pool/busybox
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1205684 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1205684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/busybox?expand=0&rev=87
This commit is contained in:
Ana Guerrero 2024-10-04 15:08:43 +00:00 committed by Git OBS Bridge
commit 876861b012
8 changed files with 46 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
ash-fix-segfault-d417193cf.patch
View File

@ -1,80 +0,0 @@
From d417193cf37ca1005830d7e16f5fa7e1d8a44209 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 12 Jun 2023 17:48:47 +0200
Subject: [PATCH] shell: avoid segfault on ${0::0/0~09J}. Closes 15216
function old new delta
evaluate_string 1011 1053 +42
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
shell/math.c | 39 +++++++++++++++++++++++++++++++++++----
1 file changed, 35 insertions(+), 4 deletions(-)
diff --git a/shell/math.c b/shell/math.c
index 76d22c9bd..727c29467 100644
--- a/shell/math.c
+++ b/shell/math.c
@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr)
# endif
#endif
+//TODO: much better estimation than expr_len/2? Such as:
+//static unsigned estimate_nums_and_names(const char *expr)
+//{
+// unsigned count = 0;
+// while (*(expr = skip_whitespace(expr)) != '\0') {
+// const char *p;
+// if (isdigit(*expr)) {
+// while (isdigit(*++expr))
+// continue;
+// count++;
+// continue;
+// }
+// p = endofname(expr);
+// if (p != expr) {
+// expr = p;
+// count++;
+// continue;
+// }
+// }
+// return count;
+//}
+
static arith_t
evaluate_string(arith_state_t *math_state, const char *expr)
{
@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr)
const char *errmsg;
const char *start_expr = expr = skip_whitespace(expr);
unsigned expr_len = strlen(expr) + 2;
- /* Stack of integers */
- /* The proof that there can be no more than strlen(startbuf)/2+1
- * integers in any given correct or incorrect expression
- * is left as an exercise to the reader. */
+ /* Stack of integers/names */
+ /* There can be no more than strlen(startbuf)/2+1
+ * integers/names in any given correct or incorrect expression.
+ * (modulo "09v09v09v09v09v" case,
+ * but we have code to detect that early)
+ */
var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0]));
var_or_num_t *numstackptr = numstack;
/* Stack of operator tokens */
@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr)
numstackptr->var = NULL;
errno = 0;
numstackptr->val = strto_arith_t(expr, (char**) &expr);
+ /* A number can't be followed by another number, or a variable name.
+ * We'd catch this later anyway, but this would require numstack[]
+ * to be twice as deep to handle strings where _every_ char is
+ * a new number or name. Example: 09v09v09v09v09v09v09v09v09v
+ */
+ if (isalnum(*expr) || *expr == '_')
+ goto err;
//bb_error_msg("val:%lld", numstackptr->val);
if (errno)
numstackptr->val = 0; /* bash compat */
--
2.26.2

BIN
busybox-1.36.1.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

BIN
busybox-1.36.1.tar.bz2.sig
View File

Binary file not shown.

3
busybox-1.37.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3311dff32e746499f4df0d5df04d7eb396382d7e108bb9250e7b519b837043a4
size 2565764

BIN
busybox-1.37.0.tar.bz2.sig Normal file
View File

Binary file not shown.

13
busybox.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Fri Oct 4 11:55:30 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Fix busybox.config again (got broken with 1.37.0 update)
- Cleanup spec file
-------------------------------------------------------------------
Sat Sep 28 20:48:01 UTC 2024 - Matthias G. Eckermann <mge@suse.com>
- Update to 1.37.0
- remove unnecessary patch ash-fix-segfault-d417193cf.patch
- Update default config to match 1.37.0 expectations
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 14 09:15:13 UTC 2024 - Thorsten Kukuk <kukuk@suse.com> Thu Mar 14 09:15:13 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>

