diff --git a/backport-CVE-2018-1000500.patch b/backport-CVE-2018-1000500.patch deleted file mode 100644 index 2718fa63035bb2693ecc8783d9a9a7212d01a816..0000000000000000000000000000000000000000 --- a/backport-CVE-2018-1000500.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 45fa3f18adf57ef9d743038743d9c90573aeeb91 Mon Sep 17 00:00:00 2001 -From: Dimitri John Ledkov -Date: Tue, 19 May 2020 18:20:39 +0100 -Subject: [PATCH] wget: implement TLS verification with ENABLE_FEATURE_WGET_OPENSSL - -When ENABLE_FEATURE_WGET_OPENSSL is enabled, correctly implement TLS -verification by default. And only ignore verification errors, if ---no-check-certificate was passed. - -Also note, that previously OPENSSL implementation did not implement -TLS verification, nor printed any warning messages that verification -was not performed. - -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1879533 - -CVE-2018-1000500 - -Signed-off-by: Dimitri John Ledkov -Signed-off-by: Denys Vlasenko - ---- - networking/wget.c | 22 ++++++++++++++++++---- - 1 file changed, 18 insertions(+), 4 deletions(-) - -diff --git a/networking/wget.c b/networking/wget.c -index 9153264..de66ef2 100644 ---- a/networking/wget.c -+++ b/networking/wget.c -@@ -91,6 +91,9 @@ - //config: patches, but do want to waste bandwidth expaining how wrong - //config: it is, you will be ignored. - //config: -+//config: FEATURE_WGET_OPENSSL does implement TLS verification -+//config: using the certificates available to OpenSSL. -+//config: - //config:config FEATURE_WGET_OPENSSL - //config: bool "Try to connect to HTTPS using openssl" - //config: default y -@@ -115,7 +118,10 @@ - //config: If openssl can't be executed, internal TLS code will be used - //config: (if you enabled it); if openssl can be executed but fails later, - //config: wget can't detect this, and download will fail. -- -+//config: -+//config: By default TLS verification is performed, unless -+//config: --no-check-certificate option is passed. -+// - //applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP)) - - //kbuild:lib-$(CONFIG_WGET) += wget.o -@@ -124,8 +130,11 @@ - //usage: IF_FEATURE_WGET_LONG_OPTIONS( - //usage: "[-c|--continue] [--spider] [-q|--quiet] [-O|--output-document FILE]\n" - //usage: " [-o|--output-file FILE] [--header 'header: value'] [-Y|--proxy on/off]\n" -+//usage: IF_FEATURE_WGET_OPENSSL( -+//usage: " [--no-check-certificate]\n" -+//usage: ) - /* Since we ignore these opts, we don't show them in --help */ --/* //usage: " [--no-check-certificate] [--no-cache] [--passive-ftp] [-t TRIES]" */ -+/* //usage: " [--no-cache] [--passive-ftp] [-t TRIES]" */ - /* //usage: " [-nv] [-nc] [-nH] [-np]" */ - //usage: " [-P DIR] [-S|--server-response] [-U|--user-agent AGENT]" IF_FEATURE_WGET_TIMEOUT(" [-T SEC]") " URL..." - //usage: ) -@@ -137,7 +146,9 @@ - //usage: "Retrieve files via HTTP or FTP\n" - //usage: IF_FEATURE_WGET_LONG_OPTIONS( - //usage: "\n --spider Only check URL existence: $? is 0 if exists" --///////: "\n --no-check-certificate Don't validate the server's certificate" -+//usage: IF_FEATURE_WGET_OPENSSL( -+//usage: "\n --no-check-certificate Don't validate the server's certificate" -+//usage: ) - //usage: ) - //usage: "\n -c Continue retrieval of aborted transfer" - //usage: "\n -q Quiet" -@@ -662,7 +673,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - pid = xvfork(); - if (pid == 0) { - /* Child */ -- char *argv[8]; -+ char *argv[9]; - - close(sp[0]); - xmove_fd(sp[1], 0); -@@ -689,6 +700,9 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) - argv[5] = (char*)"-servername"; - argv[6] = (char*)servername; - } -+ if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { -+ argv[7] = (char*)"-verify_return_error"; -+ } - - BB_EXECVP(argv[0], argv); - xmove_fd(3, 2); --- -2.23.0 - diff --git a/backport-CVE-2021-28831.patch b/backport-CVE-2021-28831.patch deleted file mode 100755 index efcbde4ee46e6c11cfd5f707444b0fd58772cd3f..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-28831.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 26d06cef6684055a30cce5922095d22e8a9a91e3 Mon Sep 17 00:00:00 2001 -From: leizhongkai -Date: Sat, 17 Apr 2021 14:27:23 +0800 -Subject: [PATCH] busybox: fix CVE-2021-28831 - -backoprt from upstream: -https://git.busybox.net/busybox/patch/?id=dbd3b883a891f076911d752f56f7a906d5650a17 - -Signed-off-by: leizhongkai ---- - archival/libarchive/decompress_gunzip.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c -index 7f9046b..3eeae76 100644 ---- a/archival/libarchive/decompress_gunzip.c -+++ b/archival/libarchive/decompress_gunzip.c -@@ -222,10 +222,21 @@ static const uint8_t border[] ALIGN1 = { - * each table. - * t: table to free - */ -+#define BAD_HUFT(p) ((uintptr_t)(p) & 1) -+#define ERR_RET ((huft_t*)(uintptr_t)1) - static void huft_free(huft_t *p) - { - huft_t *q; - -+ /* -+ * If 'p' has the error bit set we have to clear it, otherwise we might run -+ * into a segmentation fault or an invalid pointer to free(p) -+ */ -+ if (BAD_HUFT(p)) { -+ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET)); -+ } -+ -+ - /* Go through linked list, freeing from the malloced (t[-1]) address. */ - while (p) { - q = (--p)->v.t; --- -2.23.0 - diff --git a/backport-bugfix-remove-stime-calls.patch b/backport-bugfix-remove-stime-calls.patch deleted file mode 100644 index 83b6bb310971ee1e69077eb05b86da1b208dc4b0..0000000000000000000000000000000000000000 --- a/backport-bugfix-remove-stime-calls.patch +++ /dev/null @@ -1,96 +0,0 @@ -From d3539be8f27b8cbfdfee460fe08299158f08bcd9 Mon Sep 17 00:00:00 2001 -From: d3539be8f27b8cbfdfee460fe08299158f08bcd9 Mon Sep 17 00:00:00 2001 -Date: Tue, 19 Nov 2019 13:06:40 +0100 -Subject: [PATCH] Remove stime() function calls - -stime() has been deprecated in glibc 2.31 and replaced with -clock_settime(). Let's replace the stime()function calls with -clock_settime() in preperation. - -function old new delta -rdate_main 197 224 +27 -clock_settime - 27 +27 -date_main 926 941 +15 -stime 37 - -37 ------------------------------------------------------------------------------- -(add/remove: 2/2 grow/shrink: 2/0 up/down: 69/-37) Total: 32 bytes - -Signed-off-by: Alistair Francis -Signed-off-by: Denys Vlasenko ---- - coreutils/date.c | 8 ++++++-- - libbb/missing_syscalls.c | 8 -------- - util-linux/rdate.c | 10 +++++++--- - 3 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/coreutils/date.c b/coreutils/date.c -index 3414d38..f7f8fe1 100644 ---- a/coreutils/date.c -+++ b/coreutils/date.c -@@ -279,6 +279,9 @@ int date_main(int argc UNUSED_PARAM, char **argv) - time(&ts.tv_sec); - #endif - } -+#if !ENABLE_FEATURE_DATE_NANO -+ ts.tv_nsec = 0; -+#endif - localtime_r(&ts.tv_sec, &tm_time); - - /* If date string is given, update tm_time, and maybe set date */ -@@ -301,10 +304,11 @@ int date_main(int