diff options
| author | PÁLI Gábor János <pali.gabor@gmail.com> | 2023-08-03 10:10:44 +0200 |
|---|---|---|
| committer | PÁLI Gábor János <pali.gabor@gmail.com> | 2023-09-16 17:58:03 +0200 |
| commit | 89279d87c5d3e0ea330be1f927e3f3bc59dbc2a7 (patch) | |
| tree | 353bc9a026d0140151e760efbc4f6a6a6b24a020 /aports/busybox | |
| parent | 084335e136581edc28137b152cc559778224570e (diff) | |
| download | freebsd-wifibox-alpine-89279d87c5d3e0ea330be1f927e3f3bc59dbc2a7.zip | |
Update to Linux 6.1 and Alpine 3.18
- Update base-layout to 3.4.3
- Update busybox to 1.36.1
- Update iptables to 1.8.9
- Update linux-lts to 6.1.53
- Update to openrc to 0.48
- Update rtl8821ce to snapshot of 20230915
- Replace rtwB88 with a third-party driver
- Update rtw89 to snapshot of 20230913
- Import wpa_supplicant fixes from Arch Linux
Diffstat (limited to 'aports/busybox')
46 files changed, 942 insertions, 1096 deletions
diff --git a/aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch b/aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch deleted file mode 100644 index a9b0b8f..0000000 --- a/aports/busybox/0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 808d176a4da607ed3187d58605d089b373694ba2 Mon Sep 17 00:00:00 2001 -From: Ariadne Conill <ariadne@dereferenced.org> -Date: Mon, 28 Jun 2021 07:09:25 -0600 -Subject: [PATCH 1/2] cpio: add support for --ignore-devno like GNU cpio - -The --ignore-devno option is used to set device numbers to (0, 0). -This can be useful in verifying whether a CPIO archive is reproducible. - -function old new delta -cpio_o 922 961 +39 -.rodata 78407 78422 +15 -bbconfig_config_bz2 6161 6167 +6 -packed_usage 25770 25764 -6 ------------------------------------------------------------------------------- -(add/remove: 0/0 grow/shrink: 3/1 up/down: 60/-6) Total: 54 bytes - -Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> ---- - archival/cpio.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/archival/cpio.c b/archival/cpio.c -index d84f6937d..4d386d38d 100644 ---- a/archival/cpio.c -+++ b/archival/cpio.c -@@ -38,6 +38,13 @@ - //config: depends on FEATURE_CPIO_O - //config: help - //config: Passthrough mode. Rarely used. -+//config: -+//config:config FEATURE_CPIO_IGNORE_DEVNO -+//config: bool "Support --ignore-devno like GNU cpio" -+//config: default y -+//config: depends on FEATURE_CPIO_O && LONG_OPTS -+//config: help -+//config: Optionally ignore device numbers when creating archives. - - //applet:IF_CPIO(APPLET(cpio, BB_DIR_BIN, BB_SUID_DROP)) - -@@ -75,6 +82,9 @@ - //usage: "\n -R USER[:GRP] Set owner of created files" - //usage: "\n -L Dereference symlinks" - //usage: "\n -0 Input is separated by NULs" -+//usage: IF_FEATURE_CPIO_IGNORE_DEVNO( -+//usage: "\n --ignore-devno" -+//usage: ) - - /* GNU cpio 2.9 --help (abridged): - -@@ -162,11 +172,13 @@ enum { - IF_FEATURE_CPIO_P(OPTBIT_PASSTHROUGH,) - IF_LONG_OPTS( OPTBIT_QUIET ,) - IF_LONG_OPTS( OPTBIT_2STDOUT ,) -+ IF_FEATURE_CPIO_IGNORE_DEVNO(OPTBIT_IGNORE_DEVNO,) - OPT_CREATE = IF_FEATURE_CPIO_O((1 << OPTBIT_CREATE )) + 0, - OPT_FORMAT = IF_FEATURE_CPIO_O((1 << OPTBIT_FORMAT )) + 0, - OPT_PASSTHROUGH = IF_FEATURE_CPIO_P((1 << OPTBIT_PASSTHROUGH)) + 0, - OPT_QUIET = IF_LONG_OPTS( (1 << OPTBIT_QUIET )) + 0, - OPT_2STDOUT = IF_LONG_OPTS( (1 << OPTBIT_2STDOUT )) + 0, -+ OPT_IGNORE_DEVNO = IF_FEATURE_CPIO_IGNORE_DEVNO((1 << OPTBIT_IGNORE_DEVNO)) + 0, - }; - - #define OPTION_STR "it0uvdmLF:R:" -@@ -304,6 +316,11 @@ static NOINLINE int cpio_o(void) - } - } - -+#if ENABLE_FEATURE_CPIO_IGNORE_DEVNO -+ if (option_mask32 & OPT_IGNORE_DEVNO) -+ st.st_dev = st.st_rdev = 0; -+#endif -+ - bytes += printf("070701" - "%08X%08X%08X%08X%08X%08X%08X" - "%08X%08X%08X%08X" /* GNU cpio uses uppercase hex */ -@@ -379,6 +396,9 @@ int cpio_main(int argc UNUSED_PARAM, char **argv) - "null\0" No_argument "0" - "quiet\0" No_argument "\xff" - "to-stdout\0" No_argument "\xfe" -+#if ENABLE_FEATURE_CPIO_IGNORE_DEVNO -+ "ignore-devno\0" No_argument "\xfd" -+#endif - ; - #endif - --- -2.32.0 - diff --git a/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch b/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_modul.patch index 813010e..dd83a76 100644 --- a/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch +++ b/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_modul.patch @@ -1,14 +1,10 @@ -Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088398.html -Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088399.html -See-Also: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13427 - -The purpose of this patch is to remove confusing error messages -"Module has invalid ELF structures" produced by kernel when loading gzip -compressed kernel modules using busybox modprobe. --- +From e1a02faa656420a3c32fc8733e0566c2e430e6d6 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu@suse.com> -Date: Sun, 03 Jan 2021 04:10:52 +0000 -Subject: [PATCH v2] modutils: check ELF header before calling finit_module() +Date: Sun, 3 Jan 2021 16:00:14 +0000 +Subject: [PATCH] modutils: check ELF header before calling finit_module() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit finit_module() and init_module() system calls have clear specification to only accept valid ELF image. @@ -21,22 +17,26 @@ Treat the kernel better by just doing a very basic ELF header check before calling finit_module(). Signed-off-by: Qu Wenruo <wqu at suse.com> +--- + modutils/modprobe-small.c | 33 ++++++++++++++++++++++++++++++++- + modutils/modutils.c | 37 ++++++++++++++++++++++++++++++++++++- + 2 files changed, 68 insertions(+), 2 deletions(-) -diff --git a/modutils/modutils.c b/modutils/modutils.c -index f7ad5e8058fe..037d609e42df 100644 ---- a/modutils/modutils.c -+++ b/modutils/modutils.c -@@ -7,6 +7,7 @@ - */ - #include "modutils.h" - -+#include <elf.h> - #include <sys/syscall.h> +diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c +index b61651621..4763e0811 100644 +--- a/modutils/modprobe-small.c ++++ b/modutils/modprobe-small.c +@@ -24,6 +24,7 @@ + //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o - #define init_module(mod, len, opts) syscall(__NR_init_module, mod, len, opts) -@@ -186,6 +187,33 @@ void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p) + #include "libbb.h" ++#include <elf.h> /* for ELF header magic */ + /* After libbb.h, since it needs sys/types.h on some systems */ + #include <sys/utsname.h> /* uname() */ + #include <fnmatch.h> +@@ -249,6 +250,33 @@ static const char *moderror(int err) + } } - #endif +#ifdef __NR_finit_module +/* @@ -65,46 +65,36 @@ index f7ad5e8058fe..037d609e42df 100644 +} +#endif + - /* Return: - * 0 on success, - * -errno on open/read error, -@@ -212,12 +240,19 @@ int FAST_FUNC bb_init_module(const char *filename, const char *options) - * to only allow loading of modules off of secure storage (like a read- - * only rootfs) which needs the finit_module call. If it fails, we fall - * back to normal module loading to support compressed modules. -+ * -+ * Note that finit_module()/init_module() only accept ELF image, do -+ * basic check before calling finit_module() to avoid kernel -+ * complaining. - */ - # ifdef __NR_finit_module + static int load_module(const char *fname, const char *options) + { + #if 1 +@@ -272,7 +300,10 @@ static int load_module(const char *fname, const char *options) { - int fd = open(filename, O_RDONLY | O_CLOEXEC); + int fd = open(fname, O_RDONLY | O_CLOEXEC); if (fd >= 0) { -- rc = finit_module(fd, options, 0) != 0; +- r = finit_module(fd, options, 0) != 0; + if (!check_elf_header(fd)) -+ rc = finit_module(fd, options, 0) != 0; ++ r = finit_module(fd, options, 0) != 0; + else -+ rc = 1; ++ r = 1; close(fd); - if (rc == 0) - return rc; - -diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c -index db44a2ed0ab5..d2cd6a64c1d0 100644 ---- a/modutils/modprobe-small.c -+++ b/modutils/modprobe-small.c -@@ -24,6 +24,7 @@ - //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o - - #include "libbb.h" -+#include <elf.h> /* for ELF header magic */ - /* After libbb.h, since it needs sys/types.h on some systems */ - #include <sys/utsname.h> /* uname() */ - #include <fnmatch.h> -@@ -249,6 +250,33 @@ static const char *moderror(int err) + } } +diff --git a/modutils/modutils.c b/modutils/modutils.c +index f7ad5e805..037d609e4 100644 +--- a/modutils/modutils.c ++++ b/modutils/modutils.c +@@ -7,6 +7,7 @@ + */ + #include "modutils.h" + ++#include <elf.h> + #include <sys/syscall.h> + + #define init_module(mod, len, opts) syscall(__NR_init_module, mod, len, opts) +@@ -186,6 +187,33 @@ void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p) } + #endif +#ifdef __NR_finit_module +/* @@ -133,20 +123,27 @@ index db44a2ed0ab5..d2cd6a64c1d0 100644 +} +#endif + - static int load_module(const char *fname, const char *options) - { - #if 1 -@@ -272,7 +300,10 @@ static int load_module(const char *fname, const char *options) + /* Return: + * 0 on success, + * -errno on open/read error, +@@ -212,12 +240,19 @@ int FAST_FUNC bb_init_module(const char *filename, const char *options) + * to only allow loading of modules off of secure storage (like a read- + * only rootfs) which needs the finit_module call. If it fails, we fall + * back to normal module loading to support compressed modules. ++ * ++ * Note that finit_module()/init_module() only accept ELF image, do ++ * basic check before calling finit_module() to avoid kernel ++ * complaining. + */ + # ifdef __NR_finit_module { - int fd = open(fname, O_RDONLY | O_CLOEXEC); + int fd = open(filename, O_RDONLY | O_CLOEXEC); if (fd >= 0) { -- r = finit_module(fd, options, 0) != 0; +- rc = finit_module(fd, options, 0) != 0; + if (!check_elf_header(fd)) -+ r = finit_module(fd, options, 0) != 0; ++ rc = finit_module(fd, options, 0) != 0; + else -+ r = 1; ++ rc = 1; close(fd); - } - } --- -2.29.2 + if (rc == 0) + return rc; diff --git a/aports/busybox/0001-rev-correct-output-for-long-input-lines.patch b/aports/busybox/0001-rev-correct-output-for-long-input-lines.patch deleted file mode 100644 index ba40a2f..0000000 --- a/aports/busybox/0001-rev-correct-output-for-long-input-lines.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 4357569fdc7bc482dea0ef0bff57a70e7f06523c Mon Sep 17 00:00:00 2001 -From: Ron Yorston <rmy@pobox.com> -Date: Sat, 21 Aug 2021 09:36:27 +0100 -Subject: rev: correct output for long input lines - -The input buffer is initialised to a reasonable size and extended -if necessary. When this happened the offset into the buffer wasn't -reset to zero so subsequent lines were appended to the long line. - -Fix this and add some tests. - -function old new delta -rev_main 377 368 -9 ------------------------------------------------------------------------------- -(add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-9) Total: -9 bytes - -Signed-off-by: Ron Yorston <rmy@pobox.com> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> ---- - testsuite/rev.tests | 46 ++++++++++++++++++++++++++++++++++++++++++++++ - util-linux/rev.c | 1 + - 2 files changed, 47 insertions(+) - create mode 100755 testsuite/rev.tests - -diff --git a/testsuite/rev.tests b/testsuite/rev.tests -new file mode 100755 -index 000000000..dd65dcd3b ---- /dev/null -+++ b/testsuite/rev.tests -@@ -0,0 +1,46 @@ -+#!/bin/sh -+# Copyright 2021 by Ron Yorston -+# Licensed under GPLv2, see file LICENSE in this source tree. -+ -+. ./testing.sh -+ -+# testing "test name" "commands" "expected result" "file input" "stdin" -+ -+testing "rev works" \ -+ "rev input" \ -+"\ -+1 enil -+ -+3 enil -+" \ -+ "line 1\n\nline 3\n" \ -+ "" -+ -+testing "rev file with missing newline" \ -+ "rev input" \ -+"\ -+1 enil -+ -+3 enil" \ -+ "line 1\n\nline 3" \ -+ "" -+ -+testing "rev file with NUL character" \ -+ "rev input" \ -+"\ -+nil -+3 enil -+" \ -+ "lin\000e 1\n\nline 3\n" \ -+ "" -+ -+testing "rev file with long line" \ -+ "rev input" \ -+"\ -++--------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+--------------- -+cba -+" \ -+ "---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+---------------+--------------+\nabc\n" \ -+ "" -+ -+exit $FAILCOUNT -diff --git a/util-linux/rev.c b/util-linux/rev.c -index d439b4da8..63b005c67 100644 ---- a/util-linux/rev.c -+++ b/util-linux/rev.c -@@ -109,6 +109,7 @@ int rev_main(int argc UNUSED_PARAM, char **argv) - strrev(buf, strlen(buf)); - #endif - fputs_stdout(buf); -+ pos = 0; - } - fclose(fp); - } while (*argv); --- -cgit v1.2.3 - diff --git a/aports/busybox/0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch b/aports/busybox/0002-adduser-default-to-sbin-nologin-as-shell-for-system-.patch index 47f9f9a..040db3b 100644 --- a/aports/busybox/0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch +++ b/aports/busybox/0002-adduser-default-to-sbin-nologin-as-shell-for-system-.patch @@ -1,15 +1,18 @@ -From eceebc4fbf064ca04d0f0a639c8a7c600190170f Mon Sep 17 00:00:00 2001 +From b99ef11a68832b2141926c229dd25ea600107ed1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> Date: Sun, 13 Jan 2019 19:07:16 +0100 Subject: [PATCH] adduser: default to /sbin/nologin as shell for system accounts +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit --- loginutils/adduser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/loginutils/adduser.c b/loginutils/adduser.c -index b2b5be5b3..9326a9795 100644 +index d3c795afa..7ce29fa04 100644 --- a/loginutils/adduser.c +++ b/loginutils/adduser.c @@ -235,7 +235,7 @@ int adduser_main(int argc UNUSED_PARAM, char **argv) diff --git a/aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch b/aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch deleted file mode 100644 index 9febb66..0000000 --- a/aports/busybox/0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 67240ede641cdda29ef74a373bc9f5aa8a18f4e8 Mon Sep 17 00:00:00 2001 -From: Ariadne Conill <ariadne@dereferenced.org> -Date: Mon, 28 Jun 2021 08:23:09 -0600 -Subject: [PATCH 2/2] cpio: add support for --renumber-inodes like GNU cpio - -The --renumber-inodes option renumbers the inodes starting from 1, -so that the sequence of inodes is always stable. This helps with -reproducibility. - -function old new delta -cpio_o 961 1045 +84 -.rodata 78422 78440 +18 -bbconfig_config_bz2 6168 6164 -4 -packed_usage 25764 25756 -8 ------------------------------------------------------------------------------- -(add/remove: 0/0 grow/shrink: 2/2 up/down: 102/-12) Total: 90 bytes - -Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> ---- - archival/cpio.c | 32 ++++++++++++++++++++++++++++++++ - 1 file changed, 32 insertions(+) - -diff --git a/archival/cpio.c b/archival/cpio.c -index 4d386d38d..14f0b5b84 100644 ---- a/archival/cpio.c -+++ b/archival/cpio.c -@@ -45,6 +45,13 @@ - //config: depends on FEATURE_CPIO_O && LONG_OPTS - //config: help - //config: Optionally ignore device numbers when creating archives. -+//config: -+//config:config FEATURE_CPIO_RENUMBER_INODES -+//config: bool "Support --renumber-inodes like GNU cpio" -+//config: default y -+//config: depends on FEATURE_CPIO_O && LONG_OPTS -+//config: help -+//config: Optionally renumber inodes when creating archives. - - //applet:IF_CPIO(APPLET(cpio, BB_DIR_BIN, BB_SUID_DROP)) - -@@ -85,6 +92,9 @@ - //usage: IF_FEATURE_CPIO_IGNORE_DEVNO( - //usage: "\n --ignore-devno" - //usage: ) -+//usage: IF_FEATURE_CPIO_RENUMBER_INODES( -+//usage: "\n --renumber-inodes" -+//usage: ) - - /* GNU cpio 2.9 --help (abridged): - -@@ -173,18 +183,21 @@ enum { - IF_LONG_OPTS( OPTBIT_QUIET ,) - IF_LONG_OPTS( OPTBIT_2STDOUT ,) - IF_FEATURE_CPIO_IGNORE_DEVNO(OPTBIT_IGNORE_DEVNO,) -+ IF_FEATURE_CPIO_RENUMBER_INODES(OPTBIT_RENUMBER_INODES,) - OPT_CREATE = IF_FEATURE_CPIO_O((1 << OPTBIT_CREATE )) + 0, - OPT_FORMAT = IF_FEATURE_CPIO_O((1 << OPTBIT_FORMAT )) + 0, - OPT_PASSTHROUGH = IF_FEATURE_CPIO_P((1 << OPTBIT_PASSTHROUGH)) + 0, - OPT_QUIET = IF_LONG_OPTS( (1 << OPTBIT_QUIET )) + 0, - OPT_2STDOUT = IF_LONG_OPTS( (1 << OPTBIT_2STDOUT )) + 0, - OPT_IGNORE_DEVNO = IF_FEATURE_CPIO_IGNORE_DEVNO((1 << OPTBIT_IGNORE_DEVNO)) + 0, -+ OPT_RENUMBER_INODES = IF_FEATURE_CPIO_RENUMBER_INODES((1 << OPTBIT_RENUMBER_INODES)) + 0, - }; - - #define OPTION_STR "it0uvdmLF:R:" - - struct globals { - struct bb_uidgid_t owner_ugid; -+ ino_t next_inode; - } FIX_ALIASING; - #define G (*(struct globals*)bb_common_bufsiz1) - void BUG_cpio_globals_too_big(void); -@@ -218,6 +231,9 @@ static NOINLINE int cpio_o(void) - struct inodes_s *next; - struct name_s *names; - struct stat st; -+#if ENABLE_FEATURE_CPIO_RENUMBER_INODES -+ ino_t mapped_inode; -+#endif - }; - - struct inodes_s *links = NULL; -@@ -272,6 +288,10 @@ static NOINLINE int cpio_o(void) - l = xzalloc(sizeof(*l)); - l->st = st; - l->next = links; -+#if ENABLE_FEATURE_CPIO_RENUMBER_INODES -+ if (option_mask32 & OPT_RENUMBER_INODES) -+ l->mapped_inode = ++G.next_inode; -+#endif - links = l; - break; - } -@@ -290,6 +310,11 @@ static NOINLINE int cpio_o(void) - free(line); - continue; - } -+#if ENABLE_FEATURE_CPIO_RENUMBER_INODES -+ else if (option_mask32 & OPT_RENUMBER_INODES) { -+ st.st_ino = ++G.next_inode; -+ } -+#endif - } else { /* line == NULL: EOF */ - next_link: - if (links) { -@@ -297,6 +322,10 @@ static NOINLINE int cpio_o(void) - st = links->st; - name = links->names->name; - links->names = links->names->next; -+#if ENABLE_FEATURE_CPIO_RENUMBER_INODES -+ if (links->mapped_inode) -+ st.st_ino = links->mapped_inode; -+#endif - /* GNU cpio is reported to emit file data - * only for the last instance. Mimic that. */ - if (links->names == NULL) -@@ -398,6 +427,9 @@ int cpio_main(int argc UNUSED_PARAM, char **argv) - "to-stdout\0" No_argument "\xfe" - #if ENABLE_FEATURE_CPIO_IGNORE_DEVNO - "ignore-devno\0" No_argument "\xfd" -+#endif -+#if ENABLE_FEATURE_CPIO_RENUMBER_INODES -+ "renumber-inodes\0" No_argument "\xfc" - #endif - ; - #endif --- -2.32.0 - diff --git a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch b/aports/busybox/0003-ash-add-built-in-BB_ASH_VERSION-variable.patch index d8f5ea0..1803194 100644 --- a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch +++ b/aports/busybox/0003-ash-add-built-in-BB_ASH_VERSION-variable.patch @@ -1,7 +1,10 @@ -From df5fffa062ebc46bd13d65c84a4abca6ae1c614d Mon Sep 17 00:00:00 2001 +From 53b13dbc8312dfa4326751f063437894c5e5a43d Mon Sep 17 00:00:00 2001 From: Ariadne Conill <ariadne@dereferenced.org> Date: Wed, 10 Mar 2021 23:38:57 -0700 Subject: [PATCH] ash: add built-in $BB_ASH_VERSION variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit This is helpful for detecting if the shell is busybox ash or not, which is necessary for enabling ash-specific features in /etc/profile @@ -23,10 +26,10 @@ Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/shell/ash.c b/shell/ash.c -index 827643808..5f8f41ee9 100644 +index 18ccc1329..cb38582fc 100644 --- a/shell/ash.c +++ b/shell/ash.c -@@ -153,6 +153,14 @@ +@@ -158,6 +158,14 @@ //config: you to run the specified command or builtin, //config: even when there is a function with the same name. //config: @@ -41,7 +44,7 @@ index 827643808..5f8f41ee9 100644 //config:endif # ash options //applet:IF_ASH(APPLET(ash, BB_DIR_BIN, BB_SUID_DROP)) -@@ -2138,6 +2146,9 @@ static const struct { +@@ -2142,6 +2150,9 @@ static const struct { { VSTRFIXED|VTEXTFIXED , "PS1=$ " , NULL }, { VSTRFIXED|VTEXTFIXED , "PS2=> " , NULL }, { VSTRFIXED|VTEXTFIXED , "PS4=+ " , NULL }, @@ -51,7 +54,7 @@ index 827643808..5f8f41ee9 100644 #if ENABLE_ASH_GETOPTS { VSTRFIXED|VTEXTFIXED , defoptindvar, getoptsreset }, #endif -@@ -2197,19 +2208,20 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var; +@@ -2201,19 +2212,20 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var; #define vps1 varinit[VAR_OFFSET1 + 2] #define vps2 varinit[VAR_OFFSET1 + 3] #define vps4 varinit[VAR_OFFSET1 + 4] diff --git a/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch b/aports/busybox/0004-Avoid-redefined-warnings-when-buiding-with-utmps.patch index 1ce06f8..b0f2b45 100644 --- a/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch +++ b/aports/busybox/0004-Avoid-redefined-warnings-when-buiding-with-utmps.patch @@ -1,19 +1,23 @@ -From 711de34e8fa42bd9ec704cc922db937edada84d8 Mon Sep 17 00:00:00 2001 +From a7f1a174c2f5fd4ee7e130e08dfc79abc65e8a5e Mon Sep 17 00:00:00 2001 From: Laurent Bercot <ska-devel@skarnet.org> -Date: Fri, 22 Jul 2022 01:35:14 +0200 +Date: Fri, 22 Jul 2022 08:34:50 +0200 Subject: [PATCH] Avoid redefined warnings when buiding with utmps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Do not use _PATH_UTMP or _PATH_WTMP, and do not touch the files directly. + --- - include/libbb.h | 8 +++----- - libbb/messages.c | 4 ++-- - libbb/utmp.c | 8 ++++---- - util-linux/last_fancy.c | 2 +- - 4 files changed, 10 insertions(+), 12 deletions(-) + include/libbb.h | 8 +++----- + libbb/messages.c | 4 ++-- + libbb/utmp.c | 10 ++++++---- + util-linux/last_fancy.c | 2 +- + 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/libbb.h b/include/libbb.h -index abbc9ac59..405108b17 100644 +index cca33a177..2b72e7ac4 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -107,14 +107,12 @@ @@ -50,10 +54,24 @@ index 6914d5701..689dd0c6d 100644 WTMP_FILE; # else diff --git a/libbb/utmp.c b/libbb/utmp.c -index bd07670db..463ee1317 100644 +index bd07670db..0a2ef2c8e 100644 --- a/libbb/utmp.c +++ b/libbb/utmp.c -@@ -45,8 +45,8 @@ void FAST_FUNC write_new_utmp(pid_t pid, int new_type, const char *tty_name, con +@@ -8,11 +8,13 @@ + */ + #include "libbb.h" + ++#if 0 + static void touch(const char *filename) + { + if (access(filename, R_OK | W_OK) == -1) + close(open(filename, O_WRONLY | O_CREAT, 0664)); + } ++#endif + + void FAST_FUNC write_new_utmp(pid_t pid, int new_type, const char *tty_name, const char *username, const char *hostname) + { +@@ -45,8 +47,8 @@ void FAST_FUNC write_new_utmp(pid_t pid, int new_type, const char *tty_name, con tty_name += 3; strncpy(id, tty_name, width); @@ -64,7 +82,7 @@ index bd07670db..463ee1317 100644 setutxent(); /* Append new one (hopefully, unless we collide on ut_id) */ pututxline(&utent); -@@ -67,8 +67,8 @@ void FAST_FUNC update_utmp(pid_t pid, int new_type, const char *tty_name, const +@@ -67,8 +69,8 @@ void FAST_FUNC update_utmp(pid_t pid, int new_type, const char *tty_name, const struct utmpx utent; struct utmpx *utp; @@ -88,6 +106,3 @@ index 648236229..aa7a62bbe 100644 llist_t *zlist; off_t pos; time_t start_time; --- -2.37.1 - diff --git a/aports/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/aports/busybox/0005-libbb-sockaddr2str-ensure-only-printable-characters-.patch index 1d1716e..95616c7 100644 --- a/aports/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch +++ b/aports/busybox/0005-libbb-sockaddr2str-ensure-only-printable-characters-.patch @@ -1,8 +1,11 @@ -From 0c8da1bead8ffaf270b4b723ead2c517371405d7 Mon Sep 17 00:00:00 2001 +From 6a678ab440ec8c0d21843569182eeb452c289a58 Mon Sep 17 00:00:00 2001 From: Ariadne Conill <ariadne@dereferenced.org> -Date: Sun, 3 Apr 2022 12:14:33 +0000 -Subject: [PATCH 1/2] libbb: sockaddr2str: ensure only printable characters are +Date: Sun, 3 Apr 2022 18:13:37 +0000 +Subject: [PATCH] libbb: sockaddr2str: ensure only printable characters are returned for the hostname part +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit CVE: Pending Upstream-Status: Pending @@ -35,6 +38,3 @@ index 0e0b247b8..02c061e67 100644 /*return xstrdup(host);*/ } --- -2.35.1 - diff --git a/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch b/aports/busybox/0006-modinfo-add-k-option-for-kernel-version.patch index f1bf02f..51144d4 100644 --- a/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch +++ b/aports/busybox/0006-modinfo-add-k-option-for-kernel-version.patch @@ -1,7 +1,10 @@ -From 8fed81a74070cb42e1dff1a8c2382bd123385e22 Mon Sep 17 00:00:00 2001 +From 592cc544acebfb1179bf91083870a235f72f2f64 Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 28 Apr 2022 16:03:16 +0200 +Date: Thu, 28 Apr 2022 23:04:01 +0200 Subject: [PATCH] modinfo: add -k option for kernel version +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit It is useful to be able to specify kernel version when generating initramfs and similar for a kernel version that might not be the running @@ -135,6 +138,3 @@ index 0a86c3296..53bc02880 100644 } } --- -2.36.0 - diff --git a/aports/busybox/0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch b/aports/busybox/0007-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch index 0cc4db9..5fbcacc 100644 --- a/aports/busybox/0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch +++ b/aports/busybox/0007-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch @@ -1,19 +1,23 @@ -From fa5c4b2e60a98944863097b448960d0744916b1f Mon Sep 17 00:00:00 2001 +From 9d796b508575b2e1673512d4103e6049af189bc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> -Date: Wed, 13 Feb 2019 22:32:44 +0100 +Date: Wed, 13 Feb 2019 18:41:43 +0100 Subject: [PATCH] nologin: Install applet to /sbin instead of /usr/sbin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit This is required to retain compatibility with our old custom nologin applet written in C which was also installed to /sbin. Compatibility with the old path is required because login shell paths are hardcoded in /etc/passwd. + --- util-linux/nologin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util-linux/nologin.c b/util-linux/nologin.c -index 5e5e42305..b03470ac6 100644 +index 5a8b047a5..d3b6fe77e 100644 --- a/util-linux/nologin.c +++ b/util-linux/nologin.c @@ -19,7 +19,7 @@ diff --git a/aports/busybox/0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch b/aports/busybox/0008-pgrep-add-support-for-matching-against-UID-and-RUID.patch index 7abfb09..1655042 100644 --- a/aports/busybox/0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch +++ b/aports/busybox/0008-pgrep-add-support-for-matching-against-UID-and-RUID.patch @@ -1,7 +1,10 @@ -From 648255c510f9a3f668651842b58798f07ad4c64a Mon Sep 17 00:00:00 2001 +From 513d186f420176c3a1be8843fee6a42cbd57cb35 Mon Sep 17 00:00:00 2001 From: Ariadne Conill <ariadne@dereferenced.org> -Date: Mon, 22 Nov 2021 18:33:02 -0600 +Date: Mon, 22 Nov 2021 11:06:05 -0600 Subject: [PATCH] pgrep: add support for matching against UID and RUID +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit This is standard functionality on every other pgrep implementation I found, namely the ones in Illumos, FreeBSD, Linux procps, and macOS. @@ -22,7 +25,7 @@ Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/procps/pgrep.c b/procps/pgrep.c -index 6d25c247e..6a12ac23b 100644 +index 82e00322f..c1f7208f5 100644 --- a/procps/pgrep.c +++ b/procps/pgrep.c @@ -42,6 +42,8 @@ @@ -33,36 +36,36 @@ index 6d25c247e..6a12ac23b 100644 +//usage: "\n -U UID Match against UID" //usage: //usage:#define pkill_trivial_usage - //usage: "[-l|-SIGNAL] [-xfvno] [-s SID|-P PPID|PATTERN]" -@@ -55,6 +57,8 @@ - //usage: "\n -v Negate the match" + //usage: "[-l|-SIGNAL] [-xfvnoe] [-s SID|-P PPID|PATTERN]" +@@ -56,6 +58,8 @@ //usage: "\n -n Signal the newest process only" //usage: "\n -o Signal the oldest process only" + //usage: "\n -e Display name and PID of the process being killed" +//usage: "\n -u EUID Match against effective UID" +//usage: "\n -U UID Match against UID" #include "libbb.h" #include "xregex.h" -@@ -64,7 +68,7 @@ +@@ -65,7 +69,7 @@ #define pkill (ENABLE_PKILL && (!ENABLE_PGREP || applet_name[1] == 'k')) enum { -- /* "vlafxons:+P:+" */ -+ /* "vlafxonu:U:s:+P:+" */ +- /* "vlafxones:+P:+" */ ++ /* "vlafxoneu:U:s:+P:+" */ OPTBIT_V = 0, /* must be first, we need OPT_INVERT = 0/1 */ OPTBIT_L, OPTBIT_A, -@@ -72,6 +76,8 @@ enum { - OPTBIT_X, +@@ -74,6 +78,8 @@ enum { OPTBIT_O, OPTBIT_N, + OPTBIT_E, /* should be pkill-only, do we care? */ + OPTBIT_U, + OPTBIT_UL, OPTBIT_S, OPTBIT_P, }; -@@ -85,6 +91,8 @@ enum { - #define OPT_LAST (opt & (1 << OPTBIT_N)) +@@ -88,6 +94,8 @@ enum { + #define OPT_ECHO (opt & (1 << OPTBIT_E)) #define OPT_SID (opt & (1 << OPTBIT_S)) #define OPT_PPID (opt & (1 << OPTBIT_P)) +#define OPT_EUID (opt & (1 << OPTBIT_UL)) @@ -70,7 +73,7 @@ index 6d25c247e..6a12ac23b 100644 static void act(unsigned pid, char *cmd, int signo) { -@@ -105,7 +113,8 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) +@@ -112,7 +120,8 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) unsigned opt; int scan_mask; int matched_pid; @@ -80,18 +83,18 @@ index 6d25c247e..6a12ac23b 100644 char *cmd_last; procps_status_t *proc; /* These are initialized to 0 */ -@@ -131,7 +140,9 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) +@@ -138,7 +147,9 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) /* Parse remaining options */ ppid2match = -1; sid2match = -1; -- opt = getopt32(argv, "vlafxons:+P:+", &sid2match, &ppid2match); +- opt = getopt32(argv, "vlafxones:+P:+", &sid2match, &ppid2match); + uid2match = -1; + euid2match = -1; -+ opt = getopt32(argv, "vlafxonu:U:s:+P:+", &euid_arg, &uid_arg, &sid2match, &ppid2match); ++ opt = getopt32(argv, "vlafxoneu:U:s:+P:+", &euid_arg, &uid_arg, &sid2match, &ppid2match); argv += optind; if (pkill && OPT_LIST) { /* -l: print the whole signal list */ -@@ -147,8 +158,18 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) +@@ -154,8 +165,18 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) if (OPT_FULL) scan_mask |= PSSCAN_ARGVN; @@ -111,7 +114,7 @@ index 6d25c247e..6a12ac23b 100644 bb_show_usage(); if (argv[0]) -@@ -170,6 +191,10 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) +@@ -177,6 +198,10 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) continue; if (sid2match >= 0 && sid2match != proc->sid) continue; @@ -122,7 +125,7 @@ index 6d25c247e..6a12ac23b 100644 } cmdlen = -1; -@@ -202,6 +227,10 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) +@@ -209,6 +234,10 @@ int pgrep_main(int argc UNUSED_PARAM, char **argv) goto got_it; if (sid2match >= 0 && sid2match != proc->sid) goto got_it; @@ -133,6 +136,3 @@ index 6d25c247e..6a12ac23b 100644 } match = !argv[0]; /* if no PATTERN, then it's a match, else... */ --- -2.34.0 - diff --git a/aports/busybox/0001-properly-fix-wget-https-support.patch b/aports/busybox/0009-properly-fix-wget-https-support.patch index 7e59be7..9feff7c 100644 --- a/aports/busybox/0001-properly-fix-wget-https-support.patch +++ b/aports/busybox/0009-properly-fix-wget-https-support.patch @@ -1,7 +1,10 @@ -From ad8843a3df89aabfa6ebae841de32f22a48c2166 Mon Sep 17 00:00:00 2001 +From a93754ca66630221d10d1307b9cd165bed63d68e Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Wed, 30 May 2018 09:52:20 +0000 +Date: Wed, 30 May 2018 09:40:33 +0000 Subject: [PATCH] properly fix wget https support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit See: https://git.alpinelinux.org/cgit/aports/commit/?id=1d0560a9b6b5597b191e5aff69a31c2fe0aba273 --- @@ -9,7 +12,7 @@ See: https://git.alpinelinux.org/cgit/aports/commit/?id=1d0560a9b6b5597b191e5aff 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/networking/wget.c b/networking/wget.c -index 6a9604421..96dd4c403 100644 +index 9ec0e67b9..66959058c 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -57,7 +57,6 @@ @@ -20,7 +23,7 @@ index 6a9604421..96dd4c403 100644 //config: help //config: wget will use internal TLS code to connect to https:// URLs. //config: It also enables FTPS support, but it's not well tested yet. -@@ -760,10 +759,8 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) +@@ -772,10 +771,8 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) int pid; char *servername, *p; @@ -33,7 +36,7 @@ index 6a9604421..96dd4c403 100644 servername = xstrdup(host); p = strrchr(servername, ':'); -@@ -780,14 +777,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) +@@ -792,14 +789,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) close(sp[0]); xmove_fd(sp[1], 0); xdup2(0, 1); @@ -50,7 +53,7 @@ index 6a9604421..96dd4c403 100644 xmove_fd(network_fd, 3); argv[0] = (char*)"ssl_client"; -@@ -795,8 +792,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) +@@ -807,8 +804,14 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags) //TODO: if (!is_ip_address(servername))... argv[2] = (char*)"-n"; argv[3] = servername; diff --git a/aports/busybox/0001-sed-check-errors-writing-file-with-sed-i.patch b/aports/busybox/0010-sed-check-errors-writing-file-with-sed-i.patch index 90a5115..f1cc0a8 100644 --- a/aports/busybox/0001-sed-check-errors-writing-file-with-sed-i.patch +++ b/aports/busybox/0010-sed-check-errors-writing-file-with-sed-i.patch @@ -1,7 +1,10 @@ -From b99395ebf70eadb248da0ecf913eea0236eceea1 Mon Sep 17 00:00:00 2001 +From 97e305025e987e77da488133ded31c1e81a0282b Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet@atmark-techno.com> -Date: Wed, 16 Nov 2022 11:52:29 +0900 +Date: Wed, 16 Nov 2022 07:08:13 +0900 Subject: [PATCH] sed: check errors writing file with sed -i +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit sed would currently not error if write failed when modifying a file. @@ -39,17 +42,14 @@ sed_main 754 801 +47 Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com> --- -Upstream patch: -http://lists.busybox.net/pipermail/busybox/2022-November/089967.html - editors/sed.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/editors/sed.c b/editors/sed.c -index 32a4b61f6d4c..be709eef3a9c 100644 +index 00dde60be..6179c5e80 100644 --- a/editors/sed.c +++ b/editors/sed.c -@@ -1639,6 +1639,11 @@ int sed_main(int argc UNUSED_PARAM, char **argv) +@@ -1648,6 +1648,11 @@ int sed_main(int argc UNUSED_PARAM, char **argv) fchown(nonstdoutfd, statbuf.st_uid, statbuf.st_gid); process_files(); @@ -61,6 +61,3 @@ index 32a4b61f6d4c..be709eef3a9c 100644 fclose(G.nonstdout); G.nonstdout = stdout; --- -2.35.1 - diff --git a/aports/busybox/0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch b/aports/busybox/0011-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch index fd2503e..fe1a003 100644 --- a/aports/busybox/0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch +++ b/aports/busybox/0011-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch @@ -1,14 +1,17 @@ -From 2e673aac06d661038001286fd389d1b45c511c66 Mon Sep 17 00:00:00 2001 +From df153459261ed2683ebb7ab766eaee6b741426ae Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Tue, 28 Nov 2017 13:23:17 +0100 +Date: Tue, 28 Nov 2017 16:30:23 +0100 Subject: [PATCH] fsck: resolve LABEL=.../UUID=... spec to device +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit --- e2fsprogs/fsck.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/e2fsprogs/fsck.c b/e2fsprogs/fsck.c -index f5aa3dbe4..e2edc9747 100644 +index 028f8a803..7a0921979 100644 --- a/e2fsprogs/fsck.c +++ b/e2fsprogs/fsck.c @@ -60,6 +60,7 @@ diff --git a/aports/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/aports/busybox/0012-nslookup-sanitize-all-printed-strings-with-printable.patch index 01c45c9..63d72fe 100644 --- a/aports/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch +++ b/aports/busybox/0012-nslookup-sanitize-all-printed-strings-with-printable.patch @@ -1,8 +1,10 @@ -From 812b407e545b70b16cf32aade135b5c32eaf674f Mon Sep 17 00:00:00 2001 +From 2365aa9b62dd703cd279b94ede25ebb274cfe723 Mon Sep 17 00:00:00 2001 From: Ariadne Conill <ariadne@dereferenced.org> -Date: Sun, 3 Apr 2022 12:16:45 +0000 -Subject: [PATCH 2/2] nslookup: sanitize all printed strings with - printable_string +Date: Sun, 3 Apr 2022 20:44:51 +0000 +Subject: [PATCH] nslookup: sanitize all printed strings with printable_string +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Otherwise, terminal sequences can be injected, which enables various terminal injection attacks from DNS results. @@ -63,6 +65,3 @@ index 6da97baf4..4bdcde1b8 100644 cp += n; printf("\tserial = %lu\n", ns_get32(cp)); --- -2.35.1 - diff --git a/aports/busybox/0003-ash-exec-busybox.static.patch b/aports/busybox/0013-ash-exec-busybox.static.patch index 8247e35..0458530 100644 --- a/aports/busybox/0003-ash-exec-busybox.static.patch +++ b/aports/busybox/0013-ash-exec-busybox.static.patch @@ -1,17 +1,20 @@ -From d06a13f4cd81aeda9b02d4da90ef2b941899d6c5 Mon Sep 17 00:00:00 2001 +From 69002bff6372fa6f7463271face3b3ead13aee4f Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 4 Aug 2016 11:03:07 +0200 +Date: Thu, 4 Aug 2016 02:09:48 +0200 Subject: [PATCH] ash: exec busybox.static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit --- shell/ash.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shell/ash.c b/shell/ash.c -index 051cc671f..73470eab2 100644 +index cb38582fc..55ee4f56a 100644 --- a/shell/ash.c +++ b/shell/ash.c -@@ -7991,6 +7991,8 @@ tryexec(IF_FEATURE_SH_STANDALONE(int applet_no,) const char *cmd, char **argv, c +@@ -8278,6 +8278,8 @@ tryexec(IF_FEATURE_SH_STANDALONE(int applet_no,) const char *cmd, char **argv, c } /* re-exec ourselves with the new arguments */ execve(bb_busybox_exec_path, argv, envp); diff --git a/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch b/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch deleted file mode 100644 index 944fd38..0000000 --- a/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7750b5a25a8cf9081b7c248687c876d0068e85bb Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Tue, 1 Mar 2022 09:56:54 +0100 -Subject: [PATCH] ash: fix unsafe use of mempcpy - -function old new delta -subevalvar 1549 1557 +8 - -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> ---- - shell/ash.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/shell/ash.c b/shell/ash.c -index 54335c5dd..44ec2eafd 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc, - len = orig_len - pos; - - if (!quotes) { -- loc = mempcpy(startp, startp + pos, len); -+ /* want: loc = mempcpy(startp, startp + pos, len) -+ * but it does not allow overlapping arguments */ -+ loc = startp; -+ while (--len >= 0) { -+ *loc = loc[pos]; -+ loc++; -+ } - } else { - for (vstr = startp; pos != 0; pos--) { - if ((unsigned char)*vstr == CTLESC) diff --git a/aports/busybox/0004-app-location-for-cpio-vi-and-lspci.patch b/aports/busybox/0014-app-location-for-cpio-vi-and-lspci.patch index 2ca4bcd..768462f 100644 --- a/aports/busybox/0004-app-location-for-cpio-vi-and-lspci.patch +++ b/aports/busybox/0014-app-location-for-cpio-vi-and-lspci.patch @@ -1,9 +1,13 @@ -From 97d4a0ffc6f58813fd91e5728d474b984f29b9a6 Mon Sep 17 00:00:00 2001 +From 42739bd6e55d90a9435ba76ea4bf7fbd49a68862 Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Tue, 27 Dec 2016 20:46:59 +0100 +Date: Tue, 27 Dec 2016 19:38:39 +0100 Subject: [PATCH] app location for cpio, vi and lspci +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Adjust location to where alpine linux installs them + --- archival/cpio.c | 2 +- editors/vi.c | 2 +- @@ -24,7 +28,7 @@ index 7149782d7..ee80efd9f 100644 //kbuild:lib-$(CONFIG_CPIO) += cpio.o diff --git a/editors/vi.c b/editors/vi.c -index 3dbe5b471..b29c16098 100644 +index 2645afe87..70c594353 100644 --- a/editors/vi.c +++ b/editors/vi.c @@ -176,7 +176,7 @@ diff --git a/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch b/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch deleted file mode 100644 index 6ff2b82..0000000 --- a/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 103728181bfd9a60537166d036e5baca7b67cc1f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> -Date: Sat, 29 Jan 2022 06:11:12 +0100 -Subject: [PATCH] ash: fix use-after-free in bash pattern substitution -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -At Alpine Linux downstream, we were made aware of a segmentation fault -occurring during string replacement in BusyBox ash [0]. Further -debugging revealed that the segmentation fault occurs due to a -use-after-free in BusyBox's bash pattern substitution implementation. -Specially, the problem is that the repl variable (pointing to the -replacement string) points to a value in the stack string. However, when -accessing the repl pointer in Line 7350 it is possible that the stack -has been moved since the last repl assignment due to the STPUTC -invocations in Line 7317 and 7321 (since STPUTC may grow the stack via -realloc(3)). - -For this reason, the code in Line 7350 may access an unmapped memory -region and therefore causes a segmentation fault if prior STPUTC -invocations moved the stack via realloc(3). The valgrind output -for this edge case looks as follows: - - Invalid read of size 1 - at 0x15D8DD: subevalvar (ash.c:7350) - by 0x15DC43: evalvar (ash.c:7666) - by 0x15B717: argstr (ash.c:6893) - by 0x15BAEC: expandarg (ash.c:8090) - by 0x15F4CC: evalcommand (ash.c:10429) - by 0x15B26C: evaltree (ash.c:9365) - by 0x15E4FC: cmdloop (ash.c:13569) - by 0x15FD8B: ash_main (ash.c:14748) - by 0x115BF2: run_applet_no_and_exit (appletlib.c:967) - by 0x115F16: run_applet_and_exit (appletlib.c:986) - by 0x115EF9: busybox_main (appletlib.c:917) - by 0x115EF9: run_applet_and_exit (appletlib.c:979) - by 0x115F8F: main (appletlib.c:1126) - Address 0x48b8646 is 2,054 bytes inside a block of size 4,776 free'd - at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x116E86: xrealloc (xfuncs_printf.c:61) - by 0x1565DB: growstackblock (ash.c:1736) - by 0x156EF7: growstackstr (ash.c:1775) - by 0x156F1A: _STPUTC (ash.c:1816) - by 0x15D843: subevalvar (ash.c:7317) - by 0x15DC43: evalvar (ash.c:7666) - by 0x15B717: argstr (ash.c:6893) - by 0x15BAEC: expandarg (ash.c:8090) - by 0x15F4CC: evalcommand (ash.c:10429) - by 0x15B26C: evaltree (ash.c:9365) - by 0x15E4FC: cmdloop (ash.c:13569) - -A testcase for reproducing this edge case is provided in the downstream -bug report [1]. This commit fixes the issue by reconstructing the repl -pointer relative to stackblock() via strloc and slash_pos. - -[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469 -[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469#note_210530 - -Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> ---- - shell/ash.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/shell/ash.c b/shell/ash.c -index 55df54bd0..24f9a8270 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -7346,6 +7346,12 @@ subevalvar(char *start, char *str, int strloc, - idx = loc; - } - -+ // The STPUTC invocations above may resize and move the -+ // stack via realloc(3). Since repl is a pointer into the -+ // stack, we need to reconstruct it relative to stackblock(). -+ if (slash_pos >= 0) -+ repl = (char *)stackblock() + strloc + slash_pos + 1; -+ - //bb_error_msg("repl:'%s'", repl); - for (loc = (char*)repl; *loc; loc++) { - char *restart_detect = stackblock(); diff --git a/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch b/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch deleted file mode 100644 index 5697a55..0000000 --- a/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> -Date: Tue, 8 Feb 2022 09:29:21 +0100 -Subject: [PATCH] ed: don't use memcpy with overlapping memory regions - -The memcpy invocations in the subCommand function, modified by this -commit, previously used memcpy with overlapping memory regions. This is -undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since -we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers -implementation catches this source of undefined behavior [0]. The issue -can only be triggered if the replacement string is the same size or -shorter than the old string. - -Looking at the code, it seems to me that a memmove(3) is what was -actually intended here, this commit modifies the code accordingly. - -[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504 ---- - editors/ed.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/editors/ed.c b/editors/ed.c -index 209ce9942..4a84f7433 100644 ---- a/editors/ed.c -+++ b/editors/ed.c -@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2) - if (deltaLen <= 0) { - memcpy(&lp->data[offset], newStr, newLen); - if (deltaLen) { -- memcpy(&lp->data[offset + newLen], -+ memmove(&lp->data[offset + newLen], - &lp->data[offset + oldLen], - lp->len - offset - oldLen); - diff --git a/aports/busybox/0005-udhcpc-set-default-discover-retries-to-5.patch b/aports/busybox/0015-udhcpc-set-default-discover-retries-to-5.patch index ea15834..7dd08dd 100644 --- a/aports/busybox/0005-udhcpc-set-default-discover-retries-to-5.patch +++ b/aports/busybox/0015-udhcpc-set-default-discover-retries-to-5.patch @@ -1,20 +1,24 @@ -From 7f626404022bb69cd314e2eea33a721d75cc933d Mon Sep 17 00:00:00 2001 +From 050863f09d1ea42cedd8935580cf570032fed339 Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 4 Aug 2016 12:46:55 +0200 +Date: Thu, 4 Aug 2016 13:17:00 +0200 Subject: [PATCH] udhcpc: set default discover retries to 5 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Some slower nics needs more attempts to get a lease + --- networking/udhcp/d6_dhcpc.c | 4 ++-- networking/udhcp/dhcpc.