[OE-core] [PATCH] busybox: update to 1.29.2
Andrej Valek
andrej.valek at siemens.com
Fri Aug 31 07:42:24 UTC 2018
I had some network problems.
This patch could be ignored, because, it's same as
http://lists.openembedded.org/pipermail/openembedded-core/2018-August/155059.html
Andrej
On 08/30/18 17:57, Andrej Valek wrote:
> - refresh busybox-udhcpc-no_deconfig.patch
> - remove obsolete patches which are included in this update
> - update defconfig
>
> Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> ---
> ...inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} | 0
> .../busybox/busybox/CVE-2011-5325.patch | 481 ---------------------
> .../busybox/busybox/CVE-2017-15873.patch | 95 ----
> .../busybox/busybox/busybox-CVE-2017-16544.patch | 43 --
> .../busybox/busybox-fix-lzma-segfaults.patch | 106 -----
> .../busybox/busybox-udhcpc-no_deconfig.patch | 48 +-
> meta/recipes-core/busybox/busybox/defconfig | 46 +-
> .../busybox/busybox/umount-ignore-c.patch | 40 --
> .../{busybox_1.27.2.bb => busybox_1.29.2.bb} | 9 +-
> 9 files changed, 66 insertions(+), 802 deletions(-)
> rename meta/recipes-core/busybox/{busybox-inittab_1.27.2.bb => busybox-inittab_1.29.2.bb} (100%)
> delete mode 100755 meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
> delete mode 100644 meta/recipes-core/busybox/busybox/umount-ignore-c.patch
> rename meta/recipes-core/busybox/{busybox_1.27.2.bb => busybox_1.29.2.bb} (82%)
>
> diff --git a/meta/recipes-core/busybox/busybox-inittab_1.27.2.bb b/meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
> similarity index 100%
> rename from meta/recipes-core/busybox/busybox-inittab_1.27.2.bb
> rename to meta/recipes-core/busybox/busybox-inittab_1.29.2.bb
> diff --git a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch b/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
> deleted file mode 100755
> index 0926107bea..0000000000
> --- a/meta/recipes-core/busybox/busybox/CVE-2011-5325.patch
> +++ /dev/null
> @@ -1,481 +0,0 @@
> -busybox-1.27.2: Fix CVE-2011-5325
> -
> -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=8411
> -
> -libarchive: do not extract unsafe symlinks
> -
> -Prevent unsafe links extracting unless env variable $EXTRACT_UNSAFE_SYMLINKS=1
> -is not set. Untarring file with -C DESTDIR parameter could be extracted with
> -unwanted symlinks. This doesn't feel right, and IIRC GNU tar doesn't do that.
> -Include necessary changes from previous commits.
> -
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=bc9bbeb2b81001e8731cd2ae501c8fccc8d87cc7]
> -CVE: CVE-2011-5325
> -bug: 8411
> -Signed-off-by: Radovan Scasny <radovan.scasny at siemens.com>
> -Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> -
> -diff --git a/archival/libarchive/Kbuild.src b/archival/libarchive/Kbuild.src
> -index 942e755..e1a8a75 100644
> ---- a/archival/libarchive/Kbuild.src
> -+++ b/archival/libarchive/Kbuild.src
> -@@ -12,6 +12,8 @@ COMMON_FILES:= \
> - data_extract_all.o \
> - data_extract_to_stdout.o \
> - \
> -+ unsafe_symlink_target.o \
> -+\
> - filter_accept_all.o \
> - filter_accept_list.o \
> - filter_accept_reject_list.o \
> -diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
> -index 1830ffb..b828b65 100644
> ---- a/archival/libarchive/data_extract_all.c
> -+++ b/archival/libarchive/data_extract_all.c
> -@@ -128,10 +128,9 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
> - res = link(hard_link, dst_name);
> - if (res != 0 && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)) {
> - /* shared message */
> -- bb_perror_msg("can't create %slink "
> -- "%s to %s", "hard",
> -- dst_name,
> -- hard_link);
> -+ bb_perror_msg("can't create %slink '%s' to '%s'",
> -+ "hard", dst_name, hard_link
> -+ );
> - }
> - /* Hardlinks have no separate mode/ownership, skip chown/chmod */
> - goto ret;
> -@@ -178,15 +177,17 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
> - case S_IFLNK:
> - /* Symlink */
> - //TODO: what if file_header->link_target == NULL (say, corrupted tarball?)
