packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 1.36.1

Browse Source 
Signed-off-by: songbuhuang <544824346@qq.com>
This commit is contained in:
songbuhuang 2023-07-25 16:12:32 +08:00
parent 39854ec222
commit 2b94acb8ae
7 changed files with 22 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-CVE-2022-28391.patch
View File

@ -1,23 +1,23 @@
From 547745e674728aab32291bd13945d2d134054ffc Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Tue, 19 Apr 2022 10:45:22 +0800
Subject: [PATCH] busybox: fix CVE-2022-28391
From 3de4e00dcc3f6223b01b418507f34e064eb437a7 Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Tue, 25 Jul 2023 15:42:43 +0800
Subject: [PATCH] fix CVE-2022-28391
backport from upstream:
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
Signed-off-by: jikui <jikui2@huawei.com>
Signed-off-by: songbuhuang <544824346@qq.com>
---
libbb/xconnect.c | 5 +++--
networking/nslookup.c | 10 +++++-----
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/libbb/xconnect.c b/libbb/xconnect.c
index 5dd9cfd..264b987 100644
index 0e0b247..692a93b 100644
--- a/libbb/xconnect.c
+++ b/libbb/xconnect.c
@@ -505,12 +505,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
@@ -497,12 +497,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
);
if (rc)
return NULL;
@ -34,10 +34,10 @@ index 5dd9cfd..264b987 100644
/* - fall through instead */
}
diff --git a/networking/nslookup.c b/networking/nslookup.c
index de7b5c0..0ba4adc 100644
index 6da97ba..4bdcde1 100644
--- a/networking/nslookup.c
+++ b/networking/nslookup.c
@@ -407,7 +407,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
//printf("Unable to uncompress domain: %s\n", strerror(errno));
return -1;
}
@ -46,7 +46,7 @@ index de7b5c0..0ba4adc 100644
break;
case ns_t_mx:
@@ -422,7 +422,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
return -1;
}
@ -55,7 +55,7 @@ index de7b5c0..0ba4adc 100644
break;
case ns_t_txt:
@@ -434,7 +434,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
if (n > 0) {
memset(dname, 0, sizeof(dname));
memcpy(dname, ns_rr_rdata(rr) + 1, n);
@ -64,7 +64,7 @@ index de7b5c0..0ba4adc 100644
}
break;
@@ -454,7 +454,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
}
printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
@ -73,7 +73,7 @@ index de7b5c0..0ba4adc 100644
break;
case ns_t_soa:
@@ -483,7 +483,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
return -1;
}
@ -83,5 +83,5 @@ index de7b5c0..0ba4adc 100644
printf("\tserial = %lu\n", ns_get32(cp));
--
2.17.1
2.25.1

46
backport-CVE-2022-30065.patch
View File

@ -1,46 +0,0 @@
From 111ae0c7f21dc600a2d2afcbecc69d73036a163f Mon Sep 17 00:00:00 2001
From: jackey_1024 <jikui2@huawei.com>
Date: Fri, 19 Aug 2022 16:15:59 +0800
Subject: [PATCH] busybox: fix CVE-2022-30065
backport from upstream:
https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e
Signed-off-by: jackey_1024 <jikui2@huawei.com>
---
editors/awk.c | 3 +++
testsuite/awk.tests | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/editors/awk.c b/editors/awk.c
index f6314ac..6a5846e 100644
--- a/editors/awk.c
+++ b/editors/awk.c
@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
case XC( OC_MOVE ):
debug_printf_eval("MOVE\n");
+ /* make sure that we never return a temp var */
+ if (L.v == TMPVAR0)
+ L.v = res;
/* if source is a temporary string, jusk relink it to dest */
if (R.v == TMPVAR1
&& !(R.v->type & VF_NUMBER)
diff --git a/testsuite/awk.tests b/testsuite/awk.tests
index bcaafe8..156aa65 100755
--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
@@ -469,4 +469,10 @@ testing 'awk printf %% prints one %' \
"%\n" \
'' ''
+testing 'awk assign while test' \
+ "awk '\$1==\$1=\"foo\" {print \$1}'" \
+ "foo\n" \
+ "" \
+ "foo"
+
exit $FAILCOUNT
--
2.25.1

