From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 04 Jan 2023 10:23:56 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pD005-001Iix-4S for lore@lore.pengutronix.de; Wed, 04 Jan 2023 10:23:56 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1pD003-0004Cn-OA; Wed, 04 Jan 2023 10:23:55 +0100 Received: from h1.cmg2.smtp.forpsi.com ([81.2.195.188]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pCzzs-0004Cd-5Q for ptxdist@pengutronix.de; Wed, 04 Jan 2023 10:23:45 +0100 Received: from lenoch ([91.218.190.200]) by cmgsmtp with ESMTPSA id CzzppntqFv5uICzzrpyWBl; Wed, 04 Jan 2023 10:23:43 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=triops.cz; s=f2019; t=1672824223; bh=N2vCrgUYfFHpHWnOCruKI1LbPLYANgD9iuzm6JNAFmQ=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type; b=s7CmUDcb9SRAQbFZddSjGPWPS9cmgGDYeqL4LVOa0Ksa0uQfMyDvVx1XD+AN/k0EW V7Yomb/Lk6PZ1LEcSJ/3z5ilv67obzlFCMBYWo73SzmnFUIGj8xTd/EuswGqIEAZux 0ObuDUP0gqBhx/DQ98MCYy8LWedJhZalmmmA5KHeawG+PwHu8KkF+U5LxtnfMUYaYp NRTfOR3lsr63w24yVDTzuC6L5jvyIPXDbAPveb96zMr6y1SMGz+FupOImgG+xnMD4F AUFkTV4DpDJyAPUjTkf7WcdpUdnMRoISmmJIPLriDA8Xfvhq6LeENGYCkOaPBUw0ZI 0yvwY2KDZV7xQ== Date: Wed, 4 Jan 2023 10:23:41 +0100 From: Ladislav Michl To: ptxdist@pengutronix.de Message-ID: References: <20230104091433.2419958-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230104091433.2419958-1-christian.melki@t2data.com> X-CMAE-Envelope: MS4wfKtfsjIUdCyrLn/hwvXD0QFnQMwDPtMEXNKEhqkw4fptUWnGE/Gwjg2DPKUvukW+0wozizYG+rvteVwzb8j1hIHIzy998aOyPcJTYkkKjfd5Y0mNIf/Z VkvlIfMf+UYCAEthxdchnYs1isgMbM20jp3MjZHOAIEV99aj0Kz7qzIH X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH v2] busybox: Version bump. 1.35.0 -> 1.36.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Hi Christian, On Wed, Jan 04, 2023 at 10:14:33AM +0100, Christian Melki wrote: > After a year of low activity and questionmarks, > we finally have a new release of busybox. > Release changelog @ https://busybox.net/ > > Not that many new features, mostly fixes. > One notable addition is seedrng. > But it marks a new release that includes security fixes. > > Plugs CVEs: CVE-2022-28391, CVE-2022-30065 > > * Forward the ptxdist specific patches. > * Remove one security patch to awk that has been fixed. > * Update busybox imported kconfig tree. > Not that many changes, since it has been a slow year. > New utilites: tsort, seedrng and tree. > > Signed-off-by: Christian Melki > --- > config/busybox/Config.in | 4 +- > config/busybox/coreutils/Config.in | 7 ++- > config/busybox/libbb/Config.in | 62 ++++++++++++++++--- > config/busybox/miscutils/Config.in | 12 ++++ > config/busybox/networking/Config.in | 2 +- > config/busybox/networking/udhcp/Config.in | 7 ++- > config/busybox/shell/Config.in | 5 ++ > ...wk-fix-use-after-free-CVE-2022-30065.patch | 29 --------- > .../0200-reactivate-check-for-tty.patch | 0 > ...-only-pass-real-libs-to-SELINUX_LIBS.patch | 2 +- > ...honour-SKIP_STRIP-and-don-t-strip-if.patch | 0 > .../{busybox-1.35.0 => busybox-1.36.0}/series | 3 +- > rules/busybox.make | 4 +- > 13 files changed, 91 insertions(+), 46 deletions(-) > delete mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch > rename patches/{busybox-1.35.0 => busybox-1.36.0}/0200-reactivate-check-for-tty.patch (100%) > rename patches/{busybox-1.35.0 => busybox-1.36.0}/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch (94%) > rename patches/{busybox-1.35.0 => busybox-1.36.0}/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch (100%) > rename patches/{busybox-1.35.0 => busybox-1.36.0}/series (74%) > > diff --git a/config/busybox/Config.in b/config/busybox/Config.in > index 329e2f8e8..199cc6ab2 100644 > --- a/config/busybox/Config.in > +++ b/config/busybox/Config.in > @@ -267,10 +267,10 @@ config BUSYBOX_FEATURE_SUID_CONFIG > > The file has to be owned by user root, group root and has to be > writeable only by root: > - (chown 0:0 /etc/busybox.conf; chmod 600 /etc/busybox.conf) > + (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf) > The busybox executable has to be owned by user root, group > root and has to be setuid root for this to work: > - (chown 0:0 /bin/busybox; chmod 4755 /bin/busybox) > + (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox) > > Robert 'sandman' Griebl has more information here: > . > diff --git a/config/busybox/coreutils/Config.in b/config/busybox/coreutils/Config.in > index 8c9e66e17..1a95a6785 100644 > --- a/config/busybox/coreutils/Config.in > +++ b/config/busybox/coreutils/Config.in > @@ -653,7 +653,7 @@ config BUSYBOX_SORT > sort is used to sort lines of text in specified files. > > config BUSYBOX_FEATURE_SORT_BIG > - bool "Full SuSv3 compliant sort (support -ktcbdfiogM)" > + bool "Full SuSv3 compliant sort (support -ktcbdfioghM)" > default y > depends on BUSYBOX_SORT > help > @@ -851,6 +851,11 @@ config BUSYBOX_TRUNCATE > help > truncate truncates files to a given size. If a file does > not exist, it is created unless told otherwise. > +config BUSYBOX_TSORT > + bool "tsort (0.7 kb)" > + default y > + help > + tsort performs a topological sort. > config BUSYBOX_TTY > bool "tty (3.6 kb)" > default y > diff --git a/config/busybox/libbb/Config.in b/config/busybox/libbb/Config.in > index 8e4fe855e..66c135ec6 100644 > --- a/config/busybox/libbb/Config.in > +++ b/config/busybox/libbb/Config.in > @@ -98,21 +98,47 @@ config BUSYBOX_MD5_SMALL > default 1 # all "fast or small" options default to small > range 0 3 > help > - Trade binary size versus speed for the md5sum algorithm. > + Trade binary size versus speed for the md5 algorithm. > Approximate values running uClibc and hashing > linux-2.4.4.tar.bz2 were: > - value user times (sec) text size (386) > - 0 (fastest) 1.1 6144 > - 1 1.4 5392 > - 2 3.0 5088 > - 3 (smallest) 5.1 4912 > + value user times (sec) text size (386) > + 0 (fastest) 1.1 6144 > + 1 1.4 5392 > + 2 3.0 5088 > + 3 (smallest) 5.1 4912 > + > +config BUSYBOX_SHA1_SMALL > + int "SHA1: Trade bytes for speed (0:fast, 3:slow)" > + default 3 # all "fast or small" options default to small > + range 0 3 > + help > + Trade binary size versus speed for the sha1 algorithm. > + With FEATURE_COPYBUF_KB=64: > + throughput MB/s size of sha1_process_block64 > + value 486 x86-64 486 x86-64 > + 0 440 485 3481 3502 > + 1 265 265 641 696 > + 2,3 220 210 342 364 > + > +config BUSYBOX_SHA1_HWACCEL > + bool "SHA1: Use hardware accelerated instructions if possible" > + default y > + help > + On x86, this adds ~590 bytes of code. Throughput > + is about twice as fast as fully-unrolled generic code. > + > +config BUSYBOX_SHA256_HWACCEL > + bool "SHA256: Use hardware accelerated instructions if possible" > + default y > + help > + On x86, this adds ~1k bytes of code. > > config BUSYBOX_SHA3_SMALL > int "SHA3: Trade bytes for speed (0:fast, 1:slow)" > default 1 # all "fast or small" options default to small > range 0 1 > help > - Trade binary size versus speed for the sha3sum algorithm. > + Trade binary size versus speed for the sha3 algorithm. > SHA3_SMALL=0 compared to SHA3_SMALL=1 (approximate): > 64-bit x86: +270 bytes of code, 45% faster > 32-bit x86: +450 bytes of code, 75% faster > @@ -399,3 +425,25 @@ config BUSYBOX_UNICODE_PRESERVE_BROKEN > For example, this means that entering 'l', 's', ' ', 0xff, [Enter] > at shell prompt will list file named 0xff (single char name > with char value 255), not file named '?'