Pick commit mentioning this CVE.
Additionally fix test broken by the CVE fix.
(From OE-Core rev: 137299edbc47e8a57173ef3c22bcb719d48d5302)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes and issue that allows blank lines to be incorrectly output
when the "-s" flag is included. This issue propogates into the
populate-volatile.sh script in initscripts. If a volatiles drop file
contains blank lines, a blank line will be included in combined users,
which will incorrectly result in a difference in the number of combined
users versus defined users. If this happens, the volatiles file will not
be executed.
(From OE-Core rev: dfbcf0581ab3dd47037726a7b8aa06f777792473)
(From OE-Core rev: 5576ff6e7676a09649fdbf0042f5f64a1ec1023b)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch for CVE-2021-42380.
Move if before patch for CVE-2023-42363 because they touch the same code
and they are in this order in git history so we avoid fuzz modifications.
This will remove fuzz modifications from CVE-2023-42363 and both will
apply cleanly without modifications (except line number changes and the
first one also has little fuzz fix in tests).
This will also make it equal to master/scarthgap patch order/content.
(From OE-Core rev: af3c8ff64054e131b009545883cb87454ce04b64)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is a stack overflow vulnerability in ash.c:6030 in busybox
vbefore 1.35. In the environment of Internet of Vehicles, this
vulnerability can be executed from command to arbitrary code execution.
(From OE-Core rev: 56b90b5f2da661bfac3f2d751fc09e918429ec87)
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The original patch was actually allowing .debug modules
though which was in-correct. This change blocks the
parsing of .debug modules (which is correct). As noted in
[YOCTO #15022] this should address the empty modules.dep
when using the BusyBox depmod.
(From OE-Core rev: 49bddef864768bbf339513414b42a820f861bdb7)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 339c3c3abe8d405cfe7b3f34db9b3547bcaaf878)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To avoid working with undeterministic config files, remove all the
temporary files to start from scratch.
(From OE-Core rev: a1cd0c804b974ae100cfe8cb34ddd400e3c8206b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74cd440c4e3df0ed3b81cf5c60a3f92e0dd3fe6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When compiling busybox a second time (e.g. with `compile -f`), busybox
can use an altered autoconf.h file for compiling, which can ultimately
produces different and unwanted binaries.
This can produce errors like this one:
ERROR: busybox-1.35.0-r0 do_package: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:ptest_update_alternatives(d)
0003:
File: '…/poky/meta/classes/ptest.bbclass', lineno: 100, function: ptest_update_alternatives
0096: for alt_name, alt_link, alt_target, _ in alternatives:
0097: # Some alternatives are for man pages,
0098: # check if the alternative is in PATH
0099: if os.path.dirname(alt_link) in bin_paths:
*** 0100: os.symlink(alt_target, os.path.join(ptest_bindir, alt_name))
0101:}
0102:
0103:do_configure_ptest_base[dirs] = "${B}"
0104:do_compile_ptest_base[dirs] = "${B}"
Exception: FileExistsError: [Errno 17] File exists: '/bin/busybox.suid' -> '…/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
This happens because ALTERNATIVE:busybox contains `/bin/login` twice,
initially that's because `/bin/login` is present in both
busybox.links.suid and busybox.links.nosuid. The reason for that is
because of the altered autoconf.h.
Steps to reproduce above error:
<add ptest to distro configs>
bitbake busybox -c clean
bitbake busybox -c package -f
bitbake busybox -c compile -f
bitbake busybox -c package -f
This patch guards against potential bugs by:
- making a backup of .config and autoconf.h that have matching
timestamps.
- make sure do_compile always starts with these files.
- restore .config and autoconf.h at the end of do_compile.