> -- res = symlink(file_header->link_target, dst_name);
> -- if (res != 0
> -- && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
> -- ) {
> -- /* shared message */
> -- bb_perror_msg("can't create %slink "
> -- "%s to %s", "sym",
> -- dst_name,
> -- file_header->link_target);
> -+ if (!unsafe_symlink_target(file_header->link_target)) {
> -+ res = symlink(file_header->link_target, dst_name);
> -+ if (res != 0
> -+ && !(archive_handle->ah_flags & ARCHIVE_EXTRACT_QUIET)
> -+ ) {
> -+ /* shared message */
> -+ bb_perror_msg("can't create %slink '%s' to '%s'",
> -+ "sym",
> -+ dst_name, file_header->link_target
> -+ );
> -+ }
> - }
> - break;
> - case S_IFSOCK:
> -diff --git a/archival/libarchive/unsafe_symlink_target.c b/archival/libarchive/unsafe_symlink_target.c
> -new file mode 100644
> -index 0000000..ee46e28
> ---- /dev/null
> -+++ b/archival/libarchive/unsafe_symlink_target.c
> -@@ -0,0 +1,48 @@
> -+/* vi: set sw=4 ts=4: */
> -+/*
> -+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
> -+ */
> -+#include "libbb.h"
> -+#include "bb_archive.h"
> -+
> -+int FAST_FUNC unsafe_symlink_target(const char *target)
> -+{
> -+ const char *dot;
> -+
> -+ if (target[0] == '/') {
> -+ const char *var;
> -+unsafe:
> -+ var = getenv("EXTRACT_UNSAFE_SYMLINKS");
> -+ if (var) {
> -+ if (LONE_CHAR(var, '1'))
> -+ return 0; /* pretend it's safe */
> -+ return 1; /* "UNSAFE!" */
> -+ }
> -+ bb_error_msg("skipping unsafe symlink to '%s' in archive,"
> -+ " set %s=1 to extract",
> -+ target,
> -+ "EXTRACT_UNSAFE_SYMLINKS"
> -+ );
> -+ /* Prevent further messages */
> -+ setenv("EXTRACT_UNSAFE_SYMLINKS", "0", 0);
> -+ return 1; /* "UNSAFE!" */
> -+ }
> -+
> -+ dot = target;
> -+ for (;;) {
> -+ dot = strchr(dot, '.');
> -+ if (!dot)
> -+ return 0; /* safe target */
> -+
> -+ /* Is it a path component starting with ".."? */
> -+ if ((dot[1] == '.')
> -+ && (dot == target || dot[-1] == '/')
> -+ /* Is it exactly ".."? */
> -+ && (dot[2] == '/' || dot[2] == '\0')
> -+ ) {
> -+ goto unsafe;
> -+ }
> -+ /* NB: it can even be trailing ".", should only add 1 */
> -+ dot += 1;
> -+ }
> -+}
> -\ No newline at end of file
> -diff --git a/archival/unzip.c b/archival/unzip.c
> -index 9037262..270e261 100644
> ---- a/archival/unzip.c
> -+++ b/archival/unzip.c
> -@@ -335,6 +335,44 @@ static void unzip_create_leading_dirs(const char *fn)
> - free(name);
> - }
> -
> -+static void unzip_extract_symlink(zip_header_t *zip, const char *dst_fn)
> -+{
> -+ char *target;
> -+
> -+ if (zip->fmt.ucmpsize > 0xfff) /* no funny business please */
> -+ bb_error_msg_and_die("bad archive");
> -+
> -+ if (zip->fmt.method == 0) {
> -+ /* Method 0 - stored (not compressed) */
> -+ target = xzalloc(zip->fmt.ucmpsize + 1);
> -+ xread(zip_fd, target, zip->fmt.ucmpsize);
> -+ } else {
> -+#if 1
> -+ bb_error_msg_and_die("compressed symlink is not supported");
> -+#else
> -+ transformer_state_t xstate;
> -+ init_transformer_state(&xstate);
> -+ xstate.mem_output_size_max = zip->fmt.ucmpsize;
> -+ /* ...unpack... */
> -+ if (!xstate.mem_output_buf)
> -+ WTF();
> -+ target = xstate.mem_output_buf;
> -+ target = xrealloc(target, xstate.mem_output_size + 1);
> -+ target[xstate.mem_output_size] = '\0';
> -+#endif
> -+ }
> -+ if (!unsafe_symlink_target(target)) {
> -+//TODO: libbb candidate
> -+ if (symlink(target, dst_fn)) {
> -+ /* shared message */
> -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
> -+ "sym", dst_fn, target
> -+ );
> -+ }
> -+ }
> -+ free(target);
> -+}
> -+
> - static void unzip_extract(zip_header_t *zip, int dst_fd)
> - {
> - transformer_state_t xstate;
> -@@ -813,7 +851,7 @@ int unzip_main(int argc, char **argv)
> - }
> - check_file:
> - /* Extract file */
> -- if (stat(dst_fn, &stat_buf) == -1) {
> -+ if (lstat(dst_fn, &stat_buf) == -1) {
> - /* File does not exist */
> - if (errno != ENOENT) {
> - bb_perror_msg_and_die("can't stat '%s'", dst_fn);
> -@@ -834,6 +872,7 @@ int unzip_main(int argc, char **argv)
> - goto do_open_and_extract;
> - printf("replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ", dst_fn);
> - my_fgets80(key_buf);
> -+//TODO: redo lstat + ISREG check! user input could have taken a long time!