. > + > +choice > + prompt "Use LOOP_CONFIGURE for losetup and loop mounts" > + default BUSYBOX_TRY_LOOP_CONFIGURE > + help > + LOOP_CONFIGURE is added to Linux 5.8 > + https://lwn.net/Articles/820408/ > + This allows userspace to completely setup a loop device with a single > + ioctl, removing the in-between state where the device can be partially > + configured - eg the loop device has a backing file associated with it, > + but is reading from the wrong offset. > + > +config BUSYBOX_LOOP_CONFIGURE > + bool "use LOOP_CONFIGURE, needs kernel >= 5.8" > + > +config BUSYBOX_NO_LOOP_CONFIGURE > + bool "use LOOP_SET_FD + LOOP_SET_STATUS" > + > +config BUSYBOX_TRY_LOOP_CONFIGURE > + bool "try LOOP_CONFIGURE, fall back to LOOP_SET_FD + LOOP_SET_STATUS" > + > +endchoice > diff --git a/config/busybox/miscutils/Config.in b/config/busybox/miscutils/Config.in > index a236373ae..5c04fd8ef 100644 > --- a/config/busybox/miscutils/Config.in > +++ b/config/busybox/miscutils/Config.in > @@ -699,6 +699,13 @@ config BUSYBOX_RX > default y > help > Receive files using the Xmodem protocol. > +config BUSYBOX_SEEDRNG > + bool "seedrng (1.3 kb)" > + default y > + help > + Seed the kernel RNG from seed files, meant to be called > + once during startup, once during shutdown, and optionally > + at some periodic interval in between. > config BUSYBOX_SETFATTR > bool "setfattr (3.7 kb)" > default y > @@ -722,6 +729,11 @@ config BUSYBOX_TIME > The time command runs the specified program with the given arguments. > When the command finishes, time writes a message to standard output > giving timing statistics about this program run. > +config BUSYBOX_TREE > + bool "tree (0.6 kb)" > + default y > + help > + List files and directories in a tree structure. > config BUSYBOX_TS > bool "ts (450 bytes)" > default y > diff --git a/config/busybox/networking/Config.in b/config/busybox/networking/Config.in > index 27e0f44ba..3a3ad56d9 100644 > --- a/config/busybox/networking/Config.in > +++ b/config/busybox/networking/Config.in > @@ -959,7 +959,7 @@ config BUSYBOX_TELNETD > FEATURE_SUID enabled. And finally, you should make > certain that busybox has been installed setuid root: > > - chown root:root /bin/busybox > + chown root.root /bin/busybox > chmod 4755 /bin/busybox > > with all that done, telnetd _should_ work.... > diff --git a/config/busybox/networking/udhcp/Config.in b/config/busybox/networking/udhcp/Config.in > index 4b1255c52..adb5ac16c 100644 > --- a/config/busybox/networking/udhcp/Config.in > +++ b/config/busybox/networking/udhcp/Config.in > @@ -93,12 +93,17 @@ config BUSYBOX_FEATURE_UDHCPC_SANITIZEOPT > config BUSYBOX_UDHCPC_DEFAULT_SCRIPT > string "Absolute path to config script" > default "/usr/share/udhcpc/default.script" > - depends on BUSYBOX_UDHCPC || BUSYBOX_UDHCPC6 > + depends on BUSYBOX_UDHCPC > help > This script is called after udhcpc receives an answer. See > examples/udhcp for a working example. Normally it is safe > to leave this untouched. > > +config BUSYBOX_UDHCPC6_DEFAULT_SCRIPT > + string "Absolute path to config script for IPv6" > + default "/usr/share/udhcpc/default6.script" > + depends on BUSYBOX_UDHCPC6 > + This probably needs +ifdef PTXCONF_BUSYBOX_UDHCPC6 + @$(call install_alternative, busybox, 0, 0, 0754, /etc/udhcpc6.script) ... in rules/busybox.make Thinking more about it, we should probably take BUSYBOX_UDHCPC_DEFAULT_SCRIPT and BUSYBOX_UDHCPC6_DEFAULT_SCRIPT into account when installing links, but as nobody complained so far, let it be optional separate patch :) > # udhcpc6 config is inserted here: > config BUSYBOX_UDHCPC6 > bool "udhcpc6 (21 kb)" > diff --git a/config/busybox/shell/Config.in b/config/busybox/shell/Config.in > index 61275cdc5..cb6215afc 100644 > --- a/config/busybox/shell/Config.in > +++ b/config/busybox/shell/Config.in > @@ -201,6 +201,11 @@ config BUSYBOX_ASH_TEST > default y > depends on BUSYBOX_SHELL_ASH > > +config BUSYBOX_ASH_SLEEP > + bool "sleep builtin" > + default y > + depends on BUSYBOX_SHELL_ASH > + > config BUSYBOX_ASH_HELP > bool "help builtin" > default y > diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch > deleted file mode 100644 > index aff9faabc..000000000 > --- a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch > +++ /dev/null > @@ -1,29 +0,0 @@ > -From: Natanael Copa > -Date: Fri, 17 Jun 2022 17:45:34 +0200 > -Subject: [PATCH] awk: fix use after free (CVE-2022-30065) > - > -fixes https://bugs.busybox.net/show_bug.cgi?id=14781 > - > -function old new delta > -evaluate 3343 3357 +14 > - > -Signed-off-by: Natanael Copa > -Signed-off-by: Denys Vlasenko > ---- > - editors/awk.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > -diff --git a/editors/awk.c b/editors/awk.c > -index f6314ac7201a..654cbac33331 100644 > ---- a/editors/awk.c > -+++ b/editors/awk.c > -@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res) > - > - case XC( OC_MOVE ): > - debug_printf_eval("MOVE\n"); > -+ /* make sure that we never return a temp var */ > -+ if (L.v == TMPVAR0) > -+ L.v = res; > - /* if source is a temporary string, jusk relink it to dest */ > - if (R.v == TMPVAR1 > - && !(R.v->type & VF_NUMBER) > diff --git a/patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch b/patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch > similarity index 100% > rename from patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch > rename to patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch > diff --git a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > similarity index 94% > rename from patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > rename to patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > index 87f382e05..8ed9efe53 100644 > --- a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > +++ b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde > 1 file changed, 1 insertion(+) > > diff --git a/Makefile.flags b/Makefile.flags > -index c34356230a9f..7c42c3abf80c 100644 > +index 1cec5ba20b47..fd195efc965d 100644 > --- a/Makefile.flags > +++ b/Makefile.flags > @@ -180,6 +180,7 @@ ifeq ($(CONFIG_SELINUX),y) > diff --git a/patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > similarity index 100% > rename from patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > rename to patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.36.0/series > similarity index 74% > rename from patches/busybox-1.35.0/series > rename to patches/busybox-1.36.0/series > index 3e1a02a16..ee5360887 100644 > --- a/patches/busybox-1.35.0/series > +++ b/patches/busybox-1.36.0/series > @@ -6,5 +6,4 @@ > 0200-reactivate-check-for-tty.patch > 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch > 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch > -0203-awk-fix-use-after-free-CVE-2022-30065.patch > -# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic > +# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic > diff --git a/rules/busybox.make b/rules/busybox.make > index 413ad735c..f3ef2b75c 100644 > --- a/rules/busybox.make > +++ b/rules/busybox.make > @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_BUSYBOX) += busybox > # > # Paths and names > # > -BUSYBOX_VERSION := 1.35.0 > -BUSYBOX_MD5 := 585949b1dd4292b604b7d199866e9913 > +BUSYBOX_VERSION := 1.36.0 > +BUSYBOX_MD5 := 835e3ac11e8a5ca13756eb1573719566 > BUSYBOX := busybox-$(BUSYBOX_VERSION) > BUSYBOX_SUFFIX := tar.bz2 > BUSYBOX_URL := https://www.busybox.net/downloads/$(BUSYBOX).$(BUSYBOX_SUFFIX) > -- > 2.34.1 >