SLFO-pool/busybox
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SLFO-pool:8dbe73b482ba786c1347bcf171b98f1432d4d759cdb959185136442b2b6a1d67
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
compare: SLFO-pool:4e07e934ca014f044b0c6a48ce822790726e0efa34b9c4a9270a949a75cbefd4
Branches Tags
SLFO-pool:main SLFO-pool:1.1

1 Commits
8dbe73b482 ... 4e07e934ca

Author SHA256 Message Date
Adrian Schröter
4e07e934ca Sync from SUSE:SLFO:Main busybox revision ddf1c5d30db2229aba9e8b1bc9b10f28 2025-03-28 12:40:03 +01:00
3 changed files with 243 additions and 26 deletions
Expand all files Collapse all files

209
busybox-1.37.0-make-ping-work-without-root-privileges.patch Normal file
View File

@@ -0,0 +1,209 @@
From c682e9410adfdfeb33d507fe0daeda581a07becf Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 29 Mar 2016 09:23:08 +0200
Subject: [PATCH] ping: make ping work without root privileges
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
networking/ping.c | 115 +++++++++++++++++++++++++++++++++++++---------
1 file changed, 94 insertions(+), 21 deletions(-)
diff --git a/networking/ping.c b/networking/ping.c
index b7e6955a9..dab5101c7 100644
--- a/networking/ping.c
+++ b/networking/ping.c
@@ -208,6 +208,7 @@ enum {
pingsock = 0,
};
+static int using_dgram;
static void
#if ENABLE_PING6
create_icmp_socket(len_and_sockaddr *lsa)
@@ -224,9 +225,23 @@ create_icmp_socket(void)
#endif
sock = socket(AF_INET, SOCK_RAW, 1); /* 1 == ICMP */
if (sock < 0) {
- if (errno == EPERM)
- bb_simple_error_msg_and_die(bb_msg_perm_denied_are_you_root);
- bb_simple_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
+ if (errno != EPERM)
+ bb_simple_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
+#if defined(__linux__) || defined(__APPLE__)
+ /* We don't have root privileges. Try SOCK_DGRAM instead.
+ * Linux needs net.ipv4.ping_group_range for this to work.
+ * MacOSX allows ICMP_ECHO, ICMP_TSTAMP or ICMP_MASKREQ
+ */
+#if ENABLE_PING6
+ if (lsa->u.sa.sa_family == AF_INET6)
+ sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
+ else
+#endif
+ sock = socket(AF_INET, SOCK_DGRAM, 1); /* 1 == ICMP */
+ if (sock < 0)
+#endif
+ bb_simple_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+ using_dgram = 1;
}
xmove_fd(sock, pingsock);
@@ -279,10 +294,12 @@ static void ping4(len_and_sockaddr *lsa)
bb_simple_perror_msg("recvfrom");
continue;
}
- if (c >= 76) { /* ip + icmp */
- struct iphdr *iphdr = (struct iphdr *) G.packet;
+ if (c >= 76 || using_dgram && (c == 64)) { /* ip + icmp */
+ if(!using_dgram) {
+ struct iphdr *iphdr = (struct iphdr *) G.packet;
- pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2)); /* skip ip hdr */
+ pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2)); /* skip ip hdr */
+ } else pkt = (struct icmp *) G.packet;
if (pkt->icmp_id != G.myid)
continue; /* not our ping */
if (pkt->icmp_type == ICMP_ECHOREPLY)
@@ -691,19 +708,21 @@ static void unpack_tail(int sz, uint32_t *tp,
}
static int unpack4(char *buf, int sz, struct sockaddr_in *from)
{
- struct icmp *icmppkt;
struct iphdr *iphdr;
+ struct icmp *icmppkt;
int hlen;
/* discard if too short */
if (sz < (datalen + ICMP_MINLEN))
return 0;
+ if(!using_dgram) {
+ /* check IP header */
+ iphdr = (struct iphdr *) buf;
+ hlen = iphdr->ihl << 2;
+ sz -= hlen;
+ icmppkt = (struct icmp *) (buf + hlen);
+ } else icmppkt = (struct icmp *) buf;
- /* check IP header */
- iphdr = (struct iphdr *) buf;
- hlen = iphdr->ihl << 2;
- sz -= hlen;
- icmppkt = (struct icmp *) (buf + hlen);
if (icmppkt->icmp_id != myid)
return 0; /* not our ping */
@@ -715,7 +734,7 @@ static int unpack4(char *buf, int sz, struct sockaddr_in *from)
tp = (uint32_t *) icmppkt->icmp_data;
unpack_tail(sz, tp,
inet_ntoa(*(struct in_addr *) &from->sin_addr.s_addr),
- recv_seq, iphdr->ttl);
+ recv_seq, using_dgram ? 42 : iphdr->ttl);
return 1;
}
if (icmppkt->icmp_type != ICMP_ECHO) {
@@ -765,11 +784,31 @@ static void ping4(len_and_sockaddr *lsa)
int sockopt;
pingaddr.sin = lsa->u.sin;
- if (source_lsa) {
+ if (source_lsa && !using_dgram) {
if (setsockopt(pingsock, IPPROTO_IP, IP_MULTICAST_IF,
&source_lsa->u.sa, source_lsa->len))
bb_simple_error_msg_and_die("can't set multicast source interface");
xbind(pingsock, &source_lsa->u.sa, source_lsa->len);
+ } else if(using_dgram) {
+ struct sockaddr_in sa;
+ socklen_t sl;
+
+ sa.sin_family = AF_INET;
+ sa.sin_port = 0;
+ sa.sin_addr.s_addr = source_lsa ?
+ source_lsa->u.sin.sin_addr.s_addr : 0;
+ sl = sizeof(sa);
+
+ if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) {
+ perror("bind");
+ exit(2);
+ }
+
+ if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) {
+ perror("getsockname");
+ exit(2);
+ }
+ myid = sa.sin_port;
}
/* enable broadcast pings */
@@ -786,6 +825,15 @@ static void ping4(len_and_sockaddr *lsa)
setsockopt_int(pingsock, IPPROTO_IP, IP_MULTICAST_TTL, opt_ttl);
}
+ if(using_dgram) {
+ int hold = 65536;
+ if (setsockopt(pingsock, SOL_IP, IP_RECVTTL, (char *)&hold, sizeof(hold)))
+ perror("WARNING: setsockopt(IP_RECVTTL)");
+ if (setsockopt(pingsock, SOL_IP, IP_RETOPTS, (char *)&hold, sizeof(hold)))
+ perror("WARNING: setsockopt(IP_RETOPTS)");
+
+ }
+
signal(SIGINT, print_stats_and_exit);
/* start the ping's going ... */
@@ -823,10 +871,33 @@ static void ping6(len_and_sockaddr *lsa)
char control_buf[CMSG_SPACE(36)];
pingaddr.sin6 = lsa->u.sin6;
- if (source_lsa)
+ if (source_lsa && !using_dgram)
xbind(pingsock, &source_lsa->u.sa, source_lsa->len);
+ else if(using_dgram) {
+ struct sockaddr_in6 sa = {0};
+ socklen_t sl;
+
+ sa.sin6_family = AF_INET6;
+ sa.sin6_port = 0;
+ if(source_lsa) {
+ memcpy(&sa.sin6_addr, &source_lsa->u.sin6.sin6_addr, sizeof(struct in6_addr));
+ }
+ sl = sizeof(sa);
+
+ if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) {
+ perror("bind");
+ exit(2);
+ }
+
+ if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) {
+ perror("getsockname");
+ exit(2);
+ }
+ myid = sa.sin6_port;
+ }
#ifdef ICMP6_FILTER
+ if(!using_dgram)
{
struct icmp6_filter filt;
if (!(option_mask32 & OPT_VERBOSE)) {
@@ -972,12 +1043,14 @@ static int common_ping_main(int opt, char **argv)
interval = INT_MAX/1000000;
G.interval_us = interval * 1000000;
- myid = (uint16_t) getpid();
- /* we can use native-endian ident, but other Unix ping/traceroute
- * utils use *big-endian pid*, and e.g. traceroute on our machine may be
- * *not* from busybox, idents may collide. Follow the convention:
- */
- myid = htons(myid);
+ if (!using_dgram) {
+ myid = (uint16_t) getpid();
+ /* we can use native-endian ident, but other Unix ping/traceroute
+ * utils use *big-endian pid*, and e.g. traceroute on our machine may be
+ * *not* from busybox, idents may collide. Follow the convention:
+ */
+ myid = htons(myid);
+ }
hostname = argv[optind];
#if ENABLE_PING6
{

56
busybox.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Mar 10 16:45:08 UTC 2025 - Dirk Müller <dmueller@suse.com>
- add busybox-1.37.0-make-ping-work-without-root-privileges.patch
(bsc#1239176)
-------------------------------------------------------------------
Mon Oct 7 07:59:23 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
@@ -20,7 +26,7 @@ Sat Sep 28 20:48:01 UTC 2024 - Matthias G. Eckermann <mge@suse.com>
-------------------------------------------------------------------
Thu Mar 14 09:15:13 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- tc-no-TCA_CBQ.patch: Disable TCA_CBQ code if kernel headers don't
- tc-no-TCA_CBQ.patch: Disable TCA_CBQ code if kernel headers don't
support them.
