busybox: 1.24.1 -> 1.27.2

- fixed link creation to shell
 - reported bug with suid shells [https://bugs.busybox.net/show_bug.cgi?id=10346]
- removed and modified already merged patches
- updated defconfig regarding to new version

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Radovan Scasny <radovan.scasny@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

24 files changed, 384 insertions, 1699 deletions

diff --git a/meta/recipes-core/busybox/busybox-1.24.1/ifupdown-pass-interface-device-name-for-ipv6-route-c.patch b/meta/recipes-core/busybox/busybox-1.24.1/ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
deleted file mode 100644
index 5715378afc..0000000000
--- a/meta/recipes-core/busybox/busybox-1.24.1/ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 06fcf98f6ca40dc6b823d7d6231a240a1794ef2d Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai@windriver.com>
-Date: Tue, 28 Feb 2017 10:40:37 +0800
-Subject: [PATCH] ifupdown: pass interface device name for ipv6 route commands
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 028524317d8d0011ed38e86e507a06738a5b5a97 from upstream
-
-IPv6 routes need the device argument for link-local routes, or they
-cannot be used at all. E.g. "gateway fe80::def" seems to be used in
-some places, but kernel refuses to insert the route unless device
-name is explicitly specified in the route addition.
-
-Signed-off-by: Timo Teräs <timo.teras@iki.fi>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-
-Upstream-Status: Backport
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
----
- networking/ifupdown.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/networking/ifupdown.c b/networking/ifupdown.c
-index 17bc4e9..a00f68d 100644
---- a/networking/ifupdown.c
-+++ b/networking/ifupdown.c
-@@ -394,8 +394,8 @@ static int FAST_FUNC static_up6(struct interface_defn_t *ifd, execfn *exec)
- # if ENABLE_FEATURE_IFUPDOWN_IP
- 	result = execute("ip addr add %address%/%netmask% dev %iface%[[ label %label%]]", ifd, exec);
- 	result += execute("ip link set[[ mtu %mtu%]][[ addr %hwaddress%]] %iface% up", ifd, exec);
--	/* Was: "[[ ip ....%gateway% ]]". Removed extra spaces w/o checking */
--	result += execute("[[ip route add ::/0 via %gateway%]][[ metric %metric%]]", ifd, exec);
-+	/* Reportedly, IPv6 needs "dev %iface%", but IPv4 does not: */
-+	result += execute("[[ip route add ::/0 via %gateway% dev %iface%]][[ metric %metric%]]", ifd, exec);
- # else
- 	result = execute("ifconfig %iface%[[ media %media%]][[ hw %hwaddress%]][[ mtu %mtu%]] up", ifd, exec);
- 	result += execute("ifconfig %iface% add %address%/%netmask%", ifd, exec);
-@@ -421,7 +421,8 @@ static int FAST_FUNC v4tunnel_up(struct interface_defn_t *ifd, execfn *exec)
- 			"%endpoint%[[ local %local%]][[ ttl %ttl%]]", ifd, exec);
- 	result += execute("ip link set %iface% up", ifd, exec);
- 	result += execute("ip addr add %address%/%netmask% dev %iface%", ifd, exec);
--	result += execute("[[ip route add ::/0 via %gateway%]]", ifd, exec);
-+	/* Reportedly, IPv6 needs "dev %iface%", but IPv4 does not: */
-+	result += execute("[[ip route add ::/0 via %gateway% dev %iface%]]", ifd, exec);
- 	return ((result == 4) ? 4 : 0);
- }
- 
--- 
-1.9.1
-
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 48910ca33a..86f0c60249 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -156,6 +156,12 @@ do_compile() {
