Accepting request 1057007 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1057007 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/busybox?expand=0&rev=82
2023-01-10 13:59:08 +00:00 · 2023-01-10 13:59:08 +00:00 · c3448ab9de
commit c3448ab9de
parent 348e8ec0bf 8f521dad3c
8 changed files with 64 additions and 82 deletions
--- a/busybox-1.35.0.tar.bz2
+++ b/busybox-1.35.0.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:faeeb244c35a348a334f4a59e44626ee870fb07b6884d68c10ae8bc19f83a694
-size 2480624
--- a/busybox-1.35.0.tar.bz2.sig
+++ b/busybox-1.35.0.tar.bz2.sig
--- a/busybox-1.36.0.tar.bz2
+++ b/busybox-1.36.0.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:542750c8af7cb2630e201780b4f99f3dcceeb06f505b479ec68241c1e6af61a5
+size 2523487
--- a/busybox-1.36.0.tar.bz2.sig
+++ b/busybox-1.36.0.tar.bz2.sig
--- a/busybox.changes
+++ b/busybox.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri Jan  6 08:01:46 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
+
+- Update to version 1.36.0 
+  - awk: fix use after free (CVE-2022-30065)
+  - various fixes for ash, bc, cut, fbset, kbuild, libbb, mkfs.vfat,
+    mv, powertop, sed, sort, taskset, top, udhcpc6, unzip, vi, xxd
+  - improvements in ash, cmp, crond, devmem, ed, fbset, fdisk, ls, xargs, pkill
+  - new applets added: seedrng, tree, tsort
+- Adjust busybox.config for new features
+  - ash: enable sleep built-in
+  - enable new applets: seedrng, tree, tsort
+  - enable SHA hardware acceleration
+  - try LOOP_CONFIGURE for losetup/loop mounts, but fall back to 
+    LOOP_SET_FD + LOOP_SET_STATUS if not supported
+- drop e63d7cdf.patch (fix for CVE-2022-30065), included upstream
+
 -------------------------------------------------------------------
 Tue Dec 27 10:27:35 UTC 2022 - Ludwig Nussel <lnussel@suse.com>

--- a/busybox.config
+++ b/busybox.config
@ -1,6 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.35.0
+# Busybox version: 1.37.0.git
+# Fri Jan  6 09:43:46 2023
 #
 CONFIG_HAVE_DOT_CONFIG=y

@ -92,10 +93,16 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
 # CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set
 CONFIG_PASSWORD_MINLEN=6
 CONFIG_MD5_SMALL=1
+CONFIG_SHA1_SMALL=1
+CONFIG_SHA1_HWACCEL=y
+CONFIG_SHA256_HWACCEL=y
 CONFIG_SHA3_SMALL=1
-CONFIG_FEATURE_FAST_TOP=y
-# CONFIG_FEATURE_ETC_NETWORKS is not set
-# CONFIG_FEATURE_ETC_SERVICES is not set
+CONFIG_FEATURE_NON_POSIX_CP=y
+# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
+CONFIG_FEATURE_USE_SENDFILE=y
+CONFIG_FEATURE_COPYBUF_KB=4
+CONFIG_MONOTONIC_SYSCALL=y
+CONFIG_IOCTL_HEX2STR_ERROR=y
 CONFIG_FEATURE_EDITING=y
 CONFIG_FEATURE_EDITING_MAX_LEN=1024
 # CONFIG_FEATURE_EDITING_VI is not set
@ -119,14 +126,9 @@ CONFIG_LAST_SUPPORTED_WCHAR=767
 # CONFIG_UNICODE_BIDI_SUPPORT is not set
 # CONFIG_UNICODE_NEUTRAL_TABLE is not set
 # CONFIG_UNICODE_PRESERVE_BROKEN is not set
-CONFIG_FEATURE_NON_POSIX_CP=y
-# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
-CONFIG_FEATURE_USE_SENDFILE=y
-CONFIG_FEATURE_COPYBUF_KB=4
-CONFIG_FEATURE_SKIP_ROOTFS=y
-CONFIG_MONOTONIC_SYSCALL=y
-CONFIG_IOCTL_HEX2STR_ERROR=y
-CONFIG_FEATURE_HWIB=y
+# CONFIG_LOOP_CONFIGURE is not set
+# CONFIG_NO_LOOP_CONFIGURE is not set
+CONFIG_TRY_LOOP_CONFIGURE=y