> -
> - switch (key_buf[0]) {
> - case 'A':
> -@@ -842,7 +881,8 @@ int unzip_main(int argc, char **argv)
> - do_open_and_extract:
> - unzip_create_leading_dirs(dst_fn);
> - #if ENABLE_FEATURE_UNZIP_CDF
> -- dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
> -+ if (!S_ISLNK(file_mode))
> -+ dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
> - #else
> - dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
> - #endif
> -@@ -852,10 +892,18 @@ int unzip_main(int argc, char **argv)
> - ? " extracting: %s\n"
> - : */ " inflating: %s\n", dst_fn);
> - }
> -- unzip_extract(&zip, dst_fd);
> -- if (dst_fd != STDOUT_FILENO) {
> -- /* closing STDOUT is potentially bad for future business */
> -- close(dst_fd);
> -+#if ENABLE_FEATURE_UNZIP_CDF
> -+ if (S_ISLNK(file_mode)) {
> -+ if (dst_fd != STDOUT_FILENO) /* no -p */
> -+ unzip_extract_symlink(&zip, dst_fn);
> -+ } else
> -+#endif
> -+ {
> -+ unzip_extract(&zip, dst_fd);
> -+ if (dst_fd != STDOUT_FILENO) {
> -+ /* closing STDOUT is potentially bad for future business */
> -+ close(dst_fd);
> -+ };
> - }
> - break;
> -
> -diff --git a/coreutils/link.c b/coreutils/link.c
> -index ac3ef85..aab249d 100644
> ---- a/coreutils/link.c
> -+++ b/coreutils/link.c
> -@@ -32,9 +32,8 @@ int link_main(int argc UNUSED_PARAM, char **argv)
> - argv += optind;
> - if (link(argv[0], argv[1]) != 0) {
> - /* shared message */
> -- bb_perror_msg_and_die("can't create %slink "
> -- "%s to %s", "hard",
> -- argv[1], argv[0]
> -+ bb_perror_msg_and_die("can't create %slink '%s' to '%s'",
> -+ "hard", argv[1], argv[0]
> - );
> - }
> - return EXIT_SUCCESS;
> -diff --git a/include/bb_archive.h b/include/bb_archive.h
> -index 2b9c5f0..1e4da3c 100644
> ---- a/include/bb_archive.h
> -+++ b/include/bb_archive.h
> -@@ -196,6 +196,7 @@ void seek_by_jump(int fd, off_t amount) FAST_FUNC;
> - void seek_by_read(int fd, off_t amount) FAST_FUNC;
> -
> - const char *strip_unsafe_prefix(const char *str) FAST_FUNC;
> -+int unsafe_symlink_target(const char *target) FAST_FUNC;
> -
> - void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
> - const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
> -diff --git a/libbb/copy_file.c b/libbb/copy_file.c
> -index 23c0f83..be90066 100644
> ---- a/libbb/copy_file.c
> -+++ b/libbb/copy_file.c
> -@@ -371,7 +371,10 @@ int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
> - int r = symlink(lpath, dest);
> - free(lpath);
> - if (r < 0) {
> -- bb_perror_msg("can't create symlink '%s'", dest);
> -+ /* shared message */
> -+ bb_perror_msg("can't create %slink '%s' to '%s'",
> -+ "sym", dest, lpath
> -+ );
> - return -1;
> - }
> - if (flags & FILEUTILS_PRESERVE_STATUS)
> -diff --git a/testsuite/tar.tests b/testsuite/tar.tests
> -index 9f7ce15..b7cd74c 100755
> ---- a/testsuite/tar.tests
> -+++ b/testsuite/tar.tests
> -@@ -10,9 +10,6 @@ unset LC_COLLATE
> - unset LC_ALL
> - umask 022
> -
> --rm -rf tar.tempdir 2>/dev/null
> --mkdir tar.tempdir && cd tar.tempdir || exit 1
> --
> - # testing "test name" "script" "expected result" "file input" "stdin"
> -
> - testing "Empty file is not a tarball" '\
> -@@ -53,6 +50,7 @@ dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
> - "" ""
> - SKIP=
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
> - # GNU tar 1.26 records as hardlinks:
> - # input_hard2 -> input_hard1
> -@@ -64,7 +62,6 @@ SKIP=
> - # We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
> - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
> - testing "tar hardlinks and repeated files" '\
> --rm -rf input_* test.tar 2>/dev/null
> - >input_hard1
> - ln input_hard1 input_hard2
> - mkdir input_dir
> -@@ -95,10 +92,11 @@ drwxr-xr-x input_dir
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
> - testing "tar hardlinks mode" '\
> --rm -rf input_* test.tar 2>/dev/null
> - >input_hard1
> - chmod 741 input_hard1
> - ln input_hard1 input_hard2
> -@@ -128,10 +126,11 @@ Ok: 0
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
> - testing "tar symlinks mode" '\
> --rm -rf input_* test.tar 2>/dev/null
> - >input_file
> - chmod 741 input_file
> - ln -s input_file input_soft
> -@@ -159,10 +158,11 @@ lrwxrwxrwx input_file
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
> - testing "tar --overwrite" "\
> --rm -rf input_* test.tar 2>/dev/null
> - ln input input_hard
> - tar cf test.tar input_hard
> - echo WRONG >input
> -@@ -174,12 +174,13 @@ Ok
> - " \
> - "Ok\n" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - test x"$SKIP_KNOWN_BUGS" = x"" && {
> - # Needs to be run under non-root for meaningful test
> - optional FEATURE_TAR_CREATE
> - testing "tar writing into read-only dir" '\
> --rm -rf input_* test.tar 2>/dev/null
> - mkdir input_dir
> - >input_dir/input_file
> - chmod 550 input_dir
> -@@ -201,7 +202,9 @@ dr-xr-x--- input_dir
> - "" ""
> - SKIP=
> - }
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # Had a bug where on extract autodetect first "switched off" -z
> - # and then failed to recognize .tgz extension
> - optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
> -@@ -217,7 +220,9 @@ Ok
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
> - # (the uuencoded hello_world.txz contains one empty file named "hello_world")
> - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
> -@@ -236,7 +241,9 @@ AAAEWVo=
> - ====
> - "
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # On extract, everything up to and including last ".." component is stripped
> - optional FEATURE_TAR_CREATE
> - testing "tar strips /../ on extract" "\
> -@@ -255,7 +262,9 @@ Ok
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # attack.tar.bz2 has symlink pointing to a system file
> - # followed by a regular file with the same name
> - # containing "root::0:0::/root:/bin/sh":
> -@@ -270,6 +279,7 @@ optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
> - testing "tar does not extract into symlinks" "\
> - >>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
> - " "\
> -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> - 0
> - " \
> - "" "\
> -@@ -281,12 +291,15 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
> - ====
> - "
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -+
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - # And same with -k
> - optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
> - testing "tar -k does not extract into symlinks" "\
> - >>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
> - " "\
> --tar: can't open 'passwd': File exists
> -+tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> - 0
> - " \
> - "" "\
> -@@ -298,7 +311,9 @@ l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
> - ====
> - "
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> - optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
> - testing "Pax-encoded UTF8 names and symlinks" '\
> - tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
> -@@ -309,17 +324,45 @@ rm -rf etc usr
> - ' "\
> - etc/ssl/certs/3b2716e5.0
> - etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
> -+tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> - etc/ssl/certs/f80cc7f6.0
> - usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
> - 0
> - etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
> --etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
> - etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
> - " \
> - "" ""
> - SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> --
> --cd .. && rm -rf tar.tempdir || exit 1
> -+mkdir tar.tempdir && cd tar.tempdir || exit 1
> -+optional UUDECODE FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
> -+testing "Symlink attack: create symlink and then write through it" '\
> -+exec 2>&1
> -+uudecode -o input && tar xvf input; echo $?
> -+ls /tmp/bb_test_evilfile
> -+ls bb_test_evilfile
> -+ls symlink/bb_test_evilfile
> -+' "\
> -+anything.txt
> -+symlink
> -+tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
> -+symlink/bb_test_evilfile
> -+0
> -+ls: /tmp/bb_test_evilfile: No such file or directory
> -+ls: bb_test_evilfile: No such file or directory
> -+symlink/bb_test_evilfile
> -+" \
> -+"" "\
> -+begin-base64 644 tar_symlink_attack.tar.bz2
> -+QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
> -+omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
> -+AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
> -+SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
> -+n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
> -+====
> -+"
> -+SKIP=
> -+cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
> -
> - exit $FAILCOUNT
> diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch b/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
> deleted file mode 100644
> index 5a027c9bcc..0000000000
> --- a/meta/recipes-core/busybox/busybox/CVE-2017-15873.patch
> +++ /dev/null
> @@ -1,95 +0,0 @@
> -busybox-1.27.2: Fix CVE-2017-15873
> -
> -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10431
> -
> -bunzip2: fix runCnt overflow
> -
> -The get_next_block function in archival/libarchive/decompress_bunzip2.c
> -in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
> -access violation.
> -
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0]
> -CVE: CVE-2017-15873
> -bug: 10431
> -Signed-off-by: Radovan Scasny <radovan.scasny at siemens.com>
> -
> -diff --git a/archival/libarchive/decompress_bunzip2.c b/archival/libarchive/decompress_bunzip2.c
> -index 7cd18f5..bec89ed 100644
> ---- a/archival/libarchive/decompress_bunzip2.c
> -+++ b/archival/libarchive/decompress_bunzip2.c
> -@@ -156,15 +156,15 @@ static unsigned get_bits(bunzip_data *bd, int bits_wanted)
> - static int get_next_block(bunzip_data *bd)
> - {
> - struct group_data *hufGroup;
> -- int dbufCount, dbufSize, groupCount, *base, *limit, selector,
> -- i, j, runPos, symCount, symTotal, nSelectors, byteCount[256];
> -- int runCnt = runCnt; /* for compiler */
> -+ int groupCount, *base, *limit, selector,
> -+ i, j, symCount, symTotal, nSelectors, byteCount[256];
> - uint8_t uc, symToByte[256], mtfSymbol[256], *selectors;
> - uint32_t *dbuf;
> - unsigned origPtr, t;
> -+ unsigned dbufCount, runPos;
> -+ unsigned runCnt = runCnt; /* for compiler */
> -
> - dbuf = bd->dbuf;
> -- dbufSize = bd->dbufSize;
> - selectors = bd->selectors;
> -
> - /* In bbox, we are ok with aborting through setjmp which is set up in start_bunzip */
> -@@ -187,7 +187,7 @@ static int get_next_block(bunzip_data *bd)
> - it didn't actually work. */
> - if (get_bits(bd, 1)) return RETVAL_OBSOLETE_INPUT;
> - origPtr = get_bits(bd, 24);
> -- if ((int)origPtr > dbufSize) return RETVAL_DATA_ERROR;
> -+ if (origPtr > bd->dbufSize) return RETVAL_DATA_ERROR;
> -
> - /* mapping table: if some byte values are never used (encoding things
> - like ascii text), the compression code removes the gaps to have fewer
> -@@ -435,7 +435,14 @@ static int get_next_block(bunzip_data *bd)
> - symbols, but a run of length 0 doesn't mean anything in this
> - context). Thus space is saved. */
> - runCnt += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
> -- if (runPos < dbufSize) runPos <<= 1;
> -+//The 32-bit overflow of runCnt wasn't yet seen, but probably can happen.
> -+//This would be the fix (catches too large count way before it can overflow):
> -+// if (runCnt > bd->dbufSize) {
> -+// dbg("runCnt:%u > dbufSize:%u RETVAL_DATA_ERROR",
> -+// runCnt, bd->dbufSize);
> -+// return RETVAL_DATA_ERROR;
> -+// }
> -+ if (runPos < bd->dbufSize) runPos <<= 1;
> - goto end_of_huffman_loop;
> - }
> -
> -@@ -445,14 +452,15 @@ static int get_next_block(bunzip_data *bd)
> - literal used is the one at the head of the mtfSymbol array.) */
> - if (runPos != 0) {
> - uint8_t tmp_byte;
> -- if (dbufCount + runCnt > dbufSize) {
> -- dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
> -- dbufCount, runCnt, dbufCount + runCnt, dbufSize);
> -+ if (dbufCount + runCnt > bd->dbufSize) {
> -+ dbg("dbufCount:%u+runCnt:%u %u > dbufSize:%u RETVAL_DATA_ERROR",
> -+ dbufCount, runCnt, dbufCount + runCnt, bd->dbufSize);
> - return RETVAL_DATA_ERROR;
> - }
> - tmp_byte = symToByte[mtfSymbol[0]];
> - byteCount[tmp_byte] += runCnt;
> -- while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;
> -+ while ((int)--runCnt >= 0)
> -+ dbuf[dbufCount++] = (uint32_t)tmp_byte;
> - runPos = 0;
> - }
> -
> -@@ -466,7 +474,7 @@ static int get_next_block(bunzip_data *bd)
> - first symbol in the mtf array, position 0, would have been handled
> - as part of a run above. Therefore 1 unused mtf position minus
> - 2 non-literal nextSym values equals -1.) */
> -- if (dbufCount >= dbufSize) return RETVAL_DATA_ERROR;
> -+ if (dbufCount >= bd->dbufSize) return RETVAL_DATA_ERROR;
> - i = nextSym - 1;
> - uc = mtfSymbol[i];
> -
> ---
> -cgit v0.12
> diff --git a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch b/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
> deleted file mode 100644
> index fc19ee3356..0000000000
> --- a/meta/recipes-core/busybox/busybox/busybox-CVE-2017-16544.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
> -From: Denys Vlasenko <vda.linux at googlemail.com>
> -Date: Tue, 7 Nov 2017 18:09:29 +0100
> -Subject: lineedit: do not tab-complete any strings which have control
> - characters
> -
> -function old new delta
> -add_match 41 68 +27
> -
> -CVE: CVE-2017-16544
> -Upstream-Status: Backport
> -
> -Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
> -Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
> ----
> - libbb/lineedit.c | 12 ++++++++++++
> - 1 file changed, 12 insertions(+)
> -
> -diff --git a/libbb/lineedit.c b/libbb/lineedit.c
> -index c0e35bb..56e8140 100644
> ---- a/libbb/lineedit.c
> -+++ b/libbb/lineedit.c
> -@@ -645,6 +645,18 @@ static void free_tab_completion_data(void)
> -
> - static void add_match(char *matched)
> - {
> -+ unsigned char *p = (unsigned char*)matched;
> -+ while (*p) {
> -+ /* ESC attack fix: drop any string with control chars */
> -+ if (*p < ' '
> -+ || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
> -+ || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
> -+ ) {
> -+ free(matched);
> -+ return;
> -+ }
> -+ p++;
> -+ }
> - matches = xrealloc_vector(matches, 4, num_matches);
> - matches[num_matches] = matched;
> - num_matches++;
> ---
> -cgit v0.12
> diff --git a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch b/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
> deleted file mode 100644
> index da6dfa8023..0000000000
> --- a/meta/recipes-core/busybox/busybox/busybox-fix-lzma-segfaults.patch
> +++ /dev/null
> @@ -1,106 +0,0 @@
> -busybox-1.27.2: Fix lzma segfaults
> -
> -[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=10871
> -
> -libarchive: check buffer index in lzma_decompress
> -
> -With specific defconfig busybox fails to check zip fileheader magic
> -(archival/unzip.c) and uses (archival/libarchive/decompress_unlzma.c)
> -for decompression which leads to segmentation fault. It prevents accessing into
> -buffer, which is smaller than pos index. Patch includes multiple segmentation
> -fault fixes.