 		cp .config .config.orig
 		oe_runmake busybox.cfg.suid
 		oe_runmake busybox.cfg.nosuid
+
+		# workaround for suid bug 10346
+		if ! grep -q "CONFIG_SH_IS_NONE" busybox.cfg.nosuid; then
+			echo "CONFIG_SH_IS_NONE" >> busybox.cfg.suid
+		fi
+
 		for i in `cat busybox.cfg.suid busybox.cfg.nosuid`; do
 			echo "# $i is not set" >> .config.disable.apps
 		done
@@ -165,6 +171,12 @@ do_compile() {
 			cat busybox.cfg.$s | while read item; do
 				grep -w "$item" .config.orig
 			done > .config.app.$s
+
+			# workaround for suid bug 10346
+			if [ "$s" == "suid" ] ; then
+				sed "s/.*CONFIG_SH_IS_NONE.*$/CONFIG_SH_IS_NONE=y/" -i .config.app.suid
+			fi
+
 			merge_config.sh -m .config.nonapps .config.app.$s
 			oe_runmake busybox_unstripped
 			mv busybox_unstripped busybox.$s
@@ -204,7 +216,7 @@ do_install () {
 			install -m 0755 ${B}/busybox.nosuid ${D}${base_bindir}
 			install -m 0644 ${S}/busybox.links.suid ${D}${sysconfdir}
 			install -m 0644 ${S}/busybox.links.nosuid ${D}${sysconfdir}
-			if grep -q "CONFIG_FEATURE_SH_IS_ASH=y" ${B}/.config; then
+			if grep -q "CONFIG_SH_IS_ASH=y" ${B}/.config; then
 				ln -sf busybox.nosuid ${D}${base_bindir}/sh
 			fi
 			# Keep a default busybox for people who want to invoke busybox directly.
@@ -218,7 +230,7 @@ do_install () {
 				install -m 0755 ${B}/busybox ${D}${base_bindir}
 			fi
 			install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
-			if grep -q "CONFIG_FEATURE_SH_IS_ASH=y" ${B}/.config; then
+			if grep -q "CONFIG_SH_IS_ASH=y" ${B}/.config; then
 				ln -sf busybox ${D}${base_bindir}/sh
 			fi
 			# We make this symlink here to eliminate the error when upgrading together
diff --git a/meta/recipes-core/busybox/busybox/0001-flock-update-the-behaviour-of-c-parameter-to-match-u.patch b/meta/recipes-core/busybox/busybox/0001-flock-update-the-behaviour-of-c-parameter-to-match-u.patch
deleted file mode 100644
index 78520f0d90..0000000000
--- a/meta/recipes-core/busybox/busybox/0001-flock-update-the-behaviour-of-c-parameter-to-match-u.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From e1d426fd65c00a6d01a10d85edf8a294ae8a2d2b Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Sun, 24 Apr 2016 18:19:49 +0200
-Subject: [PATCH] flock: fix -c; improve error handling of fork+exec
-
-function                                             old     new   delta
-flock_main                                           254     334     +80
-
-Upstream-Status: Backport
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
- util-linux/flock.c | 19 +++++++++++++++++--
- 1 file changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/util-linux/flock.c b/util-linux/flock.c
-index 05a747f..539a835 100644
---- a/util-linux/flock.c
-+++ b/util-linux/flock.c
-@@ -57,7 +57,6 @@ int flock_main(int argc UNUSED_PARAM, char **argv)
- 	/* If it is "flock FILE -c PROG", then -c isn't caught by getopt32:
- 	 * we use "+" in order to support "flock -opt FILE PROG -with-opts",
- 	 * we need to remove -c by hand.
