[LEDE-DEV] [PATCH] busybox: update to version 1.28.1

Daniel Golle daniel at makrotopia.org
Tue Mar 27 09:42:52 PDT 2018


Addresses CVE-2017-15873 and CVE-2017-15874.
Patch 600-cve-2017-16544.patch replaced by upstream fix.
Some smaller changes mostly related to the elimination of
getops's opt_complementary were needed for other patches.

Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 package/utils/busybox/Makefile                     |  6 ++--
 .../busybox/patches/200-udhcpc_reduce_msgs.patch   |  4 +--
 .../patches/201-udhcpc_changed_ifindex.patch       |  2 +-
 .../patches/203-udhcpc_renew_no_deconfig.patch     |  2 +-
 .../busybox/patches/230-add_nslookup_lede.patch    |  5 ++--
 .../utils/busybox/patches/250-date-k-flag.patch    | 31 +++++++++----------
 .../patches/510-move-passwd-applet-to-bin.patch    |  2 +-
 .../utils/busybox/patches/600-cve-2017-16544.patch | 35 ----------------------
 8 files changed, 26 insertions(+), 61 deletions(-)
 delete mode 100644 package/utils/busybox/patches/600-cve-2017-16544.patch

diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index 623fbd5896..85ceaa5cd2 100644
--- a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
-PKG_VERSION:=1.27.2
-PKG_RELEASE:=3
+PKG_VERSION:=1.28.1
+PKG_RELEASE:=1
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.busybox.net/downloads \
 		http://sources.buildroot.net
-PKG_HASH:=9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df
+PKG_HASH:=98fe1d3c311156c597cd5cfa7673bb377dc552b6fa20b5d3834579da3b13652e
 
 PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc BUSYBOX_CONFIG_PAM:libpam
 PKG_BUILD_PARALLEL:=1
diff --git a/package/utils/busybox/patches/200-udhcpc_reduce_msgs.patch b/package/utils/busybox/patches/200-udhcpc_reduce_msgs.patch
index 5f64c19d05..a47c4fcc10 100644
--- a/package/utils/busybox/patches/200-udhcpc_reduce_msgs.patch
+++ b/package/utils/busybox/patches/200-udhcpc_reduce_msgs.patch
@@ -1,6 +1,6 @@
 --- a/networking/udhcp/dhcpc.c
 +++ b/networking/udhcp/dhcpc.c
-@@ -706,6 +706,7 @@ static int bcast_or_ucast(struct dhcp_pa
+@@ -711,6 +711,7 @@ static int bcast_or_ucast(struct dhcp_pa
  static NOINLINE int send_discover(uint32_t xid, uint32_t requested)
  {
  	struct dhcp_packet packet;
@@ -8,7 +8,7 @@
  
  	/* Fill in: op, htype, hlen, cookie, chaddr fields,
  	 * random xid field (we override it below),
-@@ -723,6 +724,7 @@ static NOINLINE int send_discover(uint32
+@@ -728,6 +729,7 @@ static NOINLINE int send_discover(uint32
  	 */
  	add_client_options(&packet);
  
diff --git a/package/utils/busybox/patches/201-udhcpc_changed_ifindex.patch b/package/utils/busybox/patches/201-udhcpc_changed_ifindex.patch
index 727f69409c..51b15a73cc 100644
--- a/package/utils/busybox/patches/201-udhcpc_changed_ifindex.patch
+++ b/package/utils/busybox/patches/201-udhcpc_changed_ifindex.patch
@@ -1,6 +1,6 @@
 --- a/networking/udhcp/dhcpc.c
 +++ b/networking/udhcp/dhcpc.c
-@@ -1442,6 +1442,12 @@ int udhcpc_main(int argc UNUSED_PARAM, c
+@@ -1417,6 +1417,12 @@ int udhcpc_main(int argc UNUSED_PARAM, c
  		/* silence "uninitialized!" warning */
  		unsigned timestamp_before_wait = timestamp_before_wait;
  
