After a year of low activity and questionmarks, we finally have a new release of busybox. Release changelog @ https://busybox.net/
Not that many new features, mostly fixes. One notable addition is seedrng. But it marks a new release that includes security fixes. Plugs CVEs: CVE-2022-28391, CVE-2022-30065 * Forward the ptxdist specific patches. * Remove one security patch to awk that has been fixed. * Update busybox imported kconfig tree. Not that many changes, since it has been a slow year. New utilites: tsort, seedrng and tree. Signed-off-by: Christian Melki <christian.me...@t2data.com> --- config/busybox/Config.in | 4 +- config/busybox/coreutils/Config.in | 7 ++- config/busybox/libbb/Config.in | 62 ++++++++++++++++--- config/busybox/miscutils/Config.in | 12 ++++ config/busybox/networking/Config.in | 2 +- config/busybox/networking/udhcp/Config.in | 7 ++- config/busybox/shell/Config.in | 5 ++ ...wk-fix-use-after-free-CVE-2022-30065.patch | 29 --------- .../0200-reactivate-check-for-tty.patch | 0 ...-only-pass-real-libs-to-SELINUX_LIBS.patch | 2 +- ...honour-SKIP_STRIP-and-don-t-strip-if.patch | 0 .../{busybox-1.35.0 => busybox-1.36.0}/series | 3 +- 12 files changed, 89 insertions(+), 44 deletions(-) delete mode 100644 patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch rename patches/{busybox-1.35.0 => busybox-1.36.0}/0200-reactivate-check-for-tty.patch (100%) rename patches/{busybox-1.35.0 => busybox-1.36.0}/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch (94%) rename patches/{busybox-1.35.0 => busybox-1.36.0}/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch (100%) rename patches/{busybox-1.35.0 => busybox-1.36.0}/series (74%) diff --git a/config/busybox/Config.in b/config/busybox/Config.in index 329e2f8e8..199cc6ab2 100644 --- a/config/busybox/Config.in +++ b/config/busybox/Config.in @@ -267,10 +267,10 @@ config BUSYBOX_FEATURE_SUID_CONFIG The file has to be owned by user root, group root and has to be writeable only by root: - (chown 0:0 /etc/busybox.conf; chmod 600 /etc/busybox.conf) + (chown 0.0 /etc/busybox.conf; chmod 600 /etc/busybox.conf) The busybox executable has to be owned by user root, group root and has to be setuid root for this to work: - (chown 0:0 /bin/busybox; chmod 4755 /bin/busybox) + (chown 0.0 /bin/busybox; chmod 4755 /bin/busybox) Robert 'sandman' Griebl has more information here: <url: http://www.softforge.de/bb/suid.html >. diff --git a/config/busybox/coreutils/Config.in b/config/busybox/coreutils/Config.in index 8c9e66e17..1a95a6785 100644 --- a/config/busybox/coreutils/Config.in +++ b/config/busybox/coreutils/Config.in @@ -653,7 +653,7 @@ config BUSYBOX_SORT sort is used to sort lines of text in specified files. config BUSYBOX_FEATURE_SORT_BIG - bool "Full SuSv3 compliant sort (support -ktcbdfiogM)" + bool "Full SuSv3 compliant sort (support -ktcbdfioghM)" default y depends on BUSYBOX_SORT help @@ -851,6 +851,11 @@ config BUSYBOX_TRUNCATE help truncate truncates files to a given size. If a file does not exist, it is created unless told otherwise. +config BUSYBOX_TSORT + bool "tsort (0.7 kb)" + default y + help + tsort performs a topological sort. config BUSYBOX_TTY bool "tty (3.6 kb)" default y diff --git a/config/busybox/libbb/Config.in b/config/busybox/libbb/Config.in index 8e4fe855e..66c135ec6 100644 --- a/config/busybox/libbb/Config.in +++ b/config/busybox/libbb/Config.in @@ -98,21 +98,47 @@ config BUSYBOX_MD5_SMALL default 1 # all "fast or small" options default to small range 0 3 help - Trade binary size versus speed for the md5sum algorithm. + Trade binary size versus speed for the md5 algorithm. Approximate values running uClibc and hashing linux-2.4.4.tar.bz2 were: - value user times (sec) text size (386) - 0 (fastest) 1.1 6144 - 1 1.4 5392 - 2 3.0 5088 - 3 (smallest) 5.1 4912 + value user times (sec) text size (386) + 0 (fastest) 1.1 6144 + 1 1.4 5392 + 2 3.0 5088 + 3 (smallest) 5.1 4912 + +config BUSYBOX_SHA1_SMALL + int "SHA1: Trade bytes for speed (0:fast, 