--	 * TODO: in upstream, -c 'PROG ARGS' means "run sh -c 'PROG ARGS'"
- 	 */
- 	if (argv[0]
- 	 && argv[0][0] == '-'
-@@ -66,6 +65,9 @@ int flock_main(int argc UNUSED_PARAM, char **argv)
- 	    )
- 	) {
- 		argv++;
-+		if (argv[1])
-+			bb_error_msg_and_die("-c takes only one argument");
-+		opt |= OPT_c;
- 	}
- 
- 	if (OPT_s == LOCK_SH && OPT_x == LOCK_EX && OPT_n == LOCK_NB && OPT_u == LOCK_UN) {
-@@ -90,8 +92,21 @@ int flock_main(int argc UNUSED_PARAM, char **argv)
- 		bb_perror_nomsg_and_die();
- 	}
- 
--	if (argv[0])
-+	if (argv[0]) {
-+		if (!(opt & OPT_c)) {
-+			int rc = spawn_and_wait(argv);
-+			if (rc < 0)
-+				bb_simple_perror_msg(argv[0]);
-+			return rc;
-+		}
-+		/* -c 'PROG ARGS' means "run sh -c 'PROG ARGS'" */
-+		argv -= 2;
-+		argv[0] = (char*)get_shell_name();
-+		argv[1] = (char*)"-c";
-+		/* argv[2] = "PROG ARGS"; */
-+		/* argv[3] = NULL; */
- 		return spawn_and_wait(argv);
-+	}
- 
- 	return EXIT_SUCCESS;
- }
--- 
-2.4.0
-
diff --git a/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch b/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
deleted file mode 100644
index 812a507489..0000000000
--- a/meta/recipes-core/busybox/busybox/0001-ip-fix-an-improper-optimization-req.r.rtm_scope-may-.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 34ecc3b7aefdd6c31e8691bd5485037bbabedbd4 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Sun, 14 Aug 2016 01:30:34 +0200
-Subject: [PATCH] ip: fix an improper optimization: req.r.rtm_scope may be
- nonzero here
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
-Upstream-Status: Backport
-Signed-off-by: André Draszik <adraszik@tycoint.com>
-
- networking/libiproute/iproute.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
-index e674e9a0d..48dc6e3d9 100644
---- a/networking/libiproute/iproute.c
-+++ b/networking/libiproute/iproute.c
-@@ -362,10 +362,9 @@ IF_FEATURE_IP_RULE(ARG_table,)
- 		req.r.rtm_scope = RT_SCOPE_NOWHERE;
- 
- 	if (cmd != RTM_DELROUTE) {
-+		req.r.rtm_scope = RT_SCOPE_UNIVERSE;
- 		if (RTPROT_BOOT != 0)
- 			req.r.rtm_protocol = RTPROT_BOOT;
--		if (RT_SCOPE_UNIVERSE != 0)
--			req.r.rtm_scope = RT_SCOPE_UNIVERSE;
- 		if (RTN_UNICAST != 0)
- 			req.r.rtm_type = RTN_UNICAST;
- 	}
--- 
-2.11.0
-
diff --git a/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch b/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch
deleted file mode 100644
index 66bc76e65e..0000000000
--- a/meta/recipes-core/busybox/busybox/0001-iproute-support-scope-.-Closes-8561.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From ce4bc1ed048233e89ee4cb95830bf6f01d523d1e Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Wed, 30 Dec 2015 17:32:51 +0100
-Subject: [PATCH] iproute: support "scope". Closes 8561
-
-function                                             old     new   delta
-iproute_modify                                      1051    1120     +69
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-
-Upstream-Status: Backport
-Modified patch to build against busybox 1.24.1:
-- s/invarg_1_to_2/invarg
-Signed-off-by: André Draszik <adraszik@tycoint.com>
----
- networking/libiproute/iproute.c | 52 ++++++++++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 19 deletions(-)
-
-diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
-index d232ee6fd..82827488f 100644
---- a/networking/libiproute/iproute.c
-+++ b/networking/libiproute/iproute.c
-@@ -313,12 +313,13 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
- static int iproute_modify(int cmd, unsigned flags, char **argv)
- {
- 	static const char keywords[] ALIGN1 =
--		"src\0""via\0""mtu\0""lock\0""protocol\0"IF_FEATURE_IP_RULE("table\0")