9
busybox.config
View File

@ -1,7 +1,6 @@
# #
# Automatically generated make config: don't edit # Automatically generated make config: don't edit
# Busybox version: 1.37.0.git # Busybox version: 1.37.0
# Fri Jan 6 09:43:46 2023
# #
CONFIG_HAVE_DOT_CONFIG=y CONFIG_HAVE_DOT_CONFIG=y
@ -17,6 +16,7 @@ CONFIG_SHOW_USAGE=y
CONFIG_FEATURE_VERBOSE_USAGE=y CONFIG_FEATURE_VERBOSE_USAGE=y
CONFIG_FEATURE_COMPRESS_USAGE=y CONFIG_FEATURE_COMPRESS_USAGE=y
CONFIG_LFS=y CONFIG_LFS=y
CONFIG_TIME64=y
# CONFIG_PAM is not set # CONFIG_PAM is not set
CONFIG_FEATURE_DEVPTS=y CONFIG_FEATURE_DEVPTS=y
CONFIG_FEATURE_UTMP=y CONFIG_FEATURE_UTMP=y
@ -469,6 +469,7 @@ CONFIG_FEATURE_FIND_INUM=y
CONFIG_FEATURE_FIND_SAMEFILE=y CONFIG_FEATURE_FIND_SAMEFILE=y
CONFIG_FEATURE_FIND_EXEC=y CONFIG_FEATURE_FIND_EXEC=y
CONFIG_FEATURE_FIND_EXEC_PLUS=y CONFIG_FEATURE_FIND_EXEC_PLUS=y
CONFIG_FEATURE_FIND_EXEC_OK=y
CONFIG_FEATURE_FIND_USER=y CONFIG_FEATURE_FIND_USER=y
CONFIG_FEATURE_FIND_GROUP=y CONFIG_FEATURE_FIND_GROUP=y
CONFIG_FEATURE_FIND_NOT=y CONFIG_FEATURE_FIND_NOT=y
@ -795,6 +796,7 @@ CONFIG_FEATURE_CROND_DIR=""
# CONFIG_FLASH_LOCK is not set # CONFIG_FLASH_LOCK is not set
# CONFIG_FLASH_UNLOCK is not set # CONFIG_FLASH_UNLOCK is not set
# CONFIG_FLASHCP is not set # CONFIG_FLASHCP is not set
CONFIG_GETFATTR=y
# CONFIG_HDPARM is not set # CONFIG_HDPARM is not set
# CONFIG_FEATURE_HDPARM_GET_IDENTITY is not set # CONFIG_FEATURE_HDPARM_GET_IDENTITY is not set
# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set # CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set
@ -933,6 +935,7 @@ CONFIG_IPRULE=y
CONFIG_IPNEIGH=y CONFIG_IPNEIGH=y
CONFIG_FEATURE_IP_ADDRESS=y CONFIG_FEATURE_IP_ADDRESS=y
CONFIG_FEATURE_IP_LINK=y CONFIG_FEATURE_IP_LINK=y
CONFIG_FEATURE_IP_LINK_CAN=y
CONFIG_FEATURE_IP_ROUTE=y CONFIG_FEATURE_IP_ROUTE=y
CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2" CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
CONFIG_FEATURE_IP_TUNNEL=y CONFIG_FEATURE_IP_TUNNEL=y
@ -1007,6 +1010,7 @@ CONFIG_FEATURE_WGET_OPENSSL=y
CONFIG_WHOIS=y CONFIG_WHOIS=y
CONFIG_ZCIP=y CONFIG_ZCIP=y
# CONFIG_UDHCPD is not set # CONFIG_UDHCPD is not set
# CONFIG_FEATURE_UDHCPD_BOOTP is not set
# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set # CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
CONFIG_DHCPD_LEASES_FILE="" CONFIG_DHCPD_LEASES_FILE=""
@ -1155,7 +1159,6 @@ CONFIG_ASH_MAIL=y
CONFIG_ASH_ECHO=y CONFIG_ASH_ECHO=y
CONFIG_ASH_PRINTF=y CONFIG_ASH_PRINTF=y
CONFIG_ASH_TEST=y CONFIG_ASH_TEST=y
CONFIG_ASH_SLEEP=y
CONFIG_ASH_HELP=y CONFIG_ASH_HELP=y
CONFIG_ASH_GETOPTS=y CONFIG_ASH_GETOPTS=y
CONFIG_ASH_CMDCMD=y CONFIG_ASH_CMDCMD=y