> -
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=a36986bb80289c1cd8d15a557e49207c9a42946b]
> -bug: 10436 10871
> -Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
> -
> -diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
> -index a904087..29eee2a 100644
> ---- a/archival/libarchive/decompress_unlzma.c
> -+++ b/archival/libarchive/decompress_unlzma.c
> -@@ -11,6 +11,14 @@
> - #include "libbb.h"
> - #include "bb_archive.h"
> -
> -+
> -+#if 0
> -+# define dbg(...) bb_error_msg(__VA_ARGS__)
> -+#else
> -+# define dbg(...) ((void)0)
> -+#endif
> -+
> -+
> - #if ENABLE_FEATURE_LZMA_FAST
> - # define speed_inline ALWAYS_INLINE
> - # define size_inline
> -@@ -217,6 +225,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - rc_t *rc;
> - int i;
> - uint8_t *buffer;
> -+ uint32_t buffer_size;
> - uint8_t previous_byte = 0;
> - size_t buffer_pos = 0, global_pos = 0;
> - int len = 0;
> -@@ -246,7 +255,8 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - if (header.dict_size == 0)
> - header.dict_size++;
> -
> -- buffer = xmalloc(MIN(header.dst_size, header.dict_size));
> -+ buffer_size = MIN(header.dst_size, header.dict_size);
> -+ buffer = xmalloc(buffer_size);
> -
> - {
> - int num_probs;
> -@@ -341,8 +351,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
> -
> - pos = buffer_pos - rep0;
> -- if ((int32_t)pos < 0)
> -+ if ((int32_t)pos < 0) {
> - pos += header.dict_size;
> -+ /* see unzip_bad_lzma_2.zip: */
> -+ if (pos >= buffer_size)
> -+ goto bad;
> -+ }
> - previous_byte = buffer[pos];
> - goto one_byte1;
> - #else
> -@@ -417,6 +431,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
> - rep0 = (rep0 << 1) | rc_direct_bit(rc);
> - rep0 <<= LZMA_NUM_ALIGN_BITS;
> -+ if ((int32_t)rep0 < 0) {
> -+ dbg("%d rep0:%d", __LINE__, rep0);
> -+ goto bad;
> -+ }
> - prob3 = p + LZMA_ALIGN;
> - }
> - i2 = 1;
> -@@ -450,8 +468,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - IF_NOT_FEATURE_LZMA_FAST(string:)
> - do {
> - uint32_t pos = buffer_pos - rep0;
> -- if ((int32_t)pos < 0)
> -+ if ((int32_t)pos < 0) {
> - pos += header.dict_size;
> -+ /* more stringent test (see unzip_bad_lzma_1.zip): */
> -+ if (pos >= buffer_size)
> -+ goto bad;
> -+ }
> - previous_byte = buffer[pos];
> - IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
> - buffer[buffer_pos++] = previous_byte;
> -@@ -478,6 +500,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
> - IF_DESKTOP(total_written += buffer_pos;)
> - if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
> - bad:
> -+ /* One of our users, bbunpack(), expects _us_ to emit
> -+ * the error message (since it's the best place to give
> -+ * potentially more detailed information).
> -+ * Do not fail silently.
> -+ */
> -+ bb_error_msg("corrupted data");
> - total_written = -1; /* failure */
> - }
> - rc_free(rc);
> -
> diff --git a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
> index 582a258939..76daaf1f02 100644
> --- a/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
> +++ b/meta/recipes-core/busybox/busybox/busybox-udhcpc-no_deconfig.patch
> @@ -31,11 +31,11 @@ Signed-off-by: Andreas Oberritter <obi at opendreambox.org>
> networking/udhcp/dhcpc.c | 29 ++++++++++++++++------
> 1 file changed, 21 insertions(+), 8 deletions(-)
>
> -Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> +Index: busybox-1.29.1/networking/udhcp/dhcpc.c
> ===================================================================
> ---- busybox-1.27.2.orig/networking/udhcp/dhcpc.c
> -+++ busybox-1.27.2/networking/udhcp/dhcpc.c
> -@@ -49,6 +49,8 @@ struct tpacket_auxdata {
> +--- busybox-1.29.1.orig/networking/udhcp/dhcpc.c
> ++++ busybox-1.29.1/networking/udhcp/dhcpc.c
> +@@ -48,6 +48,8 @@
> };
> #endif
>
> @@ -44,7 +44,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
>
> /* "struct client_config_t client_config" is in bb_common_bufsiz1 */
>
> -@@ -104,8 +106,9 @@ enum {
> +@@ -103,8 +105,9 @@
> OPT_x = 1 << 18,
> OPT_f = 1 << 19,
> OPT_B = 1 << 20,
> @@ -55,7 +55,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> USE_FOR_MMU( OPTBIT_b,)
> IF_FEATURE_UDHCPC_ARPING(OPTBIT_a,)
> IF_FEATURE_UDHCP_PORT( OPTBIT_P,)
> -@@ -1110,7 +1113,8 @@ static void perform_renew(void)
> +@@ -1116,7 +1119,8 @@
> state = RENEW_REQUESTED;
> break;
> case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
> @@ -65,7 +65,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> case REQUESTING:
> case RELEASED:
> change_listen_mode(LISTEN_RAW);
> -@@ -1146,7 +1150,8 @@ static void perform_release(uint32_t server_addr, uint32_t requested_ip)
> +@@ -1152,7 +1156,8 @@
> * Users requested to be notified in all cases, even if not in one
> * of the states above.