-+		"src\0""via\0""mtu\0""lock\0""scope\0""protocol\0"IF_FEATURE_IP_RULE("table\0")
- 		"dev\0""oif\0""to\0""metric\0""onlink\0";
- 	enum {
- 		ARG_src,
- 		ARG_via,
- 		ARG_mtu, PARM_lock,
-+		ARG_scope,
- 		ARG_protocol,
- IF_FEATURE_IP_RULE(ARG_table,)
- 		ARG_dev,
-@@ -344,6 +345,7 @@ IF_FEATURE_IP_RULE(ARG_table,)
- 	unsigned mxlock = 0;
- 	char *d = NULL;
- 	smalluint ok = 0;
-+	smalluint scope_ok = 0;
- 	int arg;
- 
- 	memset(&req, 0, sizeof(req));
-@@ -352,15 +354,18 @@ IF_FEATURE_IP_RULE(ARG_table,)
- 	req.n.nlmsg_flags = NLM_F_REQUEST | flags;
- 	req.n.nlmsg_type = cmd;
- 	req.r.rtm_family = preferred_family;
--	if (RT_TABLE_MAIN) /* if it is zero, memset already did it */
-+	if (RT_TABLE_MAIN != 0) /* if it is zero, memset already did it */
- 		req.r.rtm_table = RT_TABLE_MAIN;
--	if (RT_SCOPE_NOWHERE)
-+	if (RT_SCOPE_NOWHERE != 0)
- 		req.r.rtm_scope = RT_SCOPE_NOWHERE;
- 
- 	if (cmd != RTM_DELROUTE) {
--		req.r.rtm_protocol = RTPROT_BOOT;
--		req.r.rtm_scope = RT_SCOPE_UNIVERSE;
--		req.r.rtm_type = RTN_UNICAST;
-+		if (RTPROT_BOOT != 0)
-+			req.r.rtm_protocol = RTPROT_BOOT;
-+		if (RT_SCOPE_UNIVERSE != 0)
-+			req.r.rtm_scope = RT_SCOPE_UNIVERSE;
-+		if (RTN_UNICAST != 0)
-+			req.r.rtm_type = RTN_UNICAST;
- 	}
- 
- 	mxrta->rta_type = RTA_METRICS;
-@@ -393,6 +398,13 @@ IF_FEATURE_IP_RULE(ARG_table,)
- 			}
- 			mtu = get_unsigned(*argv, "mtu");
- 			rta_addattr32(mxrta, sizeof(mxbuf), RTAX_MTU, mtu);
-+		} else if (arg == ARG_scope) {
-+			uint32_t scope;
-+			NEXT_ARG();
-+			if (rtnl_rtscope_a2n(&scope, *argv))
-+				invarg(*argv, "scope");
-+			req.r.rtm_scope = scope;
-+			scope_ok = 1;
- 		} else if (arg == ARG_protocol) {
- 			uint32_t prot;
- 			NEXT_ARG();
-@@ -469,20 +481,22 @@ IF_FEATURE_IP_RULE(ARG_table,)
- 		addattr_l(&req.n, sizeof(req), RTA_METRICS, RTA_DATA(mxrta), RTA_PAYLOAD(mxrta));
- 	}
- 
--	if (req.r.rtm_type == RTN_LOCAL || req.r.rtm_type == RTN_NAT)
--		req.r.rtm_scope = RT_SCOPE_HOST;
--	else
--	if (req.r.rtm_type == RTN_BROADCAST
--	 || req.r.rtm_type == RTN_MULTICAST
--	 || req.r.rtm_type == RTN_ANYCAST
--	) {
--		req.r.rtm_scope = RT_SCOPE_LINK;
--	}
--	else if (req.r.rtm_type == RTN_UNICAST || req.r.rtm_type == RTN_UNSPEC) {
--		if (cmd == RTM_DELROUTE)
--			req.r.rtm_scope = RT_SCOPE_NOWHERE;
--		else if (!(ok & gw_ok))
-+	if (!scope_ok) {
-+		if (req.r.rtm_type == RTN_LOCAL || req.r.rtm_type == RTN_NAT)
-+			req.r.rtm_scope = RT_SCOPE_HOST;
-+		else
-+		if (req.r.rtm_type == RTN_BROADCAST
-+		 || req.r.rtm_type == RTN_MULTICAST
-+		 || req.r.rtm_type == RTN_ANYCAST
-+		) {
- 			req.r.rtm_scope = RT_SCOPE_LINK;
-+		}
-+		else if (req.r.rtm_type == RTN_UNICAST || req.r.rtm_type == RTN_UNSPEC) {
-+			if (cmd == RTM_DELROUTE)
-+				req.r.rtm_scope = RT_SCOPE_NOWHERE;
-+			else if (!(ok & gw_ok))
-+				req.r.rtm_scope = RT_SCOPE_LINK;
-+		}
- 	}
- 
- 	if (req.r.rtm_family == AF_UNSPEC) {
--- 
-2.11.0
-
diff --git a/meta/recipes-core/busybox/busybox/0001-libiproute-handle-table-ids-larger-than-255.patch b/meta/recipes-core/busybox/busybox/0001-libiproute-handle-table-ids-larger-than-255.patch
deleted file mode 100644
index aac5b4029b..0000000000
--- a/meta/recipes-core/busybox/busybox/0001-libiproute-handle-table-ids-larger-than-255.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From b5a9234272e6084557224c73ab7737ed47f09848 Mon Sep 17 00:00:00 2001
-From: Lukasz Nowak <lnowak@tycoint.com>
-Date: Wed, 23 Nov 2016 12:48:21 +0000
-Subject: [PATCH v2] libiproute: handle table ids larger than 255
-
-Linux kernel, starting from 2.6.19 allows ip table ids to have 32-bit values.
-In order to preserve compatibility, the old 8-bit field: rtm_table is still
-in use when table id is lower than 256.
-
-Add support for the 32-bit table id (RTA_TABLE attribute) in:
-- ip route print
-- ip route modify
-- ip rule print
-- ip rule modify
-
-Add printing of table ids to ip route.
-
-Changes are compatible with the mainline iproute2 utilities.
-
-These changes are required for compatibility with ConnMan, which by default
-uses table ids greater than 255.
-
-Upstream-Status: Submitted [http://lists.busybox.net/pipermail/busybox/2016-December/084989.html]
-
-Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
----
- networking/libiproute/iproute.c | 24 ++++++++++++++++++++----
- networking/libiproute/iprule.c  | 11 +++++++++--
- 2 files changed, 29 insertions(+), 6 deletions(-)
-
-diff --git a/networking/libiproute/iproute.c b/networking/libiproute/iproute.c
-index 6ecd5f7..d5af498 100644
---- a/networking/libiproute/iproute.c
-+++ b/networking/libiproute/iproute.c
-@@ -87,6 +87,7 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
- 	inet_prefix dst;
- 	inet_prefix src;
- 	int host_len = -1;
-+	uint32_t tid;
- 
- 	if (n->nlmsg_type != RTM_NEWROUTE && n->nlmsg_type != RTM_DELROUTE) {
- 		fprintf(stderr, "Not a route: %08x %08x %08x\n",
-@@ -99,6 +100,14 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
- 	if (len < 0)
- 		bb_error_msg_and_die("wrong nlmsg len %d", len);
- 
-+	memset(tb, 0, sizeof(tb));
-+	parse_rtattr(tb, RTA_MAX, RTM_RTA(r), len);
-+
-+	if (tb[RTA_TABLE])
-+		tid = *(uint32_t *)RTA_DATA(tb[RTA_TABLE]);
-+	else
-+		tid = r->rtm_table;
-+
- 	if (r->rtm_family == AF_INET6)
- 		host_len = 128;
- 	else if (r->rtm_family == AF_INET)
-@@ -128,7 +137,7 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
- 			}
- 		}
- 	} else {
--		if (G_filter.tb > 0 && G_filter.tb != r->rtm_table) {
-+		if (G_filter.tb > 0 && G_filter.tb != tid) {
- 			return 0;
- 		}
- 	}
-@@ -157,10 +166,8 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
- 		return 0;
- 	}
- 
--	memset(tb, 0, sizeof(tb));
- 	memset(&src, 0, sizeof(src));
- 	memset(&dst, 0, sizeof(dst));
--	parse_rtattr(tb, RTA_MAX, RTM_RTA(r), len);
- 
- 	if (tb[RTA_SRC]) {
- 		src.bitlen = r->rtm_src_len;
-@@ -283,6 +290,10 @@ static int FAST_FUNC print_route(const struct sockaddr_nl *who UNUSED_PARAM,
- 	if (tb[RTA_OIF]) {
- 		printf("dev %s ", ll_index_to_name(*(int*)RTA_DATA(tb[RTA_OIF])));
- 	}
-+#if ENABLE_FEATURE_IP_RULE
-+	if (tid && tid != RT_TABLE_MAIN && !G_filter.tb)
-+		printf("table %s ", rtnl_rttable_n2a(tid));
-+#endif
- 
- 	/* Todo: parse & show "proto kernel", "scope link" here */
- 
-@@ -434,7 +445,12 @@ IF_FEATURE_IP_RULE(ARG_table,)
- 			NEXT_ARG();
- 			if (rtnl_rttable_a2n(&tid, *argv))
- 				invarg(*argv, "table");
--			req.r.rtm_table = tid;
-+			if (tid < 256)
-+				req.r.rtm_table = tid;
-+			else {
-+				req.r.rtm_table = RT_TABLE_UNSPEC;
-+				addattr32(&req.n, sizeof(req), RTA_TABLE, tid);
-+			}
- #endif
- 		} else if (arg == ARG_dev || arg == ARG_oif) {
- 			NEXT_ARG();
-diff --git a/networking/libiproute/iprule.c b/networking/libiproute/iprule.c
-index 774a3e2..3fac7c5 100644
---- a/networking/libiproute/iprule.c
-+++ b/networking/libiproute/iprule.c
