busybox: Package init

Signed-off-by: Grooooot <isula@huawei.com>

bugfix-crond_zombie_no_exit_cmd_bug.patch

@@ -0,0 +1,20 @@
+diff --git a/miscutils/crond.c b/miscutils/crond.c
+index f6580a9..5f3963d 100644
+--- a/miscutils/crond.c
++++ b/miscutils/crond.c
+@@ -737,6 +737,7 @@ fork_job(const char *user, int mailFd, CronLine *line, bool run_sendmail)
+  err:
+ 		pid = 0;
+ 	} /* else: PARENT, FORK SUCCESS */
++        waitpid(pid, NULL, 0);
+ 
+ 	/*
+ 	 * Close the mail file descriptor.. we can't just leave it open in
+@@ -867,6 +868,7 @@ static pid_t start_one_job(const char *user, CronLine *line)
+  err:
+ 		pid = 0;
+ 	}
++        waitpid(pid, NULL, 0);
+ 	line->cl_pid = pid;
+ 	return pid;
+ }

bugfix-crontab_remove_bug.patch

@@ -0,0 +1,18 @@
+diff -Nur old/miscutils/crontab.c new/miscutils/crontab.c
+--- old/miscutils/crontab.c	2015-11-30 14:45:22.000000000 +0800
++++ new/miscutils/crontab.c	2015-11-30 15:25:36.000000000 +0800
+@@ -153,7 +153,13 @@
+ 	switch (opt_ler) {
+ 
+ 	default: /* case OPT_r: Delete */
+-		unlink(pas->pw_name);
++		if(unlink(pas->pw_name) != 0){
++			if(errno == ENOENT)
++				fprintf(stderr, "no crontab for %s\n", pas->pw_name);	
++			else
++				perror(pas->pw_name);
++			exit(1);
++		}
+ 		break;
+ 
+ 	case OPT_l: /* List */

bugfix-dmesg_pretty.patch

@@ -0,0 +1,12 @@
+diff --git a/util-linux/dmesg.c b/util-linux/dmesg.c
+index 81ba1c9..8602d28 100644
+--- a/util-linux/dmesg.c
++++ b/util-linux/dmesg.c
+@@ -64,6 +64,7 @@ int dmesg_main(int argc UNUSED_PARAM, char **argv)
+ 			if (last == '\n' && buf[in] == '<') {
+ 				while (buf[in++] != '>' && in < len)
+ 					;
++				last = buf[in];
+ 			} else {
+ 				last = buf[in++];
+ 				putchar(last);

bugfix-fix-getopt-segmentation-fault.patch

@@ -0,0 +1,19 @@
+diff --git a/util-linux/getopt.c b/util-linux/getopt.c
+index 1ae0c59..626872d 100644
+--- a/util-linux/getopt.c
++++ b/util-linux/getopt.c
+@@ -385,7 +385,14 @@ int getopt_main(int argc, char **argv)
+ 		option_mask32 |= OPT_u; /* quoting off */
+ 		s = xstrdup(s + strspn(s, "-+"));
+ 		argv[1] = argv[0];
++#if ENABLE_FEATURE_GETOPT_LONG
++		if (long_options != NULL)
++			return generate_output(argv+1, argc-1, s, long_options);
++		else
++			bb_error_msg_and_die("input error,please check");
++#else
+ 		return generate_output(argv+1, argc-1, s, long_options);
++#endif
+ 	}
+ 
+ #if !ENABLE_FEATURE_GETOPT_LONG

