diff --git a/backport-CVE-2022-28391.patch b/backport-CVE-2022-28391.patch index 0e400c2..1396554 100644 --- a/backport-CVE-2022-28391.patch +++ b/backport-CVE-2022-28391.patch @@ -1,23 +1,23 @@ -From 547745e674728aab32291bd13945d2d134054ffc Mon Sep 17 00:00:00 2001 -From: jikui -Date: Tue, 19 Apr 2022 10:45:22 +0800 -Subject: [PATCH] busybox: fix CVE-2022-28391 +From 3de4e00dcc3f6223b01b418507f34e064eb437a7 Mon Sep 17 00:00:00 2001 +From: songbuhuang <544824346@qq.com> +Date: Tue, 25 Jul 2023 15:42:43 +0800 +Subject: [PATCH] fix CVE-2022-28391 backport from upstream: https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch -Signed-off-by: jikui +Signed-off-by: songbuhuang <544824346@qq.com> --- libbb/xconnect.c | 5 +++-- networking/nslookup.c | 10 +++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/libbb/xconnect.c b/libbb/xconnect.c -index 5dd9cfd..264b987 100644 +index 0e0b247..692a93b 100644 --- a/libbb/xconnect.c +++ b/libbb/xconnect.c -@@ -505,12 +505,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) +@@ -497,12 +497,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) ); if (rc) return NULL; @@ -34,10 +34,10 @@ index 5dd9cfd..264b987 100644 /* - fall through instead */ } diff --git a/networking/nslookup.c b/networking/nslookup.c -index de7b5c0..0ba4adc 100644 +index 6da97ba..4bdcde1 100644 --- a/networking/nslookup.c +++ b/networking/nslookup.c -@@ -407,7 +407,7 @@ static int parse_reply(const unsigned char *msg, size_t len) +@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) //printf("Unable to uncompress domain: %s\n", strerror(errno)); return -1; } @@ -46,7 +46,7 @@ index de7b5c0..0ba4adc 100644 break; case ns_t_mx: -@@ -422,7 +422,7 @@ static int parse_reply(const unsigned char *msg, size_t len) +@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) //printf("Cannot uncompress MX domain: %s\n", strerror(errno)); return -1; } @@ -55,7 +55,7 @@ index de7b5c0..0ba4adc 100644 break; case ns_t_txt: -@@ -434,7 +434,7 @@ static int parse_reply(const unsigned char *msg, size_t len) +@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) if (n > 0) { memset(dname, 0, sizeof(dname)); memcpy(dname, ns_rr_rdata(rr) + 1, n); @@ -64,7 +64,7 @@ index de7b5c0..0ba4adc 100644 } break; -@@ -454,7 +454,7 @@ static int parse_reply(const unsigned char *msg, size_t len) +@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) } printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr), @@ -73,7 +73,7 @@ index de7b5c0..0ba4adc 100644 break; case ns_t_soa: -@@ -483,7 +483,7 @@ static int parse_reply(const unsigned char *msg, size_t len) +@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) return -1; } @@ -83,5 +83,5 @@ index de7b5c0..0ba4adc 100644 printf("\tserial = %lu\n", ns_get32(cp)); -- -2.17.1 +2.25.1 diff --git a/backport-CVE-2022-30065.patch b/backport-CVE-2022-30065.patch deleted file mode 100644 index 1b48091..0000000 --- a/backport-CVE-2022-30065.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 111ae0c7f21dc600a2d2afcbecc69d73036a163f Mon Sep 17 00:00:00 2001 -From: jackey_1024 -Date: Fri, 19 Aug 2022 16:15:59 +0800 -Subject: [PATCH] busybox: fix CVE-2022-30065 - -backport from upstream: -https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e - -Signed-off-by: jackey_1024 ---- - editors/awk.c | 3 +++ - testsuite/awk.tests | 6 ++++++ - 2 files changed, 9 insertions(+) - -diff --git a/editors/awk.c b/editors/awk.c -index f6314ac..6a5846e 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res) - - case XC( OC_MOVE ): - debug_printf_eval("MOVE\n"); -+ /* make sure that we never return a temp var */ -+ if (L.v == TMPVAR0) -+ L.v = res; - /* if source is a temporary string, jusk relink it to dest */ - if (R.v == TMPVAR1 - && !