Pick commit mentioning this CVE.
Additionally fix test broken by the CVE fix.
(From OE-Core rev: e348e10f35cc082ebfe22c890c5f64c4a06dcea3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch referencing this CVE.
Note that the hardening is not activated by default, it adds defconfig
option to enable it.
Since it introduces a breaking change, it shouldn't be enabled in LTS
release by default.
This patch makes busybox cpio equivalent in this release to what is
currently in master and in kirkstone.
Also note that gnu cpio also does not have this hardening, but the CVE
is created only against busybox.
(From OE-Core rev: 3f2b235526d135094408e3895c01bff7b5b938fb)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes and issue that allows blank lines to be incorrectly output
when the "-s" flag is included. This issue propogates into the
populate-volatile.sh script in initscripts. If a volatiles drop file
contains blank lines, a blank line will be included in combined users,
which will incorrectly result in a difference in the number of combined
users versus defined users. If this happens, the volatiles file will not
be executed.
(From OE-Core rev: dfbcf0581ab3dd47037726a7b8aa06f777792473)
(From OE-Core rev: 5f75aaf0489f40bd35cdd27322e4d1189e30a9e4)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch for CVE-2023-42363.
(From OE-Core rev: 9c52dadd06fd9132c6efc1d06b6fc4a4517be6c3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 814f97922e1d6c24a36b03ee0e865f2210ff6d7c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport patch for CVE-2021-42380.
Additionally backport clang regression fix caused by this patch.
(From OE-Core rev: 9f5c683b6cadae6228096deb36d7d6fb6de94ad1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 66543769ff79d81508bb703bd2fc34871a16e2c7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Description: In case of two or more consoles are in inittab,
and not specified tty device for first one, some keys works improperly,
ex: arrows, backspace, pgup/pgdown; The patch is fixes this issue.
(From OE-Core rev: 7eea4ef84d74e618fb00fa73c773acdf775d052a)
Signed-off-by: Aleksey Smirnov <aleksey.smirnov@yadro.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
runlevel misc applet is enabled when using init feature from busybox
however this applet does not build right now because it depends on utmp
feature and its disabled for musl systems. runlevel is used by
update-rd.d tool during system maintenance e.g. opkg upgrade etc.
(From OE-Core rev: de62069c32fedd094c279b99b2ff389c7e0012aa)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A testing failure meant that the inittab changes made in 6c65544 didn't
actually work.
A copy-paste problems meant that start_getty was being invoked instead
of getty, but start_getty is sysvinit-inittab-specific. Revert this
inittab to calling getty directly.
Remove the terminal type, this wasn't specified in the original inittab.
Busybox's init has non-standard behaviour for the inittab's ID field.
With SysV this is a four-character identifier and nothing more, but with
busybox init this is the controlling terminal (minus /dev). If the
terminal doesn't exist then busybox doesn't gracefully handle the
failure but instead repeatedly fails to spawn.
As getty will immediately issue a setsid() this isn't needed for getty
entries, so the ID can be empty and ttyrun does the terminal detection.
(From OE-Core rev: 71202782a06ed1f0a17e00072b74b21195f2f5f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wrap calls to start_getty with ttyrun, so that getty isn't started if
the device doesn't exist. As we know start_getty is only called when
the device exists we can remove the partial workaround for this problem
in that scripts too.
This neatly obsoletes SERIAL_CONSOLES_CHECK, whose sole purpose was to
check what terminals are present at boot and rewrite inittab. Notably,
this meant that SERIAL_CONSOLES_CHECK made using a read-only rootfs
impossible.
(From OE-Core rev: 950ecaabc04836efc346be0ac7e0331e2378872b)
(From OE-Core rev: 6c655441ff5cd0d8877891ff37f8cfa983363a2a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This script is not always called with /sbin and /usr/sbin in the PATH
already, for example when called via ssh. Explicitly set PATH to make
sure it includes /sbin and /usr/sbin since that's where start-stop-daemon
is located.
(From OE-Core rev: fa53f898eaba15dff030f9eadf86e5bca7d954fa)
Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This matters on 32 bit systems where otherwise timestamp manipulation
in shell scripts would overflow after 2038. One of the scripts in
strace test suite exposed the issue.
(From OE-Core rev: 8165c980338d4719004bf62644e0fe24ef309fe0)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A dependency on coreutils was added to busybox-ptest in oe-core 658c5ed
to fix a test failure.
The failure is because one of the start-stop-daemon tests is known to
fail if /bin/false is busybox. Instead of failing, we can check if
/bin/false is a symlink to busybox and skip the test if so.
[ YOCTO #15068 ]
(From OE-Core rev: 37482e404cf4dcf9360c29986ced8db78baf249b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
hwclock.sh had default update-rc parameters which made it run after
other tasks that work with the clock such as connman. This causes a
time obtained by NTP to be clobbered by a potentially incorrect time
in the RTC.
Provide non-default INITSCRIPT_PARAMS to have hwclock.sh run during
the rc startup before runlevel initscripts start.
(From OE-Core rev: 3012bac35ada9a9f66d9e6e2fecaee09527b9d44)
Signed-off-by: Chris Elledge <celledge@siteworx.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ironically, busybox ptests don't all work without coreutils being present. This
dependency fixes execution in minimal images but the failing start-stop-daemon
test case should probably be investigated in due course and the dependency
removed when possible.
(From OE-Core rev: 658c5ed34e279983b1827abfe4e439524b72d4a9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The original patch was actually allowing .debug modules
though which was in-correct. This change blocks the
parsing of .debug modules (which is correct). As noted in
[YOCTO #15022] this should address the empty modules.dep
when using the BusyBox depmod.
