packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!62 sync openEuler-22.03-LTS

Browse Source 
From: @jackey_1024 
Reviewed-by: @flyflyflypeng, @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-07-28 08:20:19 +00:00 committed by Gitee
commit 938f90ce65
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 115 additions and 7693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2021-42373.patch
View File

@ -1,29 +0,0 @@
From 6dc5bd57af2f5cc6b8c953d2b223d3b012b2400b Mon Sep 17 00:00:00 2001
From: xiechengliang <xiechengliang1@huawei.com>
Date: Fri, 19 Nov 2021 18:34:10 +0800
Subject: [PATCH] busybox: fix CVE-2021-42373
backport from upstream:
https://git.busybox.net/busybox/commit/?id=4d4fc5ca5ee4faae5dc4237f801d9527a3fb20cc
Signed-off-by: xiechengliang <xiechengliang1@huawei.com>
---
miscutils/man.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/miscutils/man.c b/miscutils/man.c
index 722f6641e..d319e8bba 100644
--- a/miscutils/man.c
+++ b/miscutils/man.c
@@ -324,7 +324,7 @@ int man_main(int argc UNUSED_PARAM, char **argv)
/* is 1st ARG a SECTION? */
sec_list = conf_sec_list;
- if (is_section_name(conf_sec_list, *argv)) {
+ if (is_section_name(conf_sec_list, *argv) && argv[1]) {
/* yes */
sec_list = *argv++;
}
--
2.27.0

59
backport-CVE-2021-42374.patch
View File

@ -1,59 +0,0 @@
From 479e2e47de5f2a9a3ecedda264976bde6945ce60 Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Mon, 22 Nov 2021 10:24:24 +0800
Subject: [PATCH] busybox: fix CVE-2021-42374
backport from upstream:
https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
Signed-off-by: jikui <jikui2@huawei.com>
---
archival/libarchive/decompress_unlzma.c | 5 ++++-
testsuite/unlzma.tests | 10 ++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index 0744f23..fb5aac8 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
uint32_t pos;
pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ if ((int32_t)pos < 0)
+ goto bad;
+ }
match_byte = buffer[pos];
do {
int bit;
diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
index 0e98afe..8c120b1 100755
--- a/testsuite/unlzma.tests
+++ b/testsuite/unlzma.tests
@@ -8,14 +8,16 @@
# Damaged encrypted streams
testing "unlzma (bad archive 1)" \
- "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \
-"1
+ "unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
# Damaged encrypted streams
testing "unlzma (bad archive 2)" \
- "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \
-"1
+ "unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
exit $FAILCOUNT
--
2.25.1

53
backport-CVE-2021-42375.patch
View File

@ -1,53 +0,0 @@
From 9ac1dd9017b2b4acba4734f6f989b88da2ad7616 Mon Sep 17 00:00:00 2001
From: xiechengliang <xiechengliang1@huawei.com>
Date: Wed, 24 Nov 2021 19:15:25 +0800
Subject: [PATCH 2/2] ash: parser: Fix VSLENGTH parsing with trailing garbage
Let's adopt Herbert Xu's patch, not waiting for it to reach dash git:
hush already has a similar fix.
backport from upstream:
https://git.busybox.net/busybox/commit/?id=53a7a9cd8c15d64fcc2278cf8981ba526dfbe0d2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
shell/ash.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/shell/ash.c b/shell/ash.c
index a33ab0626..1ca45f9c1 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -12635,7 +12635,7 @@ parsesub: {
do {
STPUTC(c, out);
c = pgetc_eatbnl();
- } while (!subtype && isdigit(c));
+ } while ((subtype == 0 || subtype == VSLENGTH) && isdigit(c));
} else if (c != '}') {
/* $[{[#]]<specialchar>[}] */
int cc = c;
@@ -12665,11 +12665,6 @@ parsesub: {
} else
goto badsub;
- if (c != '}' && subtype == VSLENGTH) {
- /* ${#VAR didn't end with } */
- goto badsub;
- }
-
if (subtype == 0) {
static const char types[] ALIGN1 = "}-+?=";
/* ${VAR...} but not $VAR or ${#VAR} */
@@ -12726,6 +12721,8 @@ parsesub: {
#endif
}
} else {
+ if (subtype == VSLENGTH && c != '}')
+ subtype = 0;
badsub:
pungetc();
}
--
2.27.0