argc UNUSED_PARAM, char **argv) - if (date_str[0] != '@') - tm_time.tm_isdst = -1; - ts.tv_sec = validate_tm_time(date_str, &tm_time); -+ ts.tv_nsec = 0; - - /* if setting time, set it */ -- if ((opt & OPT_SET) && stime(&ts.tv_sec) < 0) { -- bb_perror_msg("can't set date"); -+ if ((opt & OPT_SET) && clock_settime(CLOCK_REALTIME, &ts) < 0) { -+ bb_simple_perror_msg("can't set date"); - } - } - -diff --git a/libbb/missing_syscalls.c b/libbb/missing_syscalls.c -index 87cf59b..dc40d91 100644 ---- a/libbb/missing_syscalls.c -+++ b/libbb/missing_syscalls.c -@@ -15,14 +15,6 @@ pid_t getsid(pid_t pid) - return syscall(__NR_getsid, pid); - } - --int stime(const time_t *t) --{ -- struct timeval tv; -- tv.tv_sec = *t; -- tv.tv_usec = 0; -- return settimeofday(&tv, NULL); --} -- - int sethostname(const char *name, size_t len) - { - return syscall(__NR_sethostname, name, len); -diff --git a/util-linux/rdate.c b/util-linux/rdate.c -index 70f829e..bab41d9 100644 ---- a/util-linux/rdate.c -+++ b/util-linux/rdate.c -@@ -95,9 +95,13 @@ int rdate_main(int argc UNUSED_PARAM, char **argv) - if (!(flags & 2)) { /* no -p (-s may be present) */ - if (time(NULL) == remote_time) - bb_error_msg("current time matches remote time"); -- else -- if (stime(&remote_time) < 0) -- bb_perror_msg_and_die("can't set time of day"); -+ else { -+ struct timespec ts; -+ ts.tv_sec = remote_time; -+ ts.tv_nsec = 0; -+ if (clock_settime(CLOCK_REALTIME, &ts) < 0) -+ bb_simple_perror_msg_and_die("can't set time of day"); -+ } - } - - if (flags != 1) /* not lone -s */ --- -2.11.0 - diff --git a/busybox-1.31.1.tar.bz2 b/busybox-1.31.1.tar.bz2 deleted file mode 100644 index ec52d27b37528f0569137b9b97e35213df634463..0000000000000000000000000000000000000000 Binary files a/busybox-1.31.1.tar.bz2 and /dev/null differ diff --git a/busybox-1.33.1.tar.bz2 b/busybox-1.33.1.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..e0bf11226e61a29ec1c1ef7e46674846e8355c6b Binary files /dev/null and b/busybox-1.33.1.tar.bz2 differ diff --git a/busybox.spec b/busybox.spec index 520d74b46d99a6c1de92fd98a004907838b835f0..00ec7ff9efe8a009de0b360e0177aa113d8efe48 100644 --- a/busybox.spec +++ b/busybox.spec @@ -1,10 +1,10 @@ #spec file for busybox %if "%{!?VERSION:1}" -%define VERSION 1.31.1 +%define VERSION 1.33.1 %endif %if "%{!?RELEASE:1}" -%define RELEASE 8 +%define RELEASE 9 %endif Name: busybox @@ -19,14 +19,9 @@ Source1: busybox-static.config Source2: busybox-petitboot.config Source3: busybox-dynamic.config -#backport -Patch6000: backport-bugfix-remove-stime-calls.patch -Patch6001: backport-CVE-2018-1000500.patch -Patch6002: backport-CVE-2021-28831.patch - BuildRoot: %_topdir/BUILDROOT #Dependency -BuildRequires: gcc glibc-static git +BuildRequires: gcc glibc-static BuildRequires: libselinux-devel >= 1.27.7-2 BuildRequires: libsepol-devel libselinux-static libsepol-static @@ -55,7 +50,7 @@ This package contains help documentation for busybox %prep # auto apply all needed patch with git -%autosetup -n %{name}-%{version} -p1 -Sgit -v +%autosetup -n %{name}-%{version} -p1 -v %build export CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="-Wl,-z,now" @@ -98,6 +93,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Fri Aug 13 2021 jikui - 1:1.33.1-9 +- Type:enhancement +- Id:NA +- SUG:NA +- DESC:update busybox to 1.33.1 + * Fri Apr 30 2021 caihaomin - 1:1.31.1-8 - Type:CVE - CVE:CVE-2021-28831