51
busybox.spec
View File

@ -24,11 +24,10 @@
%bcond_without static %bcond_without static
Name: busybox Name: busybox
Version: 1.36.1 Version: 1.37.0
Release: 0 Release: 0
Summary: Minimalist variant of UNIX utilities linked in a single executable Summary: Minimalist variant of UNIX utilities linked in a single executable
License: GPL-2.0-or-later License: GPL-2.0-or-later
Group: System/Base
URL: https://www.busybox.net/ URL: https://www.busybox.net/
Source: https://busybox.net/downloads/%{name}-%{version}.tar.bz2 Source: https://busybox.net/downloads/%{name}-%{version}.tar.bz2
Source2: busybox.config Source2: busybox.config
@ -42,23 +41,24 @@ Source7: busybox.config.static.warewulf3
Patch0: cpio-long-opt.patch Patch0: cpio-long-opt.patch
Patch1: sendmail-ignore-F-option.patch Patch1: sendmail-ignore-F-option.patch
Patch2: testsuite-gnu-echo.patch Patch2: testsuite-gnu-echo.patch
# PATCH-FIX-UPSTREAM shell: avoid segfault on ${0::0/0~09J} (CVE-2022-48174) https://git.busybox.net/busybox/commit/?id=d417193cf # # PATCH-FIX-UPSTREAM shell: avoid segfault on ${0::0/0~09J} (CVE-2022-48174) https://git.busybox.net/busybox/commit/?id=d417193cf
Patch3: ash-fix-segfault-d417193cf.patch # Patch3: ash-fix-segfault-d417193cf.patch
Patch4: udhcp6-install-path.patch Patch4: udhcp6-install-path.patch
Patch5: tc-no-TCA_CBQ.patch Patch5: tc-no-TCA_CBQ.patch
# other patches # other patches
Patch100: busybox.install.patch Patch100: busybox.install.patch
Provides: useradd_or_adduser_dep
BuildRequires: glibc-devel-static BuildRequires: glibc-devel-static
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libselinux)
# for test suite
BuildRequires: zip
Provides: useradd_or_adduser_dep
#in SLE12 hostname is part of the net-tools package #in SLE12 hostname is part of the net-tools package
%if %{?suse_version} && %{?suse_version} <= 1315 %if %{?suse_version} && %{?suse_version} <= 1315
BuildRequires: net-tools BuildRequires: net-tools
%else %else
BuildRequires: hostname BuildRequires: hostname
%endif %endif
BuildRequires: pkgconfig(libselinux)
# for test suite
BuildRequires: zip
%description %description
BusyBox combines tiny versions of many common UNIX utilities into a BusyBox combines tiny versions of many common UNIX utilities into a
@ -75,7 +75,6 @@ box but need special configuration, like udhcpc, the dhcp client.
%package static %package static
Summary: Static linked version of Busybox, a compact UNIX utility collection Summary: Static linked version of Busybox, a compact UNIX utility collection
Group: System/Base
%description static %description static
BusyBox combines tiny versions of many common UNIX utilities into a BusyBox combines tiny versions of many common UNIX utilities into a
@ -83,7 +82,6 @@ single executable.
%package warewulf3 %package warewulf3
Summary: Static version of Busybox - for building Warewulf3 Summary: Static version of Busybox - for building Warewulf3
Group: System/Base
%description warewulf3 %description warewulf3
This version of busybox is only for building Warewulf3 This version of busybox is only for building Warewulf3
@ -91,7 +89,6 @@ https://github.com/warewulf/warewulf3
%package testsuite %package testsuite
Summary: Testsuite of busybox Summary: Testsuite of busybox
Group: Development/Testing
Requires: %{name} = %{version} Requires: %{name} = %{version}
