busybox: update busybox to 1.34.1

Signed-off-by: jikui <jikui2@huawei.com>
2021-11-27 15:22:12 +08:00 · 2021-11-27 15:22:12 +08:00 · a5f241ad2b
commit a5f241ad2b
parent cec0723651
8 changed files with 8 additions and 326 deletions
--- a/backport-CVE-2021-42373.patch
+++ b/backport-CVE-2021-42373.patch
@ -1,29 +0,0 @@
 From 6dc5bd57af2f5cc6b8c953d2b223d3b012b2400b Mon Sep 17 00:00:00 2001
 From: xiechengliang <xiechengliang1@huawei.com>
 Date: Fri, 19 Nov 2021 18:34:10 +0800
 Subject: [PATCH] busybox: fix CVE-2021-42373
 backport from upstream:
 https://git.busybox.net/busybox/commit/?id=4d4fc5ca5ee4faae5dc4237f801d9527a3fb20cc
 Signed-off-by: xiechengliang <xiechengliang1@huawei.com>
 ---
 miscutils/man.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/miscutils/man.c b/miscutils/man.c
 index 722f6641e..d319e8bba 100644
 --- a/miscutils/man.c
 +++ b/miscutils/man.c
@@ -324,7 +324,7 @@ int man_main(int argc UNUSED_PARAM, char **argv)
 	/* is 1st ARG a SECTION? */
 	sec_list = conf_sec_list;
 -	if (is_section_name(conf_sec_list, *argv)) {
 +	if (is_section_name(conf_sec_list, *argv) && argv[1]) {
 		/* yes */
 		sec_list = *argv++;
 	}
 -- 
 2.27.0
--- a/backport-CVE-2021-42374.patch
+++ b/backport-CVE-2021-42374.patch
@ -1,59 +0,0 @@
 From 479e2e47de5f2a9a3ecedda264976bde6945ce60 Mon Sep 17 00:00:00 2001
 From: jikui <jikui2@huawei.com>
 Date: Mon, 22 Nov 2021 10:24:24 +0800
 Subject: [PATCH] busybox: fix CVE-2021-42374
 backport from upstream:
 https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
 Signed-off-by: jikui <jikui2@huawei.com>
 ---
 archival/libarchive/decompress_unlzma.c |  5 ++++-
 testsuite/unlzma.tests                  | 10 ++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)
 diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
 index 0744f23..fb5aac8 100644
 --- a/archival/libarchive/decompress_unlzma.c
 +++ b/archival/libarchive/decompress_unlzma.c
@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
 				uint32_t pos;
 				pos = buffer_pos - rep0;
 -				if ((int32_t)pos < 0)
 +				if ((int32_t)pos < 0) {
 					pos += header.dict_size;
 +					if ((int32_t)pos < 0)
 +						goto bad;
 +				}
 				match_byte = buffer[pos];
 				do {
 					int bit;
 diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
 index 0e98afe..8c120b1 100755
 --- a/testsuite/unlzma.tests
 +++ b/testsuite/unlzma.tests
@@ -8,14 +8,16 @@
 # Damaged encrypted streams
 testing "unlzma (bad archive 1)" \
 -	"unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \
 -"1
 +	"unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \
 +"unlzma: corrupted data
 +1
 " "" ""
 # Damaged encrypted streams
 testing "unlzma (bad archive 2)" \
 -	"unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \
 -"1
 +	"unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \
 +"unlzma: corrupted data
 +1
 " "" ""
 exit $FAILCOUNT
 -- 
 2.25.1
--- a/backport-CVE-2021-42375.patch
+++ b/backport-CVE-2021-42375.patch
@ -1,53 +0,0 @@
 From 9ac1dd9017b2b4acba4734f6f989b88da2ad7616 Mon Sep 17 00:00:00 2001
 From: xiechengliang <xiechengliang1@huawei.com>
 Date: Wed, 24 Nov 2021 19:15:25 +0800
 Subject: [PATCH 2/2] ash: parser: Fix VSLENGTH parsing with trailing garbage
 Let's adopt Herbert Xu's patch, not waiting for it to reach dash git:
 hush already has a similar fix.
