Bug#1059050: marked as done (busybox: CVE-2023-42363)
Your message dated Sun, 6 Oct 2024 21:26:55 +0200 with message-id and subject line [ftpmas...@ftp-master.debian.org: Accepted busybox 1:1.37.0-1 (source) into unstable] has caused the Debian Bug report #1059050, regarding busybox: CVE-2023-42363 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059050 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2023-42363[0]: | A use-after-free vulnerability was discovered in xasprintf function | in xfuncs_printf.c:344 in BusyBox v.1.36.1. https://bugs.busybox.net/show_bug.cgi?id=15865 (currently down) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42363 https://www.cve.org/CVERecord?id=CVE-2023-42363 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: busybox Source-Version: 1:1.37.0-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 06 Oct 2024 10:20:49 +0300 Source: busybox Architecture: source Version: 1:1.37.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Michael Tokarev Changes: busybox (1:1.37.0-1) unstable; urgency=medium . * new upstream release 1.37.0 Closes: CVE-2021-42380 (awk use-after-realloc) Cloese: CVE-2023-42363 (awk use-after-free) * d/patches/: refresh platform-linux.diff and version.patch * d/patches/: remove: - install-fix-chown-resetting-suid-sgid-bits-from-chmod.patch - syslogd-daemonize-after-init-make-errs-visible.patch - syslogd-decrease-stack-usage-50-bytes.patch - syslogd-fix-breakage-caused-by-daemonize-_after_-ini.patch * d/config/pkg/*: update configs: - enable time64 - enable find exec-ok for regular and static builds - enable getfattr for regular and static builds - enable ip-link-can for regular and static builds - enable feature udhcpd bootp Checksums-Sha1: b726349e0ade5391b468cf80616bd5f888c6a5f4 2529 busybox_1.37.0-1.dsc 50efee4e4438b8aea90ea6895dac818d23125549 2565764 busybox_1.37.0.orig.tar.bz2 d602b689b78080e7c48112b2fcd187fcaf5f599f 232 busybox_1.37.0.orig.tar.bz2.asc 79fee9e4ee23e567d147cfeef9d6c566aa59b5f5 62848 busybox_1.37.0-1.debian.tar.xz 4fc97373c8939a50360dbdd2461c1c731c66ee94 6691 busybox_1.37.0-1_source.buildinfo Checksums-Sha256: 9da7fbe1a51cd5ad7b3e64e3a1d66262141914a3f96b5997cc3e2e8ff90802bc 2529 busybox_1.37.0-1.dsc 3311dff32e746499f4df0d5df04d7eb396382d7e108bb9250e7b519b837043a4 2565764 busybox_1.37.0.orig.tar.bz2 771f2b06609b670e9c7f864832ece85a661dc7e5e6505a8e82436940fea5c7f8 232 busybox_1.37.0.orig.tar.bz2.asc 196af8b4b51c85aea7c4b0dc02cf83274d036fc12a2c221953b5463c48035604 62848 busybox_1.37.0-1.debian.tar.xz c12fe81fe369a1fb01bbc01343a6be939d1b356cb9a52d73b24214c85df4e472 6691 busybox_1.37.0-1_source.buildinfo Files: fb68a6069a4ed70722e2404758300b06 2529 utils optional busybox_1.37.0-1.dsc 865b68ab41b923d9cdbebf3f2c8b04ec 2565764 utils optional busybox_1.37.0.orig.tar.bz2 493c2999dbfb2eb07f4555981b712ddb 232 utils optional busybox_1.37.0.orig.tar.bz2.asc 34bf385c251d4f74089ceeedd665bfde 62848 utils optional busybox_1.37.0-1.debian.tar.xz ada4ed46bea29a3b30e55601bc7785a5 6691 utils optional busybox_1.37.0-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmcCOogACgkQgqpKJDse lHhiDBAAlzfHSRhuxjeFjtR3sQv0FNy/+aDXV1QEPTWm34YYmy+IsqfA8gc9rnOn TOGzP34jNIJPiaoIEazj1bavGdi5ss0KNQm5awNcs26hesmlyiyyjPu5et4gsGwl RTKeyoWTGD18Di7iBLLcj08KDNxgIWptqD93oyGfu2kG6M2i7PM4vhe5jplOyS2+ WzsY/EMe9APMf27d9olXsyBjXOEw5tu0W4WUbnAyi6T1CR7sx2XhqRx4h/4bFOPU kGo6Q4XkgvZzBy0cx/dgdbKaqSOAGVDpWfQT9WKDORuB7v4BYxNCvUlVqtFcgWsx YtDvrotMc0pmqgsftGmEuFLLmoUQYV0loCVOPuuTmTIy/usSyZ0NT4eRBS3vOfeP p9rleXlqYibbCgP/xPvMUQbiuunxmtV6M64bWEsbTkd1HDQ/L7QQavucG5B3UB7w T/+65XsSYOpB/mz2BKfdiNS3EmyxN9twn1TXJtnMQyy2ZFpz2MiIJn+MOEIOXESy WITAzogjzh58pihKkQwYSf8zLj4FG4SpmwkTmXYP1kFhWP+pTVdoYGIRx1B7ZcFE zaxXTWGng42sKENJajlDD8jXUGUDXVGehIk9NizHNpAR8qeN83++pOqSaY/kSVvI e0dJYdEsdIuMBn4oejdustkwT1z1LEouw0nTVSKcUSpZ0iB4+m8= =4o2d -END PGP SIGNATURE- - End forwarded message End Message ---
