diff --git a/backport-CVE-2021-42373.patch b/backport-CVE-2021-42373.patch deleted file mode 100644 index 2edec1bf7d982117b5e073d6904c1bbd1a00f911..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-42373.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 6dc5bd57af2f5cc6b8c953d2b223d3b012b2400b Mon Sep 17 00:00:00 2001 -From: xiechengliang -Date: Fri, 19 Nov 2021 18:34:10 +0800 -Subject: [PATCH] busybox: fix CVE-2021-42373 - -backport from upstream: -https://git.busybox.net/busybox/commit/?id=4d4fc5ca5ee4faae5dc4237f801d9527a3fb20cc - -Signed-off-by: xiechengliang ---- - miscutils/man.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/miscutils/man.c b/miscutils/man.c -index 722f6641e..d319e8bba 100644 ---- a/miscutils/man.c -+++ b/miscutils/man.c -@@ -324,7 +324,7 @@ int man_main(int argc UNUSED_PARAM, char **argv) - - /* is 1st ARG a SECTION? */ - sec_list = conf_sec_list; -- if (is_section_name(conf_sec_list, *argv)) { -+ if (is_section_name(conf_sec_list, *argv) && argv[1]) { - /* yes */ - sec_list = *argv++; - } --- -2.27.0 - diff --git a/backport-CVE-2021-42374.patch b/backport-CVE-2021-42374.patch deleted file mode 100644 index 546f6add2bb9c66e6efc866c450f1b3bc0ad2780..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-42374.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 479e2e47de5f2a9a3ecedda264976bde6945ce60 Mon Sep 17 00:00:00 2001 -From: jikui -Date: Mon, 22 Nov 2021 10:24:24 +0800 -Subject: [PATCH] busybox: fix CVE-2021-42374 - -backport from upstream: -https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 - -Signed-off-by: jikui ---- - archival/libarchive/decompress_unlzma.c | 5 ++++- - testsuite/unlzma.tests | 10 ++++++---- - 2 files changed, 10 insertions(+), 5 deletions(-) - -diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c -index 0744f23..fb5aac8 100644 ---- a/archival/libarchive/decompress_unlzma.c -+++ b/archival/libarchive/decompress_unlzma.c -@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate) - uint32_t pos; - - pos = buffer_pos - rep0; -- if ((int32_t)pos < 0) -+ if ((int32_t)pos < 0) { - pos += header.dict_size; -+ if ((int32_t)pos < 0) -+ goto bad; -+ } - match_byte = buffer[pos]; - do { - int bit; -diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests -index 0e98afe..8c120b1 100755 ---- a/testsuite/unlzma.tests -+++ b/testsuite/unlzma.tests -@@ -8,14 +8,16 @@ - - # Damaged encrypted streams - testing "unlzma (bad archive 1)" \ -- "unlzma /dev/null; echo \$?" \ --"1 -+ "unlzma &1 >/dev/null; echo \$?" \ -+"unlzma: corrupted data -+1 - " "" "" - - # Damaged encrypted streams - testing "unlzma (bad archive 2)" \ -- "unlzma /dev/null; echo \$?" \ --"1 -+ "unlzma &1 >/dev/null; echo \$?" \ -+"unlzma: corrupted data -+1 - " "" "" - - exit $FAILCOUNT --- -2.25.1 - diff --git a/backport-CVE-2021-42375.patch b/backport-CVE-2021-42375.patch deleted file mode 100644 index 802e4541d39d3a00517049f2fc7ae7a16da8b41c..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-42375.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 9ac1dd9017b2b4acba4734f6f989b88da2ad7616 Mon Sep 17 00:00:00 2001 -From: xiechengliang -Date: Wed, 24 Nov 2021 19:15:25 +0800 -Subject: [PATCH 2/2] ash: parser: Fix VSLENGTH parsing with trailing garbage - -Let's adopt Herbert Xu's patch, not waiting for it to reach dash git: -hush already has a similar fix. - -backport from upstream: -https://git.busybox.net/busybox/commit/?id=53a7a9cd8c15d64fcc2278cf8981ba526dfbe0d2 - -Signed-off-by: Denys Vlasenko ---- - shell/ash.c | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -diff --git a/shell/ash.c b/shell/ash.c -index a33ab0626..1ca45f9c1 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -12635,7 +12635,7 @@ parsesub: { - do { - STPUTC(c, out); - c = pgetc_eatbnl(); -- } while (!subtype && isdigit(c)); -+ } while ((subtype == 0 || subtype == VSLENGTH) && isdigit(c)); - } else if (c != '}') { - /* $[{[#]][}] */ - int cc = c; -@@ -12665,11 +12665,6 @@ parsesub: { - } else - goto badsub; - -- if (c != '}' && subtype == VSLENGTH) { -- /* ${#VAR didn't end with } */ -- goto badsub; -- } -- - if (subtype == 0) { - static const char types[] ALIGN1 = "}-+?