diff --git a/package/utils/busybox/patches/203-udhcpc_renew_no_deconfig.patch b/package/utils/busybox/patches/203-udhcpc_renew_no_deconfig.patch
index 7b77d2970b..f8e6640389 100644
--- a/package/utils/busybox/patches/203-udhcpc_renew_no_deconfig.patch
+++ b/package/utils/busybox/patches/203-udhcpc_renew_no_deconfig.patch
@@ -1,6 +1,6 @@
 --- a/networking/udhcp/dhcpc.c
 +++ b/networking/udhcp/dhcpc.c
-@@ -1112,7 +1112,6 @@ static void perform_renew(void)
+@@ -1124,7 +1124,6 @@ static void perform_renew(void)
  		state = RENEW_REQUESTED;
  		break;
  	case RENEW_REQUESTED: /* impatient are we? fine, square 1 */
diff --git a/package/utils/busybox/patches/230-add_nslookup_lede.patch b/package/utils/busybox/patches/230-add_nslookup_lede.patch
index 14c0e87b33..acfc788d19 100644
--- a/package/utils/busybox/patches/230-add_nslookup_lede.patch
+++ b/package/utils/busybox/patches/230-add_nslookup_lede.patch
@@ -34,7 +34,7 @@ Signed-off-by: Jo-Philipp Wich <jo at mein.io>
  # However, on *other platforms* it fails when some of those flags
 --- /dev/null
 +++ b/networking/nslookup_lede.c
-@@ -0,0 +1,915 @@
+@@ -0,0 +1,914 @@
 +/*
 + * nslookup_lede - musl compatible replacement for busybox nslookup
 + *
@@ -782,8 +782,7 @@ Signed-off-by: Jo-Philipp Wich <jo at mein.io>
 +	applet_long_options = nslookup_longopts;
 +#endif
 +
-+	opt_complementary = "q::";
-+	opts = getopt32(argv, "+q:*p:+r:+t:+s",
++	opts = getopt32(argv, "+q:*p:+r:+t:+s" "\0" "q::",
 +	                &type_strings, &default_port,
 +	                &default_retry, &default_timeout);
 +
diff --git a/package/utils/busybox/patches/250-date-k-flag.patch b/package/utils/busybox/patches/250-date-k-flag.patch
index 476440f62a..3a85312e2f 100644
--- a/package/utils/busybox/patches/250-date-k-flag.patch
+++ b/package/utils/busybox/patches/250-date-k-flag.patch
@@ -1,6 +1,6 @@
 --- a/coreutils/date.c
 +++ b/coreutils/date.c
-@@ -122,6 +122,7 @@
+@@ -123,6 +123,7 @@
  //usage:	IF_FEATURE_DATE_ISOFMT(
  //usage:     "\n	-D FMT		Use FMT for -d TIME conversion"
  //usage:	)
@@ -8,7 +8,7 @@
  //usage:     "\n"
  //usage:     "\nRecognized TIME formats:"
  //usage:     "\n	hh:mm[:ss]"
-@@ -138,9 +139,8 @@
+@@ -139,9 +140,8 @@
  
  #include "libbb.h"
  #include "common_bufsiz.h"
@@ -20,7 +20,7 @@
  
  enum {
  	OPT_RFC2822   = (1 << 0), /* R */
-@@ -148,8 +148,9 @@ enum {
+@@ -149,8 +149,9 @@ enum {
  	OPT_UTC       = (1 << 2), /* u */
  	OPT_DATE      = (1 << 3), /* d */
  	OPT_REFERENCE = (1 << 4), /* r */
@@ -31,8 +31,8 @@
 +	OPT_HINT      = (1 << 7) * ENABLE_FEATURE_DATE_ISOFMT, /* D */
  };
  
- static void maybe_set_utc(int opt)
-@@ -167,12 +168,15 @@ static const char date_longopts[] ALIGN1
+ #if ENABLE_LONG_OPTS
+@@ -162,6 +163,7 @@ static const char date_longopts[] ALIGN1
  	/*	"universal\0" No_argument       "u" */
  		"date\0"      Required_argument "d"
  		"reference\0" Required_argument "r"
@@ -40,6 +40,7 @@
  		;
  #endif
  