-@@ -119,7 +119,9 @@ static int FAST_FUNC print_rule(const struct sockaddr_nl *who UNUSED_PARAM,
- 		printf("iif %s ", (char*)RTA_DATA(tb[RTA_IIF]));
- 	}
- 
--	if (r->rtm_table)
-+	if (tb[RTA_TABLE])
-+		printf("lookup %s ", rtnl_rttable_n2a(*(uint32_t*)RTA_DATA(tb[RTA_TABLE])));
-+	else if (r->rtm_table)
- 		printf("lookup %s ", rtnl_rttable_n2a(r->rtm_table));
- 
- 	if (tb[RTA_FLOW]) {
-@@ -259,7 +261,12 @@ static int iprule_modify(int cmd, char **argv)
- 			NEXT_ARG();
- 			if (rtnl_rttable_a2n(&tid, *argv))
- 				invarg(*argv, "table ID");
--			req.r.rtm_table = tid;
-+			if (tid < 256)
-+				req.r.rtm_table = tid;
-+			else {
-+				req.r.rtm_table = RT_TABLE_UNSPEC;
-+				addattr32(&req.n, sizeof(req), RTA_TABLE, tid);
-+			}
- 			table_ok = 1;
- 		} else if (key == ARG_dev ||
- 			   key == ARG_iif
--- 
-2.7.4
-
diff --git a/meta/recipes-core/busybox/busybox/0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch b/meta/recipes-core/busybox/busybox/0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch
deleted file mode 100644
index 4f539848cb..0000000000
--- a/meta/recipes-core/busybox/busybox/0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 903542f7331c58007a3ef938d41e1c55fc329648 Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Wed, 31 Aug 2016 23:40:43 -0400
-Subject: [PATCH] sed: fix "sed n (flushes pattern space, terminates early)"
- testcase failure
-
-This patch fix "sed n (flushes pattern space, terminates early)"
-testcase failure. We can see it at:
-
-	https://git.busybox.net/busybox/commit/?id=76d72376e0244a5cafd4880cdc623e37d86a75e4
-
-Upstream-Status: Backport
-
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
----
- editors/sed.c       | 19 ++++++++++---------
- testsuite/sed.tests |  6 +-----
- 2 files changed, 11 insertions(+), 14 deletions(-)
-
-diff --git a/editors/sed.c b/editors/sed.c
-index 7bbf820..259c39c 100644
---- a/editors/sed.c
-+++ b/editors/sed.c
-@@ -1274,16 +1274,17 @@ static void process_files(void)
- 		case 'n':
- 			if (!G.be_quiet)
- 				sed_puts(pattern_space, last_gets_char);
--			if (next_line) {
--				free(pattern_space);
--				pattern_space = next_line;
--				last_gets_char = next_gets_char;
--				next_line = get_next_line(&next_gets_char, &last_puts_char, last_gets_char);
--				substituted = 0;
--				linenum++;
--				break;
-+			if (next_line == NULL) {
-+				/* If no next line, jump to end of script and exit. */
-+				goto discard_line;
- 			}
--			/* fall through */
-+			free(pattern_space);
-+			pattern_space = next_line;
-+			last_gets_char = next_gets_char;
-+			next_line = get_next_line(&next_gets_char, &last_puts_char, last_gets_char);
-+			substituted = 0;
-+			linenum++;
-+			break;
- 
- 		/* Quit.  End of script, end of input. */
- 		case 'q':
-diff --git a/testsuite/sed.tests b/testsuite/sed.tests
-index 34479e5..96ff7a5 100755
---- a/testsuite/sed.tests
-+++ b/testsuite/sed.tests
-@@ -73,13 +73,9 @@ testing "sed t (test/branch clears test bit)" "sed -e 's/a/b/;:loop;t loop'" \
- testing "sed T (!test/branch)" "sed -e 's/a/1/;T notone;p;: notone;p'" \
- 	"1\n1\n1\nb\nb\nc\nc\n" "" "a\nb\nc\n"
- 
--test x"$SKIP_KNOWN_BUGS" = x"" && {
--# Normal sed end-of-script doesn't print "c" because n flushed the pattern
--# space.  If n hits EOF, pattern space is empty when script ends.
