From b9c7fdd4b204ab1c2466e9ec5d933bbc635fcc4f Mon Sep 17 00:00:00 2001 From: Andrej Valek Date: Thu, 30 Aug 2018 18:02:44 +0200 Subject: busybox: update to 1.29.2 - refresh busybox-udhcpc-no_deconfig.patch - remove obsolete patches which are included in this update - update defconfig - Add newly required virtual/crypt depends [RB] Signed-off-by: Andrej Valek Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../recipes-core/busybox/busybox-inittab_1.27.2.bb | 32 -- .../recipes-core/busybox/busybox-inittab_1.29.2.bb | 32 ++ meta/recipes-core/busybox/busybox.inc | 2 +- .../busybox/busybox/CVE-2011-5325.patch | 481 --------------------- .../busybox/busybox/CVE-2017-15873.patch | 95 ---- .../busybox/busybox/busybox-CVE-2017-16544.patch | 43 -- .../busybox/busybox-fix-lzma-segfaults.patch | 106 ----- .../busybox/busybox-udhcpc-no_deconfig.patch | 48 +- meta/recipes-core/busybox/busybox/defconfig | 46 +- .../busybox/busybox/umount-ignore-c.patch | 40 -- meta/recipes-core/busybox/busybox_1.27.2.bb | 54 --- meta/recipes-core/busybox/busybox_1.29.2.bb | 49 +++ 12 files changed, 146 insertions(+), 882 deletions(-) delete mode 100644 meta/recipes-core/busybox/busybox-inittab_1.27.2.bb create mode 100644 meta/recipes-core/busybox/busybox-inittab_1.29.2.bb delete mode 100755 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15873.patch delete mode 100644 meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch delete mode 100644 meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch delete mode 100644 meta/recipes-core/busybox/busybox/umount-ignore-c.patch delete mode 100644 meta/recipes-core/busybox/busybox_1.27.2.bb create mode 100644 meta/recipes-core/busybox/busybox_1.29.2.bb (limited to 'meta/recipes-core/busybox') diff --git a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb deleted file mode 100644 index a83620e859..0000000000 --- a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb +++ /dev/null @@ -1,32 +0,0 @@ -SUMMARY = "inittab configuration for BusyBox" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" - -SRC_URI = "file://inittab" - -S = "${WORKDIR}" - -INHIBIT_DEFAULT_DEPS = "1" - -do_compile() { - : -} - -do_install() { - install -d ${D}${sysconfdir} - install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab - tmp="${SERIAL_CONSOLES}" - for i in $tmp - do - j=`echo ${i} | sed s/\;/\ /g` - id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'` - echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab - done -} - -# SERIAL_CONSOLES is generally defined by the MACHINE .conf. -# Set PACKAGE_ARCH appropriately. -PACKAGE_ARCH = "${MACHINE_ARCH}" - -FILES_${PN} = "${sysconfdir}/inittab" -CONFFILES_${PN} = "${sysconfdir}/inittab" diff --git a/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb new file mode 100644 index 0000000000..a83620e859 --- /dev/null +++ b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb @@ -0,0 +1,32 @@ +SUMMARY = "inittab configuration for BusyBox" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "file://inittab" + +S = "${WORKDIR}" + +INHIBIT_DEFAULT_DEPS = "1" + +do_compile() { + : +} + +do_install() { + install -d ${D}${sysconfdir} + install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab + tmp="${SERIAL_CONSOLES}" + for i in $tmp + do + j=`echo ${i} | sed s/\;/\ /g` + id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'` + echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab + done +} + +# SERIAL_CONSOLES is generally defined by the MACHINE .conf. +# Set PACKAGE_ARCH appropriately. +PACKAGE_ARCH = "${MACHINE_ARCH}" + +FILES_${PN} = "${sysconfdir}/inittab" +CONFFILES_${PN} = "${sysconfdir}/inittab" diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc index 8c6dbbaf9b..586d5342e6 100644 --- a/meta/recipes-core/busybox/busybox.inc +++ b/meta/recipes-core/busybox/busybox.inc @@ -3,7 +3,7 @@ DESCRIPTION = "BusyBox combines tiny versions of many common UNIX utilities into HOMEPAGE = "http://www.busybox.net" BUGTRACKER = "https://bugs.busybox.net/" -DEPENDS += "kern-tools-native" +DEPENDS += "kern-tools-native virtual/crypt" # bzip2 applet in busybox is based on lightly-modified bzip2 source # the GPL is version 2 only diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch deleted file mode 100755 index 0926107bea..0000000000 --- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch +++ /dev/null @@ -1,481 +0,0 @@ -busybox-1.27.2: Fix CVE-2011-5325 - -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411 - -libarchive: do not extract unsafe symlinks - -Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1 -is not set. Untarring file with -C DESTDIR parameter could be extracted with -unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that. -Include necessary changes from previous commits. - -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7] -CVE: CVE-2011-5325 -bug: 8411 -Signed-off-by: Radovan Scasny -Signed-off-by: Andrej Valek - -diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src -index 942e755..e1a8a75 100644 ---- a/archival/libarchive/Kbuild.src -+++ b/archival/libarchive/Kbuild.src -@@ -12,6 +12,8 @@ COMMON_FILES:= \ - data_extract_all.o \ - data_extract_to_stdout.o \ - \ -+ unsafe_symlink_target.o \ -+\ - filter_accept_all.o \ - filter_accept_list.o \ - filter_accept_reject_list.o \ -diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c -index 1830ffb..b828b65 100644 ---- a/archival/libarchive/data_extract_all.c -+++ b/archival/libarchive/data_extract_all.c -@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle) - res = link(hard_link, dst_name); - if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) { - /* shared message */ -- bb_perror_msg("can't create %slink " -- "%s to %s", "hard", -- dst_name, -- hard_link); -+ bb_perror_msg("can't create %slink '%s' to '%s'", -+ "hard", dst_name, hard_link -+ ); - } - /* Hardlinks have no separate mode/ownership, skip chown/chmod */ - goto ret; -@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle) - case S_IFLNK: - /* Symlink */ - //TODO: what if file_header->link_target == NULL (say, corrupted tarball?) -- res = symlink(file_header->link_target, dst_name); -- if (res != 0 -- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET) -- ) { -- /* shared message */ -- bb_perror_msg("can't create %slink " -- "%s to %s", "sym", -- dst_name, -- file_header->link_target); -+ if (!unsafe_symlink_target(file_header->link_target)) { -+ res = symlink(file_header->link_target, dst_name); -+ if (res != 0 -+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET) -+ ) { -+ /* shared message */ -+ bb_perror_msg("can't create %slink '%s' to '%s'", -+ "sym", -+ dst_name, file_header->link_target -+ ); -+ } - } - break; - case S_IFSOCK: -diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c -new file mode 100644 -index 0000000..ee46e28 ---- /dev/null -+++ b/archival/libarchive/unsafe_symlink_target.c -@@ -0,0 +1,48 @@ -+/* vi: set sw=4 ts=4: */ -+/* -+ * Licensed under GPLv2 or later, see file LICENSE in this source tree. -+ */ -+#include "libbb.h" -+#include "bb_archive.h" -+ -+int FAST_FUNC unsafe_symlink_target(const char *target) -+{ -+ const char *dot; -+ -+ if (target[0] == '/') { -+ const char *var; -+unsafe: -+ var = getenv("EXTRACT_UNSAFE_SYMLINKS"); -+ if (var) { -+ if (LONE_CHAR(var, '1')) -+ return 0; /* pretend it's safe */ -+ return 1; /* "UNSAFE!" */ -+ } -+ bb_error_msg("skipping unsafe symlink to '%s' in archive," -+ " set %s=1 to extract", -+ target, -+ "EXTRACT_UNSAFE_SYMLINKS" -+ ); -+ /* Prevent further messages */ -+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0); -+ return 1; /* "UNSAFE!" */ -+ } -+ -+ dot = target; -+ for (;;) { -+ dot = strchr(dot, '.'); -+ if (!dot) -+ return 0; /* safe target */ -+ -+ /* Is it a path component starting with ".."? */ -+ if ((dot[1] == '.') -+ && (dot == target || dot[-1] == '/') -+ /* Is it exactly ".."? */ -+ && (dot[2] == '/' || dot[2] == '\0') -+ ) { -+ goto unsafe; -+ } -+ /* NB: it can even be trailing ".", should only add 1 */ -+ dot += 1; -+ } -+} -\ No newline at end of file -diff --git a/archival/unzip.c b/archival/unzip.c -index 9037262..270e261 100644 ---- a/archival/unzip.c -+++ b/archival/unzip.c -@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn) - free(name); - } - -+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn) -+{ -+ char *target; -+ -+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */ -+ bb_error_msg_and_die("bad archive"); -+ -+ if (zip->fmt.method == 0) { -+ /* Method 0 - stored (not compressed) */ -+ target = xzalloc(zip->fmt.ucmpsize + 1); -+ xread(zip_fd, target, zip->fmt.ucmpsize); -+ } else { -+#if 1 -+ bb_error_msg_and_die("compressed symlink is not supported"); -+#else -+ transformer_state_t xstate; -+ init_transformer_state(&xstate); -+ xstate.mem_output_size_max = zip->fmt.ucmpsize; -+ /* ...unpack... */ -+ if (!xstate.mem_output_buf) -+ WTF(); -+ target = xstate.mem_output_buf; -+ target = xrealloc(target, xstate.mem_output_size + 1); -+ target[xstate.mem_output_size] = '\0'; -+#endif -+ } -+ if (!unsafe_symlink_target(target)) { -+//TODO: libbb candidate -+ if (symlink(target, dst_fn)) { -+ /* shared message */ -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'", -+ "sym", dst_fn, target -+ ); -+ } -+ } -+ free(target); -+} -+ - static void unzip_extract(zip_header_t *zip, int dst_fd) - { - transformer_state_t xstate; -@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv) - } - check_file: - /* Extract file */ -- if (stat(dst_fn, &stat_buf) == -1) { -+ if (lstat(dst_fn, &stat_buf) == -1) { - /* File does not exist */ - if (errno != ENOENT) { - bb_perror_msg_and_die("can't stat '%s'", dst_fn); -@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv) - goto do_open_and_extract; - printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn); - my_fgets80(key_buf); -+//TODO: redo lstat + ISREG