* [ptxdist] [PATCH] busybox: Version bump. 1.35.0 -> 1.36.0
@ 2023-01-03 22:29 Christian Melki
2023-01-04 9:10 ` Ladislav Michl
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2023-01-03 22:29 UTC (permalink / raw)
To: ptxdist
After a year of low activity and questionmarks,
we finally have a new release of busybox.
Release changelog @ https://busybox.net/
Not that many new features, mostly fixes.
One notable addition is seedrng.
But it marks a new release that includes security fixes.
Plugs CVEs: CVE-2022-28391, CVE-2022-30065
* Forward the ptxdist specific patches.
* Remove one security patch to awk that has been fixed.
* Update busybox imported kconfig tree.
Not that many changes, since it has been a slow year.
New utilites: tsort, seedrng and tree.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
config/busybox/Config.in | 4 +-
config/busybox/coreutils/Config.in | 7 ++-
config/busybox/libbb/Config.in | 62 ++++++++++++++++---
config/busybox/miscutils/Config.in | 12 ++++
config/busybox/networking/Config.in | 2 +-
config/busybox/networking/udhcp/Config.in | 7 ++-
config/busybox/shell/Config.in | 5 ++
...wk-fix-use-after-free-CVE-2022-30065.patch | 29 ---------
.../0200-reactivate-check-for-tty.patch | 0
...-only-pass-real-libs-to-SELINUX_LIBS.patch | 2 +-
...honour-SKIP_STRIP-and-don-t-strip-if.patch | 0
.../{busybox-1.35.0 => busybox-1.36.0}/series | 3 +-
12 files changed, 89 insertions(+), 44 deletions(-)
delete mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
rename patches/{busybox-1.35.0 => busybox-1.36.0}/0200-reactivate-check-for-tty.patch (100%)
rename patches/{busybox-1.35.0 => busybox-1.36.0}/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch (94%)
rename patches/{busybox-1.35.0 => busybox-1.36.0}/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch (100%)
rename patches/{busybox-1.35.0 => busybox-1.36.0}/series (74%)
diff --git a/config/busybox/Config.in b/config/busybox/Config.in
index 329e2f8e8..199cc6ab2 100644
--- a/config/busybox/Config.in
+++ b/config/busybox/Config.in
@@ -267,10 +267,10 @@ config BUSYBOX_FEATURE_SUID_CONFIG
The file has to be owned by user root, group root and has to be
writeable only by root:
- (chown 0:0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
+ (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
The busybox executable has to be owned by user root, group
root and has to be setuid root for this to work:
- (chown 0:0 /bin/busybox; chmod 4755 /bin/busybox)
+ (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox)
Robert 'sandman' Griebl has more information here:
<url: http://www.softforge.de/bb/suid.html >.
diff --git a/config/busybox/coreutils/Config.in b/config/busybox/coreutils/Config.in
index 8c9e66e17..1a95a6785 100644
--- a/config/busybox/coreutils/Config.in
+++ b/config/busybox/coreutils/Config.in
@@ -653,7 +653,7 @@ config BUSYBOX_SORT
sort is used to sort lines of text in specified files.
config BUSYBOX_FEATURE_SORT_BIG
- bool "Full SuSv3 compliant sort (support -ktcbdfiogM)"
+ bool "Full SuSv3 compliant sort (support -ktcbdfioghM)"
default y
depends on BUSYBOX_SORT
help
@@ -851,6 +851,11 @@ config BUSYBOX_TRUNCATE
help
truncate truncates files to a given size. If a file does
not exist, it is created unless told otherwise.
+config BUSYBOX_TSORT
+ bool "tsort (0.7 kb)"
+ default y
+ help
+ tsort performs a topological sort.
config BUSYBOX_TTY
bool "tty (3.6 kb)"
default y
diff --git a/config/busybox/libbb/Config.in b/config/busybox/libbb/Config.in
index 8e4fe855e..66c135ec6 100644
--- a/config/busybox/libbb/Config.in
+++ b/config/busybox/libbb/Config.in
@@ -98,21 +98,47 @@ config BUSYBOX_MD5_SMALL
default 1 # all "fast or small" options default to small
range 0 3
help
- Trade binary size versus speed for the md5sum algorithm.
+ Trade binary size versus speed for the md5 algorithm.
Approximate values running uClibc and hashing
linux-2.4.4.tar.bz2 were:
- value user times (sec) text size (386)
- 0 (fastest) 1.1 6144
- 1 1.4 5392
- 2 3.0 5088
- 3 (smallest) 5.1 4912
+ value user times (sec) text size (386)
+ 0 (fastest) 1.1 6144
+ 1 1.4 5392
+ 2 3.0 5088
+ 3 (smallest) 5.1 4912
+
+config BUSYBOX_SHA1_SMALL
+ int "SHA1: Trade bytes for speed (0:fast, 3:slow)"
+ default 3 # all "fast or small" options default to small
+ range 0 3
+ help
+ Trade binary size versus speed for the sha1 algorithm.