(From OE-Core rev: 7e94d0563fadb858aca60d1b1cc3a23e995a500d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b4a0f063edcfe0a5a4f418842e86ac0c46d9cad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This symlink is not valid when using usrmerge and ptest packaging would fail
Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' -> '/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
(From OE-Core rev: 592464cb64a8eedf2ee1537934ba714059c2e0ce)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 238fd30689054c7b44176dce7180fb6dac4e1b6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
(From OE-Core rev: 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As with the kmod version of depmod, exclude .debug from being
searched. Since busybox does not use the depmod.d and any
configuration file option is ignored we just hardcode it.
(From OE-Core rev: c082752c06d5723433886cbf7ce2d88a51fb64f1)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was added 10 years ago, is almost certainly non-upstreamable
and it isn't clear what the issues it aims to fix are:
the AB revealed no problems when the patch is removed.
(From OE-Core rev: e4831586ee03f189f7cf90aa444f7dc71544d3ec)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We want things to be reproduicble and the variable doesn't really change
much any more. Drop the remaining uses and make those code paths always
active.
(From OE-Core rev: d15fb02c7ee7da50e322d74bc6a545234e20c7f3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
(From OE-Core rev: 5ace3ada5c54500c71becc8e0c6eddeb8bc053e3)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- update to next stable version 1.34.0
- refresh defconfig
- remove and refresh already merged patches
(From OE-Core rev: d0e694ef4ec7bd862bdefee494210e3878152b44)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
removed since it is included in 1.33.1
(From OE-Core rev: 544236b12a72ee5be5ef0147249ead112082b871)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ensures that globbing results in same order irrespective of shell in
use
(From OE-Core rev: fdeee94fa78f91613850500b209b75a6608241d0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
certain applets are enabled but the long options are not enabled for
them, it results in subtle failures in ptests where its expecting these
options e.g. gzip --best is commonly used in many package tests e.g.
root@qemux86-64:/usr/lib# grep -r "\-\-best" *
acl/ptest/Makefile:GZIP_ENV = --best
attr/ptest/Makefile:GZIP_ENV = --best
coreutils/ptest/Makefile:GZIP_ENV = --best
ethtool/ptest/Makefile:GZIP_ENV = --best
libxml2/ptest/Makefile:GZIP_ENV = --best
lttng-tools/ptest/Makefile:GZIP_ENV = --best
opkg/ptest/Makefile:GZIP_ENV = --best
perl/ptest/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm: COMPRESS ('gzip --best')
python3.9/test/test_gzip.py: for compress_level in ('--fast', '--best'):
...
this ensures that these options are enabled by default, which makes them more
compatible than now with coreutils provided utilities
busybox size grows by 4K which perhaps is acceptable
--rwxr-xr-x root root 817704 ./bin/busybox.nosuid
+-rwxr-xr-x root root 821800 ./bin/busybox.nosuid
This makes autopoint-3/gettext pass
This patch add all the long options to this fragment. The long options
for a tool will only get enabled if the corresponding tool/feature is
enabled in main defconfig, otherwise it will be ignored in final .config
(From OE-Core rev: 6a6c64426f544fcd376f2eabdb5aecc0ab04e541)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit ed69ef2016.
The console entry has already been added into /etc/inittab based
on the SERIAL_CONSOLES. So drop this redundant entry.
(From OE-Core rev: 633f0c6b74e3caa2bae52ca60c61b811b7b2215d)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The licenses were renamed to match their SPDX names, fix the
references in LIC_FILES_CHKSUM in OE-Core.
(From OE-Core rev: 9af48917cfe583d2db9e1e088c7e396fcf638949)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* since
https://git.openembedded.org/openembedded-core/commit/?id=991394be9e695f9ddb5e2fca167c06f7a56a7449
the rcS.default is in SRC_URI only when VIRTUAL-RUNTIME_init_manager is 'busybox'
but this section in do_install was controlled by
CONFIG_INIT=y in /.config which for busybox-initrd from meta-virtualization
caused:
ERROR: busybox-initrd-1.32.0-r0 do_install: Execution of '/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/busybox-initrd/1.32.0-r0/temp/run.do_install.1481880' failed with exit code 1:
CONFIG_FEATURE_MDEV_CONF=y
install: cannot stat '/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/busybox-initrd/1.32.0-r0/rcS.default': No such file or directory
WARNING: exit code 1 from a shell command.