check! user input could have taken a long time! - - switch (key_buf[0]) { - case 'A': -@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv) - do_open_and_extract: - unzip_create_leading_dirs(dst_fn); - #if ENABLE_FEATURE_UNZIP_CDF -- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode); -+ if (!S_ISLNK(file_mode)) -+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode); - #else - dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC); - #endif -@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv) - ? " extracting: %s\n" - : */ " inflating: %s\n", dst_fn); - } -- unzip_extract(&zip, dst_fd); -- if (dst_fd != STDOUT_FILENO) { -- /* closing STDOUT is potentially bad for future business */ -- close(dst_fd); -+#if ENABLE_FEATURE_UNZIP_CDF -+ if (S_ISLNK(file_mode)) { -+ if (dst_fd != STDOUT_FILENO) /* no -p */ -+ unzip_extract_symlink(&zip, dst_fn); -+ } else -+#endif -+ { -+ unzip_extract(&zip, dst_fd); -+ if (dst_fd != STDOUT_FILENO) { -+ /* closing STDOUT is potentially bad for future business */ -+ close(dst_fd); -+ }; - } - break; - -diff --git a/coreutils/link.c b/coreutils/link.c -index ac3ef85..aab249d 100644 ---- a/coreutils/link.c -+++ b/coreutils/link.c -@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv) - argv += optind; - if (link(argv[0], argv[1]) != 0) { - /* shared message */ -- bb_perror_msg_and_die("can't create %slink " -- "%s to %s", "hard", -- argv[1], argv[0] -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'", -+ "hard", argv[1], argv[0] - ); - } - return EXIT_SUCCESS; -diff --git a/include/bb_archive.h b/include/bb_archive.h -index 2b9c5f0..1e4da3c 100644 ---- a/include/bb_archive.h -+++ b/include/bb_archive.h -@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC; - void seek_by_read(int fd, off_t amount) FAST_FUNC; - - const char *strip_unsafe_prefix(const char *str) FAST_FUNC; -+int unsafe_symlink_target(const char *target) FAST_FUNC; - - void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC; - const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC; -diff --git a/libbb/copy_file.c b/libbb/copy_file.c -index 23c0f83..be90066 100644 ---- a/libbb/copy_file.c -+++ b/libbb/copy_file.c -@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags) - int r = symlink(lpath, dest); - free(lpath); - if (r < 0) { -- bb_perror_msg("can't create symlink '%s'", dest); -+ /* shared message */ -+ bb_perror_msg("can't create %slink '%s' to '%s'", -+ "sym", dest, lpath -+ ); - return -1; - } - if (flags & FILEUTILS_PRESERVE_STATUS) -diff --git a/testsuite/tar.tests b/testsuite/tar.tests -index 9f7ce15..b7cd74c 100755 ---- a/testsuite/tar.tests -+++ b/testsuite/tar.tests -@@ -10,9 +10,6 @@ unset LC_COLLATE - unset LC_ALL - umask 022 - --rm -rf tar.tempdir 2>/dev/null --mkdir tar.tempdir && cd tar.tempdir || exit 1 -- - # testing "test name" "script" "expected result" "file input" "stdin" - - testing "Empty file is not a tarball" '\ -@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $? - "" "" - SKIP= - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input": - # GNU tar 1.26 records as hardlinks: - # input_hard2 -> input_hard1 -@@ -64,7 +62,6 @@ SKIP= - # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing. - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES - testing "tar hardlinks and repeated files" '\ --rm -rf input_* test.tar 2>/dev/null - >input_hard1 - ln input_hard1 input_hard2 - mkdir input_dir -@@ -95,10 +92,11 @@ drwxr-xr-x input_dir - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES - testing "tar hardlinks mode" '\ --rm -rf input_* test.tar 2>/dev/null - >input_hard1 - chmod 741 input_hard1 - ln input_hard1 input_hard2 -@@ -128,10 +126,11 @@ Ok: 0 - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES - testing "tar symlinks mode" '\ --rm -rf input_* test.tar 2>/dev/null - >input_file - chmod 741 input_file - ln -s input_file input_soft -@@ -159,10 +158,11 @@ lrwxrwxrwx input_file - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS - testing "tar --overwrite" "\ --rm -rf input_* test.tar 2>/dev/null - ln input input_hard - tar cf test.tar input_hard - echo WRONG >input -@@ -174,12 +174,13 @@ Ok - " \ - "Ok\n" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - test x"$SKIP_KNOWN_BUGS" = x"" && { - # Needs to be run under non-root for meaningful test - optional FEATURE_TAR_CREATE - testing "tar writing into read-only dir" '\ --rm -rf input_* test.tar 2>/dev/null - mkdir input_dir - >input_dir/input_file - chmod 550 input_dir -@@ -201,7 +202,9 @@ dr-xr-x--- input_dir - "" "" - SKIP= - } -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # Had a bug where on extract autodetect first "switched off" -z - # and then failed to recognize .tgz extension - optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP -@@ -217,7 +220,9 @@ Ok - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)? - # (the uuencoded hello_world.txz contains one empty file named "hello_world") - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ -@@ -236,7 +241,9 @@ AAAEWVo= - ==== - " - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # On extract, everything up to and including last ".." component is stripped - optional FEATURE_TAR_CREATE - testing "tar strips /../ on extract" "\ -@@ -255,7 +262,9 @@ Ok - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # attack.tar.bz2 has symlink pointing to a system file - # followed by a regular file with the same name - # containing "root::0:0::/root:/bin/sh": -@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2 - testing "tar does not extract into symlinks" "\ - >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$? - " "\ -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract - 0 - " \ - "" "\ -@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= - ==== - " - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null -+ -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - # And same with -k - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2 - testing "tar -k does not extract into symlinks" "\ - >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$? - " "\ --tar: can't open 'passwd': File exists -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract - 0 - " \ - "" "\ -@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= - ==== - " - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -+mkdir tar.tempdir && cd tar.tempdir || exit 1 - optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT - testing "Pax-encoded UTF8 names and symlinks" '\ - tar xvf ../tar.utf8.tar.bz2 2>&1; echo $? -@@ -309,17 +324,45 @@ rm -rf etc usr - ' "\ - etc/ssl/certs/3b2716e5.0 - etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract - etc/ssl/certs/f80cc7f6.0 - usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt - 0 - etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem --etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt - etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem - " \ - "" "" - SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - -- --cd .. && rm -rf tar.tempdir || exit 1 -+mkdir tar.tempdir && cd tar.tempdir || exit 1 -+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT -+testing "Symlink attack: create symlink and then write through it" '\ -+exec 2>&1 -+uudecode -o input && tar xvf input; echo $? -+ls /tmp/bb_test_evilfile -+ls bb_test_evilfile -+ls symlink/bb_test_evilfile -+' "\ -+anything.txt -+symlink -+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract -+symlink/bb_test_evilfile -+0 -+ls: /tmp/bb_test_evilfile: No such file or directory -+ls: bb_test_evilfile: No such file or directory -+symlink/bb_test_evilfile -+" \ -+"" "\ -+begin-base64 644 tar_symlink_attack.tar.bz2 -+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR -+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk -+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa -+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS -+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA= -+==== -+" -+SKIP= -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null - - exit $FAILCOUNT diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch deleted file mode 100644 index 5a027c9bcc..0000000000 --- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch +++ /dev/null @@ -1,95 +0,0 @@ -busybox-1.27.2: Fix CVE-2017-15873 - -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431 - -bunzip2: fix runCnt overflow - -The get_next_block function in archival/libarchive/decompress_bunzip2.c -in BusyBox 1.27.2 has an Integer Overflow that may lead to a write -access violation. - -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0] -CVE: CVE-2017-15873 -bug: 10431 -Signed-off-by: Radovan Scasny - -diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c -index 7cd18f5..bec89ed 100644 ---- a/archival/libarchive/decompress_bunzip2.c -+++ b/archival/libarchive/decompress_bunzip2.c -@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted) - static int get_next_block(bunzip_data *bd) - { - struct group_data *hufGroup; -- int dbufCount, dbufSize, groupCount, *base, *limit, selector, -- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256]; -- int runCnt = runCnt; /* for compiler */ -+ int groupCount, *base, *limit, selector, -+ i, j, symCount, symTotal, nSelectors, byteCount[256]; - uint8_t uc, symToByte[256], mtfSymbol[256], *selectors; - uint32_t *dbuf; - unsigned origPtr, t; -+ unsigned dbufCount, runPos; -+ unsigned runCnt = runCnt; /* for compiler */ - - dbuf = bd->dbuf; -- dbufSize = bd->dbufSize; - selectors = bd->selectors; - - /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */ -@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd) - it didn't actually work. */ - if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT; - origPtr = get_bits(bd, 24); -- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR; -+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR; - - /* mapping table: if some byte values are never used (encoding things - like ascii text), the compression code removes the gaps to have fewer -@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd) - symbols, but a run of length 0 doesn't mean anything in this - context). Thus space is saved. */ - runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */ -- if (runPos < dbufSize) runPos <<= 1; -+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen. -+//This would be the fix (catches too large count way before it can overflow): -+// if (runCnt > bd->dbufSize) { -+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR", -+// runCnt, bd->dbufSize); -+// return RETVAL_DATA_ERROR; -+// } -+ if (runPos < bd->dbufSize) runPos <<= 1; - goto end_of_huffman_loop; - } - -@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd) - literal used is the one at the head of the mtfSymbol array.) */ - if (runPos != 0) { - uint8_t tmp_byte; -- if (dbufCount + runCnt > dbufSize) { -- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR", -- dbufCount, runCnt, dbufCount + runCnt, dbufSize); -+ if (dbufCount + runCnt > bd->dbufSize) { -+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR", -+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize); - return RETVAL_DATA_ERROR; - } - tmp_byte = symToByte[mtfSymbol[0]]; - byteCount[tmp_byte] += runCnt; -- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte; -+ while ((int)--runCnt >= 0) -+ dbuf[dbufCount++] = (uint32_t)tmp_byte; - runPos = 0; - } - -@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd) - first symbol in the mtf array, position 0, would have been handled - as part of a run above. Therefore 1 unused mtf position minus - 2 non-literal nextSym values equals -1.) */ -- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR; -+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR; - i = nextSym - 1; - uc = mtfSymbol[i]; - --- -cgit v0.12 diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch deleted file mode 100644 index fc19ee3356..0000000000 --- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko -Date: Tue, 7 Nov 2017 18:09:29 +0100 -Subject: lineedit: do not tab-complete any strings which have control - characters - -function old new delta -add_match 41 68 +27 - -CVE: CVE-2017-16544 -Upstream-Status: Backport - -Signed-off-by: Denys Vlasenko -Signed-off-by: Zhixiong Chi ---- - libbb/lineedit.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/libbb/lineedit.c b/libbb/lineedit.c -index c0e35bb..56e8140 100644 ---- a/libbb/lineedit.c -+++ b/libbb/lineedit.c -@@ -645,6 +645,18 @@ static void free_tab_completion_data(void) - - static void add_match(char *matched) - { -+ unsigned char *p = (unsigned char*)matched; -+ while (*p) { -+ /* ESC attack fix: drop any string with control chars */ -+ if (*p < ' ' -+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f) -+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f) -+ ) { -+ free(matched); -+ return; -+ } -+ p++; -+ } - matches = xrealloc_vector(matches, 4, num_matches); - matches[num_matches] = matched; - num_matches++; --- -cgit v0.12 diff --git a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch deleted file mode 100644 index da6dfa8023..0000000000 --- a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch +++ /dev/null @@ -1,106 +0,0 @@ -busybox-1.27.2: Fix lzma segfaults - -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871 - -libarchive: check buffer index in lzma_decompress - -With specific defconfig busybox fails to check zip fileheader magic -(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c) -for decompression which leads to segmentation fault. It prevents accessing into -buffer, which is smaller than pos index. Patch includes multiple segmentation -fault fixes. - -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b] -bug: 10436 10871 -Signed-off-by: Andrej Valek - -diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c -index a904087..29eee2a 100644 ---- a/archival/libarchive/decompress_unlzma.c -+++ b/archival/libarchive/decompress_unlzma.c -@@ -11,6 +11,14 @@ - #include "libbb.h" - #include "bb_archive.h" - -+ -+#if 0 -+# define dbg(...) bb_error_msg(__VA_ARGS__) -+#else -+# define dbg(...) ((void)0) -+#endif -+ -+ - #if ENABLE_FEATURE_LZMA_FAST - # define speed_inline ALWAYS_INLINE - # define size_inline -@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate) - rc_t *rc; - int i; - uint8_t *buffer; -+ uint32_t buffer_size; - uint8_t previous_byte = 0; - size_t buffer_pos = 0, global_pos = 0; - int len = 0; -@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate) - if (header.dict_size == 0) - header.dict_size++; - -- buffer = xmalloc(MIN(header.dst_size, header.dict_size)); -+ buffer_size = MIN(header.dst_size, header.dict_size); -+ buffer = xmalloc(buffer_size); - - { - int num_probs; -@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate) - state = state < LZMA_NUM_LIT_STATES ? 9 : 11; - - pos = buffer_pos - rep0; -- if ((int32_t)pos < 0) -+ if ((int32_t)pos < 0) { - pos += header.dict_size; -+ /* see unzip_bad_lzma_2.zip: */ -+ if (pos >= buffer_size) -+ goto bad; -+ } - previous_byte = buffer[pos]; - goto one_byte1; - #else -@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate) - for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--) - rep0 = (rep0 << 1) | rc_direct_bit(rc); - rep0 <<= LZMA_NUM_ALIGN_BITS; -+ if ((int32_t)rep0 < 0) { -+ dbg("%d rep0:%d", __LINE__, rep0); -+ goto bad; -+ } - prob3 = p + LZMA_ALIGN; - } - i2 = 1; -@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate) - IF_NOT_FEATURE_LZMA_FAST(string:) - do { - uint32_t pos = buffer_pos - rep0; -- if ((int32_t)pos < 0) -+ if ((int32_t)pos < 0) { - pos += header.dict_size; -+ /* more stringent test (see unzip_bad_lzma_1.zip): */ -+ if (pos >= buffer_size) -+ goto bad; -+ } - previous_byte = buffer[pos]; - IF_NOT_FEATURE_LZMA_FAST(one_byte2:) - buffer[buffer_pos++] = previous_byte; -@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate) - IF_DESKTOP(total_written += buffer_pos;) - if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) { - bad: -+ /* One of our users, bbunpack(), expects _us_ to emit -+ * the error message (since it's the best place to give -+ * potentially more detailed information). -+ * Do not fail silently. -+ */ -+ bb_error_msg("corrupted data"); - total_written = -1; /* failure */ - } - rc_free(rc); - diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch index 582a258939..76daaf1f02 100644 --- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch +++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch @@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter networking/udhcp/dhcpc.c | 29 ++++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) -Index: busybox-1.27.2/networking/udhcp/dhcpc.c +Index: busybox-1.29.1/networking/udhcp/dhcpc.c =================================================================== ---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c -+++ busybox-1.27.2/networking/udhcp/dhcpc.c -@@ -49,6 +49,8 @@ struct tpacket_auxdata { +--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c ++++ busybox-1.29.1/networking/udhcp/dhcpc.c +@@ -48,6 +48,8 @@ }; #endif @@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c /* "struct client_config_t client_config" is in bb_common_bufsiz1 */ -@@ -104,8 +106,9 @@ enum { +@@ -103,8 +105,9 @@ OPT_x = 1 << 18, OPT_f = 1 << 19, OPT_B = 1 << 20, @@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c USE_FOR_MMU( OPTBIT_b,) IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,) IF_FEATURE_UDHCP_PORT( OPTBIT_P,) -@@ -1110,7 +1113,8 @@ static void perform_renew(void) +@@ -1116,7 +1119,8 @@ state = RENEW_REQUESTED; break; case RENEW_REQUESTED: /* impatient are we? fine, square 1 */ @@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c case REQUESTING: case RELEASED: change_listen_mode(LISTEN_RAW); -@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip) +@@ -1152,7 +1156,8 @@ * Users requested to be notified in all cases, even if not in one * of the states above. */ @@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c change_listen_mode(LISTEN_NONE); state = RELEASED; -@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) - /* O,x: list; -T,-t,-A take numeric param */ - IF_UDHCP_VERBOSE(opt_complementary = "vv";) - IF_LONG_OPTS(applet_long_options = udhcpc_longopts;) -- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB" -+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD" +@@ -1265,7 +1270,7 @@ + /* Parse command line */ + opt = getopt32long(argv, "^" + /* O,x: list; -T,-t,-A take numeric param */ +- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB" ++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD" USE_FOR_MMU("b") IF_FEATURE_UDHCPC_ARPING("a::") IF_FEATURE_UDHCP_PORT("P:") -@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1376,6 +1381,10 @@ logmode |= LOGMODE_SYSLOG; } @@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c + /* Make sure fd 0,1,2 are open */ bb_sanitize_stdio(); - /* Equivalent of doing a fflush after every \n */ -@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) + /* Create pidfile */ +@@ -1388,7 +1397,8 @@ srand(monotonic_us()); state = INIT_SELECTING; @@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c change_listen_mode(LISTEN_RAW); packet_num = 0; timeout = 0; -@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1555,7 +1565,8 @@ } /* Timed out, enter init state */ bb_error_msg("lease lost, entering init state"); @@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c state = INIT_SELECTING; client_config.first_secs = 0; /* make secs field count from 0 */ /*timeout = 0; - already is */ -@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1748,8 +1759,10 @@ + "(got ARP reply), declining"); send_decline(/*xid,*/ server_addr, packet.yiaddr); - if (state != REQUESTING) +- if (state != REQUESTING) - udhcp_run_script(NULL, "deconfig"); ++ if (state != REQUESTING) { + if (allow_deconfig) + udhcp_run_script(NULL, "deconfig"); ++ } change_listen_mode(LISTEN_RAW); state = INIT_SELECTING; client_config.first_secs = 0; /* make secs field count from 0 */ -@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) +@@ -1818,8 +1831,10 @@ + /* return to init state */ bb_error_msg("received %s", "DHCP NAK"); udhcp_run_script(&packet, "nak"); - if (state != REQUESTING) +- if (state != REQUESTING) - udhcp_run_script(NULL, "deconfig"); ++ if (state != REQUESTING) { + if (allow_deconfig) + udhcp_run_script(NULL, "deconfig"); ++ } change_listen_mode(LISTEN_RAW); sleep(3); /* avoid excessive network traffic */ state = INIT_SELECTING; diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig index 59d93c7079..f081f281cc 100644 --- a/meta/recipes-core/busybox/busybox/defconfig +++ b/meta/recipes-core/busybox/busybox/defconfig @@ -1,12 +1,12 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.27.2 -# Wed Sep 27 08:56:13 2017 +# Busybox version: 1.29.1 +# Thu Jul 19 11:09:46 2018 # CONFIG_HAVE_DOT_CONFIG=y # -# Busybox Settings +# Settings # # CONFIG_DESKTOP is not set # CONFIG_EXTRA_COMPAT is not set @@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y # CONFIG_EFENCE is not set # -# Busybox Library Tuning +# Library Tuning # # CONFIG_FEATURE_USE_BSS_TAIL is not set CONFIG_FEATURE_RTMINMAX=y @@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1 CONFIG_SHA3_SMALL=1 CONFIG_FEATURE_FAST_TOP=y # CONFIG_FEATURE_ETC_NETWORKS is not set +# CONFIG_FEATURE_ETC_SERVICES is not set CONFIG_FEATURE_EDITING=y CONFIG_FEATURE_EDITING_MAX_LEN=1024 # CONFIG_FEATURE_EDITING_VI is not set @@ -321,6 +322,7 @@ CONFIG_TRUE=y CONFIG_TTY=y CONFIG_UNAME=y CONFIG_UNAME_OSNAME="GNU/Linux" +# CONFIG_BB_ARCH is not set CONFIG_UNIQ=y CONFIG_UNLINK=y CONFIG_USLEEP=y @@ -392,6 +394,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y CONFIG_WHICH=y +# +# klibc-utils +# +# CONFIG_MINIPS is not set +# CONFIG_NUKE is not set +# CONFIG_RESUME is not set +# CONFIG_RUN_INIT is not set + # # Editors # @@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y CONFIG_FEATURE_MOUNT_LOOP_CREATE=y # CONFIG_FEATURE_MTAB_SUPPORT is not set # CONFIG_VOLUMEID is not set + +# +# Filesystem/Volume identification +# # CONFIG_FEATURE_VOLUMEID_BCACHE is not set # CONFIG_FEATURE_VOLUMEID_BTRFS is not set # CONFIG_FEATURE_VOLUMEID_CRAMFS is not set @@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR="" # CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set # CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set # CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set +# CONFIG_HEXEDIT is not set # CONFIG_I2CGET is not set # CONFIG_I2CSET is not set # CONFIG_I2CDUMP is not set @@ -807,6 +822,7 @@ CONFIG_MICROCOM=y # CONFIG_RUNLEVEL is not set # CONFIG_RX is not set # CONFIG_SETSID is not set +# CONFIG_SETFATTR is not set CONFIG_STRINGS=y CONFIG_TIME=y # CONFIG_TIMEOUT is not set @@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y CONFIG_ROUTE=y # CONFIG_SLATTACH is not set # CONFIG_SSL_CLIENT is not set +# CONFIG_TC is not set +# CONFIG_FEATURE_TC_INGRESS is not set # CONFIG_TCPSVD is not set # CONFIG_UDPSVD is not set CONFIG_TELNET=y @@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y # CONFIG_FEATURE_WGET_OPENSSL is not set # CONFIG_WHOIS is not set # CONFIG_ZCIP is not set -# CONFIG_UDHCPC6 is not set -# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set -# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set CONFIG_UDHCPD=y -# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set +# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases" CONFIG_DUMPLEASES=y # CONFIG_DHCPRELAY is not set @@ -963,6 +977,15 @@ CONFIG_UDHCPC=y CONFIG_FEATURE_UDHCPC_ARPING=y CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" +# CONFIG_UDHCPC6 is not set +# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set +# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set +# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set +# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set + +# +# Common options for DHCP applets +# # CONFIG_FEATURE_UDHCP_PORT is not set CONFIG_UDHCP_DEBUG=0 # CONFIG_FEATURE_UDHCP_RFC3397 is not set @@ -1045,6 +1068,7 @@ CONFIG_WATCH=y # CONFIG_SV is not set CONFIG_SV_DEFAULT_SERVICE_DIR="" # CONFIG_SVC is not set +# CONFIG_SVOK is not set # CONFIG_SVLOGD is not set # CONFIG_CHCON is not set # CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set @@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y # System Logging Utilities # CONFIG_KLOGD=y + +# +# klogd should not be used together with syslog to kernel printk buffer +# CONFIG_FEATURE_KLOGD_KLOGCTL=y CONFIG_LOGGER=y # CONFIG_LOGREAD is not set diff --git a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/meta/recipes-core/busybox/busybox/umount-ignore-c.patch deleted file mode 100644 index 9fe7998df3..0000000000 --- a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch +++ /dev/null @@ -1,40 +0,0 @@ -Signed-off-by: Fabio Berton -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d] - -From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001 -From: Shawn Landden -Date: Mon, 8 Jan 2018 13:31:58 +0100 -Subject: [PATCH] umount: ignore -c -Organization: O.S. Systems Software LTDA. - -"-c, --no-canonicalize: Do not canonicalize paths." - -As busybox doesn't canonicalize paths in the first place it is safe to ignore -this option. - -See https://github.com/systemd/systemd/issues/7786 - -Signed-off-by: Shawn Landden -Signed-off-by: Denys Vlasenko ---- - util-linux/umount.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util-linux/umount.c b/util-linux/umount.c -index 0c50dc9ee..0425c5b76 100644 ---- a/util-linux/umount.c -+++ b/util-linux/umount.c -@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result, - } - #endif - --/* ignored: -v -t -i */ --#define OPTION_STRING "fldnra" "vt:i" -+/* ignored: -c -v -t -i */ -+#define OPTION_STRING "fldnra" "cvt:i" - #define OPT_FORCE (1 << 0) // Same as MNT_FORCE - #define OPT_LAZY (1 << 1) // Same as MNT_DETACH - #define OPT_FREELOOP (1 << 2) --- -2.18.0 - diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.27.2.bb deleted file mode 100644 index 1ce4823d47..0000000000 --- a/meta/recipes-core/busybox/busybox_1.27.2.bb +++ /dev/null @@ -1,54 +0,0 @@ -require busybox.inc - -SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ - file://busybox-udhcpc-no_deconfig.patch \ - file://find-touchscreen.sh \ - file://busybox-cron \ - file://busybox-httpd \ - file://busybox-udhcpd \ - file://default.script \ - file://simple.script \ - file://hwclock.sh \ - file://mount.busybox \ - file://syslog \ - file://syslog-startup.conf \ - file://syslog.conf \ - file://busybox-syslog.default \ - file://mdev \ - file://mdev.conf \ - file://mdev-mount.sh \ - file://umount.busybox \ - file://defconfig \ - file://busybox-syslog.service.in \ - file://busybox-klogd.service.in \ - file://fail_on_no_media.patch \ - file://run-ptest \ - file://inetd.conf \ - file://inetd \ - file://login-utilities.cfg \ - file://recognize_connmand.patch \ - file://busybox-cross-menuconfig.patch \ - file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \ - file://mount-via-label.cfg \ - file://sha1sum.cfg \ - file://sha256sum.cfg \ - file://getopts.cfg \ - file://resize.cfg \ - ${@["", "file://init.cfg"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]} \ - ${@["", "file://mdev.cfg"][(d.getVar('VIRTUAL-RUNTIME_dev_manager') == 'busybox-mdev')]} \ - file://syslog.cfg \ - file://inittab \ - file://rcS \ - file://rcK \ - file://runlevel \ - file://makefile-libbb-race.patch \ - file://CVE-2011-5325.patch \ - file://CVE-2017-15873.patch \ - file://busybox-CVE-2017-16544.patch \ - file://busybox-fix-lzma-segfaults.patch \ - file://umount-ignore-c.patch \ -" -SRC_URI_append_libc-musl = " file://musl.cfg " - -SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e" -SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df" diff --git a/meta/recipes-core/busybox/busybox_1.29.2.bb b/meta/recipes-core/busybox/busybox_1.29.2.bb new file mode 100644 index 0000000000..3496a857c4 --- /dev/null +++ b/meta/recipes-core/busybox/busybox_1.29.2.bb @@ -0,0 +1,49 @@ +require busybox.inc + +SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ + file://busybox-udhcpc-no_deconfig.patch \ + file://find-touchscreen.sh \ + file://busybox-cron \ + file://busybox-httpd \ + file://busybox-udhcpd \ + file://default.script \ + file://simple.script \ + file://hwclock.sh \ + file://mount.busybox \ + file://syslog \ + file://syslog-startup.conf \ + file://syslog.conf \ + file://busybox-syslog.default \ + file://mdev \ + file://mdev.conf \ + file://mdev-mount.sh \ + file://umount.busybox \ + file://defconfig \ + file://busybox-syslog.service.in \ + file://busybox-klogd.service.in \ + file://fail_on_no_media.patch \ + file://run-ptest \ + file://inetd.conf \ + file://inetd \ + file://login-utilities.cfg \ + file://recognize_connmand.patch \ + file://busybox-cross-menuconfig.patch \ + file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \ + file://mount-via-label.cfg \ + file://sha1sum.cfg \ + file://sha256sum.cfg \ + file://getopts.cfg \ + file://resize.cfg \ + ${@["", "file://init.cfg"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]} \ + ${@["", "file://mdev.cfg"][(d.getVar('VIRTUAL-RUNTIME_dev_manager') == 'busybox-mdev')]} \ + file://syslog.cfg \ + file://inittab \ + file://rcS \ + file://rcK \ + file://runlevel \ + file://makefile-libbb-race.patch \ +" +SRC_URI_append_libc-musl = " file://musl.cfg " + +SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e" +SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61" -- cgit 1.2.3-korg