bugfix-get_header_tar.patch

@@ -0,0 +1,22 @@
+Upstream-Status: Pending
+
+# copy commit message from OE as the patch comment:
+#    commit 5a0e1d473ca7aca5ffefffe9a2ec44ae7a1f35bc
+#    Author: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
+#    Date:   Wed Feb 11 22:40:21 2009 +0100
+#
+#    busybox: fix tar problem with filenames that are exactly 100 bytes
+#
+# above comment added by Kevin Tian <kevin.tian@intel.com>, 2010-07-06
+
+--- busybox-1.13.2/archival/libarchive/get_header_tar.c.orig	2008-11-09 18:28:02.000000000 +0100
++++ busybox-1.13.2/archival/libarchive/get_header_tar.c	2009-02-11 22:34:52.000000000 +0100
+@@ -252,6 +252,8 @@
+ 			file_header->name = concat_path_file(tar.prefix, tar.name);
+ 		} else
+ 			file_header->name = xstrdup(tar.name);
++		if (strlen(file_header->name) > 100) 
++			file_header->name[100] = 0;
+ 	}
+ 
+ 	/* Set bits 12-15 of the files mode */

bugfix-makefile-libbb-race.patch

@@ -0,0 +1,34 @@
+There is a potential race when building libbb, as some header files  
+needed by libbb are not generated yet (or are being modified) at the time
+libbb is compiled.
+This patch avoids this scenario by building libbb as the last directory.
+
+Upstream-Status: Submitted
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+Index: busybox-1.24.1/Makefile
+===================================================================
+diff --git a/Makefile b/Makefile
+index 5cfc763..69f3831 100644
+--- a/Makefile
++++ b/Makefile
+@@ -738,9 +738,18 @@ $(sort $(busybox-all)): $(busybox-dirs) ;
+ # Error messages still appears in the original language
+ 
+ PHONY += $(busybox-dirs)
+-$(busybox-dirs): prepare scripts
++
++libbb-dir = $(filter libbb,$(busybox-dirs))
++busybox-dirs1 = $(filter-out libbb,$(busybox-dirs))
++
++$(busybox-dirs1): prepare scripts
+ 	$(Q)$(MAKE) $(build)=$@
+ 
++ifneq ($(libbb-dir),)
++$(libbb-dir): | $(busybox-dirs1)
++	$(Q)$(MAKE) $(build)=$@
++endif
++
+ # Build the kernel release string
+ # The KERNELRELEASE is stored in a file named .kernelrelease
+ # to be used when executing for example make install or make modules_install

bugfix-memleak.patch

@@ -0,0 +1,27 @@
+diff -urN old/shell/ash.c new/shell/ash.c
+--- old/shell/ash.c	2018-11-06 21:47:50.000000000 +0800
++++ new/shell/ash.c	2018-11-06 21:55:43.337608907 +0800
+@@ -9011,6 +9011,7 @@
+ 	int checkexit = 0;
+ 	int (*evalfn)(union node *, int);
+ 	int status = 0;
++	struct stackmark smark;
+ 
+ 	if (n == NULL) {
+ 		TRACE(("evaltree(NULL) called\n"));
+@@ -9031,6 +9032,7 @@
+ 		status = !evaltree(n->nnot.com, EV_TESTED);
+ 		goto setstatus;
+ 	case NREDIR:
++		setstackmark(&smark);
+ 		expredir(n->nredir.redirect);
+ 		pushredir(n->nredir.redirect);
+ 		status = redirectsafe(n->nredir.redirect, REDIR_PUSH);
+@@ -9042,6 +9044,7 @@
+ 		}
+ 		if (n->nredir.redirect)
+ 			popredir(/*drop:*/ 0);
++		popstackmark(&smark);
+ 		goto setstatus;
+ 	case NCMD:
+ 		evalfn = evalcommand;