 #
 # Applets
@ -198,12 +200,22 @@ CONFIG_FEATURE_UNZIP_XZ=y
 #
 # Coreutils
 #
+CONFIG_FEATURE_VERBOSE=y

 #
 # Common options for date and touch
 #
 CONFIG_FEATURE_TIMEZONE=y

+#
+# Common options for cp and mv
+#
+CONFIG_FEATURE_PRESERVE_HARDLINKS=y
+
+#
+# Common options for df, du, ls
+#
+CONFIG_FEATURE_HUMAN_READABLE=y
 CONFIG_BASENAME=y
 CONFIG_CAT=y
 CONFIG_FEATURE_CATN=y
@ -232,6 +244,7 @@ CONFIG_FEATURE_DD_IBS_OBS=y
 CONFIG_FEATURE_DD_STATUS=y
 CONFIG_DF=y
 CONFIG_FEATURE_DF_FANCY=y
+CONFIG_FEATURE_SKIP_ROOTFS=y
 CONFIG_DIRNAME=y
 CONFIG_DOS2UNIX=y
 CONFIG_UNIX2DOS=y
@ -331,6 +344,7 @@ CONFIG_FEATURE_TR_CLASSES=y
 CONFIG_FEATURE_TR_EQUIV=y
 CONFIG_TRUE=y
 CONFIG_TRUNCATE=y
+CONFIG_TSORT=y
 CONFIG_TTY=y
 CONFIG_UNAME=y
 CONFIG_UNAME_OSNAME="GNU/Linux"
@ -350,21 +364,6 @@ CONFIG_USERS=y
 CONFIG_WHOAMI=y
 CONFIG_YES=y

-#
-# Common options
-#
-CONFIG_FEATURE_VERBOSE=y
-
-#
-# Common options for cp and mv
-#
-CONFIG_FEATURE_PRESERVE_HARDLINKS=y
-
-#
-# Common options for df, du, ls
-#
-CONFIG_FEATURE_HUMAN_READABLE=y
-
 #
 # Console Utilities
 #
@ -467,6 +466,7 @@ CONFIG_FEATURE_FIND_XDEV=y
 CONFIG_FEATURE_FIND_MAXDEPTH=y
 CONFIG_FEATURE_FIND_NEWER=y
 CONFIG_FEATURE_FIND_INUM=y
+CONFIG_FEATURE_FIND_SAMEFILE=y
 CONFIG_FEATURE_FIND_EXEC=y
 CONFIG_FEATURE_FIND_EXEC_PLUS=y
 CONFIG_FEATURE_FIND_USER=y
@ -483,7 +483,6 @@ CONFIG_FEATURE_FIND_PATH=y
 CONFIG_FEATURE_FIND_REGEX=y
 # CONFIG_FEATURE_FIND_CONTEXT is not set
 CONFIG_FEATURE_FIND_LINKS=y
-CONFIG_FEATURE_FIND_SAMEFILE=y
 CONFIG_GREP=y
 CONFIG_EGREP=y
 CONFIG_FGREP=y
@ -839,10 +838,12 @@ CONFIG_MAN=y
 # CONFIG_RFKILL is not set
 # CONFIG_RUNLEVEL is not set
 # CONFIG_RX is not set
+CONFIG_SEEDRNG=y
 CONFIG_SETFATTR=y
 # CONFIG_SETSERIAL is not set
 CONFIG_STRINGS=y
 CONFIG_TIME=y
+CONFIG_TREE=y
 # CONFIG_TS is not set
 CONFIG_TTYSIZE=y
 # CONFIG_UBIATTACH is not set
@ -863,6 +864,9 @@ CONFIG_FEATURE_IPV6=y
 # CONFIG_FEATURE_UNIX_LOCAL is not set
 CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y
 CONFIG_VERBOSE_RESOLUTION_ERRORS=y
+# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_ETC_SERVICES is not set
+CONFIG_FEATURE_HWIB=y
 # CONFIG_FEATURE_TLS_SHA1 is not set
 CONFIG_ARP=y
 CONFIG_ARPING=y
@ -881,6 +885,7 @@ CONFIG_ETHER_WAKE=y
 CONFIG_HOSTNAME=y
 CONFIG_DNSDOMAINNAME=y
 # CONFIG_HTTPD is not set
+CONFIG_FEATURE_HTTPD_PORT_DEFAULT=0
 # CONFIG_FEATURE_HTTPD_RANGES is not set
 # CONFIG_FEATURE_HTTPD_SETUID is not set
 # CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set
@ -973,6 +978,7 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y
 CONFIG_FEATURE_TELNET_WIDTH=y
 # CONFIG_TELNETD is not set
 # CONFIG_FEATURE_TELNETD_STANDALONE is not set
+CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0
 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
 CONFIG_TFTP=y
 CONFIG_FEATURE_TFTP_PROGRESS_BAR=y
@ -1010,11 +1016,16 @@ CONFIG_UDHCPC=y
 # CONFIG_FEATURE_UDHCPC_ARPING is not set
 # CONFIG_FEATURE_UDHCPC_SANITIZEOPT is not set
 CONFIG_UDHCPC_DEFAULT_SCRIPT=""
+CONFIG_UDHCPC6_DEFAULT_SCRIPT=""
 # CONFIG_UDHCPC6 is not set
 # CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
 # CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
 # CONFIG_FEATURE_UDHCPC6_RFC4833 is not set
 # CONFIG_FEATURE_UDHCPC6_RFC5970 is not set
+
+#
+# Common options for DHCP applets
+#
 CONFIG_UDHCPC_DEFAULT_INTERFACE=""
 # CONFIG_FEATURE_UDHCP_PORT is not set
 CONFIG_UDHCP_DEBUG=0
@ -1033,17 +1044,19 @@ CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
 #
 # Mail Utilities
 #
+CONFIG_FEATURE_MIME_CHARSET="us-ascii"
 # CONFIG_MAKEMIME is not set
 # CONFIG_POPMAILDIR is not set
 # CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set
 # CONFIG_REFORMIME is not set
 # CONFIG_FEATURE_REFORMIME_COMPAT is not set
 CONFIG_SENDMAIL=y
-CONFIG_FEATURE_MIME_CHARSET="us-ascii"