 backport from upstream:
 https://git.busybox.net/busybox/commit/?id=53a7a9cd8c15d64fcc2278cf8981ba526dfbe0d2
 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
 ---
 shell/ash.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)
 diff --git a/shell/ash.c b/shell/ash.c
 index a33ab0626..1ca45f9c1 100644
 --- a/shell/ash.c
 +++ b/shell/ash.c
@@ -12635,7 +12635,7 @@ parsesub: {
 			do {
 				STPUTC(c, out);
 				c = pgetc_eatbnl();
 -			} while (!subtype && isdigit(c));
 +			} while ((subtype == 0 || subtype == VSLENGTH) && isdigit(c));
 		} else if (c != '}') {
 			/* $[{[#]]<specialchar>[}] */
 			int cc = c;
@@ -12665,11 +12665,6 @@ parsesub: {
 		} else
 			goto badsub;
 -		if (c != '}' && subtype == VSLENGTH) {
 -			/* ${#VAR didn't end with } */
 -			goto badsub;
 -		}
 -
 		if (subtype == 0) {
 			static const char types[] ALIGN1 = "}-+?=";
 			/* ${VAR...} but not $VAR or ${#VAR} */
@@ -12726,6 +12721,8 @@ parsesub: {
 #endif
 			}
 		} else {
 +			if (subtype == VSLENGTH && c != '}')
 +				subtype = 0;
  badsub:
 			pungetc();
 		}
 -- 
 2.27.0
--- a/backport-CVE-2021-42376.patch
+++ b/backport-CVE-2021-42376.patch
@ -1,133 +0,0 @@
 From 251452bc54477ed41da27a1c020a88882aa2eaaf Mon Sep 17 00:00:00 2001
 From: xiechengliang <xiechengliang1@huawei.com>
 Date: Sat, 20 Nov 2021 12:01:23 +0800
 Subject: [PATCH 1/2] hush: fix handling of \^C and "^C"
 function                                             old     new   delta
 parse_stream                                        2238    2252     +14
 encode_string                                        243     256     +13
 ------------------------------------------------------------------------------
 (add/remove: 0/0 grow/shrink: 2/0 up/down: 27/0)               Total: 27 bytes
 backport from upstream:
 https://git.busybox.net/busybox/commit/?id=1b7a9b68d0e9aa19147d7fda16eb9a6b54156985
 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
 ---
 shell/ash_test/ash-misc/control_char3.right   |  1 +
 shell/ash_test/ash-misc/control_char3.tests   |  2 ++
 shell/ash_test/ash-misc/control_char4.right   |  1 +
 shell/ash_test/ash-misc/control_char4.tests   |  2 ++
 shell/hush.c                                  | 11 +++++++++++
 shell/hush_test/hush-misc/control_char3.right |  1 +
 shell/hush_test/hush-misc/control_char3.tests |  2 ++
 shell/hush_test/hush-misc/control_char4.right |  1 +
 shell/hush_test/hush-misc/control_char4.tests |  2 ++
 9 files changed, 23 insertions(+)
 create mode 100644 shell/ash_test/ash-misc/control_char3.right
 create mode 100755 shell/ash_test/ash-misc/control_char3.tests
 create mode 100644 shell/ash_test/ash-misc/control_char4.right
 create mode 100755 shell/ash_test/ash-misc/control_char4.tests
 create mode 100644 shell/hush_test/hush-misc/control_char3.right
 create mode 100755 shell/hush_test/hush-misc/control_char3.tests
 create mode 100644 shell/hush_test/hush-misc/control_char4.right
 create mode 100755 shell/hush_test/hush-misc/control_char4.tests
 diff --git a/shell/ash_test/ash-misc/control_char3.right b/shell/ash_test/ash-misc/control_char3.right
 new file mode 100644
 index 000000000..283e02cbb
 --- /dev/null
 +++ b/shell/ash_test/ash-misc/control_char3.right
@@ -0,0 +1 @@
 +SHELL: line 1: : not found
 diff --git a/shell/ash_test/ash-misc/control_char3.tests b/shell/ash_test/ash-misc/control_char3.tests
 new file mode 100755
 index 000000000..4359db3f3
 --- /dev/null
 +++ b/shell/ash_test/ash-misc/control_char3.tests
@@ -0,0 +1,2 @@
 +# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
 +$THIS_SH -c '\' SHELL
 diff --git a/shell/ash_test/ash-misc/control_char4.right b/shell/ash_test/ash-misc/control_char4.right
 new file mode 100644
 index 000000000..2bf18e684
 --- /dev/null
 +++ b/shell/ash_test/ash-misc/control_char4.right
@@ -0,0 +1 @@
 +SHELL: line 1: -: not found
 diff --git a/shell/ash_test/ash-misc/control_char4.tests b/shell/ash_test/ash-misc/control_char4.tests
 new file mode 100755
 index 000000000..48010f154
 --- /dev/null
 +++ b/shell/ash_test/ash-misc/control_char4.tests
@@ -0,0 +1,2 @@
 +# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
 +$THIS_SH -c '"-"' SHELL
 diff --git a/shell/hush.c b/shell/hush.c
 index 9fead37da..249728b9d 100644
 --- a/shell/hush.c
 +++ b/shell/hush.c
@@ -5235,6 +5235,11 @@ static int encode_string(o_string *as_string,
 	}
 #endif
 	o_addQchr(dest, ch);
 +	if (ch == SPECIAL_VAR_SYMBOL) {
 +		/* Convert "^C" to corresponding special variable reference */
 +		o_addchr(dest, SPECIAL_VAR_QUOTED_SVS);
 +		o_addchr(dest, SPECIAL_VAR_SYMBOL);
 +	}
 	goto again;
 #undef as_string
 }
@@ -5346,6 +5351,11 @@ static struct pipe *parse_stream(char **pstring,
 			if (ch == '\n')
 				continue; /* drop \<newline>, get next char */
 			nommu_addchr(&ctx.as_string, '\\');
 +			if (ch == SPECIAL_VAR_SYMBOL) {
 +				nommu_addchr(&ctx.as_string, ch);
 +				/* Convert \^C to corresponding special variable reference */
 +				goto case_SPECIAL_VAR_SYMBOL;
 +			}
 			o_addchr(&ctx.word, '\\');
 			if (ch == EOF) {
 				/* Testcase: eval 'echo Ok\' */
@@ -5670,6 +5680,7 @@ static struct pipe *parse_stream(char **pstring,
 		/* Note: nommu_addchr(&ctx.as_string, ch) is already done */
 		switch (ch) {
 +		case_SPECIAL_VAR_SYMBOL:
 		case SPECIAL_VAR_SYMBOL:
 			/* Convert raw ^C to corresponding special variable reference */
 			o_addchr(&ctx.word, SPECIAL_VAR_SYMBOL);
 diff --git a/shell/hush_test/hush-misc/control_char3.right b/shell/hush_test/hush-misc/control_char3.right
 new file mode 100644
 index 000000000..94b4f8699
 --- /dev/null
 +++ b/shell/hush_test/hush-misc/control_char3.right
@@ -0,0 +1 @@
 +hush: can't execute '': No such file or directory
 diff --git a/shell/hush_test/hush-misc/control_char3.tests b/shell/hush_test/hush-misc/control_char3.tests
 new file mode 100755
 index 000000000..4359db3f3
 --- /dev/null
 +++ b/shell/hush_test/hush-misc/control_char3.tests
@@ -0,0 +1,2 @@
 +# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
 +$THIS_SH -c '\' SHELL
 diff --git a/shell/hush_test/hush-misc/control_char4.right b/shell/hush_test/hush-misc/control_char4.right
 new file mode 100644
 index 000000000..698e21427
 --- /dev/null
 +++ b/shell/hush_test/hush-misc/control_char4.right
@@ -0,0 +1 @@
 +hush: can't execute '-': No such file or directory
 diff --git a/shell/hush_test/hush-misc/control_char4.tests b/shell/hush_test/hush-misc/control_char4.tests
 new file mode 100755
 index 000000000..48010f154
 --- /dev/null
 +++ b/shell/hush_test/hush-misc/control_char4.tests
@@ -0,0 +1,2 @@
 +# (set argv0 to "SHELL" to avoid "/path/to/shell: blah" in error messages)
 +$THIS_SH -c '"-"' SHELL
 -- 
 2.27.0
--- a/backport-CVE-2021-42377.patch
+++ b/backport-CVE-2021-42377.patch
@ -1,42 +0,0 @@
 From f56e2f2ef9d131b1f62dad4427da1113f9b417c5 Mon Sep 17 00:00:00 2001
 From: jikui <jikui2@huawei.com>
 Date: Mon, 22 Nov 2021 16:45:39 +0800
 Subject: [PATCH] busybox: fix CVE-2021-42377
 backport from upstream:
 https://git.busybox.net/busybox/commit/?h=1_34_stable&id=83a4967e50422867f340328d404994553e56b839
 Signed-off-by: jikui <jikui2@huawei.com>
 ---
 shell/hush.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 diff --git a/shell/hush.c b/shell/hush.c
 index 9fead37..48856f2 100644
 --- a/shell/hush.c
 +++ b/shell/hush.c
@@ -3694,9 +3694,10 @@ static void debug_print_tree(struct pipe *pi, int lvl)
 	pin = 0;
 	while (pi) {
 -		fdprintf(2, "%*spipe %d %sres_word=%s followup=%d %s\n",
 +		fdprintf(2, "%*spipe %d #cmds:%d %sres_word=%s followup=%d %s\n",
 				lvl*2, "",
 				pin,
 +				pi->num_cmds,
 				(IF_HAS_KEYWORDS(pi->pi_inverted ? "! " :) ""),
 				RES[pi->res_word],
 				pi->followup, PIPE[pi->followup]
@@ -3839,6 +3840,9 @@ static void done_pipe(struct parse_context *ctx, pipe_style type)
 #endif
 		/* Replace all pipes in ctx with one newly created */
 		ctx->list_head = ctx->pipe = pi;
 +		/* for case like "cmd && &", do not be tricked by last command
 +		 * being null - the entire {...} & is NOT null! */
 +		not_null = 1;
 	} else {
  no_conv:
 		ctx->pipe->followup = type;
 -- 
 2.25.1
--- a/busybox-1.33.1.tar.bz2
+++ b/busybox-1.33.1.tar.bz2
--- a/busybox-1.34.1.tar.bz2
+++ b/busybox-1.34.1.tar.bz2
--- a/busybox.spec
+++ b/busybox.spec
@ -1,10 +1,10 @@
 #spec file for busybox
 %if "%{!?VERSION:1}"
-%define VERSION 1.33.1
+%define VERSION 1.34.1
 %endif
 %if "%{!?RELEASE:1}"
-%define RELEASE 12
+%define RELEASE 13
 %endif
 Name: busybox
@ -19,14 +19,6 @@ Source1: busybox-static.config
 Source2: busybox-petitboot.config
 Source3: busybox-dynamic.config
 #backport
 Patch6000: backport-CVE-2021-42374.patch
 Patch6001: backport-CVE-2021-42377.patch
 Patch6002: backport-CVE-2021-42373.patch
 Patch6003: backport-CVE-2021-42375.patch
 Patch6004: backport-CVE-2021-42376.patch
 Patch6005: backport-fix-awk-cve.patch
 BuildRoot:      %_topdir/BUILDROOT
 #Dependency
 BuildRequires: gcc glibc-static
@ -101,6 +93,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1
 %{_mandir}/man1/busybox.petitboot.1.gz
 %changelog
 * Mon Nov 29 2021 jikui <jikui2@huawei.com> - 1:1.34.1-13
 - Type:enhancement
 - Id:NA
 - SUG:NA
 - DESC:update busybox to 1.34.1
 * Wed Nov 25 2021 xiechengliang <xiechengliang1@huawei.com> - 1:1.33.1-12
 - Type:CVE
 - Id:NA