Hi all, I propose to upload busybox to t-p-u with only the RC bugfixes (#686502 and #701965, CVE-2013-1813). I have cherry-picked thoses changes on top of wheezy's. The resulting debdiff is attached, with version 1:1.20.0-7+deb7u0.1.
As busybox ships an udeb, this needs -boot approval. Comments ? Cheers, OdyX
diff -Nru busybox-1.20.0/debian/changelog busybox-1.20.0/debian/changelog --- busybox-1.20.0/debian/changelog 2012-09-20 08:32:55.000000000 +0200 +++ busybox-1.20.0/debian/changelog 2013-03-25 10:20:13.000000000 +0100 @@ -1,3 +1,14 @@ +busybox (1:1.20.0-7+deb7u0.1) testing-proposed-updates; urgency=low + + * Non-maintainer upload. + + [ Michael Tokarev ] + * xz-support-concatenated-xz-streams.patch (Closes: #686502) + * mdev-fix-mode-of-dir1-in-=dir1-dir2-file-rule.patch - make intermediate + dirs in /dev to be of mode 0755 not 0777 (Closes: #701965, CVE-2013-1813) + + -- Didier Raboud <o...@debian.org> Mon, 25 Mar 2013 10:12:46 +0100 + busybox (1:1.20.0-7) unstable; urgency=low * set CONFIG_FEATURE_COPYBUF_KB from 4 to 64 for all flavours. This diff -Nru busybox-1.20.0/debian/patches/mdev-fix-mode-of-dir1-in-=dir1-dir2-file-rule.patch busybox-1.20.0/debian/patches/mdev-fix-mode-of-dir1-in-=dir1-dir2-file-rule.patch --- busybox-1.20.0/debian/patches/mdev-fix-mode-of-dir1-in-=dir1-dir2-file-rule.patch 1970-01-01 01:00:00.000000000 +0100 +++ busybox-1.20.0/debian/patches/mdev-fix-mode-of-dir1-in-=dir1-dir2-file-rule.patch 2013-03-25 10:13:48.000000000 +0100 @@ -0,0 +1,91 @@ +commit 4609f477c7e043a4f6147dfe6e86b775da2ef784 +Author: Denys Vlasenko <vda.li...@googlemail.com> +Date: Mon Jan 21 01:22:12 2013 +0100 +Bug-Debian: http://bugs.debian.org/701965 +Comment: removed one hunk not needed for 1.20 version, by mjt + + mdev: fix mode of dir1 in =dir1/dir2/file rule + + Signed-off-by: Denys Vlasenko <vda.li...@googlemail.com> + +diff --git a/testsuite/mdev.tests b/testsuite/mdev.tests +index 7320e17..48d3dcc 100755 +--- a/testsuite/mdev.tests ++++ b/testsuite/mdev.tests +@@ -11,7 +11,7 @@ FILTER_LS="grep -v '^total ' | sed -e 's/, */,/g' -e 's/ */ /g' | cut -d' ' -f + # cut: remove size+date + FILTER_LS2="grep -v '^total ' | sed -e 's/, */,/g' -e 's/ */ /g' | cut -d' ' -f 1-4,9-" + +-# testing "test name" "options" "expected result" "file input" "stdin" ++# testing "test name" "commands" "expected result" "file input" "stdin" + + rm -rf mdev.testdir + mkdir mdev.testdir +@@ -128,6 +128,26 @@ SKIP= + + # continuing to use directory structure from prev test + rm -rf mdev.testdir/dev/* ++echo "sda 0:0 444 =disk/sd/a" >mdev.testdir/etc/mdev.conf ++optional STATIC FEATURE_MDEV_CONF FEATURE_MDEV_RENAME FEATURE_LS_RECURSIVE FEATURE_LS_TIMESTAMPS FEATURE_LS_USERNAME ++testing "mdev move rule '=bar/baz/fname'" \ ++ "env - PATH=$PATH ACTION=add DEVPATH=/block/sda chroot mdev.testdir /mdev 2>&1; ++ ls -lnR mdev.testdir/dev | $FILTER_LS2" \ ++"\ ++mdev.testdir/dev: ++drwxr-xr-x 3 0 0 disk ++ ++mdev.testdir/dev/disk: ++drwxr-xr-x 2 0 0 sd ++ ++mdev.testdir/dev/disk/sd: ++br--r--r-- 1 0 0 a ++" \ ++ "" "" ++SKIP= ++ ++# continuing to use directory structure from prev test ++rm -rf mdev.testdir/dev/* + # here we complicate things by having non-matching group 1 and using %0 + echo "s([0-9])*d([a-z]+) 0:0 644 >sd/%2_%0" >mdev.testdir/etc/mdev.conf + optional STATIC FEATURE_MDEV_CONF FEATURE_MDEV_RENAME FEATURE_MDEV_RENAME_REGEXP FEATURE_LS_RECURSIVE FEATURE_LS_TIMESTAMPS FEATURE_LS_USERNAME FEATURE_LS_SORTFILES +diff --git a/util-linux/mdev.c b/util-linux/mdev.c +index 79871d3..75de14f 100644 +--- a/util-linux/mdev.c ++++ b/util-linux/mdev.c +@@ -429,6 +429,18 @@ static const struct rule *next_rule(void) + + #endif + ++static void mkdir_recursive(char *name) ++{ ++ /* if name has many levels ("dir1/dir2"), ++ * bb_make_directory() will create dir1 according to umask, ++ * not according to its "mode" parameter. ++ * Since we run with umask=0, need to temporarily switch it. ++ */ ++ umask(022); /* "dir1" (if any) will be 0755 too */ ++ bb_make_directory(name, 0755, FILEUTILS_RECUR); ++ umask(0); ++} ++ + /* Builds an alias path. + * This function potentionally reallocates the alias parameter. + * Only used for ENABLE_FEATURE_MDEV_RENAME +@@ -442,7 +454,7 @@ static char *build_alias(char *alias, const char *device_name) + dest = strrchr(alias, '/'); + if (dest) { /* ">bar/[baz]" ? */ + *dest = '\0'; /* mkdir bar */ +- bb_make_directory(alias, 0755, FILEUTILS_RECUR); ++ mkdir_recursive(alias); + *dest = '/'; + if (dest[1] == '\0') { /* ">bar/" => ">bar/device_name" */ + dest = alias; +# not needed for 1.20: @@ -641,7 +653,7 @@ static void make_device(char *device_name, char *path, int operation) + char *slash = strrchr(node_name, '/'); + if (slash) { + *slash = '\0'; +- bb_make_directory(node_name, 0755, FILEUTILS_RECUR); ++ mkdir_recursive(node_name); + *slash = '/'; + } + if (G.verbose) diff -Nru busybox-1.20.0/debian/patches/series busybox-1.20.0/debian/patches/series --- busybox-1.20.0/debian/patches/series 2012-09-19 22:58:00.000000000 +0200 +++ busybox-1.20.0/debian/patches/series 2013-03-25 10:13:48.000000000 +0100 @@ -9,6 +9,10 @@ busybox-1.20.1-mke2fs.patch busybox-1.20.1-1.20.2.patch +# more fixes from upstream +xz-support-concatenated-xz-streams.patch +mdev-fix-mode-of-dir1-in-=dir1-dir2-file-rule.patch + shell-ash-export-HOME.patch # we need to get rid of this one: #applets-fallback.patch diff -Nru busybox-1.20.0/debian/patches/xz-support-concatenated-xz-streams.patch busybox-1.20.0/debian/patches/xz-support-concatenated-xz-streams.patch --- busybox-1.20.0/debian/patches/xz-support-concatenated-xz-streams.patch 1970-01-01 01:00:00.000000000 +0100 +++ busybox-1.20.0/debian/patches/xz-support-concatenated-xz-streams.patch 2013-03-25 10:13:48.000000000 +0100 @@ -0,0 +1,100 @@ +commit 380c8a0763462692eef8d00df4872a561ff7aa7b +Author: Lasse Collin <lasse.col...