--# Query: how does this interact with no newline at EOF?
- testing "sed n (flushes pattern space, terminates early)" "sed -e 'n;p'" \
- 	"a\nb\nb\nc\n" "" "a\nb\nc\n"
--}
-+
- # non-GNU sed: N does _not_ flush pattern space, therefore c is eaten @ script end
- # GNU sed: N flushes pattern space, therefore c is printed too @ script end
- testing "sed N (flushes pattern space (GNU behavior))" "sed -e 'N;p'" \
--- 
-2.8.1
-
diff --git a/meta/recipes-core/busybox/busybox/BUG9071_buffer_overflow_arp.patch b/meta/recipes-core/busybox/busybox/BUG9071_buffer_overflow_arp.patch
deleted file mode 100644
index 828694cbb9..0000000000
--- a/meta/recipes-core/busybox/busybox/BUG9071_buffer_overflow_arp.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-busybox1.24.1: Fix busybox - (local) cmdline stack buffer overwrite 
-
-[No upstream tracking] -- https://bugs.busybox.net/show_bug.cgi?id=9071
-
-busybox - (local) cmdline stack buffer overwrite 
-
-Busybox provides an `arp` applet which is missing an array bounds check for 
-command-line parameter `IFNAME`. It is therefore vulnerable to a command-line 
-based local stack buffer overwrite effectively allowing local users to write 
-past a 16 bytes fixed stack buffer. This leads to two scenarios, one (A) where 
-an IOCTL for GET_HW_ADDRESS (`SIOCGIFHWADDR`) fails and results in a corrupted 
-`va_list` being passed to `*printf()` and one (B) where an attacker might provide 
-valid params for the IOCTL and trick the program to proceed and result in a 
-`RET eip overwrite` eventually gaining code execution.
-
-Upstream-Status: Backport [https://git.busybox.net/busybox/commit/networking/arp.c?id=88e2b1cb626761b1924305b761a5dfc723613c4e]
-BUG: BUG9071
-Signed-off-by: Martin Balik <martin.balik@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
---
-
-diff --git a/networking/arp.c b/networking/arp.c
-index 0099aa5..87eb327 100644
---- a/networking/arp.c
-+++ b/networking/arp.c
-@@ -176,7 +176,7 @@ static int arp_del(char **args)
- 	if (flags == 0)
- 		flags = 3;
- 
--	strncpy(req.arp_dev, device, sizeof(req.arp_dev));
-+	strncpy_IFNAMSIZ(req.arp_dev, device);
- 
- 	err = -1;
- 
-@@ -217,7 +217,7 @@ static void arp_getdevhw(char *ifname, struct sockaddr *sa)
- 	struct ifreq ifr;
- 	const struct hwtype *xhw;
- 
--	strcpy(ifr.ifr_name, ifname);
-+	strncpy_IFNAMSIZ(ifr.ifr_name, ifname);
- 	ioctl_or_perror_and_die(sockfd, SIOCGIFHWADDR, &ifr,
- 					"can't get HW-Address for '%s'", ifname);
- 	if (hw_set && (ifr.ifr_hwaddr.sa_family != hw->type)) {
-@@ -330,7 +330,7 @@ static int arp_set(char **args)
- 	/* Fill in the remainder of the request. */
- 	req.arp_flags = flags;
- 
--	strncpy(req.arp_dev, device, sizeof(req.arp_dev));
-+	strncpy_IFNAMSIZ(req.arp_dev, device);
- 
- 	/* Call the kernel. */
- 	if (option_mask32 & ARP_OPT_v)
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-2147.patch b/meta/recipes-core/busybox/busybox/CVE-2016-2147.patch
deleted file mode 100644
index 84cae6aa2c..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2016-2147.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From d474ffc68290e0a83651c4432eeabfa62cd51e87 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Thu, 10 Mar 2016 11:47:58 +0100
-Subject: [PATCH] udhcp: fix a SEGV on malformed RFC1035-encoded domain name
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2147
-
-https://git.busybox.net/busybox/commit/?id=d474ffc