bugfix-when-mount-failed-clean-it-creates-dev-loopN.patch

@@ -0,0 +1,39 @@
+diff --git a/libbb/loop.c b/libbb/loop.c
+index c78535a..6387e40 100644
+--- a/libbb/loop.c
++++ b/libbb/loop.c
+@@ -90,9 +90,9 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
+ 	char *try;
+ 	bb_loop_info loopinfo;
+ 	struct stat statbuf;
+-	int i, dfd, ffd, mode, rc;
++	int i, dfd, ffd, mode, rc, mknod_flag;
+ 
+-	rc = dfd = -1;
++	rc = dfd = mknod_flag = -1;
+ 
+ 	/* Open the file.  Barf if this doesn't work.  */
+ 	mode = (flags & BB_LO_FLAGS_READ_ONLY) ? O_RDONLY : O_RDWR;
+@@ -123,8 +123,10 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
+ 			 && try == dev
+ 			) {
+ 				/* Node doesn't exist, try to create it.  */
+-				if (mknod(dev, S_IFBLK|0644, makedev(7, i)) == 0)
++				if (mknod(dev, S_IFBLK|0644, makedev(7, i)) == 0) {
++					mknod_flag = 0;
+ 					goto try_to_open;
++				}
+ 			}
+ 			/* Ran out of block devices, return failure.  */
+ 			rc = -1;
+@@ -140,6 +142,10 @@ int FAST_FUNC set_loop(char **device, const char *file, unsigned long long offse
+ 		if (dfd < 0) {
+ 			if (errno == ENXIO) {
+ 				/* Happens if loop module is not loaded */
++				if (mknod_flag == 0) {
++					mknod_flag = -1;
++					(void)unlink(dev);
++				}
+ 				rc = -1;
+ 				break;
+ 			}

busybox-CVE-2018-1000500.patch

@@ -0,0 +1,68 @@
+From 871b0b55d092965b974201315d0a1487051901f2 Mon Sep 17 00:00:00 2001
+From: leizhongkai <leizhongkai@huawei.com>
+Date: Wed, 5 Jun 2019 15:12:45 +0800
+Subject: [PATCH 2/2] busybox: fix CVE-2018-1000500
+
+reason:fix CVE-2018-1000500
+backport from https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55
+see https://nvd.nist.gov/vuln/detail/CVE-2018-1000500 and https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000500.html
+for more details
+
+Signed-off-by: leizhongkai <leizhongkai@huawei.com>
+---
+ networking/wget.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/networking/wget.c b/networking/wget.c
+index 309b983..6477f36 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -136,6 +136,7 @@
+ //usage:       "Retrieve files via HTTP or FTP\n"
+ //usage:	IF_FEATURE_WGET_LONG_OPTIONS(
+ //usage:     "\n	--spider	Only check URL existence: $? is 0 if exists"
++///////:     "\n	--no-check-certificate	Don't validate the server's certificate"
+ //usage:	)
+ //usage:     "\n	-c		Continue retrieval of aborted transfer"
+ //usage:     "\n	-q		Quiet"
+@@ -267,6 +268,7 @@ enum {
+ 	WGET_OPT_HEADER     = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+ 	WGET_OPT_POST_DATA  = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+ 	WGET_OPT_SPIDER     = (1 << 12) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
++        WGET_OPT_NO_CHECK_CERT = (1 << 13) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+ };
+ 
+ enum {
+@@ -765,6 +767,9 @@ static void spawn_ssl_client(const char *host, int network_fd)
+ 	int pid;
+ 	char *servername, *p;
+ 
++        if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
++            bb_error_msg("note: TLS certificate validation not implemented");
++
+ 	servername = xstrdup(host);
+ 	p = strrchr(servername, ':');
+ 	if (p) *p = '\0';
+@@ -1362,10 +1367,9 @@ IF_DESKTOP(	"tries\0"            Required_argument "t")
+ 		"header\0"           Required_argument "\xff"
+ 		"post-data\0"        Required_argument "\xfe"
+ 		"spider\0"           No_argument       "\xfd"
++                "no-check-certificate\0" No_argument   "\xfc"
+ 		/* Ignored (we always use PASV): */
+ IF_DESKTOP(	"passive-ftp\0"      No_argument       "\xf0")
+-		/* Ignored (we don't do ssl) */
+-IF_DESKTOP(	"no-check-certificate\0" No_argument   "\xf0")
+ 		/* Ignored (we don't support caching) */
+ IF_DESKTOP(	"no-cache\0"         No_argument       "\xf0")
+ IF_DESKTOP(	"no-verbose\0"       No_argument       "\xf0")
+@@ -1425,6 +1429,7 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
+ 	if (option_mask32 & WGET_OPT_HEADER) bb_error_msg("--header");
+ 	if (option_mask32 & WGET_OPT_POST_DATA) bb_error_msg("--post-data");
+ 	if (option_mask32 & WGET_OPT_SPIDER) bb_error_msg("--spider");
++        if (option_mask32 & WGET_OPT_NO_CHECK_CERT) bb_error_msg("--no-check-certificate");
+ 	exit(0);
+ #endif
+ 	argv += optind;
+-- 
+1.8.3.1
+