3:slow)" + default 3 # all "fast or small" options default to small + range 0 3 + help + Trade binary size versus speed for the sha1 algorithm. + With FEATURE_COPYBUF_KB=64: + throughput MB/s size of sha1_process_block64 + value 486 x86-64 486 x86-64 + 0 440 485 3481 3502 + 1 265 265 641 696 + 2,3 220 210 342 364 + +config BUSYBOX_SHA1_HWACCEL + bool "SHA1: Use hardware accelerated instructions if possible" + default y + help + On x86, this adds ~590 bytes of code. Throughput + is about twice as fast as fully-unrolled generic code. + +config BUSYBOX_SHA256_HWACCEL + bool "SHA256: Use hardware accelerated instructions if possible" + default y + help + On x86, this adds ~1k bytes of code. config BUSYBOX_SHA3_SMALL int "SHA3: Trade bytes for speed (0:fast, 1:slow)" default 1 # all "fast or small" options default to small range 0 1 help - Trade binary size versus speed for the sha3sum algorithm. + Trade binary size versus speed for the sha3 algorithm. SHA3_SMALL=0 compared to SHA3_SMALL=1 (approximate): 64-bit x86: +270 bytes of code, 45% faster 32-bit x86: +450 bytes of code, 75% faster @@ -399,3 +425,25 @@ config BUSYBOX_UNICODE_PRESERVE_BROKEN For example, this means that entering 'l', 's', ' ', 0xff, [Enter] at shell prompt will list file named 0xff (single char name with char value 255), not file named '?'. + +choice + prompt "Use LOOP_CONFIGURE for losetup and loop mounts" + default BUSYBOX_TRY_LOOP_CONFIGURE + help + LOOP_CONFIGURE is added to Linux 5.8 + https://lwn.net/Articles/820408/ + This allows userspace to completely setup a loop device with a single + ioctl, removing the in-between state where the device can be partially + configured - eg the loop device has a backing file associated with it, + but is reading from the wrong offset. + +config BUSYBOX_LOOP_CONFIGURE + bool "use LOOP_CONFIGURE, needs kernel >= 5.8" + +config BUSYBOX_NO_LOOP_CONFIGURE + bool "use LOOP_SET_FD + LOOP_SET_STATUS" + +config BUSYBOX_TRY_LOOP_CONFIGURE + bool "try LOOP_CONFIGURE, fall back to LOOP_SET_FD + LOOP_SET_STATUS" + +endchoice diff --git a/config/busybox/miscutils/Config.in b/config/busybox/miscutils/Config.in index a236373ae..5c04fd8ef 100644 --- a/config/busybox/miscutils/Config.in +++ b/config/busybox/miscutils/Config.in @@ -699,6 +699,13 @@ config BUSYBOX_RX default y help Receive files using the Xmodem protocol. +config BUSYBOX_SEEDRNG + bool "seedrng (1.3 kb)" + default y + help + Seed the kernel RNG from seed files, meant to be called + once during startup, once during shutdown, and optionally + at some periodic interval in between. config BUSYBOX_SETFATTR bool "setfattr (3.7 kb)" default y @@ -722,6 +729,11 @@ config BUSYBOX_TIME The time command runs the specified program with the given arguments. When the command finishes, time writes a message to standard output giving timing statistics about this program run. +config BUSYBOX_TREE + bool "tree (0.6 kb)" + default y + help + List files and directories in a tree structure. config BUSYBOX_TS bool "ts (450 bytes)" default y diff --git a/config/busybox/networking/Config.in b/config/busybox/networking/Config.in index 27e0f44ba..3a3ad56d9 100644 --- a/config/busybox/networking/Config.in +++ b/config/busybox/networking/Config.in @@ -959,7 +959,7 @@ config BUSYBOX_TELNETD FEATURE_SUID enabled. And finally, you should make certain that busybox has been installed setuid root: - chown root:root /bin/busybox + chown root.root /bin/busybox chmod 4755 /bin/busybox with all that done, telnetd _should_ work.... diff --git a/config/busybox/networking/udhcp/Config.in b/config/busybox/networking/udhcp/Config.in index 4b1255c52..adb5ac16c 100644 --- a/config/busybox/networking/udhcp/Config.in +++ b/config/busybox/networking/udhcp/Config.in @@ -93,12 +93,17 @@ config BUSYBOX_FEATURE_UDHCPC_SANITIZEOPT config BUSYBOX_UDHCPC_DEFAULT_SCRIPT string "Absolute path to config script" default "/usr/share/udhcpc/default.script" - depends on BUSYBOX_UDHCPC || BUSYBOX_UDHCPC6 + depends on BUSYBOX_UDHCPC help This script is called after udhcpc receives an answer. See examples/udhcp for a working example. Normally it is safe to leave this untouched. +config BUSYBOX_UDHCPC6_DEFAULT_SCRIPT + string "Absolute path to config script for IPv6" + default "/usr/share/udhcpc/default6.script" + depends on BUSYBOX_UDHCPC6 + # udhcpc6 config is inserted here: config BUSYBOX_UDHCPC6 bool "udhcpc6 (21 kb)" diff --git a/config/busybox/shell/Config.in b/config/busybox/shell/Config.in index 61275cdc5..cb6215afc 100644 --- a/config/busybox/shell/Config.in +++ b/config/busybox/shell/Config.in @@ -201,6 +201,11 @@ config BUSYBOX_ASH_TEST default y depends on BUSYBOX_SHELL_ASH +config BUSYBOX_ASH_SLEEP + bool "sleep builtin" + default y + depends on BUSYBOX_SHELL_ASH + config BUSYBOX_ASH_HELP bool "help builtin" default y diff --git a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch b/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch deleted file mode 100644 index aff9faabc..000000000 --- a/patches/busybox-1.35.0/0203-awk-fix-use-after-free-CVE-2022-30065.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Natanael Copa <nc...@alpinelinux.org> -Date: Fri, 17 Jun 2022 17:45:34 +0200 -Subject: [PATCH] awk: fix use after free (CVE-2022-30065) - -fixes https://bugs.busybox.net/show_bug.cgi?id=14781 - -function old new delta -evaluate 3343 3357 +14 - -Signed-off-by: Natanael Copa <nc...@alpinelinux.org> -Signed-off-by: Denys Vlasenko <vda.li...@googlemail.com> ---- - editors/awk.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/editors/awk.c b/editors/awk.c -index f6314ac7201a..654cbac33331 100644 ---- a/editors/awk.c -+++ b/editors/awk.c -@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res) - - case XC( OC_MOVE ): - debug_printf_eval("MOVE\n"); -+ /* make sure that we never return a temp var */ -+ if (L.v == TMPVAR0) -+ L.v = res; - /* if source is a temporary string, jusk relink it to dest */ - if (R.v == TMPVAR1 - && !(R.v->type & VF_NUMBER) diff --git a/patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch b/patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch similarity index 100% rename from patches/busybox-1.35.0/0200-reactivate-check-for-tty.patch rename to patches/busybox-1.36.0/0200-reactivate-check-for-tty.patch diff --git a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch similarity index 94% rename from patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch rename to patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch index 87f382e05..8ed9efe53 100644 --- a/patches/busybox-1.35.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch +++ b/patches/busybox-1.36.0/0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch @@ -10,7 +10,7 @@ Signed-off-by: Marc Kleine-Budde <m...@pengutronix.de> 1 file changed, 1 insertion(+) diff --git a/Makefile.flags b/Makefile.flags -index c34356230a9f..7c42c3abf80c 100644 +index 1cec5ba20b47..fd195efc965d 100644 --- a/Makefile.flags +++ b/Makefile.flags @@ -180,6 +180,7 @@ ifeq ($(CONFIG_SELINUX),y) diff --git a/patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch b/patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch similarity index 100% rename from patches/busybox-1.35.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch rename to patches/busybox-1.36.0/0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch diff --git a/patches/busybox-1.35.0/series b/patches/busybox-1.36.0/series similarity index 74% rename from patches/busybox-1.35.0/series rename to patches/busybox-1.36.0/series index 3e1a02a16..ee5360887 100644 --- a/patches/busybox-1.35.0/series +++ b/patches/busybox-1.36.0/series @@ -6,5 +6,4 @@ 0200-reactivate-check-for-tty.patch 0201-build-system-only-pass-real-libs-to-SELINUX_LIBS.patch 0202-scripts-trylink-honour-SKIP_STRIP-and-don-t-strip-if.patch -0203-awk-fix-use-after-free-CVE-2022-30065.patch -# e8b4a3103390b1bd27c9ce24d1e435d7 - git-ptx-patches magic +# 9c0cc4baa8090165b429198c9a10e02c - git-ptx-patches magic -- 2.34.1