(From OE-Core rev: 339c3c3abe8d405cfe7b3f34db9b3547bcaaf878)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- update to next (un)stable version 1.36.0
- refresh defconfig
- disable new applets (tree, tsort, seedrng)
- use hw-accel for sha1/256 sums when available
- remove and refresh already merged patches
(From OE-Core rev: 2e9989a8f8b5b93476e551475df010add32aac31)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To avoid working with undeterministic config files, remove all the
temporary files to start from scratch.
(From OE-Core rev: 74cd440c4e3df0ed3b81cf5c60a3f92e0dd3fe6c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When compiling busybox a second time (e.g. with `compile -f`), busybox
can use an altered autoconf.h file for compiling, which can ultimately
produces different and unwanted binaries.
This can produce errors like this one:
ERROR: busybox-1.35.0-r0 do_package: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:ptest_update_alternatives(d)
0003:
File: '…/poky/meta/classes/ptest.bbclass', lineno: 100, function: ptest_update_alternatives
0096: for alt_name, alt_link, alt_target, _ in alternatives:
0097: # Some alternatives are for man pages,
0098: # check if the alternative is in PATH
0099: if os.path.dirname(alt_link) in bin_paths:
*** 0100: os.symlink(alt_target, os.path.join(ptest_bindir, alt_name))
0101:}
0102:
0103:do_configure_ptest_base[dirs] = "${B}"
0104:do_compile_ptest_base[dirs] = "${B}"
Exception: FileExistsError: [Errno 17] File exists: '/bin/busybox.suid' -> '…/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
This happens because ALTERNATIVE:busybox contains `/bin/login` twice,
initially that's because `/bin/login` is present in both
busybox.links.suid and busybox.links.nosuid. The reason for that is
because of the altered autoconf.h.
Steps to reproduce above error:
<add ptest to distro configs>
bitbake busybox -c clean
bitbake busybox -c package -f
bitbake busybox -c compile -f
bitbake busybox -c package -f
This patch guards against potential bugs by:
- making a backup of .config and autoconf.h that have matching
timestamps.
- make sure do_compile always starts with these files.
- restore .config and autoconf.h at the end of do_compile.
(From OE-Core rev: 6b4a0f063edcfe0a5a4f418842e86ac0c46d9cad)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This symlink is not valid when using usrmerge and ptest packaging would fail
Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' -> '/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
(From OE-Core rev: 238fd30689054c7b44176dce7180fb6dac4e1b6f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
(From OE-Core rev: 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As with the kmod version of depmod, exclude .debug from being
searched. Since busybox does not use the depmod.d and any
configuration file option is ignored we just hardcode it.
(From OE-Core rev: c082752c06d5723433886cbf7ce2d88a51fb64f1)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was added 10 years ago, is almost certainly non-upstreamable
and it isn't clear what the issues it aims to fix are:
the AB revealed no problems when the patch is removed.
(From OE-Core rev: e4831586ee03f189f7cf90aa444f7dc71544d3ec)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We want things to be reproduicble and the variable doesn't really change
much any more. Drop the remaining uses and make those code paths always
active.
(From OE-Core rev: d15fb02c7ee7da50e322d74bc6a545234e20c7f3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
(From OE-Core rev: 5ace3ada5c54500c71becc8e0c6eddeb8bc053e3)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- update to next stable version 1.34.0
- refresh defconfig
- remove and refresh already merged patches
(From OE-Core rev: d0e694ef4ec7bd862bdefee494210e3878152b44)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
removed since it is included in 1.33.1
(From OE-Core rev: 544236b12a72ee5be5ef0147249ead112082b871)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ensures that globbing results in same order irrespective of shell in
use
(From OE-Core rev: fdeee94fa78f91613850500b209b75a6608241d0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
certain applets are enabled but the long options are not enabled for
them, it results in subtle failures in ptests where its expecting these
options e.g. gzip --best is commonly used in many package tests e.g.
root@qemux86-64:/usr/lib# grep -r "\-\-best" *
acl/ptest/Makefile:GZIP_ENV = --best
attr/ptest/Makefile:GZIP_ENV = --best
coreutils/ptest/Makefile:GZIP_ENV = --best
ethtool/ptest/Makefile:GZIP_ENV = --best
libxml2/ptest/Makefile:GZIP_ENV = --best
lttng-tools/ptest/Makefile:GZIP_ENV = --best
opkg/ptest/Makefile:GZIP_ENV = --best
perl/ptest/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm: COMPRESS ('gzip --best')
python3.9/test/test_gzip.py: for compress_level in ('--fast', '--best'):
...
this ensures that these options are enabled by default, which makes them more
compatible than now with coreutils provided utilities
busybox size grows by 4K which perhaps is acceptable
--rwxr-xr-x root root 817704 ./bin/busybox.nosuid
+-rwxr-xr-x root root 821800 ./bin/busybox.nosuid
This makes autopoint-3/gettext pass
This patch add all the long options to this fragment. The long options
for a tool will only get enabled if the corresponding tool/feature is
enabled in main defconfig, otherwise it will be ignored in final .config
(From OE-Core rev: 6a6c64426f544fcd376f2eabdb5aecc0ab04e541)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit ed69ef2016.
The console entry has already been added into /etc/inittab based
on the SERIAL_CONSOLES. So drop this redundant entry.
(From OE-Core rev: 633f0c6b74e3caa2bae52ca60c61b811b7b2215d)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