busybox-CVE-2018-1000517.patch

@@ -0,0 +1,52 @@
+From 97d64d270d094d02a686dfe0d80e232df66d92e6 Mon Sep 17 00:00:00 2001
+From: leizhongkai <leizhongkai@huawei.com>
+Date: Wed, 5 Jun 2019 12:00:48 +0800
+Subject: [PATCH 1/2] busybox: fix CVE-2018-1000517
+
+reason:fix CVE-2018-1000517
+cherry-pick from https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
+see https://nvd.nist.gov/vuln/detail/CVE-2018-1000517 for more details
+
+Signed-off-by: leizhongkai <leizhongkai@huawei.com>
+---
+ networking/wget.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/networking/wget.c b/networking/wget.c
+index d1d8523..309b983 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -641,7 +641,7 @@ static FILE* prepare_ftp_session(FILE **dfpp, struct host_info *target, len_and_
+ 	if (ftpcmd("SIZE ", target->path, sfp) == 213) {
+ 		G.content_len = BB_STRTOOFF(G.wget_buf + 4, NULL, 10);
+ 		if (G.content_len < 0 || errno) {
+-			bb_error_msg_and_die("SIZE value is garbage");
++                    bb_error_msg_and_die("bad SIZE value '%s'", G.wget_buf + 4);
+ 		}
+ 		G.got_clen = 1;
+ 	}
+@@ -924,11 +924,20 @@ static void NOINLINE retrieve_file_data(FILE *dfp)
+ 		if (!G.chunked)
+ 			break;
+ 
++                /* Each chunk ends with "\r\n" - eat it */
++                fgets_trim_sanitize(dfp, NULL);
+ 		fgets_and_trim(dfp, NULL); /* Eat empty line */
+  get_clen:
++                /* chunk size format is "HEXNUM[;name[=val]]\r\n" */
+ 		fgets_and_trim(dfp, NULL);
++                errno = 0;
+ 		G.content_len = STRTOOFF(G.wget_buf, NULL, 16);
+-		/* FIXME: error check? */
++                /*
++                 * Had a bug with inputs like "ffffffff0001f400"
++                 * smashing the heap later. Ensure >= 0.
++                 */
++                if (G.content_len < 0 || errno)
++                    bb_error_msg_and_die("bad chunk length '%s'", G.wget_buf);
+ 		if (G.content_len == 0)
+ 			break; /* all done! */
+ 		G.got_clen = 1;
+-- 
+1.8.3.1
+