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c -index 8d11a7539..794441953 100644 +index cdd06188e..3d0ec98f9 100644 --- a/networking/udhcp/d6_dhcpc.c +++ b/networking/udhcp/d6_dhcpc.c -@@ -1135,7 +1135,7 @@ static void client_background(void) - //usage: "\n -s PROG Run PROG at DHCP events (default "CONFIG_UDHCPC_DEFAULT_SCRIPT")" +@@ -1137,7 +1137,7 @@ static void client_background(void) + //usage: "\n -s PROG Run PROG at DHCP events (default "CONFIG_UDHCPC6_DEFAULT_SCRIPT")" //usage: "\n -B Request broadcast replies" //usage: "\n -t N Send up to N discover packets" -//usage: "\n -T SEC Pause between packets (default 3)" @@ -22,7 +26,7 @@ index 8d11a7539..794441953 100644 //usage: "\n -A SEC Wait if lease is not obtained (default 20)" //usage: USE_FOR_MMU( //usage: "\n -b Background if lease is not obtained" -@@ -1180,7 +1180,7 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) +@@ -1182,7 +1182,7 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) llist_t *list_x = NULL; int tryagain_timeout = 20; int discover_timeout = 3; @@ -32,7 +36,7 @@ index 8d11a7539..794441953 100644 struct in6_addr ipv6_buf; struct in6_addr *requested_ipv6; diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c -index 331f13a8c..0c1b58d7c 100644 +index c757fb37c..424d6dade 100644 --- a/networking/udhcp/dhcpc.c +++ b/networking/udhcp/dhcpc.c @@ -1173,7 +1173,7 @@ static void client_background(void) diff --git a/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch deleted file mode 100644 index 3527fa5..0000000 --- a/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch +++ /dev/null @@ -1,88 +0,0 @@ -From fa52ac9781f479de8ab4d8526276244c0a0471f4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> -Date: Mon, 28 Feb 2022 08:36:50 +0100 -Subject: [PATCH] ash: don't read past end of var in subvareval for bash - substitutions -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Without this patch, BusyBox handles bash pattern substitutions without -a terminating '/' character incorrectly. - -Consider the following shell script: - - _bootstrapver=5.0.211-r0 - _referencesdir="/usr/${_bootstrapver/-*}/Sources" - echo $_referencesdir - -This should output `/usr/5.0.211/Sources`. However, without this patch -it instead outputs `/usr/5.0.211Sources`. This is due to the fact that -BusyBox expects the bash pattern substitutions to always be terminated -with a '/' (at least in this part of subvareval) and thus reads passed -the substitution itself and consumes the '/' character which is part of -the literal string. If there is no '/' after the substitution then -BusyBox might perform an out-of-bounds read under certain circumstances. - -When replacing the bash pattern substitution with `${_bootstrapver/-*/}`, -or with this patch applied, ash outputs the correct value. - -Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> ---- - shell/ash.c | 4 ++++ - shell/ash_test/ash-vars/var_bash_repl_unterminated.right | 1 + - shell/ash_test/ash-vars/var_bash_repl_unterminated.tests | 2 ++ - shell/hush_test/hush-vars/var_bash_repl_unterminated.right | 1 + - shell/hush_test/hush-vars/var_bash_repl_unterminated.tests | 2 ++ - 5 files changed, 10 insertions(+) - create mode 100644 shell/ash_test/ash-vars/var_bash_repl_unterminated.right - create mode 100755 shell/ash_test/ash-vars/var_bash_repl_unterminated.tests - create mode 100644 shell/hush_test/hush-vars/var_bash_repl_unterminated.right - create mode 100755 shell/hush_test/hush-vars/var_bash_repl_unterminated.tests - -diff --git a/shell/ash.c b/shell/ash.c -index adb0f223a..54335c5dd 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -7081,6 +7081,10 @@ subevalvar(char *start, char *str, int strloc, - *repl = '\0'; - break; - } -+ if ((unsigned char)*repl == CTLENDVAR) { /* ${v/pattern} (no trailing /, no repl) */ -+ repl = NULL; -+ break; -+ } - /* Handle escaped slashes, e.g. "${v/\//_}" (they are CTLESC'ed by this point) */ - if ((unsigned char)*repl == CTLESC && repl[1]) - repl++; -diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.right b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right -new file mode 100644 -index 000000000..5bff3a6fa ---- /dev/null -+++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right -@@ -0,0 +1 @@ -+b/d -diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests -new file mode 100755 -index 000000000..c9513343d ---- /dev/null -+++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests -@@ -0,0 +1,2 @@ -+a=b-c -+echo ${a/-*}/d -diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.right b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right -new file mode 100644 -index 000000000..5bff3a6fa ---- /dev/null -+++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right -@@ -0,0 +1 @@ -+b/d -diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests -new file mode 100755 -index 000000000..c9513343d ---- /dev/null -+++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests -@@ -0,0 +1,2 @@ -+a=b-c -+echo ${a/-*}/d diff --git a/aports/busybox/0006-ping-make-ping-work-without-root-privileges.patch b/aports/busybox/0016-ping-make-ping-work-without-root-privileges.patch index ed35229..661f046 100644 --- a/aports/busybox/0006-ping-make-ping-work-without-root-privileges.patch +++ b/aports/busybox/0016-ping-make-ping-work-without-root-privileges.patch @@ -1,17 +1,20 @@ -From 278c73292f2cfc1ecef2dac71efdc7201c021211 Mon Sep 17 00:00:00 2001 +From 19c6c34fb6318605e58a9b209cf742d559c0d467 Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Tue, 29 Mar 2016 18:59:22 +0200 +Date: Tue, 29 Mar 2016 09:23:08 +0200 Subject: [PATCH] ping: make ping work without root privileges +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit --- networking/ping.c | 115 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 94 insertions(+), 21 deletions(-) diff --git a/networking/ping.c b/networking/ping.c -index c4a15e06e..a2dccb57f 100644 +index 9805695a1..5e4488abd 100644 --- a/networking/ping.c +++ b/networking/ping.c -@@ -170,6 +170,7 @@ enum { +@@ -208,6 +208,7 @@ enum { pingsock = 0, }; @@ -19,7 +22,7 @@ index c4a15e06e..a2dccb57f 100644 static void #if ENABLE_PING6 create_icmp_socket(len_and_sockaddr *lsa) -@@ -186,9 +187,23 @@ create_icmp_socket(void) +@@ -224,9 +225,23 @@ create_icmp_socket(void) #endif sock = socket(AF_INET, SOCK_RAW, 1); /* 1 == ICMP */ if (sock < 0) { @@ -46,7 +49,7 @@ index c4a15e06e..a2dccb57f 100644 } xmove_fd(sock, pingsock); -@@ -241,10 +256,12 @@ static void ping4(len_and_sockaddr *lsa) +@@ -279,10 +294,12 @@ static void ping4(len_and_sockaddr *lsa) bb_simple_perror_msg("recvfrom"); continue; } @@ -62,7 +65,7 @@ index c4a15e06e..a2dccb57f 100644 if (pkt->icmp_id != G.myid) continue; /* not our ping */ if (pkt->icmp_type == ICMP_ECHOREPLY) -@@ -653,19 +670,21 @@ static void unpack_tail(int sz, uint32_t *tp, +@@ -691,19 +708,21 @@ static void unpack_tail(int sz, uint32_t *tp, } static int unpack4(char *buf, int sz, struct sockaddr_in *from) { @@ -90,7 +93,7 @@ index c4a15e06e..a2dccb57f 100644 if (icmppkt->icmp_id != myid) return 0; /* not our ping */ -@@ -677,7 +696,7 @@ static int unpack4(char *buf, int sz, struct sockaddr_in *from) +@@ -715,7 +734,7 @@ static int unpack4(char *buf, int sz, struct sockaddr_in *from) tp = (uint32_t *) icmppkt->icmp_data; unpack_tail(sz, tp, inet_ntoa(*(struct in_addr *) &from->sin_addr.s_addr), @@ -99,7 +102,7 @@ index c4a15e06e..a2dccb57f 100644 return 1; } if (icmppkt->icmp_type != ICMP_ECHO) { -@@ -727,11 +746,31 @@ static void ping4(len_and_sockaddr *lsa) +@@ -765,11 +784,31 @@ static void ping4(len_and_sockaddr *lsa) int sockopt; pingaddr.sin = lsa->u.sin; @@ -132,7 +135,7 @@ index c4a15e06e..a2dccb57f 100644 } /* enable broadcast pings */ -@@ -748,6 +787,15 @@ static void ping4(len_and_sockaddr *lsa) +@@ -786,6 +825,15 @@ static void ping4(len_and_sockaddr *lsa) setsockopt_int(pingsock, IPPROTO_IP, IP_MULTICAST_TTL, opt_ttl); } @@ -148,7 +151,7 @@ index c4a15e06e..a2dccb57f 100644 signal(SIGINT, print_stats_and_exit); /* start the ping's going ... */ -@@ -785,10 +833,33 @@ static void ping6(len_and_sockaddr *lsa) +@@ -823,10 +871,33 @@ static void ping6(len_and_sockaddr *lsa) char control_buf[CMSG_SPACE(36)]; pingaddr.sin6 = lsa->u.sin6; @@ -183,7 +186,7 @@ index c4a15e06e..a2dccb57f 100644 { struct icmp6_filter filt; if (!(option_mask32 & OPT_VERBOSE)) { -@@ -934,12 +1005,14 @@ static int common_ping_main(int opt, char **argv) +@@ -972,12 +1043,14 @@ static int common_ping_main(int opt, char **argv) interval = INT_MAX/1000000; G.interval_us = interval * 1000000; diff --git a/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch b/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch deleted file mode 100644 index 22a2578..0000000 --- a/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 3813e89e3622b034b0e51acae496493a717555cc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> -Date: Wed, 1 Jun 2022 11:51:40 +0200 -Subject: [PATCH] ash: Fix use-after-free on idx variable - -Consider the following code from ash.c: - - STPUTC(*idx, expdest); - if (quotes && (unsigned char)*idx == CTLESC) { - -The idx variable points to a value in the stack string (as managed -by STPUTC). STPUTC may resize this stack string via realloc(3). If -this happens, the idx pointer needs to be updated. Otherwise, -dereferencing idx may result in a use-after free. - -The valgrind output for this edge case looks as follows: - - Invalid read of size 1 - at 0x113AD7: subevalvar (ash.c:7326) - by 0x112EC7: evalvar (ash.c:7674) - by 0x113219: argstr (ash.c:6891) - by 0x113D10: expandarg (ash.c:8098) - by 0x118989: evalcommand (ash.c:10377) - by 0x116744: evaltree (ash.c:9373) - by 0x1170DC: cmdloop (ash.c:13577) - by 0x1191E4: ash_main (ash.c:14756) - by 0x10CB3B: run_applet_no_and_exit (appletlib.c:967) - by 0x10CBCA: run_applet_and_exit (appletlib.c:986) - by 0x10CBCA: main (appletlib.c:1126) - Address 0x48b4099 is 857 bytes inside a block of size 2,736 free'd - at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x125B03: xrealloc (xfuncs_printf.c:61) - by 0x10F9D2: growstackblock (ash.c:1736) - by 0x10FA4E: growstackstr (ash.c:1775) - by 0x10FA71: _STPUTC (ash.c:1816) - by 0x113A94: subevalvar (ash.c:7325) - by 0x112EC7: evalvar (ash.c:7674) - by 0x113219: argstr (ash.c:6891) - by 0x113D10: expandarg (ash.c:8098) - by 0x118989: evalcommand (ash.c:10377) - by 0x116744: evaltree (ash.c:9373) - by 0x1170DC: cmdloop (ash.c:13577) - Block was alloc'd at - at 0x48A26D5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x125AE9: xmalloc (xfuncs_printf.c:50) - by 0x10ED56: stalloc (ash.c:1622) - by 0x10F9FF: growstackblock (ash.c:1746) - by 0x10FB2A: growstackto (ash.c:1783) - by 0x10FB47: makestrspace (ash.c:1795) - by 0x10FDE7: memtodest (ash.c:6390) - by 0x10FE91: strtodest (ash.c:6417) - by 0x112CC5: varvalue (ash.c:7558) - by 0x112D80: evalvar (ash.c:7603) - by 0x113219: argstr (ash.c:6891) - by 0x113D10: expandarg (ash.c:8098) - -This patch fixes this issue by updating the pointers again via -the restart label if STPUTC re-sized the stack. This issue -has been reported to us at Alpine Linux downstream. - -Also: Move the second realloc-check inside the if statement -that follows so it isn't done twice if the condition evaluates -to false. - -See also: - -* https://gitlab.alpinelinux.org/alpine/aports/-/issues/13900 -* http://lists.busybox.net/pipermail/busybox/2022-April/089655.html ---- - shell/ash.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/shell/ash.c b/shell/ash.c -index ef4a47afe..cbc50eefe 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -7323,13 +7323,15 @@ subevalvar(char *start, char *str, int strloc, - if (idx >= end) - break; - STPUTC(*idx, expdest); -+ if (stackblock() != restart_detect) -+ goto restart; - if (quotes && (unsigned char)*idx == CTLESC) { - idx++; - len++; - STPUTC(*idx, expdest); -+ if (stackblock() != restart_detect) -+ goto restart; - } -- if (stackblock() != restart_detect) -- goto restart; - idx++; - len++; - rmesc++; diff --git a/aports/busybox/0007-fbsplash-support-console-switching.patch b/aports/busybox/0017-fbsplash-support-console-switching.patch index 8d19505..d5ec3f8 100644 --- a/aports/busybox/0007-fbsplash-support-console-switching.patch +++ b/aports/busybox/0017-fbsplash-support-console-switching.patch @@ -1,17 +1,20 @@ -From 8fb815ec846d9ac64c89ac21cededc17f0b804c3 Mon Sep 17 00:00:00 2001 +From 7a5d2b057b1aad464500073f15fa7547d2738ecf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 24 Sep 2012 07:58:29 +0300 +Date: Mon, 24 Sep 2012 06:42:10 +0300 Subject: [PATCH] fbsplash: support console switching +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit --- miscutils/fbsplash.c | 82 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 75 insertions(+), 7 deletions(-) diff --git a/miscutils/fbsplash.c b/miscutils/fbsplash.c -index bc3c61055..1c206ef53 100644 +index 2934d8eb7..ae257e8bc 100644 --- a/miscutils/fbsplash.c +++ b/miscutils/fbsplash.c -@@ -47,7 +47,7 @@ +@@ -46,7 +46,7 @@ //kbuild:lib-$(CONFIG_FBSPLASH) += fbsplash.o //usage:#define fbsplash_trivial_usage @@ -20,7 +23,7 @@ index bc3c61055..1c206ef53 100644 //usage:#define fbsplash_full_usage "\n\n" //usage: " -s Image" //usage: "\n -c Hide cursor" -@@ -57,11 +57,17 @@ +@@ -56,11 +56,17 @@ //usage: "\n BAR_R,BAR_G,BAR_B,IMG_LEFT,IMG_TOP" //usage: "\n -f Control pipe (else exit after drawing image)" //usage: "\n commands: 'NN' (% for progress bar) or 'exit'" @@ -38,7 +41,7 @@ index bc3c61055..1c206ef53 100644 /* If you want logging messages on /tmp/fbsplash.log... */ #define DEBUG 0 -@@ -75,6 +81,8 @@ struct globals { +@@ -74,6 +80,8 @@ struct globals { unsigned char *addr; // pointer to framebuffer memory unsigned ns[9]; // n-parameters const char *image_filename; @@ -47,7 +50,7 @@ index bc3c61055..1c206ef53 100644 struct fb_var_screeninfo scr_var; struct fb_fix_screeninfo scr_fix; unsigned bytes_per_pixel; -@@ -488,6 +496,11 @@ static void init(const char *cfg_filename) +@@ -487,6 +495,11 @@ static void init(const char *cfg_filename) config_close(parser); } @@ -59,7 +62,7 @@ index bc3c61055..1c206ef53 100644 int fbsplash_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int fbsplash_main(int argc UNUSED_PARAM, char **argv) -@@ -497,6 +510,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -496,6 +509,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) char *num_buf; unsigned num; bool bCursorOff; @@ -69,7 +72,7 @@ index bc3c61055..1c206ef53 100644 INIT_G(); -@@ -504,8 +520,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -503,8 +519,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) fb_device = "/dev/fb0"; cfg_filename = NULL; fifo_filename = NULL; @@ -81,7 +84,7 @@ index bc3c61055..1c206ef53 100644 // parse configuration file if (cfg_filename) -@@ -515,11 +532,43 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -514,11 +531,43 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) if (!G.image_filename) bb_show_usage(); @@ -126,7 +129,7 @@ index bc3c61055..1c206ef53 100644 } fb_drawimage(); -@@ -527,6 +576,7 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -526,6 +575,7 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) if (!fifo_filename) return EXIT_SUCCESS; @@ -134,7 +137,7 @@ index bc3c61055..1c206ef53 100644 fp = xfopen_stdin(fifo_filename); if (fp != stdin) { // For named pipes, we want to support this: -@@ -542,8 +592,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -541,8 +591,9 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) // and become an additional writer :) open(fifo_filename, O_WRONLY); // errors are ignored } @@ -145,7 +148,7 @@ index bc3c61055..1c206ef53 100644 // Block on read, waiting for some input. // Use of <stdio.h> style I/O allows to correctly // handle a case when we have many buffered lines -@@ -558,12 +609,29 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) +@@ -557,12 +608,29 @@ int fbsplash_main(int argc UNUSED_PARAM, char **argv) #if DEBUG DEBUG_MESSAGE(itoa(num)); #endif diff --git a/aports/busybox/0018-ash-fix-ifs-cleanup-on-error-paths.patch b/aports/busybox/0018-ash-fix-ifs-cleanup-on-error-paths.patch deleted file mode 100644 index c09bc84..0000000 --- a/aports/busybox/0018-ash-fix-ifs-cleanup-on-error-paths.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 1c5455284234e894dfb6086bf7f3e9a6d5d9611f Mon Sep 17 00:00:00 2001 -From: Denys Vlasenko <vda.linux@googlemail.com> -Date: Tue, 2 Aug 2022 11:13:44 +0200 -Subject: [PATCH] ash: fix ifs cleanup on error paths - -Patch by Alex Gorinson <algore3698@gmail.com> - -function old new delta -evalvar 477 495 +18 -varvalue 603 618 +15 -subevalvar 1557 1572 +15 ------------------------------------------------------------------------------- -(add/remove: 0/0 grow/shrink: 3/0 up/down: 48/0) Total: 48 bytes - -Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> ---- - shell/ash.c | 2 ++ - shell/ash_test/ash-heredoc/heredoc_and_cmd.right | 2 ++ - shell/ash_test/ash-heredoc/heredoc_and_cmd.tests | 8 ++++++++ - shell/hush_test/hush-heredoc/heredoc_and_cmd.right | 2 ++ - shell/hush_test/hush-heredoc/heredoc_and_cmd.tests | 8 ++++++++ - 5 files changed, 22 insertions(+) - create mode 100644 shell/ash_test/ash-heredoc/heredoc_and_cmd.right - create mode 100755 shell/ash_test/ash-heredoc/heredoc_and_cmd.tests - create mode 100644 shell/hush_test/hush-heredoc/heredoc_and_cmd.right - create mode 100755 shell/hush_test/hush-heredoc/heredoc_and_cmd.tests - -diff --git a/shell/ash.c b/shell/ash.c -index d29de37b7..c731a333b 100644 ---- a/shell/ash.c -+++ b/shell/ash.c -@@ -7028,6 +7028,7 @@ varunset(const char *end, const char *var, const char *umsg, int varflags) - msg = umsg; - } - } -+ ifsfree(); - ash_msg_and_raise_error("%.*s: %s%s", (int)(end - var - 1), var, msg, tail); - } - -@@ -7453,6 +7454,7 @@ varvalue(char *name, int varflags, int flags, int quoted) - if (discard) - return -1; - -+ ifsfree(); - raise_error_syntax("bad substitution"); - } - -diff --git a/shell/ash_test/ash-heredoc/heredoc_and_cmd.right b/shell/ash_test/ash-heredoc/heredoc_and_cmd.right -new file mode 100644 -index 000000000..25ae70561 ---- /dev/null -+++ b/shell/ash_test/ash-heredoc/heredoc_and_cmd.right -@@ -0,0 +1,2 @@ -+./heredoc_and_cmd.tests: line 4: D: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+Y -diff --git a/shell/ash_test/ash-heredoc/heredoc_and_cmd.tests b/shell/ash_test/ash-heredoc/heredoc_and_cmd.tests -new file mode 100755 -index 000000000..197542de7 ---- /dev/null -+++ b/shell/ash_test/ash-heredoc/heredoc_and_cmd.tests -@@ -0,0 +1,8 @@ -+# The bug was only happening with <<REDIR;CMD form below: -+M='AAAAAAAAAAAAAAAAA' -+fff(){ -+date <<000; echo Y -+${D?$M$M$M$M$M$M} -+000 -+} -+fff -diff --git a/shell/hush_test/hush-heredoc/heredoc_and_cmd.right b/shell/hush_test/hush-heredoc/heredoc_and_cmd.right -new file mode 100644 -index 000000000..5c19a0621 ---- /dev/null -+++ b/shell/hush_test/hush-heredoc/heredoc_and_cmd.right -@@ -0,0 +1,2 @@ -+hush: D: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+Y -diff --git a/shell/hush_test/hush-heredoc/heredoc_and_cmd.tests b/shell/hush_test/hush-heredoc/heredoc_and_cmd.tests -new file mode 100755 -index 000000000..197542de7 ---- /dev/null -+++ b/shell/hush_test/hush-heredoc/heredoc_and_cmd.tests -@@ -0,0 +1,8 @@ -+# The bug was only happening with <<REDIR;CMD form below: -+M='AAAAAAAAAAAAAAAAA' -+fff(){ -+date <<000; echo Y -+${D?$M$M$M$M$M$M} -+000 -+} -+fff diff --git a/aports/busybox/0008-fbsplash-support-image-and-bar-alignment-and-positio.patch b/aports/busybox/0018-fbsplash-support-image-and-bar-alignment-and-positio.patch index ab3421e..f91f564 100644 --- a/aports/busybox/0008-fbsplash-support-image-and-bar-alignment-and-positio.patch +++ b/aports/busybox/0018-fbsplash-support-image-and-bar-alignment-and-positio.patch @@ -1,18 +1,22 @@ -From cc005e48ebd831199789d9dfb1a9307e743ecdaa Mon Sep 17 00:00:00 2001 +From 0a205b68300cea1a8905aa9c12926fe70d75eca8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Fri, 21 Nov 2014 16:06:34 +0200 +Date: Fri, 21 Nov 2014 15:15:43 +0200 Subject: [PATCH] fbsplash: support image and bar alignment and positioning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit Needed to center a splash screen image in the initramfs. + --- miscutils/fbsplash.c | 93 ++++++++++++++++++++++++++++++++------------ 1 file changed, 69 insertions(+), 24 deletions(-) diff --git a/miscutils/fbsplash.c b/miscutils/fbsplash.c -index 1c206ef53..500e04fcc 100644 +index ae257e8bc..2c6413157 100644 --- a/miscutils/fbsplash.c +++ b/miscutils/fbsplash.c -@@ -54,7 +54,7 @@ +@@ -53,7 +53,7 @@ //usage: "\n -d Framebuffer device (default /dev/fb0)" //usage: "\n -i Config file (var=value):" //usage: "\n BAR_LEFT,BAR_TOP,BAR_WIDTH,BAR_HEIGHT" @@ -21,7 +25,7 @@ index 1c206ef53..500e04fcc 100644 //usage: "\n -f Control pipe (else exit after drawing image)" //usage: "\n commands: 'NN' (% for progress bar) or 'exit'" //usage: "\n -T Switch to TTY to hide all console messages" -@@ -73,13 +73,39 @@ +@@ -72,13 +72,39 @@ #define ESC "\033" @@ -62,7 +66,7 @@ index 1c206ef53..500e04fcc 100644 const char *image_filename; int silent_tty, fd_tty_s; bool do_not_draw; -@@ -96,16 +122,6 @@ struct globals { +@@ -95,16 +121,6 @@ struct globals { SET_PTR_TO_GLOBALS(xzalloc(sizeof(G))); \ } while (0) @@ -79,7 +83,7 @@ index 1c206ef53..500e04fcc 100644 #if DEBUG #define DEBUG_MESSAGE(strMessage, args...) \ if (G.bdebug_messages) { \ -@@ -386,7 +402,7 @@ static void fb_drawimage(void) +@@ -385,7 +401,7 @@ static void fb_drawimage(void) FILE *theme_file; char *read_ptr; unsigned char *pixline; @@ -88,7 +92,7 @@ index 1c206ef53..500e04fcc 100644 if (LONE_DASH(G.image_filename)) { theme_file = stdin; -@@ -436,18 +452,39 @@ static void fb_drawimage(void) +@@ -435,18 +451,39 @@ static void fb_drawimage(void) line_size = width*3; pixline = xmalloc(line_size); @@ -135,7 +139,7 @@ index 1c206ef53..500e04fcc 100644 for (i = 0; i < width; i++) { unsigned thispix = fb_pixel_value(pixel[0], pixel[1], pixel[2]); fb_write_pixel(src, thispix); -@@ -466,11 +503,15 @@ static void fb_drawimage(void) +@@ -465,11 +502,15 @@ static void fb_drawimage(void) */ static void init(const char *cfg_filename) { @@ -152,7 +156,7 @@ index 1c206ef53..500e04fcc 100644 #if DEBUG "DEBUG\0" #endif -@@ -479,14 +520,18 @@ static void init(const char *cfg_filename) +@@ -478,14 +519,18 @@ static void init(const char *cfg_filename) parser_t *parser = config_open2(cfg_filename, xfopen_stdin); while (config_read(parser, token, 2, 2, "#=", (PARSE_NORMAL | PARSE_MIN_DIE) & ~(PARSE_TRIM | PARSE_COLLAPSE))) { diff --git a/aports/busybox/0009-depmod-support-generating-kmod-binary-index-files.patch b/aports/busybox/0019-depmod-support-generating-kmod-binary-index-files.patch index 9f697a5..62481f6 100644 --- a/aports/busybox/0009-depmod-support-generating-kmod-binary-index-files.patch +++ b/aports/busybox/0019-depmod-support-generating-kmod-binary-index-files.patch @@ -1,13 +1,17 @@ -From 8d76137506e9c65404280694e56d9a7629d58280 Mon Sep 17 00:00:00 2001 +From 4eb6d6b1f36e9bf976549f3071beb1192e11c4ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Sun, 25 Oct 2015 22:21:41 +0200 +Date: Sun, 25 Oct 2015 12:33:58 +0200 Subject: [PATCH] depmod: support generating kmod binary index files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit This allows to use busybox depmod, and run daemons using libkmod (or even kmod modprobe if needed). About +1500 bytes when enabled. This patch merges some depmod code paths, so when this is disabled it shrinks the code size a little bit. + --- modutils/Config.src | 9 ++ modutils/depmod.c | 281 ++++++++++++++++++++++++++++++++++++-------- @@ -37,7 +41,7 @@ index 188296814..7a4c037ad 100644 bool "Support module.symbols file" default y diff --git a/modutils/depmod.c b/modutils/depmod.c -index b5244fc60..26e223753 100644 +index bb42bbefe..9b034db0a 100644 --- a/modutils/depmod.c +++ b/modutils/depmod.c @@ -2,7 +2,7 @@ @@ -49,7 +53,7 @@ index b5244fc60..26e223753 100644 * Copyright (c) 2008 Vladimir Dronnikov * * Licensed under GPLv2 or later, see file LICENSE in this source tree. -@@ -26,6 +26,24 @@ +@@ -25,6 +25,24 @@ #include "modutils.h" #include <sys/utsname.h> /* uname() */ @@ -74,7 +78,7 @@ index b5244fc60..26e223753 100644 /* * Theory of operation: * - iterate over all modules and record their full path -@@ -53,18 +71,12 @@ static int FAST_FUNC parse_module(const char *fname, struct stat *sb UNUSED_PARA +@@ -53,18 +71,12 @@ static int FAST_FUNC parse_module(struct recursive_state *state, for (ptr = image; ptr < image + len - 10; ptr++) { if (is_prefixed_with(ptr, "depends=")) { @@ -95,7 +99,7 @@ index b5244fc60..26e223753 100644 } else if (ENABLE_FEATURE_MODUTILS_SYMBOLS && is_prefixed_with(ptr, "__ksymtab_") ) { -@@ -74,9 +86,10 @@ static int FAST_FUNC parse_module(const char *fname, struct stat *sb UNUSED_PARA +@@ -74,9 +86,10 @@ static int FAST_FUNC parse_module(struct recursive_state *state, ) { continue; } @@ -301,7 +305,7 @@ index b5244fc60..26e223753 100644 getopt32(argv, "aAb:eF:nruqC:", &moddir_base, NULL, NULL); argv += optind; -@@ -210,53 +382,60 @@ int depmod_main(int argc UNUSED_PARAM, char **argv) +@@ -211,53 +383,60 @@ int depmod_main(int argc UNUSED_PARAM, char **argv) } /* Generate dependency and alias files */ @@ -396,10 +400,10 @@ index b5244fc60..26e223753 100644 if (ENABLE_FEATURE_CLEAN_UP) moddb_free(&modules); diff --git a/modutils/modprobe.c b/modutils/modprobe.c -index 0a372a049..20a60c1a6 100644 +index 235706fd5..604d9e6b5 100644 --- a/modutils/modprobe.c +++ b/modutils/modprobe.c -@@ -192,21 +192,6 @@ struct globals { +@@ -191,21 +191,6 @@ struct globals { static int read_config(const char *path); @@ -422,10 +426,10 @@ index 0a372a049..20a60c1a6 100644 { return moddb_get_or_create(&G.db, module); diff --git a/modutils/modutils.c b/modutils/modutils.c -index 6f7cd9721..257089af4 100644 +index 037d609e4..502ad5422 100644 --- a/modutils/modutils.c +++ b/modutils/modutils.c -@@ -66,6 +66,21 @@ void FAST_FUNC moddb_free(module_db *db) +@@ -67,6 +67,21 @@ void FAST_FUNC moddb_free(module_db *db) } } @@ -447,7 +451,7 @@ index 6f7cd9721..257089af4 100644 void FAST_FUNC replace(char *s, char what, char with) { while (*s) { -@@ -75,6 +90,22 @@ void FAST_FUNC replace(char *s, char what, char with) +@@ -76,6 +91,22 @@ void FAST_FUNC replace(char *s, char what, char with) } } diff --git a/aports/busybox/0010-Add-flag-for-not-following-symlinks-when-recursing.patch b/aports/busybox/0020-Add-flag-for-not-following-symlinks-when-recursing.patch index e647d8d..44a3492 100644 --- a/aports/busybox/0010-Add-flag-for-not-following-symlinks-when-recursing.patch +++ b/aports/busybox/0020-Add-flag-for-not-following-symlinks-when-recursing.patch @@ -1,7 +1,10 @@ -From 03293c16e509501ce7ec952900413138475f125d Mon Sep 17 00:00:00 2001 +From 333b48438e3001cddbc902bd6f5fc7eb116997ca Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Fri, 25 Jul 2014 15:28:33 +0200 +Date: Fri, 25 Jul 2014 02:10:50 +0200 Subject: [PATCH] Add flag for not following symlinks when recursing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit function old new delta .rodata 7934 7967 +33 @@ -10,12 +13,13 @@ packed_usage 1704 1720 +16 diff_main 1665 1662 -3 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 3/1 up/down: 66/-3) Total: 63 bytes + --- editors/diff.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/editors/diff.c b/editors/diff.c -index 280091756..42a36e2d4 100644 +index 1adc4cbc7..f7c0f5250 100644 --- a/editors/diff.c +++ b/editors/diff.c @@ -113,6 +113,9 @@ diff --git a/aports/busybox/0012-udhcpc-Don-t-background-if-n-is-given.patch b/aports/busybox/0021-udhcpc-Don-t-background-if-n-is-given.patch index 523768b..9ce7adf 100644 --- a/aports/busybox/0012-udhcpc-Don-t-background-if-n-is-given.patch +++ b/aports/busybox/0021-udhcpc-Don-t-background-if-n-is-given.patch @@ -1,7 +1,10 @@ -From 0cd01228c1e4173683637c4e582448656b26c05f Mon Sep 17 00:00:00 2001 +From b6a7520ce7c77f14f61794e6a84c865042a31db3 Mon Sep 17 00:00:00 2001 From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 6 Jul 2017 11:40:14 +0200 +Date: Thu, 6 Jul 2017 07:05:15 +0200 Subject: [PATCH] udhcpc: Don't background if -n is given +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit we need add -b to our udhcpc options to prevent boot forever if there are no dhcp server. We also need a way for users to disable this behavior by making @@ -15,16 +18,17 @@ introducing this change. See also: https://bugs.busybox.net/11691 [0]: https://git.busybox.net/busybox/commit/?id=87e216294af9eec39c0c1d553555f8a98c15db38 + --- networking/udhcp/d6_dhcpc.c | 20 +++++++------------- networking/udhcp/dhcpc.c | 20 +++++++------------- 2 files changed, 14 insertions(+), 26 deletions(-) diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c -index 8d11a7539..0284a0fd8 100644 +index 3d0ec98f9..cc3afa921 100644 --- a/networking/udhcp/d6_dhcpc.c +++ b/networking/udhcp/d6_dhcpc.c -@@ -1401,25 +1401,19 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) +@@ -1403,25 +1403,19 @@ int udhcpc6_main(int argc UNUSED_PARAM, char **argv) leasefail: change_listen_mode(LISTEN_NONE); d6_run_script_no_option("leasefail"); @@ -58,7 +62,7 @@ index 8d11a7539..0284a0fd8 100644 timeout = tryagain_timeout; packet_num = 0; diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c -index bbf95caca..8e034ac8a 100644 +index 424d6dade..06ad59fe5 100644 --- a/networking/udhcp/dhcpc.c +++ b/networking/udhcp/dhcpc.c @@ -1456,25 +1456,19 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv) diff --git a/aports/busybox/0023-tests-fix-tarball-creation.patch b/aports/busybox/0023-tests-fix-tarball-creation.patch new file mode 100644 index 0000000..e4221e7 --- /dev/null +++ b/aports/busybox/0023-tests-fix-tarball-creation.patch @@ -0,0 +1,29 @@ +From 9448774028839a834a554384a7c64e89fd9c3486 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Wed, 4 Jan 2023 08:30:41 +0100 +Subject: [PATCH] tests: fix tarball creation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without this patch, the chmod 644 invocation takes away the executable +bit from the input_dir directory, thus preventing the chmod of the files +within the input_dir directory (due to lack of x-bit). + +--- + testsuite/tar.tests | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/testsuite/tar.tests b/testsuite/tar.tests +index 0f2e89112..18e571af3 100755 +--- a/testsuite/tar.tests ++++ b/testsuite/tar.tests +@@ -67,7 +67,7 @@ testing "tar hardlinks and repeated files" '\ + ln input_hard1 input_hard2 + mkdir input_dir + >input_dir/file +-chmod -R 644 * ++for f in *; do [ "$f" = "input_dir" ] || chmod -R 644 "$f"; done + chmod 755 input_dir + tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input + tar tvf test.tar | sed "s/.*[0-9] input/input/" diff --git a/aports/busybox/0024-tests-musl-doesn-t-seem-to-recognize-UTC0-as-a-timez.patch b/aports/busybox/0024-tests-musl-doesn-t-seem-to-recognize-UTC0-as-a-timez.patch new file mode 100644 index 0000000..de2cb36 --- /dev/null +++ b/aports/busybox/0024-tests-musl-doesn-t-seem-to-recognize-UTC0-as-a-timez.patch @@ -0,0 +1,40 @@ +From 707d69bf1e7a5f2e29309239d599933350cbfd59 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Wed, 4 Jan 2023 08:04:07 +0100 +Subject: [PATCH] tests: musl doesn't seem to recognize UTC0 as a timezone +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +UTC works though. + +TODO: Figure out if musl /should/ regonize UTC0. +--- + testsuite/date/date-timezone | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/testsuite/date/date-timezone b/testsuite/date/date-timezone +index 8628aa1d7..720ce4f26 100644 +--- a/testsuite/date/date-timezone ++++ b/testsuite/date/date-timezone +@@ -1,17 +1,17 @@ + # FEATURE: CONFIG_FEATURE_TIMEZONE + + # 'Z' is UTC +-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5Z') ++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5Z') + dt=$(echo "$dt" | cut -b1-19) + test x"$dt" = x"Sat Jan 2 03:04:05" + + # '+0600' is six hours ahead of UTC +-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5 +0600') ++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5 +0600') + dt=$(echo "$dt" | cut -b1-19) + test x"$dt" = x"Fri Jan 1 21:04:05" + + # '-0600' is six hours behind UTC +-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5 -0600') ++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5 -0600') + dt=$(echo "$dt" | cut -b1-19) + test x"$dt" = x"Sat Jan 2 09:04:05" + diff --git a/aports/busybox/0025-Hackfix-to-disable-HW-acceleration-for-MD5-SHA1-on-x.patch b/aports/busybox/0025-Hackfix-to-disable-HW-acceleration-for-MD5-SHA1-on-x.patch new file mode 100644 index 0000000..a3030da --- /dev/null +++ b/aports/busybox/0025-Hackfix-to-disable-HW-acceleration-for-MD5-SHA1-on-x.patch @@ -0,0 +1,46 @@ +From 3ead51e53687e94a51beb793661363df27b00814 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Thu, 5 Jan 2023 15:47:55 +0100 +Subject: [PATCH] Hackfix to disable HW acceleration for MD5/SHA1 on x86 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This causes a direct segfault with musl libc. + +See: http://lists.busybox.net/pipermail/busybox/2023-January/090078.html +--- + libbb/hash_md5_sha.c | 6 +++--- + 2 files changed, 3 insertions(+), 5 deletions(-) + +diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c +index 880ffab01..a006422ab 100644 +--- a/libbb/hash_md5_sha.c ++++ b/libbb/hash_md5_sha.c +@@ -14,7 +14,7 @@ + #define NEED_SHA512 (ENABLE_SHA512SUM || ENABLE_USE_BB_CRYPT_SHA) + + #if ENABLE_SHA1_HWACCEL || ENABLE_SHA256_HWACCEL +-# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) ++# if defined(__GNUC__) && defined(__x86_64__) + static void cpuid(unsigned *eax, unsigned *ebx, unsigned *ecx, unsigned *edx) + { + asm ("cpuid" +@@ -1173,7 +1173,7 @@ void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) + ctx->total64 = 0; + ctx->process_block = sha1_process_block64; + #if ENABLE_SHA1_HWACCEL +-# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) ++# if defined(__GNUC__) && defined(__x86_64__) + { + if (!shaNI) { + unsigned eax = 7, ebx = ebx, ecx = 0, edx = edx; +@@ -1227,7 +1227,7 @@ void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) + /*ctx->total64 = 0; - done by prepending two 32-bit zeros to init256 */ + ctx->process_block = sha256_process_block64; + #if ENABLE_SHA256_HWACCEL +-# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) ++# if defined(__GNUC__) && defined(__x86_64__) + { + if (!shaNI) { + unsigned eax = 7, ebx = ebx, ecx = 0, edx = edx; diff --git a/aports/busybox/0026-lineedit-Handle-SIGWINCH-gracefully.patch b/aports/busybox/0026-lineedit-Handle-SIGWINCH-gracefully.patch new file mode 100644 index 0000000..43f48b1 --- /dev/null +++ b/aports/busybox/0026-lineedit-Handle-SIGWINCH-gracefully.patch @@ -0,0 +1,61 @@ +From 63bb934c9e48d3ba1dc7f8001d423ea84b9a00c2 Mon Sep 17 00:00:00 2001 +From: Marian Buschsieweke <marian.buschsieweke@ovgu.de> +Date: Thu, 19 Jan 2023 17:18:18 +0100 +Subject: [PATCH] lineedit: Handle SIGWINCH gracefully + +Since 1.16.0 a resize of the terminal emulator resulted in ash printing +a new command line. This fixes the issue by retrying read_key() in +lineedit_read_key() on SIGWINCH, rendering reception of SIGWINCH +transparent to callers of read_line_input(). + +Fixes https://bugs.busybox.net/show_bug.cgi?id=15256 +--- + libbb/lineedit.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/libbb/lineedit.c b/libbb/lineedit.c +index d6b2e76ff..a47d9e508 100644 +--- a/libbb/lineedit.c ++++ b/libbb/lineedit.c +@@ -2149,7 +2149,7 @@ static void cmdedit_setwidth(void) + redraw((new_y >= cmdedit_y ? new_y : cmdedit_y), command_len - cursor); + } + +-static void win_changed(int nsig UNUSED_PARAM) ++static void win_changed(int nsig) + { + if (S.ok_to_redraw) { + /* We are in read_key(), safe to redraw immediately */ +@@ -2157,6 +2157,7 @@ static void win_changed(int nsig UNUSED_PARAM) + cmdedit_setwidth(); + fflush_all(); + errno = sv_errno; ++ bb_got_signal = nsig; + } else { + /* Signal main loop that redraw is necessary */ + S.SIGWINCH_count++; +@@ -2186,7 +2187,9 @@ static int lineedit_read_key(char *read_key_buffer, int timeout) + * Note: read_key sets errno to 0 on success. + */ + for (;;) { +- if ((state->flags & LI_INTERRUPTIBLE) && bb_got_signal) { ++ if ((state->flags & LI_INTERRUPTIBLE) && bb_got_signal ++ && (bb_got_signal != SIGWINCH) ++ ) { + errno = EINTR; + return -1; + } +@@ -2197,6 +2200,10 @@ static int lineedit_read_key(char *read_key_buffer, int timeout) + IF_FEATURE_EDITING_WINCH(S.ok_to_redraw = 0;) + if (errno != EINTR) + break; ++ if (bb_got_signal == SIGWINCH) { ++ bb_got_signal = 0; ++ continue; ++ } + if (state->flags & LI_INTERRUPTIBLE) { + /* LI_INTERRUPTIBLE bails out on EINTR, + * but nothing really guarantees that bb_got_signal +-- +2.39.1 + diff --git a/aports/busybox/0027-umount-Implement-O-option-to-unmount-by-mount-option.patch b/aports/busybox/0027-umount-Implement-O-option-to-unmount-by-mount-option.patch new file mode 100644 index 0000000..2b330e5 --- /dev/null +++ b/aports/busybox/0027-umount-Implement-O-option-to-unmount-by-mount-option.patch @@ -0,0 +1,195 @@ +From 7ea459b570760f8e836d05e58422dbd3a7d1b016 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Sun, 19 Jun 2022 17:49:41 +0200 +Subject: [PATCH] umount: Implement -O option to unmount by mount options +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This commit adds an implementation of the umount -O option, as provided +by util-linux's mount(8) implementation, to BusyBox. Similar to -t, the +option is intended to be used in conjunction with -a thereby allowing +users to filter which file systems are unmounted by mount options. +Multiple options can be specified with -O, all of which need to match. +Each option can be prefixed with `no` to indicate that no action should +be taken for a mount point with this mount option. The "no" prefix +interpretation can be disabled using the "+" prefix. + +At Alpine, this feature is often requested by users as the OpenRC +netmount service uses `umount -a -O _netdev` to amount all network +file systems [1] [2]. + +This implementation is functionally equivalent to the util-linux +implementation with the exception that it implements no special handling +for `key="value"` mount options to keep the implementation simple. +Therefore, filesystems mounted with options like `foo="bar"` won't +be matched by `umount -a -O foo`. + +[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/9923 +[2]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13789 + +Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> +Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net> +--- + include/libbb.h | 1 + + libbb/Kbuild.src | 1 + + libbb/match_fsopts.c | 69 ++++++++++++++++++++++++++++++++++++++++++++ + util-linux/umount.c | 10 +++++-- + 4 files changed, 78 insertions(+), 3 deletions(-) + create mode 100644 libbb/match_fsopts.c + +diff --git a/include/libbb.h b/include/libbb.h +index cca33a177..ad41adec8 100644 +--- a/include/libbb.h ++++ b/include/libbb.h +@@ -1586,6 +1586,7 @@ const struct hwtype *get_hwntype(int type) FAST_FUNC; + + + extern int fstype_matches(const char *fstype, const char *comma_list) FAST_FUNC; ++extern int fsopts_matches(const char *opts_list, const char *reqopts_list) FAST_FUNC; + #ifdef HAVE_MNTENT_H + extern struct mntent *find_mount_point(const char *name, int subdir_too) FAST_FUNC; + #endif +diff --git a/libbb/Kbuild.src b/libbb/Kbuild.src +index 653025e56..4bb8260b9 100644 +--- a/libbb/Kbuild.src ++++ b/libbb/Kbuild.src +@@ -120,6 +120,7 @@ lib-y += xrealloc_vector.o + + lib-$(CONFIG_MOUNT) += match_fstype.o + lib-$(CONFIG_UMOUNT) += match_fstype.o ++lib-$(CONFIG_UMOUNT) += match_fsopts.o + + lib-$(CONFIG_FEATURE_UTMP) += utmp.o + +diff --git a/libbb/match_fsopts.c b/libbb/match_fsopts.c +new file mode 100644 +index 000000000..b1cc85c3c +--- /dev/null ++++ b/libbb/match_fsopts.c +@@ -0,0 +1,69 @@ ++/* vi: set sw=4 ts=4: */ ++/* ++ * Match fsopts for use in mount unmount -O. ++ * ++ * Returns 1 for a match, otherwise 0. ++ * ++ * Licensed under GPLv2 or later, see file LICENSE in this source tree. ++ */ ++ ++#include "libbb.h" ++ ++static int fsopt_matches(const char *opts_list, const char *opt, size_t optlen) ++{ ++ int match = 1; ++ ++ if (optlen >= 2 && opt[0] == 'n' && opt[1] == 'o') { ++ match--; ++ opt += 2; optlen -= 2; ++ } ++ ++ /* The alone "no" is an error, all matching ends with False. */ ++ if (optlen == 0) ++ return 0; ++ ++ /* The "no" prefix interpretation can be disabled by the "+" prefix. */ ++ if (match && optlen > 1 && *opt == '+') { ++ opt++; optlen--; ++ } ++ ++ while (1) { ++ if (strncmp(opts_list, opt, optlen) == 0) { ++ const char *after_opt = opts_list + optlen; ++ if (*after_opt == '\0' || *after_opt == ',') ++ return match; ++ } ++ ++ opts_list = strchr(opts_list, ','); ++ if (!opts_list) ++ break; ++ opts_list++; ++ } ++ ++ return !match; ++} ++ ++/* This function implements the mnt_match_options function from libmount. */ ++int FAST_FUNC fsopts_matches(const char *opts_list, const char *reqopts_list) ++{ ++ if (!reqopts_list) ++ return 1; /* no options requested, match anything */ ++ ++ while (1) { ++ size_t len; ++ const char *comma = strchr(reqopts_list, ','); ++ if (!comma) ++ len = strlen(reqopts_list); ++ else ++ len = comma - reqopts_list; ++ ++ if (len && !fsopt_matches(opts_list, reqopts_list, len)) ++ return 0; ++ ++ if (!comma) ++ break; ++ reqopts_list = ++comma; ++ } ++ ++ return 1; ++} +diff --git a/util-linux/umount.c b/util-linux/umount.c +index 23da32868..7a54cafb0 100644 +--- a/util-linux/umount.c ++++ b/util-linux/umount.c +@@ -41,7 +41,7 @@ + //kbuild:lib-$(CONFIG_UMOUNT) += umount.o + + //usage:#define umount_trivial_usage +-//usage: "[-rlf"IF_FEATURE_MTAB_SUPPORT("m")IF_FEATURE_MOUNT_LOOP("d")IF_FEATURE_UMOUNT_ALL("a")"] [-t FSTYPE] FILESYSTEM|DIRECTORY" ++//usage: "[-rlf"IF_FEATURE_MTAB_SUPPORT("m")IF_FEATURE_MOUNT_LOOP("d")IF_FEATURE_UMOUNT_ALL("a")"] [-t FSTYPE] [-O FSOPT] FILESYSTEM|DIRECTORY" + //usage:#define umount_full_usage "\n\n" + //usage: "Unmount filesystems\n" + //usage: IF_FEATURE_UMOUNT_ALL( +@@ -57,6 +57,7 @@ + //usage: "\n -d Free loop device if it has been used" + //usage: ) + //usage: "\n -t FSTYPE[,...] Unmount only these filesystem type(s)" ++//usage: "\n -O FSOPT[,...] Unmount only filesystem mounted with the given options" + //usage: + //usage:#define umount_example_usage + //usage: "$ umount /dev/hdc1\n" +@@ -82,7 +83,7 @@ static struct mntent *getmntent_r(FILE* stream, struct mntent* result, + #endif + + /* ignored: -c -v -i */ +-#define OPTION_STRING "fldnrat:" "cvi" ++#define OPTION_STRING "fldnrat:O:" "cvi" + #define OPT_FORCE (1 << 0) // Same as MNT_FORCE + #define OPT_LAZY (1 << 1) // Same as MNT_DETACH + #define OPT_FREELOOP (1 << 2) +@@ -96,6 +97,7 @@ int umount_main(int argc UNUSED_PARAM, char **argv) + int doForce; + struct mntent me; + FILE *fp; ++ char *opts = NULL; + char *fstype = NULL; + int status = EXIT_SUCCESS; + unsigned opt; +@@ -105,7 +107,7 @@ int umount_main(int argc UNUSED_PARAM, char **argv) + struct mtab_list *next; + } *mtl, *m; + +- opt = getopt32(argv, OPTION_STRING, &fstype); ++ opt = getopt32(argv, OPTION_STRING, &fstype, &opts); + //argc -= optind; + argv += optind; + +@@ -133,6 +135,8 @@ int umount_main(int argc UNUSED_PARAM, char **argv) + /* Match fstype (fstype==NULL matches always) */ + if (!fstype_matches(me.mnt_type, fstype)) + continue; ++ if (!fsopts_matches(me.mnt_opts, opts)) ++ continue; + m = xzalloc(sizeof(*m)); + m->next = mtl; + m->device = xstrdup(me.mnt_fsname); diff --git a/aports/busybox/0028-ash-use-after-free-in-bash-pattern-substitution.patch b/aports/busybox/0028-ash-use-after-free-in-bash-pattern-substitution.patch new file mode 100644 index 0000000..a8c13e4 --- /dev/null +++ b/aports/busybox/0028-ash-use-after-free-in-bash-pattern-substitution.patch @@ -0,0 +1,34 @@ +From 3e83699ce23400d75c7ddaa7ebfdec015177caa7 Mon Sep 17 00:00:00 2001 +From: Karsten Sperling <ksperling@apple.com> +Date: Thu, 18 May 2023 16:47:49 +0200 +Subject: [PATCH] ash: use-after-free in bash pattern substitution +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit daa66ed6 fixed a number of use-after-free bugs in bash pattern +substitution, however one "unguarded" STPUTC remained, which is fixed here. + +function old new delta +subevalvar 1564 1576 +12 + +Signed-off-by: Karsten Sperling <ksperling@apple.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net> +--- + shell/ash.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/shell/ash.c b/shell/ash.c +index d2c5c5d50..51b627fcc 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7370,6 +7370,8 @@ subevalvar(char *start, char *str, int strloc, + char *restart_detect = stackblock(); + if (quotes && *loc == '\\') { + STPUTC(CTLESC, expdest); ++ if (stackblock() != restart_detect) ++ goto restart; + len++; + } + STPUTC(*loc, expdest); diff --git a/aports/busybox/0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch b/aports/busybox/0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch new file mode 100644 index 0000000..e49bff4 --- /dev/null +++ b/aports/busybox/0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch @@ -0,0 +1,82 @@ +From 5b1deb2b98a0513b101c600e856d64edd9d47a2e Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Fri, 26 May 2023 18:52:52 +0200 +Subject: [PATCH] awk: fix use-after-realloc (CVE-2021-42380), closes 15601 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + editors/awk.c | 26 ++++++++++++++++----- + 2 files changed, 75 insertions(+), 6 deletions(-) + +diff --git a/editors/awk.c b/editors/awk.c +index 728ee8685..2af823808 100644 +--- a/editors/awk.c ++++ b/editors/awk.c +@@ -555,7 +555,7 @@ struct globals { + const char *g_progname; + int g_lineno; + int nfields; +- int maxfields; /* used in fsrealloc() only */ ++ unsigned maxfields; + var *Fields; + char *g_pos; + char g_saved_ch; +@@ -1931,9 +1931,9 @@ static void fsrealloc(int size) + { + int i, newsize; + +- if (size >= maxfields) { +- /* Sanity cap, easier than catering for overflows */ +- if (size > 0xffffff) ++ if ((unsigned)size >= maxfields) { ++ /* Sanity cap, easier than catering for over/underflows */ ++ if ((unsigned)size > 0xffffff) + bb_die_memory_exhausted(); + + i = maxfields; +@@ -2891,6 +2891,7 @@ static var *evaluate(node *op, var *res) + uint32_t opinfo; + int opn; + node *op1; ++ var *old_Fields_ptr; + + opinfo = op->info; + opn = (opinfo & OPNMASK); +@@ -2899,10 +2900,16 @@ static var *evaluate(node *op, var *res) + debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn); + + /* execute inevitable things */ ++ old_Fields_ptr = NULL; + if (opinfo & OF_RES1) { + if ((opinfo & OF_REQUIRED) && !op1) + syntax_error(EMSG_TOO_FEW_ARGS); + L.v = evaluate(op1, TMPVAR0); ++ /* Does L.v point to $n variable? */ ++ if ((size_t)(L.v - Fields) < maxfields) { ++ /* yes, remember where Fields[] is */ ++ old_Fields_ptr = Fields; ++ } + if (opinfo & OF_STR1) { + L.s = getvar_s(L.v); + debug_printf_eval("L.s:'%s'\n", L.s); +@@ -2921,8 +2928,15 @@ static var *evaluate(node *op, var *res) + */ + if (opinfo & OF_RES2) { + R.v = evaluate(op->r.n, TMPVAR1); +- //TODO: L.v may be invalid now, set L.v to NULL to catch bugs? +- //L.v = NULL; ++ /* Seen in $5=$$5=$0: ++ * Evaluation of R.v ($$5=$0 expression) ++ * made L.v ($5) invalid. It's detected here. ++ */ ++ if (old_Fields_ptr) { ++ //if (old_Fields_ptr != Fields) ++ // debug_printf_eval("L.v moved\n"); ++ L.v += Fields - old_Fields_ptr; ++ } + if (opinfo & OF_STR2) { + R.s = getvar_s(R.v); + debug_printf_eval("R.s:'%s'\n", R.s); diff --git a/aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch b/aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch new file mode 100644 index 0000000..4017548 --- /dev/null +++ b/aports/busybox/0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch @@ -0,0 +1,80 @@ +From f69ade3845f9c1cc8cf47251d5f3ba41aab2ce21 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Mon, 12 Jun 2023 16:51:43 +0200 +Subject: [PATCH] shell: avoid segfault on ${0::0/0~09J}. Closes 15216 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +function old new delta +evaluate_string 1011 1053 +42 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/math.c | 39 +++++++++++++++++++++++++++++++++++---- + 1 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/shell/math.c b/shell/math.c +index 76d22c9bd..727c29467 100644 +--- a/shell/math.c ++++ b/shell/math.c +@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr) + # endif + #endif + ++//TODO: much better estimation than expr_len/2? Such as: ++//static unsigned estimate_nums_and_names(const char *expr) ++//{ ++// unsigned count = 0; ++// while (*(expr = skip_whitespace(expr)) != '\0') { ++// const char *p; ++// if (isdigit(*expr)) { ++// while (isdigit(*++expr)) ++// continue; ++// count++; ++// continue; ++// } ++// p = endofname(expr); ++// if (p != expr) { ++// expr = p; ++// count++; ++// continue; ++// } ++// } ++// return count; ++//} ++ + static arith_t + evaluate_string(arith_state_t *math_state, const char *expr) + { +@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr) + const char *errmsg; + const char *start_expr = expr = skip_whitespace(expr); + unsigned expr_len = strlen(expr) + 2; +- /* Stack of integers */ +- /* The proof that there can be no more than strlen(startbuf)/2+1 +- * integers in any given correct or incorrect expression +- * is left as an exercise to the reader. */ ++ /* Stack of integers/names */ ++ /* There can be no more than strlen(startbuf)/2+1 ++ * integers/names in any given correct or incorrect expression. ++ * (modulo "09v09v09v09v09v" case, ++ * but we have code to detect that early) ++ */ + var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0])); + var_or_num_t *numstackptr = numstack; + /* Stack of operator tokens */ +@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr) + numstackptr->var = NULL; + errno = 0; + numstackptr->val = strto_arith_t(expr, (char**) &expr); ++ /* A number can't be followed by another number, or a variable name. ++ * We'd catch this later anyway, but this would require numstack[] ++ * to be twice as deep to handle strings where _every_ char is ++ * a new number or name. Example: 09v09v09v09v09v09v09v09v09v ++ */ ++ if (isalnum(*expr) || *expr == '_') ++ goto err; + //bb_error_msg("val:%lld", numstackptr->val); + if (errno) + numstackptr->val = 0; /* bash compat */ diff --git a/aports/busybox/APKBUILD b/aports/busybox/APKBUILD index 35ead0b..40e77d6 100644 --- a/aports/busybox/APKBUILD +++ b/aports/busybox/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=busybox -pkgver=1.35.0 -pkgrel=4 # base: 29 +pkgver=1.36.1 +pkgrel=0 # base: 2 pkgdesc="Size optimized toolbox of many common UNIX utilities" url="https://busybox.net/" arch="all" @@ -12,8 +12,7 @@ makedepends_host="linux-headers openssl-dev>3" # skalibs-static is needed for utmps-static [ -z "$BOOTSTRAP" ] && makedepends_host="$makedepends_host utmps-dev utmps-static skalibs-static" makedepends="$makedepends_build $makedepends_host" -checkdepends= -provides="/bin/sh" +checkdepends="zip" install= subpackages= options="!check" @@ -26,38 +25,36 @@ _openrc_files="acpid.initd _mdev_openrc_files="mdev.initd" source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 - 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch - 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch - 0001-properly-fix-wget-https-support.patch - 0001-modutils-check-ELF-header-before-calling-finit_module.patch - 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch - 0003-ash-exec-busybox.static.patch - 0004-app-location-for-cpio-vi-and-lspci.patch - 0005-udhcpc-set-default-discover-retries-to-5.patch - 0006-ping-make-ping-work-without-root-privileges.patch - 0007-fbsplash-support-console-switching.patch - 0008-fbsplash-support-image-and-bar-alignment-and-positio.patch - 0009-depmod-support-generating-kmod-binary-index-files.patch - 0010-Add-flag-for-not-following-symlinks-when-recursing.patch - 0012-udhcpc-Don-t-background-if-n-is-given.patch - 0013-ash-fix-unsafe-use-of-mempcpy.patch - 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch - 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch - 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch - 0017-ash-Fix-use-after-free-on-idx-variable.patch - 0018-ash-fix-ifs-cleanup-on-error-paths.patch - - 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch - - 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch - - 0001-avoid-redefined-warnings-when-building-with-utmps.patch - - 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch - 0002-nslookup-sanitize-all-printed-strings-with-printable.patch - 0001-modinfo-add-k-option-for-kernel-version.patch - CVE-2022-30065.patch - 0001-sed-check-errors-writing-file-with-sed-i.patch + 0001-modutils-check-ELF-header-before-calling-finit_modul.patch + 0002-adduser-default-to-sbin-nologin-as-shell-for-system-.patch + 0003-ash-add-built-in-BB_ASH_VERSION-variable.patch + 0004-Avoid-redefined-warnings-when-buiding-with-utmps.patch + 0005-libbb-sockaddr2str-ensure-only-printable-characters-.patch + 0006-modinfo-add-k-option-for-kernel-version.patch + 0007-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch + 0008-pgrep-add-support-for-matching-against-UID-and-RUID.patch + 0009-properly-fix-wget-https-support.patch + 0010-sed-check-errors-writing-file-with-sed-i.patch + 0011-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch + 0012-nslookup-sanitize-all-printed-strings-with-printable.patch + 0013-ash-exec-busybox.static.patch + 0014-app-location-for-cpio-vi-and-lspci.patch + 0015-udhcpc-set-default-discover-retries-to-5.patch + 0016-ping-make-ping-work-without-root-privileges.patch + 0017-fbsplash-support-console-switching.patch + 0018-fbsplash-support-image-and-bar-alignment-and-positio.patch + 0019-depmod-support-generating-kmod-binary-index-files.patch + 0020-Add-flag-for-not-following-symlinks-when-recursing.patch + 0021-udhcpc-Don-t-background-if-n-is-given.patch + + 0023-tests-fix-tarball-creation.patch + 0024-tests-musl-doesn-t-seem-to-recognize-UTC0-as-a-timez.patch + 0025-Hackfix-to-disable-HW-acceleration-for-MD5-SHA1-on-x.patch + 0026-lineedit-Handle-SIGWINCH-gracefully.patch + 0027-umount-Implement-O-option-to-unmount-by-mount-option.patch + 0028-ash-use-after-free-in-bash-pattern-substitution.patch + 0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch + 0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch acpid.logrotate config @@ -189,45 +186,46 @@ EOF } sha512sums=" -62b2e718b6669271380445ed6db249618d777a4e8d5e6d879fa39ffee43887b6a2e93ceef874c615c565ad492deb772b03a19b7475c403202741579fb151e16a busybox-1.35.0.tar.bz2 -ead3403578c071c2216de17ab0543984c1f1509c12c062f03af49141547c3ea21356f3e8f0f0695550f05a41a1379dd73fc3cc18dcd78addbb411f247351e353 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch -a2787a3ecaf6746dadef62166e8ee6ecaa166147e5ad8b917c5838536057c875bab5f9cf40c3e05eba74d575484ac662929ac3799d58432d3a99ac46f364f302 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch -1efe1c4894ae983fed5ac848125f8603f157b9d91c952c53f4192b48d3e50967e05559851148397b583f34fb02d480393547904b4635e4248248be567ab268ea 0001-properly-fix-wget-https-support.patch -0cac9b944928500293e366b42e03211d4159d05b622da60664825e5ee87c9bf6d5a8ea5e794584713f7464efb4cdc431e02f439c717b7e62b1864a228bc8cbac 0001-modutils-check-ELF-header-before-calling-finit_module.patch -d8694293edc8cd55cecafeb902f03c01af318e13966f399365cf792b840793891ac086bb67ef83e7a5a2e01b246497a6c6511cb6a856834f6672dee4bca76896 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch -8c34dd5ce9a6e84279fa6494cbae0b254778976f341af1d0ccc2a3afb405fb22d374e9623ea83d1500da77c7463db2ed5218d2c9f49350a21114bd0bb17fd87d 0003-ash-exec-busybox.static.patch -f9745497abd4d04621f089c62d9f2104c30d54f342125f597292253f2974d385c5f4a46e7d87a5d1b641b11b34ba5221183dd5dad1e3bbe74a787fb8d6a994b7 0004-app-location-for-cpio-vi-and-lspci.patch -f12916e70f7cc1ef4f6d85d09b9a496a52a494e6318029fdce9a9c812ab5c7b2a046c33b66834127bf809f243c91a53c3c5e27efca026a96fe6b03421de26e60 0005-udhcpc-set-default-discover-retries-to-5.patch -89215c328a46afc686c458a133dd88dcda817586df60eb041a694715e73dc78a297fc0f9a92e8ee7d0a39ce7f6053a6b8e38f3ee078ff90ed13fac2608510105 0006-ping-make-ping-work-without-root-privileges.patch -7873b98c676a92faea61511d50c1efac1220354d20afd53de19e2c8f1472559cb333b9dd4e0d6432616d8c5f59885f1503c448c86a912e8031c9bfed628c2db1 0007-fbsplash-support-console-switching.patch -2c56906dac70dea6276e4c573707cb06c4c8b53defcd33b1e5a28f928e7dafe905a52ce40571de430e4af7e00a75ecc0f249d2fec02da5f3d9edd4e904919a35 0008-fbsplash-support-image-and-bar-alignment-and-positio.patch -df02adb3e3cd3349cc8d070911e3392164cb2e30bd72cae7ceaa974b2db6f958fdcedf809abc7b4bee37c729a4d20abf127f615b0e238a667d572137abe6a79e 0009-depmod-support-generating-kmod-binary-index-files.patch -ecbe5c890d966f09280c7eb534109f785c68e292765f17ed7ff62fcc61d20f61443c4155add0a1ebfb67ce8564e104c1aa22a8ef0400e119b0bca2bca3671f2d 0010-Add-flag-for-not-following-symlinks-when-recursing.patch -3ae5ecf3ea66c8d98762432026806fdb67b13a28075c6a3cb6e811a34ef89c2f0ed651946003aaad97fb4b7f74d132af3c394c114b7a72e1d20b319b739c5a6e 0012-udhcpc-Don-t-background-if-n-is-given.patch -6b1ebc6da26c355a63c166f4c8d1774e7a9c5456ec76b773395a2158cb4848cf245fa5553843666c0a46f4c97d03e08815abae777f2b80bbb69d916618f94761 0013-ash-fix-unsafe-use-of-mempcpy.patch -3eb7609054fa8e03d7e366f7debc5cb0630ff65d521a91be84803bdef3854f81e29d26a9567c501a121e94a55d3a3477894e774508f80def775f2ecc812805e7 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch -0040800382a6e3adcc6a8094b821488c7e297fc80304afba23a4fca43b7b26ac699378dfbd930ebbf9985336b3e431301f7ca93e2d041a071902a48740d263ef 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch -4c95dc4bf6aff9018bfb52b400f6d8375a1d22493b44ea516cb12dba6556f12797a3cba55768d2e59ff57c0f3247ec1ff95edb8f17561f3d37ec18d83ca47eb0 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch -ccdf098fb15eaa316708181469a1193d6eec7067131e7b7645e0219bf03cfd07f4f79e8f62c1e560f6146dcc38186a29bdee08aaa39f290e11d020b8f07d2f65 0017-ash-Fix-use-after-free-on-idx-variable.patch -3abdbd25f1f0daa24b0aabe92880c28dc2d3b59eb29fad357dfaf2b78bb895466bbf4495e2185370d9219d65b22e65e525769e369e50fb1fdfd71b5229a4f429 0018-ash-fix-ifs-cleanup-on-error-paths.patch -6d100fe44da2b97c2cbdda253d0504b487212d195144d9315cddbe8c51d18fae3745701923b170b40e35f54b592f94f02cadbffd9cb716661c12a7f1da022763 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch -e33dbc27d77c4636f4852d5d5216ef60a9a4343484e4559e391c13c813bf65c782b889914eff2e1f038d74cf02cb0d23824ebbb1044b5f8c86260d5a1bbc4e4d 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch -7608fbb9deddc9268ba53bc5b762a00fa16744d595f6f8a2f5a857339e754ea0c3da084a1e48269c8281553e9171d2bb29b8530fbe85e6a934f97c3cfcdbe31b 0001-avoid-redefined-warnings-when-building-with-utmps.patch -b52050678e79e4da856956906d07fcb620cbf35f2ef6b5a8ee3b8d244ea63b4b98eef505451184d5b4937740d91eef154ed748c30d329ac485be51b37626f251 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch -ead4ad65d270d8659e1898fa16f76b6cbcf567d8aba238eacccda3764edb4362240d9359d6389873bedc126d405f805fc6dfce653a7181618ebcc67c94bd08d2 0002-nslookup-sanitize-all-printed-strings-with-printable.patch -4f6ddd59d6096943f617b0938fca428114190b8b37732d6783faab291451a2c30c452ed39299db22d1d9679d007022f87d43e93b38a4f6ced64a8659e9233773 0001-modinfo-add-k-option-for-kernel-version.patch -22e2fa8f7a6105fd9990f93b71c235980fd4eab62269939a0e3a920fe517ee4f913c6bd0148a554b67fe01d1660bf0fd76a80e9dcac290b4b8b2c304ef6080a9 CVE-2022-30065.patch -d1a2fcbf9de623531953e7ad869e41e896aa79a0917983e6f0d20ddf7393e11220dda8be93c796b7abbf34006d8f03e871a6ab293988267df5aadb74cbd8aeb1 0001-sed-check-errors-writing-file-with-sed-i.patch +8c0c754c9ae04b5e6b23596283a7d3a4ef96225fe179f92d6f6a99c69c0caa95b1aa56c267f52d7c807f6cc69e1f0b7dd29a8ac624098f601738f8c0c57980d4 busybox-1.36.1.tar.bz2 +17249174b24ba77b6138d640eee4eebcda567a86656623122d8b31044a762ea472096c406d70ba1a1f79450236fa259d4f46c363fa25db6cc4d44950e7a4b223 0001-modutils-check-ELF-header-before-calling-finit_modul.patch +7ebb1ab462083564d2ace3e5719464326b91a40cfcf6117de4b393d3f01ed7acd37a583725323dce4220e255ba742428e0160072a90e4d566b4d7053d1f4a37f 0002-adduser-default-to-sbin-nologin-as-shell-for-system-.patch +f7caad3ef18db7de6deff0fb7b7a7e82fff613d4245f334b56a11e982c40ebcfc6160c235e49d0b4fa7d39b58c0e4924e14473a3770a66d1ef7d4df379b6d858 0003-ash-add-built-in-BB_ASH_VERSION-variable.patch +383cbc2f2f644dc34678d145ea27696a7fa7f46b8952a3448de78d516cb0452872abbc37cb3dcf2b6725c6f7675b972554404b462dec377a8e61c3b73c1cd890 0004-Avoid-redefined-warnings-when-buiding-with-utmps.patch +ce30a642e6804827ef4f7e453d162747143a52dc905950998e996d84767d19548bbbd51bd25530575670c5942137f6926e3cb6f8668e7410569d695bb4165170 0005-libbb-sockaddr2str-ensure-only-printable-characters-.patch +fa0c2f58e5bb8f646bc8451ce00375d860ded228fb7ec4ed61e3920e41990822be1fcdd8cdf9c0342318ba263516a71a837549a9bf52875b1ba652fbc7c54f92 0006-modinfo-add-k-option-for-kernel-version.patch +7313809f283d68521308f7178f6d6e458ee5c826f4c50f40a4595c7a71042d0fe83d938ad2af08e95cbfbc7c0c690fb6c2b2578c2f3e41055bf06bc5cc22d2f2 0007-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch +24b57ec15205a006310096c63829c8e09820aa8a816a9652bbf9f90efc3e6d28893be1d917deac9793121cd9cca811773272776ead121cc30e9e77cbe904cbcd 0008-pgrep-add-support-for-matching-against-UID-and-RUID.patch +63dae6bf0adb2def1436bed2bcd6ea889bbf666799a8282345e6a4bbf2b567732456fdb20439df870ead5bf242ce2b403170075429b951c5fdf53c134c9e9ef3 0009-properly-fix-wget-https-support.patch +7fea95c4d686b4f5cc5d86b3f5e0df246767b2f86349d36a9596c05af10e7d616edaee2597bcbe96c73b8d307ca6286d276308dce52b881085e67eaaa2b23542 0010-sed-check-errors-writing-file-with-sed-i.patch +2ddf584e1e960a45675e08f6bd4e61a80251bed0fe76ad968b79f4a15d0da89039a3ca62ee6f9605c56ca7e86d8c5696e8ec235acb90bed0998073fef1a4b2dd 0011-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch +05b00a98c2d5a2cab89bb6b6b80a39cea5fc2f5ea27589d39232fb2f8b85e2fca78cef84f55de202702274c1c7f7802dd04497a212834ae931297767a9186dc9 0012-nslookup-sanitize-all-printed-strings-with-printable.patch +85d85dcf1fc9c54ed7cbb7ffac36971b6d0a1024e7b6df7fcdccb7e3832bf6b1fa0b0d2e2b7990d0154b752af35a9e8b9b815e244226a9d190c56bf09e9094eb 0013-ash-exec-busybox.static.patch +42a61fa7ad5eeb757f1985331d10ac3a9977aeed8add0eff16aba3da20be0b0e19ed4b9544b6efa75c31d481af5353d7a9707750f5dcb99975f40591bed49a03 0014-app-location-for-cpio-vi-and-lspci.patch +a4a440645f1e8be9b1a92d8611190425e339049cf3e21e837f41b348796b3bb81c4369846d837359e7fbc74a32c34cea7e6924d77ca0865550c84f47fd73a1de 0015-udhcpc-set-default-discover-retries-to-5.patch +c1c522487cde86f73efb4800f610d54674d3fa381a0266598cf6c1b002b2b18be9011014b26d5d5ab82c22f6a9eaa920f32cfbb956790880497ff4316c26a64d 0016-ping-make-ping-work-without-root-privileges.patch +a9f7dd37b2722265089b39d24d47e9c4911ff1e31f9dd1c3d5ba49bca7656f3fd2b42dcfd2f837ba5ae6b850dd1b02bb6af9a97a3980fe098daf1c20fb2a4630 0017-fbsplash-support-console-switching.patch +5653c818400c38966726adf1c99b603f6f760179a291c13b5320b79e0ef63d1ad9251b276d6eed68a6b8c95bfabd95eccce9d73edbc2ea888b994d6a02763050 0018-fbsplash-support-image-and-bar-alignment-and-positio.patch +ce4316e44148562addc1f5839166ca9314ee6f26dae218617c287791a8d9239e374f993688a9299e24c9a237e4c21e481a0b35baa4e8b123ce9e2b23d065001c 0019-depmod-support-generating-kmod-binary-index-files.patch +80c426dc2ea6cafa359a078a4a283735db0b3611a6c953ee7b7b2ec00c41a1263b61085c37447fcc50a01c229db93fa8fa675b8c995040eb31e9ed6f3723a0cf 0020-Add-flag-for-not-following-symlinks-when-recursing.patch +22c1d3233b210b8a334f31101eb6ff15d276eaef009758cff57a642b660ebe38114d7f3c8055113f12d6620acc8a8f0a2fe51dbede9100cd3d0eb5cdd2d01e39 0021-udhcpc-Don-t-background-if-n-is-given.patch +923c29b050f456210fbb06d72c77f53eff2179757e8595a8e9cd1ad3f1d4d300c525bec88de3170fa16dbe6a0ea498cdf01ab5a20a289af913ca05b27abab27d 0023-tests-fix-tarball-creation.patch +192fe9b535b3ae4cfbd8455d642e9c73b134ddbdf9265b3ebd1a185122bbb1064cf2c1f01840a8cf35d0665969846ff7168c215fdce96b46b031d73c16f7622f 0024-tests-musl-doesn-t-seem-to-recognize-UTC0-as-a-timez.patch +0a0e4c425879d8250b4dee925dc9feb2595ed68b1fdb5c22e78f3452e46dc17c882ea47f119c2308915f4105b69e5c6f38156131bee1fe9ba0ff684bfd10a049 0025-Hackfix-to-disable-HW-acceleration-for-MD5-SHA1-on-x.patch +09358ed36d6c13a50119a9d96898fdc2d3e6ca089659780604425ae3d32960a17c3083de81a131b1cf9a9a2b449e40a8ed6af3a8b916247571ebc41765ab365b 0026-lineedit-Handle-SIGWINCH-gracefully.patch +e3670ab567818a42593698546dcdabaa447c10682261c128901b4390eb2bf2dbea9e84f8f2dcdd6d67c82bf93bb1eed14406e5a8dd723b4670d1995b6100651f 0027-umount-Implement-O-option-to-unmount-by-mount-option.patch +d3bd84c42487de573c0c5165a847fd233ddcd4d53a61b1e03c30a46b6dba3993e741f12daf167b8347fb7a420b188f4027582f16e92dc822eb3293804dfc62f8 0028-ash-use-after-free-in-bash-pattern-substitution.patch +5f8c1a848f28aff2b28085950c561e1a51dfcea043da455e3daf9b960025dd8789ecfe43370553cb727d4ec239aa23c42e3ae5f6ef1cd5768d69c80c31b8f39e 0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch +28748a431718f270b2d0023d09f059e6a32501afb9fd243c4b127fec28bc9312ffb7fdcc1563544a2cb29bed66383ecfea7957d557f7b21402ec3bdb6938004f 0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate -3265cb4489feae24b253ddeee2f74814b96017027d80dfeb5ba324a3a938faef445ce148e9efc7ec1f5898346254abcfc9627924ee348514be3c9697dc473baf config -e063599f412df919b75584fee9501925418ef21689232792e9d61178f4e34a65c3cff8a3b1b4cf3e5be61efea2065cc303db35c53ec07b361d3a65e888247544 default.script -dd548670114a92404b8e35fb915fdbe5994498b05b0a418583271c3dd72fb7800950e42c095c902a014eb198c046b8a346d43dccd8e7a158048ae33767c572ed acpid.initd +b1e13a736eaf8a621b648d97c2526fe72215a5bfb13277a58c7d631bcee08cbcea20dd3d11ea8a97e545ec137adc41bd75f5f6dcbcfae96934fe6b3d14c94b46 config +6c1d25c733fd9ac6ba7d3c7f474c836fbfd41d8f1753ec9c21c08d57cd6249023a0b16f81da4d2ec5d56d14509f7ba1fffadf691504f0670f90017aaf1ed564b default.script +fcb532233fd7ba8cad302d037b88cff00ee8b96b37c90b34fc823479208cf7cdda48818c972ce2c4703b7283fd58e99ba8a724818f884f3b09eaa7e2d6ffad21 acpid.initd 34c6f3197064bb91619b899b28a201bd4d920b18bded3845440b2cb36dc6f16cabf447c96878349b16e46c30184cbe48bac00a01c5f7cf1be038c0b7136064c5 crond.confd -c9d0fb0f8cc27d661d3b4e58c56eb598ca368890576e18ffffd42efdf68ba35537656be9be319b2e2818aa0152d3ca8611bece2433512fbfcd4eed7988765549 crond.initd +f3a104095c659eef79925e8df850cdac499f6c7756fb9647088a24b98dc72f37413c3869da6113bcc578c2178c1c2e5ab8d31a50ad2e472c06aaf408e8924d6a crond.initd 23ef7f32447f239b617d5ae221b024c7b47ca4faa9a27f80a4a6a473fd148cb4339a728fee3bb55ce67d531a141ec07c66dca533138652058d3a6a936b68d3c7 defaults.initd bf8173ee33a5d2b61cbdbc1b070e599a17a21e5433a0d8aa9beef71e4ac831304076af8e7e58dc594cdee61562329793afdc57af91e5496bf5fffb9b734a3d9c syslog.confd -acfd45bda4526ab551a30faec1742ad1569aa85e0d315959c3e3a3d6a693f94c74efeb57a00b8791524651e8a61d3f7ea3e3e08a4b0291ec46309f594ee8124c syslog.initd +a13a6add6f7fb10a3a2563391b6f8b68161249147e9f50e6d857c5689123f6d974368ce4f13b8d93312fa38d05f604d67c4c976d8a7eef301af50a3a6ad50c23 syslog.initd 2947b23728d3ad6839f660fee11fc4c86d0d1a3fc450ceff85480932b0699e7b7293eb7258cf0e957542ed3c7a4416376ebb284992e6682aede61f48069b1043 udhcpd.confd -1d4574ec7cc6d7e9952bb50b4fcb10a910868688da03a25aede492835313c686247bde1faa17f50243d61a93bfc1d8fa54cf821d7be908581e365b0f1b6a5588 udhcpd.initd +4a8d1e924284fca730a262fedc3cb76b4f4689a6c650b0c5544b65eeab6cfd9e8eb91f448d9ebbba6efbb056695428c1b26e5eaeb7233bae090676d1789954cc udhcpd.initd 6ce0b2a8fe69cc7ea657c5b9076aba51c8f0beeaafa4a887d8673bcc9f9cf8ee40f4b07d2d901ec7a1a1e4f29c150c496559559e803595d0bd487dec56b530a2 mdev.initd " diff --git a/aports/busybox/CVE-2022-30065.patch b/aports/busybox/CVE-2022-30065.patch deleted file mode 100644 index 4a9cd67..0000000 --- a/aports/busybox/CVE-2022-30065.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3c284dcb726ff6599d3b87fb366fb04411cf5595 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Fri, 17 Jun 2022 09:52:11 +0000 -Subject: [PATCH 1/2] awk: fix use after free (CVE-2022-30065) - -fixes https://bugs.busybox.net/show_bug.cgi?id=14781 - -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> ---- - editors/awk.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/editors/awk.c b/editors/awk.c -index 079d0bde5..728ee8685 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res) - - case XC( OC_MOVE ): - debug_printf_eval("MOVE\n"); -+ /* make sure that we never return a temp var */ -+ if (L.v == TMPVAR0) -+ L.v = res; - /* if source is a temporary string, jusk relink it to dest */ - if (R.v == TMPVAR1 - && !(R.v->type & VF_NUMBER) --- -2.36.1 - - -From 30c8f8e69230ef27f116a2c10ca2e4a6cc343dad Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 16 Jun 2022 21:54:48 +0200 -Subject: [PATCH 2/2] awk: add tests for CVE-2022-30065 - -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> ---- - testsuite/awk.tests | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/testsuite/awk.tests b/testsuite/awk.tests -index 93e25d8c1..6c3a03c37 100755 ---- a/testsuite/awk.tests -+++ b/testsuite/awk.tests -@@ -479,4 +479,15 @@ testing 'awk backslash+newline eaten with no trace' \ - "Hello world\n" \ - '' '' - -+testing 'awk use-after-free (CVE-2022-30065)' \ -+ "awk '\$3i\$3in\$9=\$r||\$9=i6/6-9f'" \ -+ "" \ -+ "" \ -+ "" -+ -+testing 'awk assign while test' \ -+ "awk '\$1==\$1=\"foo\" {print \$1}'" \ -+ "foo\n" \ -+ "" \ -+ "foo" - exit $FAILCOUNT --- -2.36.1 - diff --git a/aports/busybox/acpid.initd b/aports/busybox/acpid.initd index 2e73b77..ec31833 100644 --- a/aports/busybox/acpid.initd +++ b/aports/busybox/acpid.initd @@ -2,8 +2,9 @@ name="busybox acpid" command="/sbin/acpid" -command_args="$ACPID_OPTS" -pidfile="/var/run/acpid.pid" +command_args="$ACPID_OPTS -f" +pidfile="/run/acpid.pid" +command_background=true start_stop_daemon_args="-g wheel -k 027" depend() { diff --git a/aports/busybox/config b/aports/busybox/config index 953b502..efab056 100644 --- a/aports/busybox/config +++ b/aports/busybox/config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.35.0 -# Sat Jun 25 18:59:59 2022 +# Busybox version: 1.36.1 +# Sat Jul 29 21:11:24 2023 # CONFIG_HAVE_DOT_CONFIG=y @@ -93,6 +93,9 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y # CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set CONFIG_PASSWORD_MINLEN=6 CONFIG_MD5_SMALL=1 +CONFIG_SHA1_SMALL=3 +CONFIG_SHA1_HWACCEL=y +CONFIG_SHA256_HWACCEL=y CONFIG_SHA3_SMALL=1 CONFIG_FEATURE_NON_POSIX_CP=y # CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set @@ -123,6 +126,9 @@ CONFIG_LAST_SUPPORTED_WCHAR=767 # CONFIG_UNICODE_BIDI_SUPPORT is not set # CONFIG_UNICODE_NEUTRAL_TABLE is not set # CONFIG_UNICODE_PRESERVE_BROKEN is not set +# CONFIG_LOOP_CONFIGURE is not set +# CONFIG_NO_LOOP_CONFIGURE is not set +CONFIG_TRY_LOOP_CONFIGURE=y # # Applets @@ -338,6 +344,7 @@ CONFIG_FEATURE_TR_CLASSES=y CONFIG_FEATURE_TR_EQUIV=y CONFIG_TRUE=y CONFIG_TRUNCATE=y +CONFIG_TSORT=y CONFIG_TTY=y CONFIG_UNAME=y CONFIG_UNAME_OSNAME="GNU/Linux" @@ -828,10 +835,12 @@ CONFIG_FEATURE_LESS_ENV=y CONFIG_RFKILL=y CONFIG_RUNLEVEL=y # CONFIG_RX is not set +CONFIG_SEEDRNG=y # CONFIG_SETFATTR is not set # CONFIG_SETSERIAL is not set # CONFIG_STRINGS is not set CONFIG_TIME=y +CONFIG_TREE=y # CONFIG_TS is not set # CONFIG_TTYSIZE is not set # CONFIG_UBIATTACH is not set @@ -1004,6 +1013,7 @@ CONFIG_UDHCPC=y CONFIG_FEATURE_UDHCPC_ARPING=y CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" +CONFIG_UDHCPC6_DEFAULT_SCRIPT="/usr/share/udhcpc/default6.script" CONFIG_UDHCPC6=y CONFIG_FEATURE_UDHCPC6_RFC3646=y CONFIG_FEATURE_UDHCPC6_RFC4704=y @@ -1138,6 +1148,7 @@ CONFIG_ASH_MAIL=y CONFIG_ASH_ECHO=y CONFIG_ASH_PRINTF=y CONFIG_ASH_TEST=y +CONFIG_ASH_SLEEP=y CONFIG_ASH_HELP=y CONFIG_ASH_GETOPTS=y CONFIG_ASH_CMDCMD=y diff --git a/aports/busybox/crond.initd b/aports/busybox/crond.initd index afaf384..87febb1 100644 --- a/aports/busybox/crond.initd +++ b/aports/busybox/crond.initd @@ -2,8 +2,9 @@ name="busybox $SVCNAME" command="/usr/sbin/$SVCNAME" -pidfile="/var/run/$SVCNAME.pid" -command_args="$CRON_OPTS" +pidfile="/run/$SVCNAME.pid" +command_args="$CRON_OPTS -f" +command_background=true depend() { need localmount diff --git a/aports/busybox/default.script b/aports/busybox/default.script index a00a303..cbc4179 100644 --- a/aports/busybox/default.script +++ b/aports/busybox/default.script @@ -117,7 +117,7 @@ resolvconf() { echo "nameserver $i" >> "$RESOLV_CONF.$$" done chmod a+r "$RESOLV_CONF.$$" - mv "$RESOLV_CONF.$$" "$RESOLV_CONF" + mv -f "$RESOLV_CONF.$$" "$RESOLV_CONF" } udhcpd_conf() { diff --git a/aports/busybox/syslog.initd b/aports/busybox/syslog.initd index 629d868..3b20345 100644 --- a/aports/busybox/syslog.initd +++ b/aports/busybox/syslog.initd @@ -4,8 +4,9 @@ description="Message logging system" name="busybox syslog" command="/sbin/syslogd" -command_args="${SYSLOGD_OPTS}" -pidfile="/var/run/syslogd.pid" +command_args="${SYSLOGD_OPTS} -n" +pidfile="/run/syslogd.pid" +command_background=true start_stop_daemon_args="-g wheel -k 027" depend() { diff --git a/aports/busybox/udhcpd.initd b/aports/busybox/udhcpd.initd index 02c7620..e4dabd5 100644 --- a/aports/busybox/udhcpd.initd +++ b/aports/busybox/udhcpd.initd @@ -1,9 +1,10 @@ #!/sbin/openrc-run -name="busybox $SVCNAME" -command="/usr/sbin/$SVCNAME" -command_args="$UDHCPD_OPTS " -pidfile="/var/run/$SVCNAME.pid" +name="busybox $RC_SVCNAME" +command="/usr/sbin/$RC_SVCNAME" +command_args="$UDHCPD_OPTS -f" +pidfile="/run/$SVCNAME.pid" +command_background=true depend() { need net |