> */
> @@ -75,16 +75,16 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
>
> change_listen_mode(LISTEN_NONE);
> state = RELEASED;
> -@@ -1298,7 +1303,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> - /* O,x: list; -T,-t,-A take numeric param */
> - IF_UDHCP_VERBOSE(opt_complementary = "vv";)
> - IF_LONG_OPTS(applet_long_options = udhcpc_longopts;)
> -- opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
> -+ opt = getopt32(argv, "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
> +@@ -1265,7 +1270,7 @@
> + /* Parse command line */
> + opt = getopt32long(argv, "^"
> + /* O,x: list; -T,-t,-A take numeric param */
> +- "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fB"
> ++ "CV:H:h:F:i:np:qRr:s:T:+t:+SA:+O:*ox:*fBD"
> USE_FOR_MMU("b")
> IF_FEATURE_UDHCPC_ARPING("a::")
> IF_FEATURE_UDHCP_PORT("P:")
> -@@ -1409,6 +1414,10 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1376,6 +1381,10 @@
> logmode |= LOGMODE_SYSLOG;
> }
>
> @@ -94,8 +94,8 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> +
> /* Make sure fd 0,1,2 are open */
> bb_sanitize_stdio();
> - /* Equivalent of doing a fflush after every \n */
> -@@ -1423,7 +1432,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> + /* Create pidfile */
> +@@ -1388,7 +1397,8 @@
> srand(monotonic_us());
>
> state = INIT_SELECTING;
> @@ -105,7 +105,7 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> change_listen_mode(LISTEN_RAW);
> packet_num = 0;
> timeout = 0;
> -@@ -1577,7 +1587,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1555,7 +1565,8 @@
> }
> /* Timed out, enter init state */
> bb_error_msg("lease lost, entering init state");
> @@ -115,23 +115,29 @@ Index: busybox-1.27.2/networking/udhcp/dhcpc.c
> state = INIT_SELECTING;
> client_config.first_secs = 0; /* make secs field count from 0 */
> /*timeout = 0; - already is */
> -@@ -1770,7 +1781,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1748,8 +1759,10 @@
> + "(got ARP reply), declining");
> send_decline(/*xid,*/ server_addr, packet.yiaddr);
>
> - if (state != REQUESTING)
> +- if (state != REQUESTING)
> - udhcp_run_script(NULL, "deconfig");
> ++ if (state != REQUESTING) {
> + if (allow_deconfig)
> + udhcp_run_script(NULL, "deconfig");
> ++ }
> change_listen_mode(LISTEN_RAW);
> state = INIT_SELECTING;
> client_config.first_secs = 0; /* make secs field count from 0 */
> -@@ -1840,7 +1852,8 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
> +@@ -1818,8 +1831,10 @@
> + /* return to init state */
> bb_error_msg("received %s", "DHCP NAK");
> udhcp_run_script(&packet, "nak");
> - if (state != REQUESTING)
> +- if (state != REQUESTING)
> - udhcp_run_script(NULL, "deconfig");
> ++ if (state != REQUESTING) {
> + if (allow_deconfig)
> + udhcp_run_script(NULL, "deconfig");
> ++ }
> change_listen_mode(LISTEN_RAW);
> sleep(3); /* avoid excessive network traffic */
> state = INIT_SELECTING;
> diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
> index 59d93c7079..f081f281cc 100644
> --- a/meta/recipes-core/busybox/busybox/defconfig
> +++ b/meta/recipes-core/busybox/busybox/defconfig
> @@ -1,12 +1,12 @@
> #
> # Automatically generated make config: don't edit
> -# Busybox version: 1.27.2
> -# Wed Sep 27 08:56:13 2017
> +# Busybox version: 1.29.1
> +# Thu Jul 19 11:09:46 2018
> #
> CONFIG_HAVE_DOT_CONFIG=y
>
> #
> -# Busybox Settings
> +# Settings
> #
> # CONFIG_DESKTOP is not set
> # CONFIG_EXTRA_COMPAT is not set
> @@ -78,7 +78,7 @@ CONFIG_NO_DEBUG_LIB=y
> # CONFIG_EFENCE is not set
>
> #
> -# Busybox Library Tuning
> +# Library Tuning
> #
> # CONFIG_FEATURE_USE_BSS_TAIL is not set
> CONFIG_FEATURE_RTMINMAX=y
> @@ -90,6 +90,7 @@ CONFIG_MD5_SMALL=1
> CONFIG_SHA3_SMALL=1
> CONFIG_FEATURE_FAST_TOP=y
> # CONFIG_FEATURE_ETC_NETWORKS is not set
> +# CONFIG_FEATURE_ETC_SERVICES is not set
> CONFIG_FEATURE_EDITING=y
> CONFIG_FEATURE_EDITING_MAX_LEN=1024
> # CONFIG_FEATURE_EDITING_VI is not set
> @@ -321,6 +322,7 @@ CONFIG_TRUE=y
> CONFIG_TTY=y
> CONFIG_UNAME=y
> CONFIG_UNAME_OSNAME="GNU/Linux"
> +# CONFIG_BB_ARCH is not set
> CONFIG_UNIQ=y
> CONFIG_UNLINK=y
> CONFIG_USLEEP=y
> @@ -393,6 +395,14 @@ CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y
> CONFIG_WHICH=y
>
> #
> +# klibc-utils
> +#
> +# CONFIG_MINIPS is not set
> +# CONFIG_NUKE is not set
> +# CONFIG_RESUME is not set
> +# CONFIG_RUN_INIT is not set
> +
> +#
> # Editors
> #
> CONFIG_AWK=y
> @@ -678,6 +688,10 @@ CONFIG_FEATURE_MOUNT_LOOP=y
> CONFIG_FEATURE_MOUNT_LOOP_CREATE=y
> # CONFIG_FEATURE_MTAB_SUPPORT is not set
> # CONFIG_VOLUMEID is not set
> +
> +#
> +# Filesystem/Volume identification
> +#
> # CONFIG_FEATURE_VOLUMEID_BCACHE is not set
> # CONFIG_FEATURE_VOLUMEID_BTRFS is not set
> # CONFIG_FEATURE_VOLUMEID_CRAMFS is not set
> @@ -725,6 +739,7 @@ CONFIG_FEATURE_CROND_DIR=""
> # CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
> # CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
> # CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
> +# CONFIG_HEXEDIT is not set
> # CONFIG_I2CGET is not set
> # CONFIG_I2CSET is not set