29
backport-fix-use-after-free-in-bc-module.patch
View File

@ -1,29 +0,0 @@
From 907e1b3a22a8092461176af45468c5b1b9bf6cc0 Mon Sep 17 00:00:00 2001
From: jackey_1024 <jikui2@huawei.com>
Date: Fri, 28 Oct 2022 09:45:08 +0800
Subject: [PATCH] busybox: fix use after free in bc module
backport from upstream:
https://git.busybox.net/busybox/commit/?id=41d5f800a14769704082f7faeabb8435285499be
Signed-off-by: jackey_1024 <jikui2@huawei.com>
---
miscutils/bc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/miscutils/bc.c b/miscutils/bc.c
index f9b08b0..4363585 100644
--- a/miscutils/bc.c
+++ b/miscutils/bc.c
@@ -2892,6 +2892,8 @@ static char peek_inbuf(void)
) {
xc_read_line(&G.input_buffer, G.prs.lex_input_fp);
G.prs.lex_inbuf = G.input_buffer.v;
+ // lex_next_at may point to now-freed data, update it:
+ G.prs.lex_next_at = G.prs.lex_inbuf;
if (G.input_buffer.len <= 1) // on EOF, len is 1 (NUL byte)
G.prs.lex_input_fp = NULL;
}
--
2.25.1