 #
 # Process Utilities
 #
+CONFIG_FEATURE_FAST_TOP=y
+CONFIG_FEATURE_SHOW_THREADS=y
 CONFIG_FREE=y
 CONFIG_FUSER=y
 CONFIG_IOSTAT=y
@ -1082,7 +1095,6 @@ CONFIG_FEATURE_TOPMEM=y
 CONFIG_UPTIME=y
 CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y
 CONFIG_WATCH=y
-CONFIG_FEATURE_SHOW_THREADS=y

 #
 # Runit Utilities
@ -1143,6 +1155,7 @@ CONFIG_ASH_MAIL=y
 CONFIG_ASH_ECHO=y
 CONFIG_ASH_PRINTF=y
 CONFIG_ASH_TEST=y
+CONFIG_ASH_SLEEP=y
 CONFIG_ASH_HELP=y
 CONFIG_ASH_GETOPTS=y
 CONFIG_ASH_CMDCMD=y
--- a/busybox.spec
+++ b/busybox.spec
@ -24,7 +24,7 @@
 %bcond_without  static

 Name:           busybox
-Version:        1.35.0
+Version:        1.36.0
 Release:        0
 Summary:        Minimalist variant of UNIX utilities linked in a single executable
 License:        GPL-2.0-or-later
@ -42,8 +42,6 @@ Source7:        busybox.config.static.warewulf3
 Patch0:         cpio-long-opt.patch
 Patch1:         sendmail-ignore-F-option.patch
 Patch2:         testsuite-gnu-echo.patch
-# PATCH-FIX-UPSTREAM e63d7cdf.patch CVE-2022-30065 - awk: fix use after free (rebased https://github.com/mirror/busybox/commit/e63d7cdf.patch)
-Patch3:         e63d7cdf.patch
 # other patches
 Patch100:       busybox.install.patch
 Provides:       useradd_or_adduser_dep
--- a/e63d7cdf.patch
+++ b/e63d7cdf.patch
@ -1,46 +0,0 @@
-From e63d7cdfdac78c6fd27e9e63150335767592b85e Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Fri, 17 Jun 2022 17:45:34 +0200
-Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
-
-fixes https://bugs.busybox.net/show_bug.cgi?id=14781
-
-function                                             old     new   delta
-evaluate                                            3343    3357     +14
-
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
- editors/awk.c       | 3 +++
- testsuite/awk.tests | 6 ++++++
- 2 files changed, 9 insertions(+)
-
-Index: busybox-1.35.0/editors/awk.c
-===================================================================
--- busybox-1.35.0.orig/editors/awk.c
-+++ busybox-1.35.0/editors/awk.c
-@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
- 
- 		case XC( OC_MOVE ):
- 			debug_printf_eval("MOVE\n");
-+			/* make sure that we never return a temp var */
-+			if (L.v == TMPVAR0)
-+				L.v = res;
- 			/* if source is a temporary string, jusk relink it to dest */
- 			if (R.v == TMPVAR1
- 			 && !(R.v->type & VF_NUMBER)
-Index: busybox-1.35.0/testsuite/awk.tests
-===================================================================
--- busybox-1.35.0.orig/testsuite/awk.tests
-+++ busybox-1.35.0/testsuite/awk.tests
-@@ -469,4 +469,10 @@ testing 'awk printf %% prints one %' \
- 	"%\n" \
- 	'' ''
- 
-+testing 'awk assign while test' \
-+	"awk '\$1==\$1=\"foo\" {print \$1}'" \
-+	"foo\n" \
-+	"" \
-+	"foo"
-+
- exit $FAILCOUNT