| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| cherry-pick.1_30_0-35-g74d9f1ba3.udhcpc-when-decoding-dhcp-subnet-ensure-it-is-4-bytes-long.patch | Udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long function old new delta udhcp_run_script 795 801 +6 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> |
no | debian | 1_30_0-35-g74d9f1ba3 <https://git.busybox.net/busybox/commit/?id=1_30_0-35-g74d9f1ba3> | 2019-01-07 | |
| cherry-pick.1_30_0-110-gbb3a9531b.ip-fix-ip-o-link.patch | Ip: Fix ip -o link Commit db169f253854db572c0c2b7e3d74ebbe6afdb97f breaks the "ip -o link" command, no output is displayed.. Fix by only excluding the link info if in oneline mode and if the address family is not AF_PACKET. function old new delta ipaddr_list_or_flush 1232 1202 -30 Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> |
no | debian | 1_30_0-110-gbb3a9531b <https://git.busybox.net/busybox/commit/?id=1_30_0-110-gbb3a9531b> | 2019-03-30 | |
| cherry-pick.1_31_0-92-gd3539be8f0.remove-stime-function-calls.patch | Remove stime() function calls Remove stime() function calls stime() has been deprecated in glibc 2.31 and replaced with clock_settime(). Let's replace the stime() function calls with clock_settime() in preperation. function old new delta rdate_main 197 224 +27 clock_settime - 27 +27 date_main 926 941 +15 stime 37 - -37 ------------------------------------------------------------------------------ (add/remove: 2/2 grow/shrink: 2/0 up/down: 69/-37) Total: 32 bytes Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> diff --git a/coreutils/date.c b/coreutils/date.c index f7e9a8d0e..b9b7fd2cb 100644 |
no | debian | 1_31_0-92-gd3539be8f0 <https://git.busybox.net/busybox/commit/?id=1_31_0-92-gd3539be8f0> | 2019-11-19 | |
| cherry-pick.1_32_0-26-g1a5d6fcbb.hwclock-fix-settimeofday-for-glibc-v2.31.patch | hwclock: Fix settimeofday for glibc v2.31+ hwclock: Fix settimeofday for glibc v2.31+ The glibc implementation changed for settimeofday, resulting in "invalid argument" error when attempting to set both timezone and time with a single call. Fix this by calling settimeofday twice Signed-off-by: Eddie James <eajames@linux.ibm.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> diff --git a/util-linux/hwclock.c b/util-linux/hwclock.c index 357906cca..e85bca2b2 100644 |
no | debian | 1_32_0-26-g1a5d6fcbb <https://git.busybox.net/busybox/commit/?id=1_32_0-26-g1a5d6fcbb> | 2020-08-10 | |
| u-mount-FreeBSD-support.patch | [PATCH 18/19] (u)mount: FreeBSD support | no | 2017-08-17 | |||
| swaponoff-FreeBSD-support.patch | [PATCH 19/19] swaponoff: FreeBSD support | Jeremie Koenig <jk@jk.fr.eu.org> | no | 2017-08-17 | ||
| shell-ash-export-HOME.patch | busybox sh sets but does not export PATH This patch exports $PATH variable from busybox ash by default, even if no "export PATH" statement has been processed. No other shell (dash, bash, ...) does this: $ env - /bin/bash -c /usr/bin/env PWD=/tmp SHLVL=1 _=/usr/bin/env But after #329406, busybox ash started exporting this variable by default. This change hasn't been sent upstream. However, this turned out to be problematic, after many upstream changes, busybox started segfaulting in interesting and difficult to debug environments - like, when running as pid=1 in initramfs. This is recorded in #679377. The problem was that PATH was the only variable marked to be exported by default, and this is done by this very patch. Other exported variables were always malloc'ed, but this one was not. But when ash executes applets marked as NOEXEC, it does not really execute anything, it forks and runs the applet's main() function, clearing and setting up the environment as it'd do for any other command. There, it is assumed that all exported variables were malloc'ed, and the function (tryexec() in ash.c) writes to the place in exported variable where the equal sign is. So, if ash inherited no PATH variable and the default is used, the code will try to write \0 into a constant location, and we'll get a segfault. The whole patch is probably not needed (because other shells don't export PATH by default), but at this stage (during wheezy freeze) we can't just drop it, since it may lead to some random breakage in some other random place (and that'll be another very difficult to debug issue). So instead of dropping the patch, we modify the PATH variable to be stored in non-const location, ie, to be writable. It is safe, since the only place which actually modifies this variable (after the first half of this patch) is the awk main function, during setup, it restores the overridden byte after touching it, and it is a "terminal" applet, ie, it exits after doing its work. For wheezy+1, we should drop this patch completely. For now, we will live with this simple and ugly forkaround. /mjt |
Joey Hess <joeyh@debian.org> | no | debian | 2006-05-07 | |