Requires: zip Requires: zip
@ -100,8 +97,8 @@ Using this package you can test the busybox build on different kernels and glibc
It needs to run with permission to the current directory, so either copy it away It needs to run with permission to the current directory, so either copy it away
as is or run as root: as is or run as root:
cd /usr/share/busybox/testsuite cd %{_datadir}/busybox/testsuite
PATH=/usr/share/busybox:$PATH SKIP_KNOWN_BUGS=1 ./runtest PATH=%{_datadir}/busybox:$PATH SKIP_KNOWN_BUGS=1 ./runtest
%prep %prep
#SLE12 needs an empty line after autosetup for it to expand properly (bsc#1205420) #SLE12 needs an empty line after autosetup for it to expand properly (bsc#1205420)
@ -118,31 +115,31 @@ export CC="gcc"
export HOSTCC=gcc export HOSTCC=gcc
%if %{with static} %if %{with static}
cat %{SOURCE3} %{SOURCE2} > .config cat %{SOURCE3} %{SOURCE2} > .config
make %{?_smp_mflags} -e oldconfig %make_build -e oldconfig
make -e %{?_smp_mflags} %make_build -e
mv busybox busybox-static mv busybox busybox-static
%endif %endif
%if 0%{with ww3} %if 0%{with ww3}
make -e %{?_smp_mflags} clean %make_build -e clean
cat %{SOURCE7} %{SOURCE3} %{SOURCE2} > .config cat %{SOURCE7} %{SOURCE3} %{SOURCE2} > .config
make %{?_smp_mflags} -e oldconfig %make_build -e oldconfig
make -e %{?_smp_mflags} %make_build -e
mv busybox busybox-warewulf3 mv busybox busybox-warewulf3
make -e busybox.links %{?_smp_mflags} %make_build -e busybox.links
mv busybox.links busybox-warewulf3.links mv busybox.links busybox-warewulf3.links
%endif %endif
make -e %{?_smp_mflags} clean %make_build -e clean
cp -a %{SOURCE2} .config cp -a %{SOURCE2} .config
make %{?_smp_mflags} -e oldconfig %make_build -e oldconfig
#make -e %{?_smp_mflags} #make -e %{?_smp_mflags}
make -e %make_build -e
make -e doc busybox.links %{?_smp_mflags} %make_build -e doc busybox.links
%if 0%{?suse_version} >= 1550 %if 0%{?suse_version} >= 1550
for i in busybox.links %{?with_ww3:busybox-warewulf3.links}; do for i in busybox.links %{?with_ww3:busybox-warewulf3.links}; do
sed -i -e 's,^/\(s\?bin\)/,/usr/\1/,' $i sed -i -e 's,^/\(s\?bin\)/,%{_prefix}/\1/,' $i
done done
%endif %endif
@ -164,7 +161,7 @@ install -m 0644 busybox-warewulf3.links %{buildroot}%{_datadir}/busybox
install -m 0755 busybox-warewulf3 %{buildroot}%{_bindir} install -m 0755 busybox-warewulf3 %{buildroot}%{_bindir}
%endif %endif
cp %{SOURCE2} %{buildroot}%{_datadir}/busybox/.config cp %{SOURCE2} %{buildroot}%{_datadir}/busybox/.config
ln -s %_bindir/busybox %{buildroot}%{_datadir}/busybox/busybox ln -s %{_bindir}/busybox %{buildroot}%{_datadir}/busybox/busybox
cp -a testsuite %{buildroot}%{_datadir}/busybox/testsuite cp -a testsuite %{buildroot}%{_datadir}/busybox/testsuite
%check %check
@ -175,13 +172,13 @@ export CC="gcc"
export HOSTCC=gcc export HOSTCC=gcc
export SKIP_KNOWN_BUGS=1 export SKIP_KNOWN_BUGS=1
export SKIP_INTERNET_TESTS=1 export SKIP_INTERNET_TESTS=1
make -e %{?_smp_mflags} test %make_build -e test
%files %files
%license LICENSE %license LICENSE
%doc docs/mdev.txt %doc docs/mdev.txt
%config %{_sysconfdir}/man.conf %config %{_sysconfdir}/man.conf
%doc %{_mandir}/man1/busybox.1.gz %{_mandir}/man1/busybox.1%{?ext_man}
%{_bindir}/busybox %{_bindir}/busybox
%{_bindir}/busybox.install %{_bindir}/busybox.install
%dir %{_datadir}/busybox %dir %{_datadir}/busybox