-------------------------------------------------------------------
@@ -34,7 +40,7 @@ Fri Dec 8 10:47:35 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
-------------------------------------------------------------------
Tue Aug 29 09:55:24 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
- Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability
- Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability
in ash (CVE-2022-48174, bsc#1214538)
-------------------------------------------------------------------
@@ -45,12 +51,12 @@ Fri Jun 2 21:08:22 UTC 2023 - Dirk Müller <dmueller@suse.com>
support, unzip
(do not create suid/sgid files unless -K),
shell (printf and sleep with no args, handing of SIGINT
in sleep), ed.
in sleep), ed.
-------------------------------------------------------------------
Fri Jan 6 08:01:46 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
- Update to version 1.36.0
- Update to version 1.36.0
- awk: fix use after free (CVE-2022-30065)
- various fixes for ash, bc, cut, fbset, kbuild, libbb, mkfs.vfat,
mv, powertop, sed, sort, taskset, top, udhcpc6, unzip, vi, xxd
@@ -60,7 +66,7 @@ Fri Jan 6 08:01:46 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
- ash: enable sleep built-in
- enable new applets: seedrng, tree, tsort
- enable SHA hardware acceleration
- try LOOP_CONFIGURE for losetup/loop mounts, but fall back to
- try LOOP_CONFIGURE for losetup/loop mounts, but fall back to
LOOP_SET_FD + LOOP_SET_STATUS if not supported
- drop e63d7cdf.patch (fix for CVE-2022-30065), included upstream
@@ -78,13 +84,13 @@ Wed Nov 23 13:24:55 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
-------------------------------------------------------------------
Mon Nov 14 08:52:35 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
- Fix build under SLE-12
- Fix build under SLE-12
-------------------------------------------------------------------
Mon Oct 17 17:26:27 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
* CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules
* CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules
-------------------------------------------------------------------
Thu Jun 30 08:30:05 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
@@ -123,9 +129,9 @@ Wed Jan 12 15:40:40 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find,
- support for new optoins added to basename, cpio, date, find,
mktemp, wget and others
- Adjust busybox.config for new features in find, date and cpio
- Adjust busybox.config for new features in find, date and cpio
-------------------------------------------------------------------
Thu Jan 6 06:37:24 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
@@ -165,7 +171,7 @@ Wed Oct 27 17:22:38 UTC 2021 - Egbert Eich <eich@suse.com>
Fri Oct 22 12:10:55 UTC 2021 - Lukas Lansky <lukas.lansky@suse.com>
- Enable fdisk (jsc#CAR-16)
- Add testsuite-gnu-echo.patch: testing.sh to use GNU echo
- Add testsuite-gnu-echo.patch: testing.sh to use GNU echo
-------------------------------------------------------------------
Thu Oct 21 17:43:22 UTC 2021 - Stephan Kulow <coolo@suse.com>
@@ -190,7 +196,7 @@ Sat Oct 9 13:16:11 UTC 2021 - Egbert Eich <eich@suse.com>
additional setting:
CONFIG_REBOOT=y
CONFIG_SWITCH_ROOT=y
CONFIG_CTTYHACK=y
CONFIG_CTTYHACK=y
(bsc#1191514).
-------------------------------------------------------------------
@@ -216,7 +222,7 @@ Thu Jan 28 15:22:02 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
Tue Jan 5 08:17:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Update to version 1.32.1
- fixes a case where in ash, "wait" never finishes.
- fixes a case where in ash, "wait" never finishes.
-------------------------------------------------------------------
Tue Jan 5 07:26:20 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
@@ -355,7 +361,7 @@ Thu Mar 28 21:58:41 CET 2019 - kukuk@suse.de
- update to 1.30.1
* many bugfixes and new features
- obsolete busybox-1.18.3-libarchive.patch
- obsolete busybox-1.18.3-libarchive.patch
- obsolete busybox-resource.patch
- Update busybox*.config
- Merge busybox.spec and busybox-static.spec and build the static
@@ -390,7 +396,7 @@ Tue Nov 1 17:20:51 UTC 2016 - astieger@suse.com
* many added and expanded implementations of command options
- includes changes from 1.24.2:
* fixes for build system (static build with glibc fixed),
truncate, gunzip and unzip.
truncate, gunzip and unzip.
-------------------------------------------------------------------
Thu Mar 3 13:21:03 UTC 2016 - olaf@aepfle.de
@@ -402,7 +408,7 @@ Sun Jan 3 12:00:13 UTC 2016 - p.drouand@gmail.com
- Update to version 1.24.1
* for a full list of changes see http://www.busybox.net/news.html
- Refresh busybox.install.patch
- Refresh busybox.install.patch
-------------------------------------------------------------------
Mon Apr 20 16:16:14 UTC 2015 - mpluskal@suse.com
@@ -432,7 +438,7 @@ Thu Dec 12 23:21:11 UTC 2013 - p.drouand@gmail.com
+ fixes for ntfs detection (big-endian fix)
+ xz decompression of concatenated streams
+ mdev acquired a [ENV=regex;] extension instead of undocumented
subsystem match hack it used to have prior to 1.21.x.
subsystem match hack it used to have prior to 1.21.x.