(R.v->type & VF_NUMBER) -diff --git a/testsuite/awk.tests b/testsuite/awk.tests -index bcaafe8..156aa65 100755 ---- a/testsuite/awk.tests -+++ b/testsuite/awk.tests -@@ -469,4 +469,10 @@ testing 'awk printf %% prints one %' \ - "%\n" \ - '' '' - -+testing 'awk assign while test' \ -+ "awk '\$1==\$1=\"foo\" {print \$1}'" \ -+ "foo\n" \ -+ "" \ -+ "foo" -+ - exit $FAILCOUNT --- -2.25.1 - diff --git a/backport-fix-use-after-free-in-bc-module.patch b/backport-fix-use-after-free-in-bc-module.patch deleted file mode 100644 index 1979742..0000000 --- a/backport-fix-use-after-free-in-bc-module.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 907e1b3a22a8092461176af45468c5b1b9bf6cc0 Mon Sep 17 00:00:00 2001 -From: jackey_1024 -Date: Fri, 28 Oct 2022 09:45:08 +0800 -Subject: [PATCH] busybox: fix use after free in bc module - -backport from upstream: -https://git.busybox.net/busybox/commit/?id=41d5f800a14769704082f7faeabb8435285499be - -Signed-off-by: jackey_1024 ---- - miscutils/bc.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/miscutils/bc.c b/miscutils/bc.c -index f9b08b0..4363585 100644 ---- a/miscutils/bc.c -+++ b/miscutils/bc.c -@@ -2892,6 +2892,8 @@ static char peek_inbuf(void) - ) { - xc_read_line(&G.input_buffer, G.prs.lex_input_fp); - G.prs.lex_inbuf = G.input_buffer.v; -+ // lex_next_at may point to now-freed data, update it: -+ G.prs.lex_next_at = G.prs.lex_inbuf; - if (G.input_buffer.len <= 1) // on EOF, len is 1 (NUL byte) - G.prs.lex_input_fp = NULL; - } --- -2.25.1 - diff --git a/backport-generalize-const-trick.patch b/backport-generalize-const-trick.patch deleted file mode 100644 index b837a2e..0000000 --- a/backport-generalize-const-trick.patch +++ /dev/null @@ -1,212 +0,0 @@ -commit 1f925038ab9c6bd8f6b3cd40ed7aab0ef10d898e -Author: YU Jincheng -Date: Wed Sep 29 17:37:26 2021 +0800 - - *: generalize "const trick" - - While at it, change all "__asm__" to "asm" - - Co-authored-by: canyie <31466456+canyie@users.noreply.github.com> - Signed-off-by: YU Jincheng - Signed-off-by: Denys Vlasenko - -diff --git a/coreutils/test.c b/coreutils/test.c -index 7c65743..fc95672 100644 ---- a/coreutils/test.c -+++ b/coreutils/test.c -@@ -435,7 +435,7 @@ struct test_statics { - }; - - /* See test_ptr_hack.c */ --extern struct test_statics *const test_ptr_to_statics; -+extern struct test_statics *BB_GLOBAL_CONST test_ptr_to_statics; - - #define S (*test_ptr_to_statics) - #define args (S.args ) -@@ -446,8 +446,7 @@ extern struct test_statics *const test_ptr_to_statics; - #define leaving (S.leaving ) - - #define INIT_S() do { \ -- (*(struct test_statics**)not_const_pp(&test_ptr_to_statics)) = xzalloc(sizeof(S)); \ -- barrier(); \ -+ ASSIGN_CONST_PTR(test_ptr_to_statics, xzalloc(sizeof(S))); \ - } while (0) - #define DEINIT_S() do { \ - free(group_array); \ -diff --git a/include/libbb.h b/include/libbb.h -index dfcaa05..02cc008 100644 ---- a/include/libbb.h -+++ b/include/libbb.h -@@ -365,13 +365,27 @@ struct BUG_off_t_size_is_misdetected { - #endif - #endif - -+/* We use a trick to have more optimized code (fewer pointer reloads -+ * and reduced binary size by a few kilobytes) like: -+ * ash.c: extern struct globals *const ash_ptr_to_globals; -+ * ash_ptr_hack.c: struct globals *ash_ptr_to_globals; -+ * This way, compiler in ash.c knows the pointer can not change. -+ * -+ * However, this may break on weird arches or toolchains. In this case, -+ * set "-DBB_GLOBAL_CONST=''" in CONFIG_EXTRA_CFLAGS to disable -+ * this optimization. -+ */ -+#ifndef BB_GLOBAL_CONST -+# define BB_GLOBAL_CONST const -+#endif -+ - #if defined(errno) - /* If errno is a define, assume it's "define errno (*__errno_location())" - * and we will cache it's result in this variable */ --extern int *const bb_errno; --#undef errno --#define errno (*bb_errno) --#define bb_cached_errno_ptr 1 -+extern int *BB_GLOBAL_CONST bb_errno; -+# undef errno -+# define errno (*bb_errno) -+# define bb_cached_errno_ptr 1 - #endif - - #if !(ULONG_MAX > 0xffffffff) -@@ -2270,6 +2284,8 @@ struct globals; - * If you want to assign a value, use SET_PTR_TO_GLOBALS(x) */ - extern struct globals *const ptr_to_globals; - -+#define barrier() asm volatile ("":::"memory") -+ - #if defined(__clang_major__) && __clang_major__ >= 9 - /* Clang/llvm drops assignment to "constant" storage. Silently. - * Needs serious convincing to not eliminate the store. -@@ -2277,7 +2293,7 @@ extern struct globals *const ptr_to_globals; - static ALWAYS_INLINE void* not_const_pp(const void *p) - { - void *pp; -- __asm__ __volatile__( -+ asm volatile ( - "# forget that p points to const" - : /*outputs*/ "=r" (pp) - : /*inputs*/ "0" (p) -@@ -2288,13 +2304,13 @@ static ALWAYS_INLINE void* not_const_pp(const void *p) - static ALWAYS_INLINE void* not_const_pp(const void *p) { return (void*)p; } - #endif - --/* At least gcc 3.4.6 on mipsel system needs optimization barrier */ --#define barrier() __asm__ __volatile__("":::"memory") --#define SET_PTR_TO_GLOBALS(x) do { \ -- (*(struct globals**)not_const_pp(&ptr_to_globals)) = (void*)(x); \ -+#define ASSIGN_CONST_PTR(p, v) do { \ -+ *(void**)not_const_pp(&p) = (void*)(v); \ -+ /* At least gcc 3.4.6 on mipsel needs optimization barrier */ \ - barrier(); \ - } while (0) - -+#define SET_PTR_TO_GLOBALS(x) ASSIGN_CONST_PTR(ptr_to_globals, x) - #define FREE_PTR_TO_GLOBALS() do { \ - if (ENABLE_FEATURE_CLEAN_UP) { \ - free(ptr_to_globals); \ -diff --git a/libbb/appletlib.c b/libbb/appletlib.c -index 5c5d7eb..bf26c99 100644 ---- a/libbb/appletlib.c -+++ b/libbb/appletlib.c -@@ -247,8 +247,7 @@ void lbb_prepare(const char *applet - IF_FEATURE_INDIVIDUAL(, char **argv)) - { - #ifdef bb_cached_errno_ptr -- (*(int **)not_const_pp(&bb_errno)) = get_perrno(); -- barrier(); -+ ASSIGN_CONST_PTR(bb_errno, get_perrno()); - #endif - applet_name = applet; - -diff --git a/libbb/lineedit.c b/libbb/lineedit.c -index a7a3ee1..3c87abc 100644 ---- a/libbb/lineedit.c -+++ b/libbb/lineedit.c -@@ -192,7 +192,7 @@ struct lineedit_statics { - }; - - /* See lineedit_ptr_hack.c */ --extern struct lineedit_statics *const lineedit_ptr_to_statics; -+extern struct lineedit_statics *BB_GLOBAL_CONST lineedit_ptr_to_statics; - - #define S (*lineedit_ptr_to_statics) - #define state (S.state ) -@@ -214,8 +214,7 @@ extern struct lineedit_statics *const lineedit_ptr_to_statics; - #define delbuf (S.delbuf ) - - #define INIT_S() do { \ -- (*(struct lineedit_statics**)not_const_pp(&lineedit_ptr_to_statics)) = xzalloc(sizeof(S)); \ -- barrier(); \ -+ ASSIGN_CONST_PTR(lineedit_ptr_to_statics, xzalloc(sizeof(S))); \ - } while (0) - - static void deinit_S(void) -diff --git a/procps/powertop.c b/procps/powertop.c -index fc6018b..24c2b32 100644 ---- a/procps/powertop.c -+++ b/procps/powertop.c -@@ -505,7 +505,7 @@ static void cpuid(unsigned int *eax, unsigned int *ebx, unsigned int *ecx, - unsigned int *edx) - { - /* EAX value specifies what information to return */ -- __asm__( -+ asm ( - " pushl %%ebx\n" /* Save EBX */ - " cpuid\n" - " movl %%ebx, %1\n" /* Save content of EBX */ -diff --git a/shell/ash.c b/shell/ash.c -index 4bf0615..7b85981 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -303,20 +303,6 @@ typedef long arith_t; - # error "Do not even bother, ash will not run on NOMMU machine" - #endif - --/* We use a trick to have more optimized code (fewer pointer reloads): -- * ash.c: extern struct globals *const ash_ptr_to_globals; -- * ash_ptr_hack.c: struct globals *ash_ptr_to_globals; -- * This way, compiler in ash.c knows the pointer can not change. -- * -- * However, this may break on weird arches or toolchains. In this case, -- * set "-DBB_GLOBAL_CONST=''" in CONFIG_EXTRA_CFLAGS to disable -- * this optimization. -- */ --#ifndef BB_GLOBAL_CONST --# define BB_GLOBAL_CONST const --#endif -- -- - /* ============ Hash table sizes. Configurable. */ - - #define VTABSIZE 39 -@@ -518,8 +504,7 @@ extern struct globals_misc *BB_GLOBAL_CONST ash_ptr_to_globals_misc; - #define random_gen (G_misc.random_gen ) - #define backgndpid (G_misc.backgndpid ) - #define INIT_G_misc() do { \ -- (*(struct globals_misc**)not_const_pp(&ash_ptr_to_globals_misc)) = xzalloc(sizeof(G_misc)); \ -- barrier(); \ -+ ASSIGN_CONST_PTR(ash_ptr_to_globals_misc, xzalloc(sizeof(G_misc))); \ - savestatus = -1; \ - curdir = nullstr; \ - physdir = nullstr; \ -@@ -1597,8 +1582,7 @@ extern struct globals_memstack *BB_GLOBAL_CONST ash_ptr_to_globals_memstack; - #define g_stacknleft (G_memstack.g_stacknleft) - #define stackbase (G_memstack.stackbase ) - #define INIT_G_memstack() do { \ -- (*(struct globals_memstack**)not_const_pp(&ash_ptr_to_globals_memstack)) = xzalloc(sizeof(G_memstack)); \ -- barrier(); \ -+ ASSIGN_CONST_PTR(ash_ptr_to_globals_memstack, xzalloc(sizeof(G_memstack))); \ - g_stackp = &stackbase; \ - g_stacknxt = stackbase.space; \ - g_stacknleft = MINSIZE; \ -@@ -2229,8 +2213,7 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var; - #endif - #define INIT_G_var() do { \ - unsigned i; \ -- (*(struct globals_var**)not_const_pp(&ash_ptr_to_globals_var)) = xzalloc(sizeof(G_var)); \ -- barrier(); \ -+ ASSIGN_CONST_PTR(ash_ptr_to_globals_var, xzalloc(sizeof(G_var))); \ - for (i = 0; i < ARRAY_SIZE(varinit_data); i++) { \ - varinit[i].flags = varinit_data[i].flags; \ - varinit[i].var_text = varinit_data[i].var_text; \ diff --git a/busybox-1.34.1.tar.bz2 b/busybox-1.34.1.tar.bz2 deleted file mode 100644 index 5f08f77..0000000 Binary files a/busybox-1.34.1.tar.bz2 and /dev/null differ diff --git a/busybox-1.36.1.tar.bz2 b/busybox-1.36.1.tar.bz2 new file mode 100644 index 0000000..529defd Binary files /dev/null and b/busybox-1.36.1.tar.bz2 differ diff --git a/busybox.spec b/busybox.spec index 7cc53e2..41d6f26 100644 --- a/busybox.spec +++ b/busybox.spec @@ -1,10 +1,10 @@ #spec file for busybox %if "%{!?VERSION:1}" -%define VERSION 1.34.1 +%define VERSION 1.36.1 %endif %if "%{!?RELEASE:1}" -%define RELEASE 19 +%define RELEASE 1 %endif Epoch: 1 @@ -21,9 +21,6 @@ Source2: busybox-petitboot.config Source3: busybox-dynamic.config Patch6000: backport-CVE-2022-28391.patch -Patch6001: backport-CVE-2022-30065.patch -Patch6002: backport-fix-use-after-free-in-bc-module.patch -Patch6003: backport-generalize-const-trick.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -99,6 +96,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Tue Jul 25 2023 huangsong - 1:1.36.1-1 +- Type:enhancement +- Id:NA +- SUG:NA +- DESC:update busybox to 1.36.1 + * Fri Dec 16 2022 cf_zhao - 1:1.34.1-19 - Backport generalize "const trick" which commited in 1f925038ab9c6bd8f6b3cd40ed7aab0ef10d898e