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- networking/udhcp/domain_codec.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-Index: busybox-1.23.2/networking/udhcp/domain_codec.c
-===================================================================
---- busybox-1.23.2.orig/networking/udhcp/domain_codec.c
-+++ busybox-1.23.2/networking/udhcp/domain_codec.c
-@@ -63,11 +63,10 @@ char* FAST_FUNC dname_dec(const uint8_t
- 				if (crtpos + *c + 1 > clen) /* label too long? abort */
- 					return NULL;
- 				if (dst)
--					memcpy(dst + len, c + 1, *c);
-+					/* \3com ---> "com." */
-+					((char*)mempcpy(dst + len, c + 1, *c))[0] = '.';
- 				len += *c + 1;
- 				crtpos += *c + 1;
--				if (dst)
--					dst[len - 1] = '.';
- 			} else {
- 				/* NUL: end of current domain name */
- 				if (retpos == 0) {
-@@ -78,7 +77,10 @@ char* FAST_FUNC dname_dec(const uint8_t
- 					crtpos = retpos;
- 					retpos = depth = 0;
- 				}
--				if (dst)
-+				if (dst && len != 0)
-+					/* \4host\3com\0\4host and we are at \0:
-+					 * \3com was converted to "com.", change dot to space.
-+					 */
- 					dst[len - 1] = ' ';
- 			}
- 
-@@ -228,6 +230,9 @@ int main(int argc, char **argv)
- 	int len;
- 	uint8_t *encoded;
- 
-+        uint8_t str[6] = { 0x00, 0x00, 0x02, 0x65, 0x65, 0x00 };
-+        printf("NUL:'%s'\n",   dname_dec(str, 6, ""));
-+
- #define DNAME_DEC(encoded,pre) dname_dec((uint8_t*)(encoded), sizeof(encoded), (pre))
- 	printf("'%s'\n",       DNAME_DEC("\4host\3com\0", "test1:"));
- 	printf("test2:'%s'\n", DNAME_DEC("\4host\3com\0\4host\3com\0", ""));
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-2147_2.patch b/meta/recipes-core/busybox/busybox/CVE-2016-2147_2.patch
deleted file mode 100644
index b8349c04a9..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2016-2147_2.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 1b7c17391de66502dd7a97c866e0a33681edbb1f Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Fri, 11 Mar 2016 00:26:58 +0100
-Subject: [PATCH] udhcpc: fix a warning in debug code
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Upstream-Status: Backport
-CVE: CVE-2016-2147 regression fix
-
-https://git.busybox.net/busybox/commit/?id=1b7c17
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- networking/udhcp/domain_codec.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/networking/udhcp/domain_codec.c b/networking/udhcp/domain_codec.c
-index cee31f1..5a923cc 100644
---- a/networking/udhcp/domain_codec.c
-+++ b/networking/udhcp/domain_codec.c
-@@ -7,6 +7,7 @@
-  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
-  */
- #ifdef DNS_COMPR_TESTING
-+# define _GNU_SOURCE
- # define FAST_FUNC /* nothing */
- # define xmalloc malloc
- # include <stdlib.h>
--- 
-2.3.5
-
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-2148.patch b/meta/recipes-core/busybox/busybox/CVE-2016-2148.patch
deleted file mode 100644
index af04a7f5bd..0000000000
--- a/meta/recipes-core/busybox/busybox/CVE-2016-2148.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 352f79acbd759c14399e39baef21fc4ffe180ac2 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Fri, 26 Feb 2016 15:54:56 +0100
-Subject: [PATCH] udhcpc: fix OPTION_6RD parsing (could overflow its malloced
- buffer)
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-
-Upstream-Status: Backport
-CVE: CVE-2016-2148
-https://git.busybox.net/busybox/commit/?id=352f79
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- networking/ud