busybox-CVE-2018-20679.patch

@@ -0,0 +1,129 @@
+From e5835352b8dd5b8717fc8fccc6573851c33c6533 Mon Sep 17 00:00:00 2001
+From: zhangchenfeng <zhangchenfeng1@huawei.com>
+Date: Fri, 1 Mar 2019 10:24:02 +0800
+Subject: [PATCH 1/2] fix CVE-2018-20679
+
+---
+ networking/udhcp/common.c | 19 +++++++++++++++++++
+ networking/udhcp/common.h |  4 ++++
+ networking/udhcp/dhcpc.c  |  6 +++---
+ networking/udhcp/dhcpd.c  |  6 +++---
+ 4 files changed, 29 insertions(+), 6 deletions(-)
+
+diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
+index 52ef875..074e28d 100644
+--- a/networking/udhcp/common.c
++++ b/networking/udhcp/common.c
+@@ -270,6 +270,15 @@ uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
+ 			goto complain; /* complain and return NULL */
+ 
+ 		if (optionptr[OPT_CODE] == code) {
++			if (optionptr[OPT_LEN] == 0) {
++				/* So far no valid option with length 0 known.
++				 * Having this check means that searching
++				 * for DHCP_MESSAGE_TYPE need not worry
++				 * that returned pointer might be unsafe
++				 * to dereference.
++				 */
++				goto complain; /* complain and return NULL */
++			}
+ 			log_option("option found", optionptr);
+ 			return optionptr + OPT_DATA;
+ 		}
+@@ -287,6 +296,16 @@ uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
+ 	return NULL;
+ }
+ 
++uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
++{
++	uint8_t *r = udhcp_get_option(packet, code);
++	if (r) {
++		if (r[-1] != 4)
++			r = NULL;
++	}
++	return r;
++}
++
+ /* Return the position of the 'end' option (no bounds checking) */
+ int FAST_FUNC udhcp_end_option(uint8_t *optionptr)
+ {
+diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
+index 50ea919..1d694ad 100644
+--- a/networking/udhcp/common.h
++++ b/networking/udhcp/common.h
+@@ -204,6 +204,10 @@ extern const uint8_t dhcp_option_lengths[] ALIGN1;
+ unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings);
+ 
+ uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
++/* Same as above + ensures that option length is 4 bytes
++ * (returns NULL if size is different)
++ */
++uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC;
+ int udhcp_end_option(uint8_t *optionptr) FAST_FUNC;
+ void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) FAST_FUNC;
+ #if ENABLE_UDHCPC || ENABLE_UDHCPD
+diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
+index c2805a0..57f1966 100644
+--- a/networking/udhcp/dhcpc.c
++++ b/networking/udhcp/dhcpc.c
+@@ -1683,7 +1683,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+  * They say ISC DHCP client supports this case.
+  */
+ 				server_addr = 0;
+-				temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++				temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 				if (!temp) {
+ 					bb_error_msg("no server ID, using 0.0.0.0");
+ 				} else {
+@@ -1710,7 +1710,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ 				struct in_addr temp_addr;
+ 				uint8_t *temp;
+ 
+-				temp = udhcp_get_option(&packet, DHCP_LEASE_TIME);
++				temp = udhcp_get_option32(&packet, DHCP_LEASE_TIME);
+ 				if (!temp) {
+ 					bb_error_msg("no lease time with ACK, using 1 hour lease");
+ 					lease_seconds = 60 * 60;
+@@ -1804,7 +1804,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
+ 					uint32_t svid;
+ 					uint8_t *temp;
+ 
+-					temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
++					temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 					if (!temp) {
+  non_matching_svid:
+ 						log1("received DHCP NAK with wrong"
+diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
+index a8cd3f0..477856d 100644
+--- a/networking/udhcp/dhcpd.c
++++ b/networking/udhcp/dhcpd.c
+@@ -640,7 +640,7 @@ static void add_server_options(struct dhcp_packet *packet)
+ static uint32_t select_lease_time(struct dhcp_packet *packet)
+ {
+ 	uint32_t lease_time_sec = server_config.max_lease_sec;
+-	uint8_t *lease_time_opt = udhcp_get_option(packet, DHCP_LEASE_TIME);
++	uint8_t *lease_time_opt = udhcp_get_option32(packet, DHCP_LEASE_TIME);
+ 	if (lease_time_opt) {
+ 		move_from_unaligned32(lease_time_sec, lease_time_opt);
+ 		lease_time_sec = ntohl(lease_time_sec);
+@@ -987,7 +987,7 @@ int udhcpd_main(int argc UNUSED_PARAM, char **argv)
+ 		}
+ 
+ 		/* Get SERVER_ID if present */
+-		server_id_opt = udhcp_get_option(&packet, DHCP_SERVER_ID);
++		server_id_opt = udhcp_get_option32(&packet, DHCP_SERVER_ID);
+ 		if (server_id_opt) {
+ 			uint32_t server_id_network_order;
+ 			move_from_unaligned32(server_id_network_order, server_id_opt);
+@@ -1011,7 +1011,7 @@ int udhcpd_main(int argc UNUSED_PARAM, char **argv)
+ 		}
+ 
+ 		/* Get REQUESTED_IP if present */
+-		requested_ip_opt = udhcp_get_option(&packet, DHCP_REQUESTED_IP);
++		requested_ip_opt = udhcp_get_option32(&packet, DHCP_REQUESTED_IP);
+ 		if (requested_ip_opt) {
+ 			move_from_unaligned32(requested_nip, requested_ip_opt);
+ 		}
+-- 
+1.8.3.1
+