- Changes from 1.21.0
+ udhcpc: gracefully handle packets with CHECKSUM_PARTIAL
+ ifupdown: improve compatibility with Debian
@@ -607,7 +613,7 @@ Tue Apr 10 15:19:52 CEST 2012 - ro@suse.de
- busybox-1.19.4-typedef_umode_t.patch:
fix compile as umode_t is only defined with KERNEL and is
used in header linux/linux/ext2_fs.h
used in header linux/linux/ext2_fs.h
-------------------------------------------------------------------
Tue Apr 10 14:49:18 CEST 2012 - ro@suse.de
@@ -776,7 +782,7 @@ Wed Aug 9 01:25:09 CEST 2006 - ihno@suse.de
all setuid and getgid calls are check return values in case
somebody using per-process resource limits that prevent a user
from having too many processes
-------------------------------------------------------------------
Wed Jan 25 21:34:46 CET 2006 - mls@suse.de
@@ -796,7 +802,7 @@ Wed Jan 11 15:39:39 CET 2006 - ihno@suse.de
-------------------------------------------------------------------
Wed Nov 16 15:44:27 CET 2005 - dmueller@suse.de
- build against dietlibc unconditionally
- build against dietlibc unconditionally
-------------------------------------------------------------------
Thu May 12 18:08:14 CEST 2005 - uli@suse.de
@@ -832,7 +838,7 @@ Wed Jul 21 17:10:34 CEST 2004 - nashif@suse.de
-------------------------------------------------------------------
Tue May 11 16:38:33 CEST 2004 - nashif@suse.de
- Bug #39461 - Fixes netlink vulnerability
- Bug #39461 - Fixes netlink vulnerability
-------------------------------------------------------------------
Tue Apr 27 11:17:35 CEST 2004 - mmj@suse.de
@@ -878,7 +884,7 @@ Sat Jan 10 18:25:15 CET 2004 - adrian@suse.de
-------------------------------------------------------------------
Wed Dec 10 14:48:43 CET 2003 - uli@suse.de
- build with dietlibc where available
- build with dietlibc where available
-------------------------------------------------------------------
Mon Jun 2 16:05:33 CEST 2003 - nashif@suse.de
@@ -920,9 +926,9 @@ Fri Aug 24 02:59:15 CEST 2001 - nashif@suse.de
- Update to version 0.60.1
- This is a relatively minor bug fixing release which fixes bugs
in the following applets, among others: msh, sed, route, syslogd,
in the following applets, among others: msh, sed, route, syslogd,
ifconfig, lash
- Rewrite of tftp
- Rewrite of tftp
-------------------------------------------------------------------
Sat Aug 4 07:21:18 CEST 2001 - nashif@suse.de
@@ -942,7 +948,7 @@ Wed Apr 11 06:16:03 CEST 2001 - nashif@suse.de
-------------------------------------------------------------------
Fri Feb 9 17:30:33 MET 2001 - nashif@suse.de
- Fixed sync.c to compile
- Fixed sync.c to compile
-------------------------------------------------------------------
Mon Feb 5 08:06:26 MET 2001 - nashif@suse.de
@@ -952,7 +958,7 @@ Mon Feb 5 08:06:26 MET 2001 - nashif@suse.de
-------------------------------------------------------------------
Wed Dec 20 17:53:40 CET 2000 - uli@suse.de
- disabled insmod for all archs except IA32, ARM and SH
- disabled insmod for all archs except IA32, ARM and SH
-------------------------------------------------------------------
Tue Dec 19 19:10:50 MET 2000 - nashif@suse.de

4
busybox.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package busybox
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -47,6 +47,8 @@ Patch4: udhcp6-install-path.patch
Patch5: tc-no-TCA_CBQ.patch
# PATCH-FIX-UPSTREAM - Borrowed from Fedora - https://src.fedoraproject.org/rpms/busybox/blob/rawhide/f/busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
Patch6: busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
# https://gitlab.alpinelinux.org/alpine/aports/-/raw/3.21-stable/main/busybox/0015-ping-make-ping-work-without-root-privileges.patch?ref_type=heads
Patch7: busybox-1.37.0-make-ping-work-without-root-privileges.patch
# other patches
Patch100: busybox.install.patch
BuildRequires: glibc-devel-static