+ With FEATURE_COPYBUF_KB=64:
+ throughput MB/s size of sha1_process_block64
+ value 486 x86-64 486 x86-64
+ 0 440 485 3481 3502
+ 1 265 265 641 696
+ 2,3 220 210 342 364
+
+config BUSYBOX_SHA1_HWACCEL
+ bool "SHA1: Use hardware accelerated instructions if possible"
+ default y
+ help
+ On x86, this adds ~590 bytes of code. Throughput
+ is about twice as fast as fully-unrolled generic code.
+
+config BUSYBOX_SHA256_HWACCEL
+ bool "SHA256: Use hardware accelerated instructions if possible"
+ default y
+ help
+ On x86, this adds ~1k bytes of code.
config BUSYBOX_SHA3_SMALL
int "SHA3: Trade bytes for speed (0:fast, 1:slow)"
default 1 # all "fast or small" options default to small
range 0 1
help
- Trade binary size versus speed for the sha3sum algorithm.
+ Trade binary size versus speed for the sha3 algorithm.
SHA3_SMALL=0 compared to SHA3_SMALL=1 (approximate):
64-bit x86: +270 bytes of code, 45% faster
32-bit x86: +450 bytes of code, 75% faster
@@ -399,3 +425,25 @@ config BUSYBOX_UNICODE_PRESERVE_BROKEN
For example, this means that entering 'l', 's', ' ', 0xff, [Enter]
at shell prompt will list file named 0xff (single char name
with char value 255), not file named '?'.
+
+choice
+ prompt "Use LOOP_CONFIGURE for losetup and loop mounts"
+ default BUSYBOX_TRY_LOOP_CONFIGURE
+ help
+ LOOP_CONFIGURE is added to Linux 5.8
+ https://lwn.net/Articles/820408/
+ This allows userspace to completely setup a loop device with a single
+ ioctl, removing the in-between state where the device can be partially
+ configured - eg the loop device has a backing file associated with it,
+ but is reading from the wrong offset.
+
+config BUSYBOX_LOOP_CONFIGURE
+ bool "use LOOP_CONFIGURE, needs kernel >= 5.8"
+
+config BUSYBOX_NO_LOOP_CONFIGURE
+ bool "use LOOP_SET_FD + LOOP_SET_STATUS"
+
+config BUSYBOX_TRY_LOOP_CONFIGURE
+ bool "try LOOP_CONFIGURE, fall back to LOOP_SET_FD + LOOP_SET_STATUS"
+
+endchoice
diff --git a/config/busybox/miscutils/Config.in b/config/busybox/miscutils/Config.in
index a236373ae..5c04fd8ef 100644
--- a/config/busybox/miscutils/Config.in
+++ b/config/busybox/miscutils/Config.in
@@ -699,6 +699,13 @@ config BUSYBOX_RX
default y
help
Receive files using the Xmodem protocol.
+config BUSYBOX_SEEDRNG
+ bool "seedrng (1.3 kb)"
+ default y
+ help
+ Seed the kernel RNG from seed files, meant to be called
+ once during startup, once during shutdown, and optionally
+ at some periodic interval in between.
config BUSYBOX_SETFATTR
bool "setfattr (3.7 kb)"
default y
@@ -722,6 +729,11 @@ config BUSYBOX_TIME
The time command runs the specified program with the given arguments.
When the command finishes, time writes a message to standard output
giving timing statistics about this program run.
+config BUSYBOX_TREE
+ bool "tree (0.6 kb)"
+ default y
+ help
+ List files and directories in a tree structure.
config BUSYBOX_TS
bool "ts (450 bytes)"
default y
diff --git a/config/busybox/networking/Config.in b/config/busybox/networking/Config.in
index 27e0f44ba..3a3ad56d9 100644
--- a/config/busybox/networking/Config.in
+++ b/config/busybox/networking/Config.in
@@ -959,7 +959,7 @@ config BUSYBOX_TELNETD
FEATURE_SUID enabled. And finally, you should make
certain that busybox has been installed setuid root:
- chown root:root /bin/busybox
+ chown root.root /bin/busybox
chmod 4755 /bin/busybox
with all that done, telnetd _should_ work....
diff --git a/config/busybox/networking/udhcp/Config.in b/config/busybox/networking/udhcp/Config.in
index 4b1255c52..adb5ac16c 100644
--- a/config/busybox/networking/udhcp/Config.in
+++ b/config/busybox/networking/udhcp/Config.in
@@ -93,12 +93,17 @@ config BUSYBOX_FEATURE_UDHCPC_SANITIZEOPT
config BUSYBOX_UDHCPC_DEFAULT_SCRIPT
string "Absolute path to config script"
default "/usr/share/udhcpc/default.script"
- depends on BUSYBOX_UDHCPC || BUSYBOX_UDHCPC6
+ depends on BUSYBOX_UDHCPC
help
This script is called after udhcpc receives an answer. See
examples/udhcp for a working example. Normally it is safe
to leave this untouched.
+config BUSYBOX_UDHCPC6_DEFAULT_SCRIPT
+ string "Absolute path to config script for IPv6"
+ default "/usr/share/udhcpc/default6.script"
+ depends on BUSYBOX_UDHCPC6
+
# udhcpc6 config is inserted here:
config BUSYBOX_UDHCPC6
bool "udhcpc6 (21 kb)"
diff --git a/config/busybox/shell/Config.in b/config/busybox/shell/Config.in
index 61275cdc5..cb6215afc 100644
--- a/config/busybox/shell/Config.in
+++ b/config/busybox/shell/Config.in
@@ -201,6 +201,11 @@ config BUSYBOX_ASH_TEST
default y
depends on BUSYBOX_SHELL_ASH
+config BUSYBOX_ASH_SLEEP
+ bool "sleep builtin"
+ default y
+ depends on BUSYBOX_SHELL_ASH
+
config BUSYBOX_ASH_HELP
bool "help builtin"
default y
diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
deleted file mode 100644
index aff9faabc..000000000
--- a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Fri, 17 Jun 2022 17:45:34 +0200
-Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
-
-fixes https://bugs.busybox.net/show_bug.cgi?id=14781
-
-function old new delta
-evaluate 3343 3357 +14
-
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- editors/awk.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/editors/awk.c b/editors/awk.c
-index f6314ac7201a..654cbac33331 100644
---- a/editors/awk.c
-+++ b/editors/awk.c
-@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
-
- case XC( OC_MOVE ):
- debug_printf_eval("MOVE\n");
-+ /* make sure that we never return a temp var */
-+ if (L.v == TMPVAR0)
-+ L.v = res;
- /* if source is a temporary string, jusk relink it to dest */
- if (R.v == TMPVAR1
- && !(R.v->type & VF_NUMBER)
diff --git a/patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch b/patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch
similarity index 100%
rename from patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch
rename to patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch
diff --git a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
similarity index 94%
rename from patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
rename to patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
index 87f382e05..8ed9efe53 100644
--- a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
+++ b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
@@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
1 file changed, 1 insertion(+)
diff --git a/Makefile.flags b/Makefile.flags
-index c34356230a9f..7c42c3abf80c 100644
+index 1cec5ba20b47..fd195efc965d 100644
--- a/Makefile.flags
+++ b/Makefile.flags
@@ -180,6 +180,7 @@ ifeq ($(CONFIG_SELINUX),y)
diff --git a/patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
similarity index 100%
rename from patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
rename to patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.36.0/series
similarity index 74%
rename from patches/busybox-1.35.0/series
rename to patches/busybox-1.36.0/series
index 3e1a02a16..ee5360887 100644
--- a/patches/busybox-1.35.0/series
+++ b/patches/busybox-1.36.0/series
@@ -6,5 +6,4 @@
0200-reactivate-check-for-tty.patch
0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
-0203-awk-fix-use-after-free-CVE-2022-30065.patch
-# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic
+# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [PATCH] busybox: Version bump. 1.35.0 -> 1.36.0
2023-01-03 22:29 [ptxdist] [PATCH] busybox: Version bump. 1.35.0 -> 1.36.0 Christian Melki
@ 2023-01-04 9:10 ` Ladislav Michl
0 siblings, 0 replies; 2+ messages in thread
From: Ladislav Michl @ 2023-01-04 9:10 UTC (permalink / raw)
To: ptxdist
Hi Christian,
On Tue, Jan 03, 2023 at 11:29:22PM +0100, Christian Melki wrote:
> After a year of low activity and questionmarks,
> we finally have a new release of busybox.
> Release changelog @ https://busybox.net/
>
> Not that many new features, mostly fixes.
> One notable addition is seedrng.
> But it marks a new release that includes security fixes.
>
> Plugs CVEs: CVE-2022-28391, CVE-2022-30065
>
> * Forward the ptxdist specific patches.
> * Remove one security patch to awk that has been fixed.
> * Update busybox imported kconfig tree.
> Not that many changes, since it has been a slow year.
> New utilites: tsort, seedrng and tree.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
> config/busybox/Config.in | 4 +-
> config/busybox/coreutils/Config.in | 7 ++-
> config/busybox/libbb/Config.in | 62 ++++++++++++++++---
> config/busybox/miscutils/Config.in | 12 ++++
> config/busybox/networking/Config.in | 2 +-
> config/busybox/networking/udhcp/Config.in | 7 ++-
> config/busybox/shell/Config.in | 5 ++
> ...wk-fix-use-after-free-CVE-2022-30065.patch | 29 ---------
> .../0200-reactivate-check-for-tty.patch | 0
> ...-only-pass-real-libs-to-SELINUX_LIBS.patch | 2 +-
> ...honour-SKIP_STRIP-and-don-t-strip-if.patch | 0
> .../{busybox-1.35.0 => busybox-1.36.0}/series | 3 +-
> 12 files changed, 89 insertions(+), 44 deletions(-)
> delete mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/0200-reactivate-check-for-tty.patch (100%)
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch (94%)
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch (100%)
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/series (74%)
It seems rules/busybox.make is ommited from the patch...
ladis
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-04 9:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-03 22:29 [ptxdist] [PATCH] busybox: Version bump. 1.35.0 -> 1.36.0 Christian Melki
2023-01-04 9:10 ` Ladislav Michl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox