From: Ladislav Michl <oss-lists@triops.cz>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v2] busybox: Version bump. 1.35.0 -> 1.36.0
Date: Wed, 4 Jan 2023 10:23:41 +0100 [thread overview]
Message-ID: <Y7VFnTH5APTvhId/@lenoch> (raw)
In-Reply-To: <20230104091433.2419958-1-christian.melki@t2data.com>
Hi Christian,
On Wed, Jan 04, 2023 at 10:14:33AM +0100, Christian Melki wrote:
> After a year of low activity and questionmarks,
> we finally have a new release of busybox.
> Release changelog @ https://busybox.net/
>
> Not that many new features, mostly fixes.
> One notable addition is seedrng.
> But it marks a new release that includes security fixes.
>
> Plugs CVEs: CVE-2022-28391, CVE-2022-30065
>
> * Forward the ptxdist specific patches.
> * Remove one security patch to awk that has been fixed.
> * Update busybox imported kconfig tree.
> Not that many changes, since it has been a slow year.
> New utilites: tsort, seedrng and tree.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
> config/busybox/Config.in | 4 +-
> config/busybox/coreutils/Config.in | 7 ++-
> config/busybox/libbb/Config.in | 62 ++++++++++++++++---
> config/busybox/miscutils/Config.in | 12 ++++
> config/busybox/networking/Config.in | 2 +-
> config/busybox/networking/udhcp/Config.in | 7 ++-
> config/busybox/shell/Config.in | 5 ++
> ...wk-fix-use-after-free-CVE-2022-30065.patch | 29 ---------
> .../0200-reactivate-check-for-tty.patch | 0
> ...-only-pass-real-libs-to-SELINUX_LIBS.patch | 2 +-
> ...honour-SKIP_STRIP-and-don-t-strip-if.patch | 0
> .../{busybox-1.35.0 => busybox-1.36.0}/series | 3 +-
> rules/busybox.make | 4 +-
> 13 files changed, 91 insertions(+), 46 deletions(-)
> delete mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/0200-reactivate-check-for-tty.patch (100%)
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch (94%)
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch (100%)
> rename patches/{busybox-1.35.0 => busybox-1.36.0}/series (74%)
>
> diff --git a/config/busybox/Config.in b/config/busybox/Config.in
> index 329e2f8e8..199cc6ab2 100644
> --- a/config/busybox/Config.in
> +++ b/config/busybox/Config.in
> @@ -267,10 +267,10 @@ config BUSYBOX_FEATURE_SUID_CONFIG
>
> The file has to be owned by user root, group root and has to be
> writeable only by root:
> - (chown 0:0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
> + (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf)
> The busybox executable has to be owned by user root, group
> root and has to be setuid root for this to work:
> - (chown 0:0 /bin/busybox; chmod 4755 /bin/busybox)
> + (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox)
>
> Robert 'sandman' Griebl has more information here:
> <url: http://www.softforge.de/bb/suid.html >.
> diff --git a/config/busybox/coreutils/Config.in b/config/busybox/coreutils/Config.in
> index 8c9e66e17..1a95a6785 100644
> --- a/config/busybox/coreutils/Config.in
> +++ b/config/busybox/coreutils/Config.in
> @@ -653,7 +653,7 @@ config BUSYBOX_SORT
> sort is used to sort lines of text in specified files.
>
> config BUSYBOX_FEATURE_SORT_BIG
> - bool "Full SuSv3 compliant sort (support -ktcbdfiogM)"
> + bool "Full SuSv3 compliant sort (support -ktcbdfioghM)"
> default y
> depends on BUSYBOX_SORT
> help
> @@ -851,6 +851,11 @@ config BUSYBOX_TRUNCATE
> help
> truncate truncates files to a given size. If a file does
> not exist, it is created unless told otherwise.
> +config BUSYBOX_TSORT
> + bool "tsort (0.7 kb)"
> + default y
> + help
> + tsort performs a topological sort.
> config BUSYBOX_TTY
> bool "tty (3.6 kb)"
> default y
> diff --git a/config/busybox/libbb/Config.in b/config/busybox/libbb/Config.in
> index 8e4fe855e..66c135ec6 100644
> --- a/config/busybox/libbb/Config.in
> +++ b/config/busybox/libbb/Config.in
> @@ -98,21 +98,47 @@ config BUSYBOX_MD5_SMALL
> default 1 # all "fast or small" options default to small
> range 0 3
> help
> - Trade binary size versus speed for the md5sum algorithm.
> + Trade binary size versus speed for the md5 algorithm.
> Approximate values running uClibc and hashing
> linux-2.4.4.tar.bz2 were:
> - value user times (sec) text size (386)
> - 0 (fastest) 1.1 6144
> - 1 1.4 5392
> - 2 3.0 5088
> - 3 (smallest) 5.1 4912
> + value user times (sec) text size (386)
> + 0 (fastest) 1.1 6144
> + 1 1.4 5392
> + 2 3.0 5088
> + 3 (smallest) 5.1 4912
> +
> +config BUSYBOX_SHA1_SMALL
> + int "SHA1: Trade bytes for speed (0:fast, 3:slow)"
> + default 3 # all "fast or small" options default to small
> + range 0 3
> + help
> + Trade binary size versus speed for the sha1 algorithm.
> + With FEATURE_COPYBUF_KB=64:
> + throughput MB/s size of sha1_process_block64
> + value 486 x86-64 486 x86-64
> + 0 440 485 3481 3502
> + 1 265 265 641 696
> + 2,3 220 210 342 364
> +
> +config BUSYBOX_SHA1_HWACCEL
> + bool "SHA1: Use hardware accelerated instructions if possible"
> + default y
> + help
> + On x86, this adds ~590 bytes of code. Throughput
> + is about twice as fast as fully-unrolled generic code.
> +
> +config BUSYBOX_SHA256_HWACCEL
> + bool "SHA256: Use hardware accelerated instructions if possible"
> + default y
> + help
> + On x86, this adds ~1k bytes of code.
>
> config BUSYBOX_SHA3_SMALL
> int "SHA3: Trade bytes for speed (0:fast, 1:slow)"
> default 1 # all "fast or small" options default to small
> range 0 1
> help
> - Trade binary size versus speed for the sha3sum algorithm.
> + Trade binary size versus speed for the sha3 algorithm.
> SHA3_SMALL=0 compared to SHA3_SMALL=1 (approximate):
> 64-bit x86: +270 bytes of code, 45% faster
> 32-bit x86: +450 bytes of code, 75% faster
> @@ -399,3 +425,25 @@ config BUSYBOX_UNICODE_PRESERVE_BROKEN
> For example, this means that entering 'l', 's', ' ', 0xff, [Enter]
> at shell prompt will list file named 0xff (single char name
> with char value 255), not file named '?'.
> +
> +choice
> + prompt "Use LOOP_CONFIGURE for losetup and loop mounts"
> + default BUSYBOX_TRY_LOOP_CONFIGURE
> + help
> + LOOP_CONFIGURE is added to Linux 5.8
> + https://lwn.net/Articles/820408/
> + This allows userspace to completely setup a loop device with a single
> + ioctl, removing the in-between state where the device can be partially
> + configured - eg the loop device has a backing file associated with it,
> + but is reading from the wrong offset.
> +
> +config BUSYBOX_LOOP_CONFIGURE
> + bool "use LOOP_CONFIGURE, needs kernel >= 5.8"
> +
> +config BUSYBOX_NO_LOOP_CONFIGURE
> + bool "use LOOP_SET_FD + LOOP_SET_STATUS"
> +
> +config BUSYBOX_TRY_LOOP_CONFIGURE
> + bool "try LOOP_CONFIGURE, fall back to LOOP_SET_FD + LOOP_SET_STATUS"
> +
> +endchoice
> diff --git a/config/busybox/miscutils/Config.in b/config/busybox/miscutils/Config.in
> index a236373ae..5c04fd8ef 100644
> --- a/config/busybox/miscutils/Config.in
> +++ b/config/busybox/miscutils/Config.in
> @@ -699,6 +699,13 @@ config BUSYBOX_RX
> default y
> help
> Receive files using the Xmodem protocol.
> +config BUSYBOX_SEEDRNG
> + bool "seedrng (1.3 kb)"
> + default y
> + help
> + Seed the kernel RNG from seed files, meant to be called
> + once during startup, once during shutdown, and optionally
> + at some periodic interval in between.
> config BUSYBOX_SETFATTR
> bool "setfattr (3.7 kb)"
> default y
> @@ -722,6 +729,11 @@ config BUSYBOX_TIME
> The time command runs the specified program with the given arguments.
> When the command finishes, time writes a message to standard output
> giving timing statistics about this program run.
> +config BUSYBOX_TREE
> + bool "tree (0.6 kb)"
> + default y
> + help
> + List files and directories in a tree structure.
> config BUSYBOX_TS
> bool "ts (450 bytes)"
> default y
> diff --git a/config/busybox/networking/Config.in b/config/busybox/networking/Config.in
> index 27e0f44ba..3a3ad56d9 100644
> --- a/config/busybox/networking/Config.in
> +++ b/config/busybox/networking/Config.in
> @@ -959,7 +959,7 @@ config BUSYBOX_TELNETD
> FEATURE_SUID enabled. And finally, you should make
> certain that busybox has been installed setuid root:
>
> - chown root:root /bin/busybox
> + chown root.root /bin/busybox
> chmod 4755 /bin/busybox
>
> with all that done, telnetd _should_ work....
> diff --git a/config/busybox/networking/udhcp/Config.in b/config/busybox/networking/udhcp/Config.in
> index 4b1255c52..adb5ac16c 100644
> --- a/config/busybox/networking/udhcp/Config.in
> +++ b/config/busybox/networking/udhcp/Config.in
> @@ -93,12 +93,17 @@ config BUSYBOX_FEATURE_UDHCPC_SANITIZEOPT
> config BUSYBOX_UDHCPC_DEFAULT_SCRIPT
> string "Absolute path to config script"
> default "/usr/share/udhcpc/default.script"
> - depends on BUSYBOX_UDHCPC || BUSYBOX_UDHCPC6
> + depends on BUSYBOX_UDHCPC
> help
> This script is called after udhcpc receives an answer. See
> examples/udhcp for a working example. Normally it is safe
> to leave this untouched.
>
> +config BUSYBOX_UDHCPC6_DEFAULT_SCRIPT
> + string "Absolute path to config script for IPv6"
> + default "/usr/share/udhcpc/default6.script"
> + depends on BUSYBOX_UDHCPC6
> +
This probably needs
+ifdef PTXCONF_BUSYBOX_UDHCPC6
+ @$(call install_alternative, busybox, 0, 0, 0754, /etc/udhcpc6.script)
...