| version.patch | build-sys: allow override of BB_BT (build tag) from command line | Bastian Blank <waldi@debian.org> | no | 2008-03-28 | ||
| init-console.patch | skip non-existing devices in inittab This patch causes init silently skip running processes from inittab if the terminal name is specified but the corresponding device file does not exist. |
Bastian Blank <waldi@debian.org> | no | debian | ||
| stop-checking-ancient-kernel-version.patch | stop checking ancient kernel version for NFS mount The nfs mount code checks for ancient kernel 2.2.18 (!) to determine which mount protocol to use (v3 or v4). Stop doing this, and always use v4. This is the only place in debian busybox which uses get_linux_version_code() function which can't deal with less-than-3-component kernel version numbers (#684611). (Other places are in modutils/ to determine whenever to use pre-2.4 module loading way, which is disabled in debian build). This is a band-aid patch, to minimize changes, more complete cleanup is needed for all this code upstream. |
Michael Tokarev <mjt@tls.msk.ru> | no | debian | ||
| revert-9c143ce52da11ec3d21a3491c3749841d3dc10f0.patch | Revert 9c143ce52da11ec3d21a3491c3749841d3dc10f0 just to make sure the next patch can be applied | Cyril Brulebois <kibi@debian.org> | no | 2019-03-29 | ||
| temp-deb-installer-hack.patch | Temporary hack re-enable invalid variable names Upstream busybox commit b6838b520 ("ash: [VAR] Sanitise environment variable names on entry") breaks assumptions used by debian-installer's preseed system. This results in settings passed to the installer on the kernel command-line getting stripped out if they contain invalid characters in the variable name, such as '/', which is actually very common in this use case. This is not a long term fix for this problem: a different approach is needed to parse the values from the kernel command-line, but we don't want to be responsible for holding up the debian-installer alpha release any longer than it has already. |
Chris Boot <bootc@debian.org> | not-needed | |||
| install-readlink-in-bin.patch | no | |||||
| ignore-ip-valid_lft.patch | Don't choke on ip addr add [...] valid_lft [...] preferred_lft isc-dhcp-dclient 4.4.1 has started passing valid_lft, preferred_lft to ip addr add but busybox ip doesn't support these options. Handle these gracefully, making them no-ops for now. |
Steve Langasek <steve.langasek@ubuntu.com> | no | debian | 2019-03-12 | |
| CVE-2021-28831.patch | decompress_gunzip: Fix DoS if gzip is corrupt On certain corrupt gzip files, huft_build will set the error bit on the result pointer. If afterwards abort_unzip is called huft_free might run into a segmentation fault or an invalid pointer to free(p). In order to mitigate this, we check in huft_free if the error bit is set and clear it before the linked list is freed. |
Samuel Sapalski <samuel.sapalski@nokia.com> | no | https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd | 2021-03-03 | |
| CVE-2021-42374.patch | unlzma: fix a case where we could read before beginning of buffer Testcase: 21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6 00 17 02 10 11 0f ff 00 16 00 00 Unfortunately, the bug is not reliably causing a segfault, the behavior depends on what's in memory before the buffer. function old new delta unpack_lzma_stream 2762 2768 +6 |
Denys Vlasenko <vda.linux@googlemail.com> | no | https://git.launchpad.net/ubuntu/+source/busybox/commit/?h=import/1%251.30.1-4ubuntu6.4&id=8c17c898de7bb1f8c349f3d75bc20710504d8889 | 2021-06-15 | |
| CVE-2021-423xx-awk.patch | fix for CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 | no | https://git.launchpad.net/ubuntu/+source/busybox/commit/?h=import/1%251.30.1-4ubuntu6.4&id=8c17c898de7bb1f8c349f3d75bc20710504d8889 | |||
| CVE-2022-48174.patch | shell: avoid segfault on ${0::0/0~09J}. Closes 15216 function old new delta evaluate_string 1011 1053 +42 |
Denys Vlasenko <vda.linux@googlemail.com> | no | https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209 | 2023-06-12 | |
| CVE-2023-42364-part1.patch | awk: fix precedence of = relative to == Discovered while adding code to disallow assignments to non-lvalues function old new delta parse_expr 936 991 +55 .rodata 105243 105247 +4 |
Denys Vlasenko <vda.linux@googlemail.com> | yes | upstream | https://git.busybox.net/busybox/commit/editors/awk.c?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4 | 2023-05-30 |
| CVE-2023-42364-part2.patch | awk: restore assignment precedence to be lower than ternary ?: Something is fishy with constrcts like "3==v=3" in gawk, they should not work, but do. Ignore those for now. |
Denys Vlasenko <vda.linux@googlemail.com> | yes | upstream | https://git.busybox.net/busybox/commit/editors/awk.c?id=38335df9e9f45378c3407defd38b5b610578bdda | 2024-07-09 |