133
backport-CVE-2021-42376.patch
View File

@ -1,133 +0,0 @@
From 251452bc54477ed41da27a1c020a88882aa2eaaf Mon Sep 17 00:00:00 2001
From: xiechengliang <xiechengliang1@huawei.com>
Date: Sat, 20 Nov 2021 12:01:23 +0800
Subject: [PATCH 1/2] hush: fix handling of \^C and "^C"
function old new delta
parse_stream 2238 2252 +14
encode_string 243 256 +13
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes
backport from upstream:
https://git.busybox.net/busybox/commit/?id=1b7a9b68d0e9aa19147d7fda16eb9a6b54156985
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
shell/ash_test/ash-misc/control_char3.right | 1 +
shell/ash_test/ash-misc/control_char3.tests | 2 ++
shell/ash_test/ash-misc/control_char4.right | 1 +
shell/ash_test/ash-misc/control_char4.tests | 2 ++
shell/hush.c | 11 +++++++++++
shell/hush_test/hush-misc/control_char3.right | 1 +
shell/hush_test/hush-misc/control_char3.tests | 2 ++
shell/hush_test/hush-misc/control_char4.right | 1 +
shell/hush_test/hush-misc/control_char4.tests | 2 ++
9 files changed, 23 insertions(+)
create mode 100644 shell/ash_test/ash-misc/control_char3.right
create mode 100755 shell/ash_test/ash-misc/control_char3.tests
create mode 100644 shell/ash_test/ash-misc/control_char4.right
create mode 100755 shell/ash_test/ash-misc/control_char4.tests
create mode 100644 shell/hush_test/hush-misc/control_char3.right
create mode 100755 shell/hush_test/hush-misc/control_char3.tests
create mode 100644 shell/hush_test/hush-misc/control_char4.right
create mode 100755 shell/hush_test/hush-misc/control_char4.tests
diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
new file mode 100644
index 000000000..283e02cbb
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.right
@@ -0,0 +1 @@
+SHELL: line 1: : not found
diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
new file mode 100644
index 000000000..2bf18e684
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.right
@@ -0,0 +1 @@
+SHELL: line 1: -: not found
diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/ash_test/ash-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
diff --git a/shell/hush.c b/shell/hush.c
index 9fead37da..249728b9d 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string,
}
#endif
o_addQchr(dest, ch);
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ /* Convert "^C" to corresponding special variable reference */
+ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
+ o_addchr(dest, SPECIAL_VAR_SYMBOL);
+ }
goto again;
#undef as_string
}
@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring,
if (ch == '\n')
continue; /* drop \<newline>, get next char */
nommu_addchr(&ctx.as_string, '\\');
+ if (ch == SPECIAL_VAR_SYMBOL) {
+ nommu_addchr(&ctx.as_string, ch);
+ /* Convert \^C to corresponding special variable reference */
+ goto case_SPECIAL_VAR_SYMBOL;
+ }
o_addchr(&ctx.word, '\\');
if (ch == EOF) {
/* Testcase: eval 'echo Ok\' */
@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring,
/* Note: nommu_addchr(&ctx.as_string, ch) is already done */
switch (ch) {
+ case_SPECIAL_VAR_SYMBOL:
case SPECIAL_VAR_SYMBOL:
/* Convert raw ^C to corresponding special variable reference */
o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
new file mode 100644
index 000000000..94b4f8699
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.right
@@ -0,0 +1 @@
+hush: can't execute '': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
new file mode 100755
index 000000000..4359db3f3
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char3.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '\' SHELL
diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
new file mode 100644
index 000000000..698e21427
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.right
@@ -0,0 +1 @@
+hush: can't execute '-': No such file or directory
diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
new file mode 100755
index 000000000..48010f154
--- /dev/null
+++ b/shell/hush_test/hush-misc/control_char4.tests
@@ -0,0 +1,2 @@
+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
+$THIS_SH -c '"-"' SHELL
--
2.27.0

42
backport-CVE-2021-42377.patch
View File

@ -1,42 +0,0 @@
From f56e2f2ef9d131b1f62dad4427da1113f9b417c5 Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Mon, 22 Nov 2021 16:45:39 +0800
Subject: [PATCH] busybox: fix CVE-2021-42377
backport from upstream:
https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839
Signed-off-by: jikui <jikui2@huawei.com>
---
shell/hush.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/shell/hush.c b/shell/hush.c
index 9fead37..48856f2 100644
--- a/shell/hush.c
+++ b/shell/hush.c
@@ -3694,9 +3694,10 @@ static void debug_print_tree(struct pipe *pi, int lvl)
pin = 0;
while (pi) {
- fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n",
+ fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n",
lvl*2, "",
pin,
+ pi->num_cmds,
(IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""),
RES[pi->res_word],
pi->followup, PIPE[pi->followup]
@@ -3839,6 +3840,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type)
#endif
/* Replace all pipes in ctx with one newly created */
ctx->list_head = ctx->pipe = pi;
+ /* for case like "cmd && &", do not be tricked by last command
+ * being null - the entire {...} & is NOT null! */
+ not_null = 1;
} else {
no_conv:
ctx->pipe->followup = type;
--
2.25.1

87
backport-CVE-2022-28391.patch Normal file
View File

@ -0,0 +1,87 @@
From 547745e674728aab32291bd13945d2d134054ffc Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Tue, 19 Apr 2022 10:45:22 +0800
Subject: [PATCH] busybox: fix CVE-2022-28391
backport from upstream:
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
Signed-off-by: jikui <jikui2@huawei.com>
---
libbb/xconnect.c | 5 +++--
networking/nslookup.c | 10 +++++-----
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/libbb/xconnect.c b/libbb/xconnect.c
index 5dd9cfd..264b987 100644
--- a/libbb/xconnect.c
+++ b/libbb/xconnect.c
@@ -505,12 +505,13 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
);
if (rc)
return NULL;
+ /* ensure host contains only printable characters */
if (flags & IGNORE_PORT)
- return xstrdup(host);
+ return xstrdup(printable_string(host));
#if ENABLE_FEATURE_IPV6
if (sa->sa_family == AF_INET6) {
if (strchr(host, ':')) /* heh, it's not a resolved hostname */
- return xasprintf("[%s]:%s", host, serv);
+ return xasprintf("[%s]:%s", printable_string(host), serv);
/*return xasprintf("%s:%s", host, serv);*/
/* - fall through instead */
}
diff --git a/networking/nslookup.c b/networking/nslookup.c
index de7b5c0..0ba4adc 100644
--- a/networking/nslookup.c
+++ b/networking/nslookup.c
@@ -407,7 +407,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
//printf("Unable to uncompress domain: %s\n", strerror(errno));
return -1;
}
- printf(format, ns_rr_name(rr), dname);
+ printf(format, ns_rr_name(rr), printable_string(dname));
break;
case ns_t_mx:
@@ -422,7 +422,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
//printf("Cannot uncompress MX domain: %s\n", strerror(errno));
return -1;
}
- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
+ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
break;
case ns_t_txt:
@@ -434,7 +434,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
if (n > 0) {
memset(dname, 0, sizeof(dname));
memcpy(dname, ns_rr_rdata(rr) + 1, n);
- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
+ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
}
break;
@@ -454,7 +454,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
}
printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
- ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
+ ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
break;
case ns_t_soa:
@@ -483,7 +483,7 @@ static int parse_reply(const unsigned char *msg, size_t len)
return -1;
}
- printf("\tmail addr = %s\n", dname);
+ printf("\tmail addr = %s\n", printable_string(dname));
cp += n;
printf("\tserial = %lu\n", ns_get32(cp));
--
2.17.1

7363
backport-fix-awk-cve.patch
View File

File diff suppressed because it is too large Load Diff

BIN
busybox-1.33.1.tar.bz2
View File

Binary file not shown.

BIN
busybox-1.34.1.tar.bz2 Normal file
View File

Binary file not shown.

37
busybox.spec
View File

@ -1,11 +1,12 @@
#spec file for busybox
%if "%{!?VERSION:1}"
%define VERSION 1.33.1
%define VERSION 1.34.1
%endif
%if "%{!?RELEASE:1}"
%define RELEASE 12
%define RELEASE 16
%endif
Epoch: 1
Name: busybox
Version: %{VERSION}
@ -19,13 +20,7 @@ Source1: busybox-static.config
Source2: busybox-petitboot.config
Source3: busybox-dynamic.config
#backport
Patch6000: backport-CVE-2021-42374.patch
Patch6001: backport-CVE-2021-42377.patch
Patch6002: backport-CVE-2021-42373.patch
Patch6003: backport-CVE-2021-42375.patch
Patch6004: backport-CVE-2021-42376.patch
Patch6005: backport-fix-awk-cve.patch
Patch6000: backport-CVE-2022-28391.patch
BuildRoot: %_topdir/BUILDROOT
#Dependency
@ -101,6 +96,30 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
%{_mandir}/man1/busybox.petitboot.1.gz
%changelog
* Thu Jul 28 2022 jikui <jikui2@huawei.com> - 1:1.34.1-16
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:sync openEuler-22.03-LTS
* Thu May 5 2022 jikui <jikui2@huawei.com> - 1:1.34.1-15
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:add epoch field in spec file
* Tue Apr 19 2022 jikui <jikui2@huawei.com> - 1:1.34.1-14
- Type:CVE
- Id:NA
- SUG:NA
- DESC:fix CVE-2022-28391
* Mon Nov 29 2021 jikui <jikui2@huawei.com> - 1:1.34.1-13
- Type:enhancement
- Id:NA
- SUG:NA
- DESC:update busybox to 1.34.1
* Wed Nov 25 2021 xiechengliang <xiechengliang1@huawei.com> - 1:1.33.1-12
- Type:CVE
- Id:NA

5
busybox.yaml
View File

@ -1,5 +0,0 @@
version_control: git
src_repo: https://git.busybox.net/busybox/
tag_prefix: "^v"
separator: _
git_url: https://git.busybox.net/busybox/