="; - /* ${VAR...} but not $VAR or ${#VAR} */ -@@ -12726,6 +12721,8 @@ parsesub: { - #endif - } - } else { -+ if (subtype == VSLENGTH && c != '}') -+ subtype = 0; - badsub: - pungetc(); - } --- -2.27.0 - diff --git a/backport-CVE-2021-42376.patch b/backport-CVE-2021-42376.patch deleted file mode 100644 index de0665c39c5b6c43cadf48865e01afeedceaa326..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-42376.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 251452bc54477ed41da27a1c020a88882aa2eaaf Mon Sep 17 00:00:00 2001 -From: xiechengliang -Date: Sat, 20 Nov 2021 12:01:23 +0800 -Subject: [PATCH 1/2] hush: fix handling of \^C and "^C" - -function old new delta -parse_stream 2238 2252 +14 -encode_string 243 256 +13 ------------------------------------------------------------------------------- -(add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0) Total: 27 bytes - -backport from upstream: -https://git.busybox.net/busybox/commit/?id=1b7a9b68d0e9aa19147d7fda16eb9a6b54156985 -Signed-off-by: Denys Vlasenko ---- - shell/ash_test/ash-misc/control_char3.right | 1 + - shell/ash_test/ash-misc/control_char3.tests | 2 ++ - shell/ash_test/ash-misc/control_char4.right | 1 + - shell/ash_test/ash-misc/control_char4.tests | 2 ++ - shell/hush.c | 11 +++++++++++ - shell/hush_test/hush-misc/control_char3.right | 1 + - shell/hush_test/hush-misc/control_char3.tests | 2 ++ - shell/hush_test/hush-misc/control_char4.right | 1 + - shell/hush_test/hush-misc/control_char4.tests | 2 ++ - 9 files changed, 23 insertions(+) - create mode 100644 shell/ash_test/ash-misc/control_char3.right - create mode 100755 shell/ash_test/ash-misc/control_char3.tests - create mode 100644 shell/ash_test/ash-misc/control_char4.right - create mode 100755 shell/ash_test/ash-misc/control_char4.tests - create mode 100644 shell/hush_test/hush-misc/control_char3.right - create mode 100755 shell/hush_test/hush-misc/control_char3.tests - create mode 100644 shell/hush_test/hush-misc/control_char4.right - create mode 100755 shell/hush_test/hush-misc/control_char4.tests - -diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right -new file mode 100644 -index 000000000..283e02cbb ---- /dev/null -+++ b/shell/ash_test/ash-misc/control_char3.right -@@ -0,0 +1 @@ -+SHELL: line 1: : not found -diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests -new file mode 100755 -index 000000000..4359db3f3 ---- /dev/null -+++ b/shell/ash_test/ash-misc/control_char3.tests -@@ -0,0 +1,2 @@ -+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) -+$THIS_SH -c '\' SHELL -diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right -new file mode 100644 -index 000000000..2bf18e684 ---- /dev/null -+++ b/shell/ash_test/ash-misc/control_char4.right -@@ -0,0 +1 @@ -+SHELL: line 1: -: not found -diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests -new file mode 100755 -index 000000000..48010f154 ---- /dev/null -+++ b/shell/ash_test/ash-misc/control_char4.tests -@@ -0,0 +1,2 @@ -+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) -+$THIS_SH -c '"-"' SHELL -diff --git a/shell/hush.c b/shell/hush.c -index 9fead37da..249728b9d 100644 ---- a/shell/hush.c -+++ b/shell/hush.c -@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string, - } - #endif - o_addQchr(dest, ch); -+ if (ch == SPECIAL_VAR_SYMBOL) { -+ /* Convert "^C" to corresponding special variable reference */ -+ o_addchr(dest, SPECIAL_VAR_QUOTED_SVS); -+ o_addchr(dest, SPECIAL_VAR_SYMBOL); -+ } - goto again; - #undef as_string - } -@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring, - if (ch == '\n') - continue; /* drop \, get next char */ - nommu_addchr(&ctx.as_string, '\\'); -+ if (ch == SPECIAL_VAR_SYMBOL) { -+ nommu_addchr(&ctx.as_string, ch); -+ /* Convert \^C to corresponding special variable reference */ -+ goto case_SPECIAL_VAR_SYMBOL; -+ } - o_addchr(&ctx.word, '\\'); - if (ch == EOF) { - /* Testcase: eval 'echo Ok\' */ -@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring, - /* Note: nommu_addchr(&ctx.as_string, ch) is already done */ - - switch (ch) { -+ case_SPECIAL_VAR_SYMBOL: - case SPECIAL_VAR_SYMBOL: - /* Convert raw ^C to corresponding special variable reference */ - o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL); -diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right -new file mode 100644 -index 000000000..94b4f8699 ---- /dev/null -+++ b/shell/hush_test/hush-misc/control_char3.right -@@ -0,0 +1 @@ -+hush: can't execute '': No such file or directory -diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests -new file mode 100755 -index 000000000..4359db3f3 ---- /dev/null -+++ b/shell/hush_test/hush-misc/control_char3.tests -@@ -0,0 +1,2 @@ -+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) -+$THIS_SH -c '\' SHELL -diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right -new file mode 100644 -index 000000000..698e21427 ---- /dev/null -+++ b/shell/hush_test/hush-misc/control_char4.right -@@ -0,0 +1 @@ -+hush: can't execute '-': No such file or directory -diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests -new file mode 100755 -index 000000000..48010f154 ---- /dev/null -+++ b/shell/hush_test/hush-misc/control_char4.tests -@@ -0,0 +1,2 @@ -+# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages) -+$THIS_SH -c '"-"' SHELL --- -2.27.0 - diff --git a/backport-CVE-2021-42377.patch b/backport-CVE-2021-42377.patch deleted file mode 100644 index acf583bfcc945f1327cd4ad39dd461ed5ce4c551..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-42377.patch +++ /dev/null @@ -1,42 +0,0 @@ -From f56e2f2ef9d131b1f62dad4427da1113f9b417c5 Mon Sep 17 00:00:00 2001 -From: jikui -Date: Mon, 22 Nov 2021 16:45:39 +0800 -Subject: [PATCH] busybox: fix CVE-2021-42377 - -backport from upstream: -https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839 - -Signed-off-by: jikui ---- - shell/hush.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/shell/hush.c b/shell/hush.c -index 9fead37..48856f2 100644 ---- a/shell/hush.c -+++ b/shell/hush.c -@@ -3694,9 +3694,10 @@ static void debug_print_tree(struct pipe *pi, int lvl) - - pin = 0; - while (pi) { -- fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n", -+ fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n", - lvl*2, "", - pin, -+ pi->num_cmds, - (IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""), - RES[pi->res_word], - pi->followup, PIPE[pi->followup] -@@ -3839,6 +3840,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type) - #endif - /* Replace all pipes in ctx with one newly created */ - ctx->list_head = ctx->pipe = pi; -+ /* for case like "cmd && &", do not be tricked by last command -+ * being null - the entire {...} & is NOT null! */ -+ not_null = 1; - } else { - no_conv: - ctx->pipe->followup = type; --- -2.25.1 - diff --git a/busybox-1.33.1.tar.bz2 b/busybox-1.33.1.tar.bz2 deleted file mode 100644 index e0bf11226e61a29ec1c1ef7e46674846e8355c6b..0000000000000000000000000000000000000000 Binary files a/busybox-1.33.1.tar.bz2 and /dev/null differ diff --git a/busybox-1.34.1.tar.bz2 b/busybox-1.34.1.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..5f08f774543760b5355a23ae777beaec93ac3070 Binary files /dev/null and b/busybox-1.34.1.tar.bz2 differ diff --git a/busybox.spec b/busybox.spec index d7b2cedbbc1c6c267ad96f07ab360588f4ba41b1..4eafb514d2519f875a7f5e9b1eda307b3d608313 100644 --- a/busybox.spec +++ b/busybox.spec @@ -1,10 +1,10 @@ #spec file for busybox %if "%{!?VERSION:1}" -%define VERSION 1.33.1 +%define VERSION 1.34.1 %endif %if "%{!?RELEASE:1}" -%define RELEASE 12 +%define RELEASE 13 %endif Name: busybox @@ -19,14 +19,6 @@ Source1: busybox-static.config Source2: busybox-petitboot.config Source3: busybox-dynamic.config -#backport -Patch6000: backport-CVE-2021-42374.patch -Patch6001: backport-CVE-2021-42377.patch -Patch6002: backport-CVE-2021-42373.patch -Patch6003: backport-CVE-2021-42375.patch -Patch6004: backport-CVE-2021-42376.patch -Patch6005: backport-fix-awk-cve.patch - BuildRoot: %_topdir/BUILDROOT #Dependency BuildRequires: gcc glibc-static @@ -101,6 +93,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Mon Nov 29 2021 jikui - 1:1.34.1-13 +- Type:enhancement +- Id:NA +- SUG:NA +- DESC:update busybox to 1.34.1 + * Wed Nov 25 2021 xiechengliang - 1:1.33.1-12 - Type:CVE - Id:NA