busybox-CVE-2019-5747.patch

@@ -0,0 +1,53 @@
+From 2aea2ffccc29a7bdc597c983fd912685dd6df71e Mon Sep 17 00:00:00 2001
+From: zhangchenfeng1 <zhangchenfeng1@huawei.com>
+Date: Fri, 1 Mar 2019 10:28:00 +0800
+Subject: [PATCH 2/2] fix CVE-2019-5747
+
+---
+ networking/udhcp/common.c | 2 +-
+ networking/udhcp/common.h | 2 +-
+ networking/udhcp/dhcpc.c  | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
+index 074e28d..cc37a69 100644
+--- a/networking/udhcp/common.c
++++ b/networking/udhcp/common.c
+@@ -300,7 +300,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
+ {
+ 	uint8_t *r = udhcp_get_option(packet, code);
+ 	if (r) {
+-		if (r[-1] != 4)
++		if (r[-OPT_DATA + OPT_LEN] != 4)
+ 			r = NULL;
+ 	}
+ 	return r;
+diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
+index 1d694ad..e84943c 100644
+--- a/networking/udhcp/common.h
++++ b/networking/udhcp/common.h
+@@ -119,7 +119,7 @@ enum {
+ //#define DHCP_TIME_SERVER      0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */
+ //#define DHCP_NAME_SERVER      0x05 /* IEN 116 _really_ ancient kind of NS */
+ //#define DHCP_DNS_SERVER       0x06
+-//#define DHCP_LOG_SERVER       0x07 /* port 704 UDP log (not syslog)
++//#define DHCP_LOG_SERVER       0x07 /* port 704 UDP log (not syslog) */
+ //#define DHCP_COOKIE_SERVER    0x08 /* "quote of the day" server */
+ //#define DHCP_LPR_SERVER       0x09
+ #define DHCP_HOST_NAME          0x0c /* either client informs server or server gives name to client */
+diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
+index 57f1966..8d33d86 100644
+--- a/networking/udhcp/dhcpc.c
++++ b/networking/udhcp/dhcpc.c
+@@ -523,7 +523,7 @@ static char **fill_envp(struct dhcp_packet *packet)
+ 		temp = udhcp_get_option(packet, code);
+ 		*curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name);
+ 		putenv(*curr++);
+-		if (code == DHCP_SUBNET) {
++		if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) {
+ 			/* Subnet option: make things like "$ip/$mask" possible */
+ 			uint32_t subnet;
+ 			move_from_unaligned32(subnet, temp);
+-- 
+1.8.3.1
+