+@@ -181,6 +183,8 @@ static void maybe_set_utc(int opt)
  int date_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  int date_main(int argc UNUSED_PARAM, char **argv)
  {
@@ -48,16 +49,16 @@
  	struct timespec ts;
  	struct tm tm_time;
  	char buf_fmt_dt2str[64];
-@@ -187,7 +191,7 @@ int date_main(int argc UNUSED_PARAM, cha
- 	opt_complementary = "d--s:s--d"
- 		IF_FEATURE_DATE_ISOFMT(":R--I:I--R");
- 	IF_LONG_OPTS(applet_long_options = date_longopts;)
--	opt = getopt32(argv, "Rs:ud:r:"
-+	opt = getopt32(argv, "Rs:ud:r:k"
- 			IF_FEATURE_DATE_ISOFMT("I::D:"),
- 			&date_str, &date_str, &filename
- 			IF_FEATURE_DATE_ISOFMT(, &isofmt_arg, &fmt_str2dt));
-@@ -244,6 +248,31 @@ int date_main(int argc UNUSED_PARAM, cha
+@@ -193,7 +197,7 @@ int date_main(int argc UNUSED_PARAM, cha
+ 	char *isofmt_arg = NULL;
+ 
+ 	opt = getopt32long(argv, "^"
+-			"Rs:ud:r:"
++			"Rs:ud:r:k"
+ 			IF_FEATURE_DATE_ISOFMT("I::D:")
+ 			"\0"
+ 			"d--s:s--d"
+@@ -256,6 +260,31 @@ int date_main(int argc UNUSED_PARAM, cha
  	if (*argv)
  		bb_show_usage();
  
diff --git a/package/utils/busybox/patches/510-move-passwd-applet-to-bin.patch b/package/utils/busybox/patches/510-move-passwd-applet-to-bin.patch
index b19d1c9a39..7dc2cd3ff4 100644
--- a/package/utils/busybox/patches/510-move-passwd-applet-to-bin.patch
+++ b/package/utils/busybox/patches/510-move-passwd-applet-to-bin.patch
@@ -1,7 +1,7 @@
 --- a/loginutils/passwd.c
 +++ b/loginutils/passwd.c
 @@ -23,7 +23,7 @@
- //config:	  With this option passwd will refuse new passwords which are "weak".
+ //config:	With this option passwd will refuse new passwords which are "weak".
  
  //applet:/* Needs to be run by root or be suid root - needs to change /etc/{passwd,shadow}: */
 -//applet:IF_PASSWD(APPLET(passwd, BB_DIR_USR_BIN, BB_SUID_REQUIRE))
diff --git a/package/utils/busybox/patches/600-cve-2017-16544.patch b/package/utils/busybox/patches/600-cve-2017-16544.patch
deleted file mode 100644
index 3b142bdd64..0000000000
--- a/package/utils/busybox/patches/600-cve-2017-16544.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c3797d40a1c57352192c6106cc0f435e7d9c11e8 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux at googlemail.com>
-Date: Tue, 7 Nov 2017 18:09:29 +0100
-Subject: lineedit: do not tab-complete any strings which have control
- characters
-
-function                                             old     new   delta
-add_match                                             41      68     +27
-
-Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
----
- libbb/lineedit.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
---- a/libbb/lineedit.c
-+++ b/libbb/lineedit.c
-@@ -633,6 +633,18 @@ static void free_tab_completion_data(voi
- 
- static void add_match(char *matched)
- {
-+	unsigned char *p = (unsigned char*)matched;
-+	while (*p) {
-+		/* ESC attack fix: drop any string with control chars */
-+		if (*p < ' '
-+		 || (!ENABLE_UNICODE_SUPPORT && *p >= 0x7f)
-+		 || (ENABLE_UNICODE_SUPPORT && *p == 0x7f)
-+		) {
-+			free(matched);
-+			return;
-+		}
-+		p++;
-+	}
- 	matches = xrealloc_vector(matches, 4, num_matches);
- 	matches[num_matches] = matched;
- 	num_matches++;
-- 
2.16.2




More information about the Lede-dev mailing list