@tukaani.org> +Date: Wed Feb 27 17:26:40 2013 +0100 +Bug-Debian: http://bugs.debian.org/686502 + + xz: support concatenated .xz streams + + function old new delta + xz_dec_reset - 77 +77 + unpack_xz_stream 2402 2397 -5 + + Signed-off-by: Lasse Collin <lasse.col...@tukaani.org> + Signed-off-by: Denys Vlasenko <vda.li...@googlemail.com> + +diff --git a/archival/libarchive/decompress_unxz.c b/archival/libarchive/decompress_unxz.c +index 79b48a1..e9ddd37 100644 +--- a/archival/libarchive/decompress_unxz.c ++++ b/archival/libarchive/decompress_unxz.c +@@ -40,6 +40,7 @@ static uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc) + IF_DESKTOP(long long) int FAST_FUNC + unpack_xz_stream(transformer_aux_data_t *aux, int src_fd, int dst_fd) + { ++ enum xz_ret xz_result; + struct xz_buf iobuf; + struct xz_dec *state; + unsigned char *membuf; +@@ -63,9 +64,8 @@ unpack_xz_stream(transformer_aux_data_t *aux, int src_fd, int dst_fd) + /* Limit memory usage to about 64 MiB. */ + state = xz_dec_init(XZ_DYNALLOC, 64*1024*1024); + ++ xz_result = X_OK; + while (1) { +- enum xz_ret r; +- + if (iobuf.in_pos == iobuf.in_size) { + int rd = safe_read(src_fd, membuf, BUFSIZ); + if (rd < 0) { +@@ -73,28 +73,57 @@ unpack_xz_stream(transformer_aux_data_t *aux, int src_fd, int dst_fd) + total = -1; + break; + } ++ if (rd == 0 && xz_result == XZ_STREAM_END) ++ break; + iobuf.in_size = rd; + iobuf.in_pos = 0; + } ++ if (xz_result == XZ_STREAM_END) { ++ /* ++ * Try to start decoding next concatenated stream. ++ * Stream padding must always be a multiple of four ++ * bytes to preserve four-byte alignment. To keep the ++ * code slightly smaller, we aren't as strict here as ++ * the .xz spec requires. We just skip all zero-bytes ++ * without checking the alignment and thus can accept ++ * files that aren't valid, e.g. the XZ utils test ++ * files bad-0pad-empty.xz and bad-0catpad-empty.xz. ++ */ ++ do { ++ if (membuf[iobuf.in_pos] != 0) { ++ xz_dec_reset(state); ++ goto do_run; ++ } ++ iobuf.in_pos++; ++ } while (iobuf.in_pos < iobuf.in_size); ++ } ++ do_run: + // bb_error_msg(">in pos:%d size:%d out pos:%d size:%d", + // iobuf.in_pos, iobuf.in_size, iobuf.out_pos, iobuf.out_size); +- r = xz_dec_run(state, &iobuf); ++ xz_result = xz_dec_run(state, &iobuf); + // bb_error_msg("<in pos:%d size:%d out pos:%d size:%d r:%d", +-// iobuf.in_pos, iobuf.in_size, iobuf.out_pos, iobuf.out_size, r); ++// iobuf.in_pos, iobuf.in_size, iobuf.out_pos, iobuf.out_size, xz_result); + if (iobuf.out_pos) { + xwrite(dst_fd, iobuf.out, iobuf.out_pos); + IF_DESKTOP(total += iobuf.out_pos;) + iobuf.out_pos = 0; + } +- if (r == XZ_STREAM_END) { +- break; ++ if (xz_result == XZ_STREAM_END) { ++ /* ++ * Can just "break;" here, if not for concatenated ++ * .xz streams. ++ * Checking for padding may require buffer ++ * replenishment. Can't do it here. ++ */ ++ continue; + } +- if (r != XZ_OK && r != XZ_UNSUPPORTED_CHECK) { ++ if (xz_result != XZ_OK && xz_result != XZ_UNSUPPORTED_CHECK) { + bb_error_msg("corrupted data"); + total = -1; + break; + } + } ++ + xz_dec_end(state); + free(membuf); +