212
backport-generalize-const-trick.patch
View File

@ -1,212 +0,0 @@
commit 1f925038ab9c6bd8f6b3cd40ed7aab0ef10d898e
Author: YU Jincheng <shana@zju.edu.cn>
Date: Wed Sep 29 17:37:26 2021 +0800
*: generalize "const trick"
While at it, change all "__asm__" to "asm"
Co-authored-by: canyie <31466456+canyie@users.noreply.github.com>
Signed-off-by: YU Jincheng <shana@zju.edu.cn>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
diff --git a/coreutils/test.c b/coreutils/test.c
index 7c65743..fc95672 100644
--- a/coreutils/test.c
+++ b/coreutils/test.c
@@ -435,7 +435,7 @@ struct test_statics {
};
/* See test_ptr_hack.c */
-extern struct test_statics *const test_ptr_to_statics;
+extern struct test_statics *BB_GLOBAL_CONST test_ptr_to_statics;
#define S (*test_ptr_to_statics)
#define args (S.args )
@@ -446,8 +446,7 @@ extern struct test_statics *const test_ptr_to_statics;
#define leaving (S.leaving )
#define INIT_S() do { \
- (*(struct test_statics**)not_const_pp(&test_ptr_to_statics)) = xzalloc(sizeof(S)); \
- barrier(); \
+ ASSIGN_CONST_PTR(test_ptr_to_statics, xzalloc(sizeof(S))); \
} while (0)
#define DEINIT_S() do { \
free(group_array); \
diff --git a/include/libbb.h b/include/libbb.h
index dfcaa05..02cc008 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -365,13 +365,27 @@ struct BUG_off_t_size_is_misdetected {
#endif
#endif
+/* We use a trick to have more optimized code (fewer pointer reloads
+ * and reduced binary size by a few kilobytes) like:
+ * ash.c: extern struct globals *const ash_ptr_to_globals;
+ * ash_ptr_hack.c: struct globals *ash_ptr_to_globals;
+ * This way, compiler in ash.c knows the pointer can not change.
+ *
+ * However, this may break on weird arches or toolchains. In this case,
+ * set "-DBB_GLOBAL_CONST=''" in CONFIG_EXTRA_CFLAGS to disable
+ * this optimization.
+ */
+#ifndef BB_GLOBAL_CONST
+# define BB_GLOBAL_CONST const
+#endif
+
#if defined(errno)
/* If errno is a define, assume it's "define errno (*__errno_location())"
* and we will cache it's result in this variable */
-extern int *const bb_errno;
-#undef errno
-#define errno (*bb_errno)
-#define bb_cached_errno_ptr 1
+extern int *BB_GLOBAL_CONST bb_errno;
+# undef errno
+# define errno (*bb_errno)
+# define bb_cached_errno_ptr 1
#endif
#if !(ULONG_MAX > 0xffffffff)
@@ -2270,6 +2284,8 @@ struct globals;
* If you want to assign a value, use SET_PTR_TO_GLOBALS(x) */
extern struct globals *const ptr_to_globals;
+#define barrier() asm volatile ("":::"memory")
+
#if defined(__clang_major__) && __clang_major__ >= 9
/* Clang/llvm drops assignment to "constant" storage. Silently.
* Needs serious convincing to not eliminate the store.
@@ -2277,7 +2293,7 @@ extern struct globals *const ptr_to_globals;
static ALWAYS_INLINE void* not_const_pp(const void *p)
{
void *pp;
- __asm__ __volatile__(
+ asm volatile (
"# forget that p points to const"
: /*outputs*/ "=r" (pp)
: /*inputs*/ "0" (p)
@@ -2288,13 +2304,13 @@ static ALWAYS_INLINE void* not_const_pp(const void *p)
static ALWAYS_INLINE void* not_const_pp(const void *p) { return (void*)p; }
#endif
-/* At least gcc 3.4.6 on mipsel system needs optimization barrier */
-#define barrier() __asm__ __volatile__("":::"memory")
-#define SET_PTR_TO_GLOBALS(x) do { \
- (*(struct globals**)not_const_pp(&ptr_to_globals)) = (void*)(x); \
+#define ASSIGN_CONST_PTR(p, v) do { \
+ *(void**)not_const_pp(&p) = (void*)(v); \
+ /* At least gcc 3.4.6 on mipsel needs optimization barrier */ \
barrier(); \
} while (0)
+#define SET_PTR_TO_GLOBALS(x) ASSIGN_CONST_PTR(ptr_to_globals, x)
#define FREE_PTR_TO_GLOBALS() do { \
if (ENABLE_FEATURE_CLEAN_UP) { \
free(ptr_to_globals); \
diff --git a/libbb/appletlib.c b/libbb/appletlib.c
index 5c5d7eb..bf26c99 100644
--- a/libbb/appletlib.c
+++ b/libbb/appletlib.c
@@ -247,8 +247,7 @@ void lbb_prepare(const char *applet
IF_FEATURE_INDIVIDUAL(, char **argv))
{
#ifdef bb_cached_errno_ptr
- (*(int **)not_const_pp(&bb_errno)) = get_perrno();
- barrier();
+ ASSIGN_CONST_PTR(bb_errno, get_perrno());
#endif
applet_name = applet;
diff --git a/libbb/lineedit.c b/libbb/lineedit.c
index a7a3ee1..3c87abc 100644
--- a/libbb/lineedit.c
+++ b/libbb/lineedit.c
@@ -192,7 +192,7 @@ struct lineedit_statics {
};
/* See lineedit_ptr_hack.c */
-extern struct lineedit_statics *const lineedit_ptr_to_statics;
+extern struct lineedit_statics *BB_GLOBAL_CONST lineedit_ptr_to_statics;
#define S (*lineedit_ptr_to_statics)
#define state (S.state )
@@ -214,8 +214,7 @@ extern struct lineedit_statics *const lineedit_ptr_to_statics;
#define delbuf (S.delbuf )
#define INIT_S() do { \
- (*(struct lineedit_statics**)not_const_pp(&lineedit_ptr_to_statics)) = xzalloc(sizeof(S)); \
- barrier(); \
+ ASSIGN_CONST_PTR(lineedit_ptr_to_statics, xzalloc(sizeof(S))); \
} while (0)
static void deinit_S(void)
diff --git a/procps/powertop.c b/procps/powertop.c
index fc6018b..24c2b32 100644
--- a/procps/powertop.c
+++ b/procps/powertop.c
@@ -505,7 +505,7 @@ static void cpuid(unsigned int *eax, unsigned int *ebx, unsigned int *ecx,
unsigned int *edx)
{
/* EAX value specifies what information to return */
- __asm__(
+ asm (
" pushl %%ebx\n" /* Save EBX */
" cpuid\n"
" movl %%ebx, %1\n" /* Save content of EBX */
diff --git a/shell/ash.c b/shell/ash.c
index 4bf0615..7b85981 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -303,20 +303,6 @@ typedef long arith_t;
# error "Do not even bother, ash will not run on NOMMU machine"
#endif
-/* We use a trick to have more optimized code (fewer pointer reloads):
- * ash.c: extern struct globals *const ash_ptr_to_globals;
- * ash_ptr_hack.c: struct globals *ash_ptr_to_globals;
- * This way, compiler in ash.c knows the pointer can not change.
- *
- * However, this may break on weird arches or toolchains. In this case,
- * set "-DBB_GLOBAL_CONST=''" in CONFIG_EXTRA_CFLAGS to disable
- * this optimization.
- */
-#ifndef BB_GLOBAL_CONST
-# define BB_GLOBAL_CONST const
-#endif
-
-
/* ============ Hash table sizes. Configurable. */
#define VTABSIZE 39
@@ -518,8 +504,7 @@ extern struct globals_misc *BB_GLOBAL_CONST ash_ptr_to_globals_misc;
#define random_gen (G_misc.random_gen )
#define backgndpid (G_misc.backgndpid )
#define INIT_G_misc() do { \
- (*(struct globals_misc**)not_const_pp(&ash_ptr_to_globals_misc)) = xzalloc(sizeof(G_misc)); \
- barrier(); \
+ ASSIGN_CONST_PTR(ash_ptr_to_globals_misc, xzalloc(sizeof(G_misc))); \
savestatus = -1; \
curdir = nullstr; \
physdir = nullstr; \
@@ -1597,8 +1582,7 @@ extern struct globals_memstack *BB_GLOBAL_CONST ash_ptr_to_globals_memstack;
#define g_stacknleft (G_memstack.g_stacknleft)
#define stackbase (G_memstack.stackbase )
#define INIT_G_memstack() do { \
- (*(struct globals_memstack**)not_const_pp(&ash_ptr_to_globals_memstack)) = xzalloc(sizeof(G_memstack)); \
- barrier(); \
+ ASSIGN_CONST_PTR(ash_ptr_to_globals_memstack, xzalloc(sizeof(G_memstack))); \
g_stackp = &stackbase; \
g_stacknxt = stackbase.space; \
g_stacknleft = MINSIZE; \
@@ -2229,8 +2213,7 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var;
#endif
#define INIT_G_var() do { \
unsigned i; \
- (*(struct globals_var**)not_const_pp(&ash_ptr_to_globals_var)) = xzalloc(sizeof(G_var)); \
- barrier(); \
+ ASSIGN_CONST_PTR(ash_ptr_to_globals_var, xzalloc(sizeof(G_var))); \
for (i = 0; i < ARRAY_SIZE(varinit_data); i++) { \
varinit[i].flags = varinit_data[i].flags; \
varinit[i].var_text = varinit_data[i].var_text; \

BIN
busybox-1.34.1.tar.bz2
View File

Binary file not shown.

BIN
busybox-1.36.1.tar.bz2 Normal file
View File

Binary file not shown.

13
busybox.spec
View File

@ -1,10 +1,10 @@
#spec file for busybox
%if "%{!?VERSION:1}"
%define VERSION 1.34.1
%define VERSION 1.36.1
%endif
%if "%{!?RELEASE:1}"
%define RELEASE 19
%define RELEASE 1
%endif
Epoch: 1
@ -21,9 +21,6 @@ Source2: busybox-petitboot.config
Source3: busybox-dynamic.config
Patch6000: backport-CVE-2022-28391.patch
Patch6001: backport-CVE-2022-30065.patch
Patch6002: backport-fix-use-after-free-in-bc-module.patch
Patch6003: backport-generalize-const-trick.patch
BuildRoot: %_topdir/BUILDROOT
#Dependency
@ -99,6 +96,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
%{_mandir}/man1/busybox.petitboot.1.gz
%changelog
* Tue Jul 25 2023 huangsong <huangsong14@huawei.com> - 1:1.36.1-1
- Type:enhancement
- Id:NA
- SUG:NA
- DESC:update busybox to 1.36.1
* Fri Dec 16 2022 cf_zhao <zhaochuanfeng@huawei.com> - 1:1.34.1-19
- Backport generalize "const trick" which commited in 1f925038ab9c6bd8f6b3cd40ed7aab0ef10d898e