busybox.spec

@@ -0,0 +1,137 @@
+#spec file for busybox
+%if "%{!?VERSION:1}"
+%define VERSION 1.28.3
+%endif
+
+%if "%{!?RELEASE:1}"
+%define RELEASE 5
+%endif
+
+Name: busybox
+Version: %{VERSION}
+Release: %{RELEASE}
+Summary: The Swiss Army Knife of Embedded Linux
+License: GPLv2
+URL: http://www.busybox.net
+
+Source: http://www.busybox.net/downloads/%{name}-%{version}.tar.bz2
+Source1: busybox-static.config
+Source2: busybox-petitboot.config
+Source3: busybox-dynamic.config
+
+BuildRoot:      %_topdir/BUILDROOT
+#Dependency
+BuildRequires: gcc glibc-static git
+BuildRequires: libselinux-devel >= 1.27.7-2
+BuildRequires: libsepol-devel libselinux-static libsepol-static
+
+Patch6000: bugfix-get_header_tar.patch
+Patch6001: bugfix-makefile-libbb-race.patch
+Patch6002: busybox-CVE-2018-20679.patch
+Patch6003: busybox-CVE-2019-5747.patch
+Patch6004: busybox-CVE-2018-1000517.patch
+Patch6005: busybox-CVE-2018-1000500.patch
+
+Patch9000: bugfix-memleak.patch
+Patch9001: bugfix-dmesg_pretty.patch
+Patch9002: bugfix-crontab_remove_bug.patch
+Patch9003: bugfix-crond_zombie_no_exit_cmd_bug.patch
+Patch9004: bugfix-fix-getopt-segmentation-fault.patch
+Patch9005: bugfix-when-mount-failed-clean-it-creates-dev-loopN.patch
+
+Provides: bundled(md5-drepper2)
+
+%package petitboot
+Summary: Configure the busybox version with petitboot
+
+%package help
+Summary: Documentation for busybox
+
+%description
+BusyBox combines tiny versions of many common UNIX utilities into a
+single small executable. It provides replacements for most of the
+utilities you usually find in GNU fileutils, shellutils, etc. It provides
+a fairly complete environment for any small or embedded system.
+
+%description petitboot
+The Petitboot bootloader provides a boot menu and boots the chosen boot
+option using the Linux kernel's kexec functionality. And for use with the
+Petitboot bootloader used on PlayStation 3, the version of the contained
+in this package is minimal configured.
+
+%description help
+This package contains help documentation for busybox
+
+%prep
+# auto apply all needed patch with git
+%autosetup -n %{name}-%{version} -p1 -Sgit -v
+
+%build
+export CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="-Wl,-z,now"
+
+cp %{SOURCE3} .config
+yes "" | make oldconfig && \
+cat .config && \
+make V=1 %{?_smp_mflags} CC="gcc $RPM_OPT_FLAGS"
+
+cp busybox_unstripped busybox.dynamic
+cp docs/busybox.1 docs/busybox.dynamic.1
+
+make clean
+cp %{SOURCE2} .config
+yes "" | make oldconfig
+cat .config && \
+make V=1 %{?_smp_mflags} CC="%__cc $RPM_OPT_FLAGS"
+
+cp busybox_unstripped busybox.petitboot
+cp docs/busybox.1 docs/busybox.petitboot.1
+
+%install
+mkdir -p $RPM_BUILD_ROOT/sbin
+mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man1
+install -m 755 busybox.petitboot $RPM_BUILD_ROOT/sbin/busybox.petitboot
+install -m 755 busybox.dynamic $RPM_BUILD_ROOT/sbin/busybox
+install -m 644 docs/busybox.petitboot.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.petitboot.1
+install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
+
+%files
+%doc LICENSE README
+/sbin/busybox
+
+%files petitboot
+%doc LICENSE README
+/sbin/busybox.petitboot
+
+%files help
+%{_mandir}/man1/busybox.1.gz
+%{_mandir}/man1/busybox.petitboot.1.gz
+
+%changelog
+* Wed May 08 2019 gulining<gulining1@huawei.com> - 1:1.28.3-2.h3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:revert patch for rtos
+
+* Wed Jan 23 2019 gulining<gulining1@huawei.com> - 1:1.28.3-2.h1
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix rtos security boot init
+	fix svr monit
+	fix busybox ash syslog
+	fix add fdisk option
+	fix memleak
+	fix dmesg pretty
+	fix crontab remove bug
+	fix crond zombie no exit cmd bug
+	fix ash rtos history syslog forbit logging passwd
+	fix add env RTOS SECURITY PASSWD to control forbit logging passwd
+	fix fix getopt segmentation fault
+	fix when mount failed clean it creates dev loopN
+	fix hostname remove para file support
+	fix avoid rsyslog restart twice
+	fix get header tar
+	fix introduce ftpget timeout when file nogrow
+	fix makefile libbb race
+