in rules/busybox.make
Thinking more about it, we should probably take BUSYBOX_UDHCPC_DEFAULT_SCRIPT
and BUSYBOX_UDHCPC6_DEFAULT_SCRIPT into account when installing links, but as
nobody complained so far, let it be optional separate patch :)
> # udhcpc6 config is inserted here:
> config BUSYBOX_UDHCPC6
> bool "udhcpc6 (21 kb)"
> diff --git a/config/busybox/shell/Config.in b/config/busybox/shell/Config.in
> index 61275cdc5..cb6215afc 100644
> --- a/config/busybox/shell/Config.in
> +++ b/config/busybox/shell/Config.in
> @@ -201,6 +201,11 @@ config BUSYBOX_ASH_TEST
> default y
> depends on BUSYBOX_SHELL_ASH
>
> +config BUSYBOX_ASH_SLEEP
> + bool "sleep builtin"
> + default y
> + depends on BUSYBOX_SHELL_ASH
> +
> config BUSYBOX_ASH_HELP
> bool "help builtin"
> default y
> diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> deleted file mode 100644
> index aff9faabc..000000000
> --- a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch
> +++ /dev/null
> @@ -1,29 +0,0 @@
> -From: Natanael Copa <ncopa@alpinelinux.org>
> -Date: Fri, 17 Jun 2022 17:45:34 +0200
> -Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
> -
> -fixes https://bugs.busybox.net/show_bug.cgi?id=14781
> -
> -function old new delta
> -evaluate 3343 3357 +14
> -
> -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> ----
> - editors/awk.c | 3 +++
> - 1 file changed, 3 insertions(+)
> -
> -diff --git a/editors/awk.c b/editors/awk.c
> -index f6314ac7201a..654cbac33331 100644
> ---- a/editors/awk.c
> -+++ b/editors/awk.c
> -@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
> -
> - case XC( OC_MOVE ):
> - debug_printf_eval("MOVE\n");
> -+ /* make sure that we never return a temp var */
> -+ if (L.v == TMPVAR0)
> -+ L.v = res;
> - /* if source is a temporary string, jusk relink it to dest */
> - if (R.v == TMPVAR1
> - && !(R.v->type & VF_NUMBER)
> diff --git a/patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch b/patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch
> similarity index 100%
> rename from patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch
> rename to patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch
> diff --git a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> similarity index 94%
> rename from patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> rename to patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> index 87f382e05..8ed9efe53 100644
> --- a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> +++ b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
> 1 file changed, 1 insertion(+)
>
> diff --git a/Makefile.flags b/Makefile.flags
> -index c34356230a9f..7c42c3abf80c 100644
> +index 1cec5ba20b47..fd195efc965d 100644
> --- a/Makefile.flags
> +++ b/Makefile.flags
> @@ -180,6 +180,7 @@ ifeq ($(CONFIG_SELINUX),y)
> diff --git a/patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> similarity index 100%
> rename from patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> rename to patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.36.0/series
> similarity index 74%
> rename from patches/busybox-1.35.0/series
> rename to patches/busybox-1.36.0/series
> index 3e1a02a16..ee5360887 100644
> --- a/patches/busybox-1.35.0/series
> +++ b/patches/busybox-1.36.0/series
> @@ -6,5 +6,4 @@
> 0200-reactivate-check-for-tty.patch
> 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch
> 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch
> -0203-awk-fix-use-after-free-CVE-2022-30065.patch
> -# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic
> +# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic
> diff --git a/rules/busybox.make b/rules/busybox.make
> index 413ad735c..f3ef2b75c 100644
> --- a/rules/busybox.make
> +++ b/rules/busybox.make
> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_BUSYBOX) += busybox
> #
> # Paths and names
> #
> -BUSYBOX_VERSION := 1.35.0
> -BUSYBOX_MD5 := 585949b1dd4292b604b7d199866e9913
> +BUSYBOX_VERSION := 1.36.0
> +BUSYBOX_MD5 := 835e3ac11e8a5ca13756eb1573719566
> BUSYBOX := busybox-$(BUSYBOX_VERSION)
> BUSYBOX_SUFFIX := tar.bz2
> BUSYBOX_URL := https://www.busybox.net/downloads/$(BUSYBOX).$(BUSYBOX_SUFFIX)
> --
> 2.34.1
>
next prev parent reply other threads:[~2023-01-04 9:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-04 9:14 Christian Melki
2023-01-04 9:23 ` Ladislav Michl [this message]
2023-01-04 21:17 ` Ladislav Michl
2023-01-06 11:17 ` Ladislav Michl
2023-01-06 11:19 ` Michael Olbrich
2023-01-06 11:24 ` Ladislav Michl
2023-01-06 16:01 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y7VFnTH5APTvhId/@lenoch \
--to=oss-lists@triops.cz \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox