From 3af9533f1d1b1b20768614a1d64c1aa6226bb483 Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Mon, 22 Nov 2021 10:33:41 +0800
Subject: [PATCH] fix CVE-2021-42374 and CVE-2021-42377

Signed-off-by: jikui <jikui2@huawei.com>
(cherry picked from commit 19d37e85ae31fb4b24b32ab0da71caa3c1a3135b)
---
 backport-CVE-2021-42374.patch | 59 +++++++++++++++++++++++++++++++++++
 backport-CVE-2021-42377.patch | 42 +++++++++++++++++++++++++
 busybox.spec                  | 12 ++++++-
 3 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-42374.patch
 create mode 100644 backport-CVE-2021-42377.patch

diff --git a/backport-CVE-2021-42374.patch b/backport-CVE-2021-42374.patch
new file mode 100644
index 0000000..546f6ad
--- /dev/null
+++ b/backport-CVE-2021-42374.patch
@@ -0,0 +1,59 @@
+From 479e2e47de5f2a9a3ecedda264976bde6945ce60 Mon Sep 17 00:00:00 2001
+From: jikui <jikui2@huawei.com>
+Date: Mon, 22 Nov 2021 10:24:24 +0800
+Subject: [PATCH] busybox: fix CVE-2021-42374
+
+backport from upstream:
+https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
+
+Signed-off-by: jikui <jikui2@huawei.com>
+---
+ archival/libarchive/decompress_unlzma.c |  5 ++++-
+ testsuite/unlzma.tests                  | 10 ++++++----
+ 2 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
+index 0744f23..fb5aac8 100644
+--- a/archival/libarchive/decompress_unlzma.c
++++ b/archival/libarchive/decompress_unlzma.c
+@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ 				uint32_t pos;
+ 
+ 				pos = buffer_pos - rep0;
+-				if ((int32_t)pos < 0)
++				if ((int32_t)pos < 0) {
+ 					pos += header.dict_size;
++					if ((int32_t)pos < 0)
++						goto bad;
++				}
+ 				match_byte = buffer[pos];
+ 				do {
+ 					int bit;
+diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
+index 0e98afe..8c120b1 100755
+--- a/testsuite/unlzma.tests
++++ b/testsuite/unlzma.tests
+@@ -8,14 +8,16 @@
+ 
+ # Damaged encrypted streams
+ testing "unlzma (bad archive 1)" \
+-	"unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \
+-"1
++	"unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \
++"unlzma: corrupted data
++1
+ " "" ""
+ 
+ # Damaged encrypted streams
+ testing "unlzma (bad archive 2)" \
+-	"unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \
+-"1
++	"unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \
++"unlzma: corrupted data
++1
+ " "" ""
+ 
+ exit $FAILCOUNT
+-- 
+2.25.1
+
diff --git a/backport-CVE-2021-42377.patch b/backport-CVE-2021-42377.patch
new file mode 100644
index 0000000..acf583b
--- /dev/null
+++ b/backport-CVE-2021-42377.patch
@@ -0,0 +1,42 @@
+From f56e2f2ef9d131b1f62dad4427da1113f9b417c5 Mon Sep 17 00:00:00 2001
+From: jikui <jikui2@huawei.com>
+Date: Mon, 22 Nov 2021 16:45:39 +0800
+Subject: [PATCH] busybox: fix CVE-2021-42377
+
+backport from upstream:
+https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839
+
+Signed-off-by: jikui <jikui2@huawei.com>
+---
+ shell/hush.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/shell/hush.c b/shell/hush.c
+index 9fead37..48856f2 100644
+--- a/shell/hush.c
++++ b/shell/hush.c
+@@ -3694,9 +3694,10 @@ static void debug_print_tree(struct pipe *pi, int lvl)
+ 
+ 	pin = 0;
+ 	while (pi) {
+-		fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n",
++		fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n",
+ 				lvl*2, "",
+ 				pin,
++				pi->num_cmds,
+ 				(IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""),
+ 				RES[pi->res_word],
+ 				pi->followup, PIPE[pi->followup]
+@@ -3839,6 +3840,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type)
+ #endif
+ 		/* Replace all pipes in ctx with one newly created */
+ 		ctx->list_head = ctx->pipe = pi;
++		/* for case like "cmd && &", do not be tricked by last command
++		 * being null - the entire {...} & is NOT null! */
++		not_null = 1;
+ 	} else {
+  no_conv:
+ 		ctx->pipe->followup = type;
+-- 
+2.25.1
+
diff --git a/busybox.spec b/busybox.spec
index 00ec7ff..008540b 100644
--- a/busybox.spec
+++ b/busybox.spec
@@ -4,7 +4,7 @@
 %endif
 
 %if "%{!?RELEASE:1}"
-%define RELEASE 9
+%define RELEASE 10
 %endif
 
 Name: busybox
@@ -19,6 +19,10 @@ Source1: busybox-static.config
 Source2: busybox-petitboot.config
 Source3: busybox-dynamic.config
 
+#backport
+Patch6000: backport-CVE-2021-42374.patch
+Patch6001: backport-CVE-2021-42377.patch
+
 BuildRoot:      %_topdir/BUILDROOT
 #Dependency
 BuildRequires: gcc glibc-static
@@ -93,6 +97,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
 %{_mandir}/man1/busybox.petitboot.1.gz
 
 %changelog
+* Mon Nov 22 2021 jikui <jikui2@huawei.com> - 1:1.33.1-10
+- Type:CVE
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2021-42374 and CVE-2021-42377
+
 * Fri Aug 13 2021 jikui <jikui2@huawei.com> - 1:1.33.1-9
 - Type:enhancement
 - Id:NA
-- 
Gitee