From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 06 Jan 2023 17:03:12 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pDpBZ-003d5p-6Y for lore@lore.pengutronix.de; Fri, 06 Jan 2023 17:03:12 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1pDpBX-00015P-Ha; Fri, 06 Jan 2023 17:03:11 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pDp9x-00045c-Fj; Fri, 06 Jan 2023 17:01:33 +0100 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1pDp9w-004ErM-RQ; Fri, 06 Jan 2023 17:01:32 +0100 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1pDp9w-00CuDd-84; Fri, 06 Jan 2023 17:01:32 +0100 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Fri, 6 Jan 2023 17:01:32 +0100 Message-Id: <20230106160132.3075998-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230104091433.2419958-1-christian.melki@t2data.com> References: <20230104091433.2419958-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] busybox: Version bump. 1.35.0 -> 1.36.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Christian Melki Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as ff3d37d02266894332a6632fe97740c53f5eed5c. Michael [sent from post-receive hook] On Fri, 06 Jan 2023 17:01:32 +0100, Christian Melki wrote: > After a year of low activity and questionmarks, > we finally have a new release of busybox. > Release changelog @ https://busybox.net/ > > Not that many new features, mostly fixes. > One notable addition is seedrng. > But it marks a new release that includes security fixes. > > Plugs CVEs: CVE-2022-28391, CVE-2022-30065 > > * Forward the ptxdist specific patches. > * Remove one security patch to awk that has been fixed. > * Update busybox imported kconfig tree. > Not that many changes, since it has been a slow year. > New utilites: tsort, seedrng and tree. > > Signed-off-by: Christian Melki > Tested-by: Ladislav Michl > Message-Id: <20230104091433.2419958-1-christian.melki@t2data.com> > Signed-off-by: Michael Olbrich > > diff --git a/config/busybox/Config.in b/config/busybox/Config.in > index 329e2f8e8a1b..199cc6ab272f 100644 > --- a/config/busybox/Config.in > +++ b/config/busybox/Config.in > @@ -267,10 +267,10 @@ config BUSYBOX_FEATURE_SUID_CONFIG > > The file has to be owned by user root, group root and has to be > writeable only by root: > - (chown 0:0 /etc/busybox.conf; chmod 600 /etc/busybox.conf) > + (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf) > The busybox executable has to be owned by user root, group > root and has to be setuid root for this to work: > - (chown 0:0 /bin/busybox; chmod 4755 /bin/busybox) > + (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox) > > Robert 'sandman' Griebl has more information here: > . > diff --git a/config/busybox/coreutils/Config.in b/config/busybox/coreutils/Config.in > index 8c9e66e1721d..1a95a6785fc6 100644 > --- a/config/busybox/coreutils/Config.in > +++ b/config/busybox/coreutils/Config.in > @@ -653,7 +653,7 @@ config BUSYBOX_SORT > sort is used to sort lines of text in specified files. > > config BUSYBOX_FEATURE_SORT_BIG > - bool "Full SuSv3 compliant sort (support -ktcbdfiogM)" > + bool "Full SuSv3 compliant sort (support -ktcbdfioghM)" > default y > depends on BUSYBOX_SORT > help > @@ -851,6 +851,11 @@ config BUSYBOX_TRUNCATE > help > truncate truncates files to a given size. If a file does > not exist, it is created unless told otherwise. > +config BUSYBOX_TSORT > + bool "tsort (0.7 kb)" > + default y > + help > + tsort performs a topological sort. > config BUSYBOX_TTY > bool "tty (3.6 kb)" > default y > diff --git a/config/busybox/libbb/Config.in b/config/busybox/libbb/Config.in > index 8e4fe855e3c7..66c135ec6199 100644 > --- a/config/busybox/libbb/Config.in > +++ b/config/busybox/libbb/Config.in > @@ -98,21 +98,47 @@ config BUSYBOX_MD5_SMALL > default 1 # all "fast or small" options default to small > range 0 3 > help > - Trade binary size versus speed for the md5sum algorithm. > + Trade binary size versus speed for the md5 algorithm. > Approximate values running uClibc and hashing > linux-2.4.4.tar.bz2 were: > - value user times (sec) text size (386) > - 0 (fastest) 1.1 6144 > - 1 1.4 5392 > - 2 3.0 5088 > - 3 (smallest) 5.1 4912 > + value user times (sec) text size (386) > + 0 (fastest) 1.1 6144 > + 1 1.4 5392 > + 2 3.0 5088 > + 3 (smallest) 5.1 4912 > + > +config BUSYBOX_SHA1_SMALL > + int "SHA1: Trade bytes for speed (0:fast, 3:slow)" > + default 3 # all "fast or small" options default to small > + range 0 3 > + help > + Trade binary size versus speed for the sha1 algorithm. > + With FEATURE_COPYBUF_KB=64: > + throughput MB/s size of sha1_process_block64 > + value 486 x86-64 486 x86-64 > + 0 440 485 3481 3502 > + 1 265 265 641 696 > + 2,3 220 210 342 364 > + > +config BUSYBOX_SHA1_HWACCEL > + bool "SHA1: Use hardware accelerated instructions if possible" > + default y > + help > + On x86, this adds ~590 bytes of code. Throughput > + is about twice as fast as fully-unrolled generic code. > + > +config BUSYBOX_SHA256_HWACCEL > + bool "SHA256: Use hardware accelerated instructions if possible" > + default y > + help > + On x86, this adds ~1k bytes of code. > > config BUSYBOX_SHA3_SMALL > int "SHA3: Trade bytes for speed (0:fast, 1:slow)" > default 1 # all "fast or small" options default to small > range 0 1 > help > - Trade binary size versus speed for the sha3sum algorithm. > + Trade binary size versus speed for the sha3 algorithm. > SHA3_SMALL=0 compared to SHA3_SMALL=1 (approximate): > 64-bit x86: +270 bytes of code, 45% faster > 32-bit x86: +450 bytes of code, 75% faster > @@ -399,3 +425,25 @@ config BUSYBOX_UNICODE_PRESERVE_BROKEN > For example, this means that entering 'l', 's', ' ', 0xff, [Enter] > at shell prompt will list file named 0xff (single char name > with char value 255), not file named '?'. > + > +choice > + prompt "Use LOOP_CONFIGURE for losetup and loop mounts" > + default BUSYBOX_TRY_LOOP_CONFIGURE > + help > + LOOP_CONFIGURE is added to Linux 5.8 > + https://lwn.net/Articles/820408/ > + This allows userspace to completely setup a loop device with a single > + ioctl, removing the in-between state where the device can be partially > + configured - eg the loop device has a backing file associated with it, > + but is reading from the wrong offset. > + > +config BUSYBOX_LOOP_CONFIGURE > + bool "use LOOP_CONFIGURE, needs kernel >= 5.8" > + > +config BUSYBOX_NO_LOOP_CONFIGURE > + bool "use LOOP_SET_FD + LOOP_SET_STATUS" > + > +config BUSYBOX_TRY_LOOP_CONFIGURE > + bool "try LOOP_CONFIGURE, fall back to LOOP_SET_FD + LOOP_SET_STATUS" > + > +endchoice > diff --git a/config/busybox/miscutils/Config.in b/config/busybox/miscutils/Config.in > index a236373ae3d2..5c04fd8ef614 100644 > --- a/config/busybox/miscutils/Config.in > +++ b/config/busybox/miscutils/Config.in > @@ -699,6 +699,13 @@ config BUSYBOX_RX > default y > help > Receive files using the Xmodem protocol. > +config BUSYBOX_SEEDRNG > + bool "seedrng (1.3 kb)" > + default y > + help > + Seed the kernel RNG from seed files, meant to be called > + once during startup, once during shutdown, and optionally > + at some periodic interval in between. > config BUSYBOX_SETFATTR > bool "setfattr (3.7 kb)" > default y > @@ -722,6 +729,11 @@ config BUSYBOX_TIME > The time command runs the specified program with the given arguments. > When the command finishes, time writes a message to standard output > giving timing statistics about this program run. > +config BUSYBOX_TREE > + bool "tree (0.6 kb)" > + default y > + help > + List files and directories in a tree structure. > config BUSYBOX_TS > bool "ts (450 bytes)" > default y > diff --git a/config/busybox/networking/Config.in b/config/busybox/networking/Config.in > index 27e0f44ba811..3a3ad56d93f7 100644 > --- a/config/busybox/networking/Config.in > +++ b/config/busybox/networking/Config.in > @@ -959,7 +959,7 @@ config BUSYBOX_TELNETD > FEATURE_SUID enabled. And finally, you should make > certain that busybox has been installed setuid root: > > - chown root:root /bin/busybox > + chown root.root /bin/busybox > chmod 4755 /bin/busybox > > with all that done, telnetd _should_ work.... > diff --git a/config/busybox/networking/udhcp/Config.in b/config/busybox/networking/udhcp/Config.in > index 4b1255c52e59..adb5ac16c2ce 100644 > --- a/config/busybox/networking/udhcp/Config.in > +++ b/config/busybox/networking/udhcp/Config.in > @@ -93,12 +93,17 @@ config BUSYBOX_FEATURE_UDHCPC_SANITIZEOPT > config BUSYBOX_UDHCPC_DEFAULT_SCRIPT > string "Absolute path to config script" > default "/usr/share/udhcpc/default.script" > - depends on BUSYBOX_UDHCPC || BUSYBOX_UDHCPC6 > + depends on BUSYBOX_UDHCPC > help > This script is called after udhcpc receives an answer. See > examples/udhcp for a working example. Normally it is safe > to leave this untouched. > > +config BUSYBOX_UDHCPC6_DEFAULT_SCRIPT > + string "Absolute path to config script for IPv6" > + default "/usr/share/udhcpc/default6.script" > + depends on BUSYBOX_UDHCPC6 > + > # udhcpc6 config is inserted here: > config BUSYBOX_UDHCPC6 > bool "udhcpc6 (21 kb)" > diff --git a/config/busybox/shell/Config.in b/config/busybox/shell/Config.in > index 61275cdc5433..cb6215afc235 100644 > --- a/config/busybox/shell/Config.in > +++ b/config/busybox/shell/Config.in > @@ -201,6 +201,11 @@ config BUSYBOX_ASH_TEST > default y > depends on BUSYBOX_SHELL_ASH > > +config BUSYBOX_ASH_SLEEP > + bool "sleep builtin" > + default y > + depends on BUSYBOX_SHELL_ASH > + > config BUSYBOX_ASH_HELP > bool "help builtin" > default y > diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch > deleted file mode 100644 > index aff9faabc10e..000000000000 > --- a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch > +++ /dev/null > @@ -1,29 +0,0 @@ > -From: Natanael Copa > -Date: Fri, 17 Jun 2022 17:45:34 +0200 > -Subject: [PATCH] awk: fix use after free (CVE-2022-30065) > - > -fixes https://bugs.busybox.net/show_bug.cgi?id=14781 > - > -function old new delta > -evaluate 3343 3357 +14 > - > -Signed-off-by: Natanael Copa > -Signed-off-by: Denys Vlasenko > ---- > - editors/awk.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > -diff --git a/editors/awk.c b/editors/awk.c > -index f6314ac7201a..654cbac33331 100644 > ---- a/editors/awk.c > -+++ b/editors/awk.c > -@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res) > - > - case XC( OC_MOVE ): > - debug_printf_eval("MOVE\n"); > -+ /* make sure that we never return a temp var */ > -+ if (L.v == TMPVAR0) > -+ L.v = res; > - /* if source is a temporary string, jusk relink it to dest */ > - if (R.v == TMPVAR1 > - && !(R.v->type & VF_NUMBER) > diff --git a/patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch b/patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch > similarity index 100% > rename from patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch > rename to patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch > diff --git a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > similarity index 94% > rename from patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > rename to patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > index 87f382e05d07..8ed9efe536ed 100644 > --- a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > +++ b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde > 1 file changed, 1 insertion(+) > > diff --git a/Makefile.flags b/Makefile.flags > -index c34356230a9f..7c42c3abf80c 100644 > +index 1cec5ba20b47..fd195efc965d 100644 > --- a/Makefile.flags > +++ b/Makefile.flags > @@ -180,6 +180,7 @@ ifeq ($(CONFIG_SELINUX),y) > diff --git a/patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > similarity index 100% > rename from patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > rename to patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.36.0/series > similarity index 74% > rename from patches/busybox-1.35.0/series > rename to patches/busybox-1.36.0/series > index 3e1a02a1659e..ee536088790b 100644 > --- a/patches/busybox-1.35.0/series > +++ b/patches/busybox-1.36.0/series > @@ -6,5 +6,4 @@ > 0200-reactivate-check-for-tty.patch > 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > -0203-awk-fix-use-after-free-CVE-2022-30065.patch > -# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic > +# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic > diff --git a/rules/busybox.make b/rules/busybox.make > index 413ad735c8ac..f3ef2b75c596 100644 > --- a/rules/busybox.make > +++ b/rules/busybox.make > @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_BUSYBOX) += busybox > # > # Paths and names > # > -BUSYBOX_VERSION := 1.35.0 > -BUSYBOX_MD5 := 585949b1dd4292b604b7d199866e9913 > +BUSYBOX_VERSION := 1.36.0 > +BUSYBOX_MD5 := 835e3ac11e8a5ca13756eb1573719566 > BUSYBOX := busybox-$(BUSYBOX_VERSION) > BUSYBOX_SUFFIX := tar.bz2 > BUSYBOX_URL := https://www.busybox.net/downloads/$(BUSYBOX).$(BUSYBOX_SUFFIX)