result = *(volatile uint64_t*)virt_addr; ++ break; ++ default: ++ bb_simple_error_msg_and_die("bad width"); ++ } ++// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", ++// target, virt_addr, ++// (unsigned long long)read_result); ++ /* Zero-padded output shows the width of access just done */ ++ printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); + } +-// printf("Value at address 0x%"OFF_FMT"X (%p): 0x%llX\n", +-// target, virt_addr, +-// (unsigned long long)read_result); +- /* Zero-padded output shows the width of access just done */ +- printf("0x%0*llX\n", (width >> 2), (unsigned long long)read_result); + } else { ++ /* parse VALUE */ ++#ifdef __SIZEOF_INT128__ ++ unsigned __int128 writeval = strtoumax(argv[3], NULL, 0); ++#else ++ uint64_t writeval = bb_strtoull(argv[3], NULL, 0); ++#endif + switch (width) { + case 8: + *(volatile uint8_t*)virt_addr = writeval; +@@ -135,6 +149,12 @@ int devmem_main(int argc UNUSED_PARAM, char **argv) + *(volatile uint64_t*)virt_addr = writeval; + // read_result = *(volatile uint64_t*)virt_addr; + break; ++#ifdef __SIZEOF_INT128__ ++ case 128: ++ *(volatile unsigned __int128 *)virt_addr = writeval; ++// read_result = *(volatile uint64_t*)virt_addr; ++ break; ++#endif + default: + bb_simple_error_msg_and_die("bad width"); + } +-- +2.25.1 + diff --git a/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch new file mode 100644 index 0000000000..dd0ea19f02 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2022-48174.patch @@ -0,0 +1,80 @@ +From cf5d0889262e1b04ec2aa4caff2f5da2d602c665 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Mon, 12 Jun 2023 17:48:47 +0200 +Subject: [PATCH] busybox: shell: avoid segfault on ${0::0/0~09J}. Closes 15216 +function old new delta evaluate_string 1011 1053 +42 + +Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209] +CVE: CVE-2022-48174 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + shell/math.c | 39 +++++++++++++++++++++++++++++++++++---- + 1 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/shell/math.c b/shell/math.c +index 76d22c9..727c294 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr) + # endif + #endif + ++//TODO: much better estimation than expr_len/2? Such as: ++//static unsigned estimate_nums_and_names(const char *expr) ++//{ ++// unsigned count = 0; ++// while (*(expr = skip_whitespace(expr)) != '\0') { ++// const char *p; ++// if (isdigit(*expr)) { ++// while (isdigit(*++expr)) ++// continue; ++// count++; ++// continue; ++// } ++// p = endofname(expr); ++// if (p != expr) { ++// expr = p; ++// count++; ++// continue; ++// } ++// } ++// return count; ++//} ++ + static arith_t + evaluate_string(arith_state_t *math_state, const char *expr) + { +@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr) + const char *errmsg; + const char *start_expr = expr = skip_whitespace(expr); + unsigned expr_len = strlen(expr) + 2; +- /* Stack of integers */ +- /* The proof that there can be no more than strlen(startbuf)/2+1 +- * integers in any given correct or incorrect expression +- * is left as an exercise to the reader. */ ++ /* Stack of integers/names */ ++ /* There can be no more than strlen(startbuf)/2+1 ++ * integers/names in any given correct or incorrect expression. ++ * (modulo "09v09v09v09v09v" case, ++ * but we have code to detect that early) ++ */ + var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ +@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr) + numstackptr->var = NULL; + errno = 0; + numstackptr->val = strto_arith_t(expr, (char**) &expr); ++ /* A number can't be followed by another number, or a variable name. ++ * We'd catch this later anyway, but this would require numstack[] ++ * to be twice as deep to handle strings where _every_ char is ++ * a new number or name. Example: 09v09v09v09v09v09v09v09v09v ++ */ ++ if (isalnum(*expr) || *expr == '_') ++ goto err; + //bb_error_msg("val:%lld", numstackptr->val); + if (errno) + numstackptr->val = 0; /* bash compat */ +-- +2.40.0 |