> # CONFIG_I2CDUMP is not set
> @@ -807,6 +822,7 @@ CONFIG_MICROCOM=y
> # CONFIG_RUNLEVEL is not set
> # CONFIG_RX is not set
> # CONFIG_SETSID is not set
> +# CONFIG_SETFATTR is not set
> CONFIG_STRINGS=y
> CONFIG_TIME=y
> # CONFIG_TIMEOUT is not set
> @@ -912,6 +928,8 @@ CONFIG_FEATURE_FANCY_PING=y
> CONFIG_ROUTE=y
> # CONFIG_SLATTACH is not set
> # CONFIG_SSL_CLIENT is not set
> +# CONFIG_TC is not set
> +# CONFIG_FEATURE_TC_INGRESS is not set
> # CONFIG_TCPSVD is not set
> # CONFIG_UDPSVD is not set
> CONFIG_TELNET=y
> @@ -949,13 +967,9 @@ CONFIG_FEATURE_WGET_HTTPS=y
> # CONFIG_FEATURE_WGET_OPENSSL is not set
> # CONFIG_WHOIS is not set
> # CONFIG_ZCIP is not set
> -# CONFIG_UDHCPC6 is not set
> -# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
> -# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
> -# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
> CONFIG_UDHCPD=y
> -# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
> # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
> +# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
> CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
> CONFIG_DUMPLEASES=y
> # CONFIG_DHCPRELAY is not set
> @@ -963,6 +977,15 @@ CONFIG_UDHCPC=y
> CONFIG_FEATURE_UDHCPC_ARPING=y
> CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
> CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
> +# CONFIG_UDHCPC6 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
> +# CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
> +
> +#
> +# Common options for DHCP applets
> +#
> # CONFIG_FEATURE_UDHCP_PORT is not set
> CONFIG_UDHCP_DEBUG=0
> # CONFIG_FEATURE_UDHCP_RFC3397 is not set
> @@ -1045,6 +1068,7 @@ CONFIG_WATCH=y
> # CONFIG_SV is not set
> CONFIG_SV_DEFAULT_SERVICE_DIR=""
> # CONFIG_SVC is not set
> +# CONFIG_SVOK is not set
> # CONFIG_SVLOGD is not set
> # CONFIG_CHCON is not set
> # CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
> @@ -1134,6 +1158,10 @@ CONFIG_FEATURE_SH_HISTFILESIZE=y
> # System Logging Utilities
> #
> CONFIG_KLOGD=y
> +
> +#
> +# klogd should not be used together with syslog to kernel printk buffer
> +#
> CONFIG_FEATURE_KLOGD_KLOGCTL=y
> CONFIG_LOGGER=y
> # CONFIG_LOGREAD is not set
> diff --git a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch b/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
> deleted file mode 100644
> index 9fe7998df3..0000000000
> --- a/meta/recipes-core/busybox/busybox/umount-ignore-c.patch
> +++ /dev/null
> @@ -1,40 +0,0 @@
> -Signed-off-by: Fabio Berton <fabio.berton at ossystems.com.br>
> -Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=426134128112738c97a665170b21153ef0764b7d]
> -
> -From 95ea12791c8623bf825bc711ac7790306e7e1adb Mon Sep 17 00:00:00 2001
> -From: Shawn Landden <slandden at gmail.com>
> -Date: Mon, 8 Jan 2018 13:31:58 +0100
> -Subject: [PATCH] umount: ignore -c
> -Organization: O.S. Systems Software LTDA.
> -
> -"-c, --no-canonicalize: Do not canonicalize paths."
> -
> -As busybox doesn't canonicalize paths in the first place it is safe to ignore
> -this option.
> -
> -See https://github.com/systemd/systemd/issues/7786
> -
> -Signed-off-by: Shawn Landden <slandden at gmail.com>
> -Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
> ----
> - util-linux/umount.c | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/util-linux/umount.c b/util-linux/umount.c
> -index 0c50dc9ee..0425c5b76 100644
> ---- a/util-linux/umount.c
> -+++ b/util-linux/umount.c
> -@@ -68,8 +68,8 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result,
> - }
> - #endif
> -
> --/* ignored: -v -t -i */
> --#define OPTION_STRING "fldnra" "vt:i"
> -+/* ignored: -c -v -t -i */
> -+#define OPTION_STRING "fldnra" "cvt:i"
> - #define OPT_FORCE (1 << 0) // Same as MNT_FORCE
> - #define OPT_LAZY (1 << 1) // Same as MNT_DETACH
> - #define OPT_FREELOOP (1 << 2)
> ---
> -2.18.0
> -
> diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb b/meta/recipes-core/busybox/busybox_1.29.2.bb
> similarity index 82%
> rename from meta/recipes-core/busybox/busybox_1.27.2.bb
> rename to meta/recipes-core/busybox/busybox_1.29.2.bb
> index 1ce4823d47..3496a857c4 100644
> --- a/meta/recipes-core/busybox/busybox_1.27.2.bb
> +++ b/meta/recipes-core/busybox/busybox_1.29.2.bb
> @@ -42,13 +42,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
> file://rcK \
> file://runlevel \
> file://makefile-libbb-race.patch \
> - file://CVE-2011-5325.patch \
> - file://CVE-2017-15873.patch \
> - file://busybox-CVE-2017-16544.patch \
> - file://busybox-fix-lzma-segfaults.patch \
> - file://umount-ignore-c.patch \
> "
> SRC_URI_append_libc-musl = " file://musl.cfg "
>
> -SRC_URI[tarball.md5sum] = "476186f4bab81781dab2369bfd42734e"
> -SRC_URI[tarball.sha256sum] = "9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df"
> +SRC_URI[tarball.md5sum] = "46617af37a39579711d8b36f189cdf1e"
> +SRC_URI[tarball.sha256sum] = "67d2fa6e147a45875fe972de62d907ef866fe784c495c363bf34756c444a5d61"
>
More information about the Openembedded-core
mailing list