(From OE-Core rev: 00f22daa9774783ba14073fb871bbbc6e7c5354d)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This will help in defining init system specific portions of initscripts
which are shared
(From OE-Core rev: 12380bccce7b87b755d1e24620c397641e88f656)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When busybox is used for device management, kernel needs to support
older/obsolete mechanism via CONFIG_UEVENT_HELPER and
CONFIG_UEVENT_HELPER_PATH to enable /proc/sys/kernel/hotplug but this
would require kernel defconfig change and will always be needed when
mdev is used, intead run it in daemon mode
Update mdev init script to run mdev in daemon mode
(From OE-Core rev: f9e84b31ea4afe566c76dcdea25960478cd36ecc)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This helps in using sysvinit scripts with busybox init system as well
(From OE-Core rev: 991394be9e695f9ddb5e2fca167c06f7a56a7449)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This ensures that busybox init can generate matching tty's in inittab as
system defines, secondly resepcts USE_VT for creating virtual ttys
(From OE-Core rev: 7dddda7a00108f9a61da4a869514a32b9f42d16a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 7d32417b4d (busybox: Correct the name of the bzip2 license)
changes the licesne from 'bzip2' to 'bzip2-1.0.6' on the rationale
that the 'bzip2 license was renamed from "bzip2" to "bzip2-1.0.6"
[...] to match the official SPDX identifier.'
Though the above is true for the bzip2 and pbzip2 packages, the bzip2
code bundled in busybox is a copy from the bzip2 1.0.4 version, not the
1.0.6 version.
As such, using bzip2-1.0.6 is wrong.
Unfortunately, there is no official SPDX license identifier for this
bzip2 1.0.4 version, so we just mimick the existing ones (bzip2-1.0.5
and bzip2-1.0.6) by using bzip2-1.0.4.
Also, there is a license file attached to that, so we add it to the
list.
(From OE-Core rev: 6238ee3ecd385cbadd8e75eb8b22a96d9cb13639)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Alexandre BELLONI <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
settimeofday(2) has been deprecated as of glibc 2.31
which hwclock makes use of. This patch makes hwclock
compatible with glibc v2.31
See patch for more details:
busybox/0001-hwclock-make-glibc-2.31-compatible.patch
Fixes [YOCTO #13981]
(From OE-Core rev: 524fff214a6adc823a99358248b3891ba7c0b915)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
u-boot.inc and busybox.inc contain identical copies of this little
helper. They both inherit the cml1 class and use cml1_do_configure
right after having used this helper, and other recipes that want to
write similar logic for doing Kconfig via fragments will also need it
or something equivalent.
(From OE-Core rev: af687c9137a3e8efe48afa6fd12866cf656ae913)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- update to last stable version 1.32.0
- remove and refresh already merged patches
(From OE-Core rev: 2ccac58c2346b5a253dd065e5456c5bdaee2c99d)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I2C tools are built by default in busybox. OE-core on the other hand
disables them all in the busybox defconfig except i2ctransfer. Since
this looks like an oversight, this patch proposes to disable this tool
as well.
(From OE-Core rev: c01da7f80db119bc87a25d68c2bcf49bb703c3b4)
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The common bzip2 license was renamed from "bzip2" to "bzip2-1.0.6" in
commit 669600ef to match the official SPDX identifier.
(From OE-Core rev: 7d32417b4dd7788d44ae896e75827f7bf56d328c)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Avoid confusing messages caused by EIO on reading
/proc/sys/net/ipv6/conf/*/stable_secret if those are not set yet.
Make it behave the same as procps(>=3.3.13).
Fixes:
$ sysctl -a | grep ipv6.conf | grep stable_secret
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': Input/output error
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': Input/output error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': Input/output error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': Input/output error
(From OE-Core rev: ff074f495dd4bb637618f790dd30e51e542cd30a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