[ftpmas...@ftp-master.debian.org: Accepted busybox 1:1.37.0-1 (source) into unstable]
Source: busybox Source-Version: 1:1.37.0-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 06 Oct 2024 10:20:49 +0300 Source: busybox Architecture: source Version: 1:1.37.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Michael Tokarev Changes: busybox (1:1.37.0-1) unstable; urgency=medium . * new upstream release 1.37.0 Closes: CVE-2021-42380 (awk use-after-realloc) Cloese: CVE-2023-42363 (awk use-after-free) * d/patches/: refresh platform-linux.diff and version.patch * d/patches/: remove: - install-fix-chown-resetting-suid-sgid-bits-from-chmod.patch - syslogd-daemonize-after-init-make-errs-visible.patch - syslogd-decrease-stack-usage-50-bytes.patch - syslogd-fix-breakage-caused-by-daemonize-_after_-ini.patch * d/config/pkg/*: update configs: - enable time64 - enable find exec-ok for regular and static builds - enable getfattr for regular and static builds - enable ip-link-can for regular and static builds - enable feature udhcpd bootp Checksums-Sha1: b726349e0ade5391b468cf80616bd5f888c6a5f4 2529 busybox_1.37.0-1.dsc 50efee4e4438b8aea90ea6895dac818d23125549 2565764 busybox_1.37.0.orig.tar.bz2 d602b689b78080e7c48112b2fcd187fcaf5f599f 232 busybox_1.37.0.orig.tar.bz2.asc 79fee9e4ee23e567d147cfeef9d6c566aa59b5f5 62848 busybox_1.37.0-1.debian.tar.xz 4fc97373c8939a50360dbdd2461c1c731c66ee94 6691 busybox_1.37.0-1_source.buildinfo Checksums-Sha256: 9da7fbe1a51cd5ad7b3e64e3a1d66262141914a3f96b5997cc3e2e8ff90802bc 2529 busybox_1.37.0-1.dsc 3311dff32e746499f4df0d5df04d7eb396382d7e108bb9250e7b519b837043a4 2565764 busybox_1.37.0.orig.tar.bz2 771f2b06609b670e9c7f864832ece85a661dc7e5e6505a8e82436940fea5c7f8 232 busybox_1.37.0.orig.tar.bz2.asc 196af8b4b51c85aea7c4b0dc02cf83274d036fc12a2c221953b5463c48035604 62848 busybox_1.37.0-1.debian.tar.xz c12fe81fe369a1fb01bbc01343a6be939d1b356cb9a52d73b24214c85df4e472 6691 busybox_1.37.0-1_source.buildinfo Files: fb68a6069a4ed70722e2404758300b06 2529 utils optional busybox_1.37.0-1.dsc 865b68ab41b923d9cdbebf3f2c8b04ec 2565764 utils optional busybox_1.37.0.orig.tar.bz2 493c2999dbfb2eb07f4555981b712ddb 232 utils optional busybox_1.37.0.orig.tar.bz2.asc 34bf385c251d4f74089ceeedd665bfde 62848 utils optional busybox_1.37.0-1.debian.tar.xz ada4ed46bea29a3b30e55601bc7785a5 6691 utils optional busybox_1.37.0-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmcCOogACgkQgqpKJDse lHhiDBAAlzfHSRhuxjeFjtR3sQv0FNy/+aDXV1QEPTWm34YYmy+IsqfA8gc9rnOn TOGzP34jNIJPiaoIEazj1bavGdi5ss0KNQm5awNcs26hesmlyiyyjPu5et4gsGwl RTKeyoWTGD18Di7iBLLcj08KDNxgIWptqD93oyGfu2kG6M2i7PM4vhe5jplOyS2+ WzsY/EMe9APMf27d9olXsyBjXOEw5tu0W4WUbnAyi6T1CR7sx2XhqRx4h/4bFOPU kGo6Q4XkgvZzBy0cx/dgdbKaqSOAGVDpWfQT9WKDORuB7v4BYxNCvUlVqtFcgWsx YtDvrotMc0pmqgsftGmEuFLLmoUQYV0loCVOPuuTmTIy/usSyZ0NT4eRBS3vOfeP p9rleXlqYibbCgP/xPvMUQbiuunxmtV6M64bWEsbTkd1HDQ/L7QQavucG5B3UB7w T/+65XsSYOpB/mz2BKfdiNS3EmyxN9twn1TXJtnMQyy2ZFpz2MiIJn+MOEIOXESy WITAzogjzh58pihKkQwYSf8zLj4FG4SpmwkTmXYP1kFhWP+pTVdoYGIRx1B7ZcFE zaxXTWGng42sKENJajlDD8jXUGUDXVGehIk9NizHNpAR8qeN83++pOqSaY/kSVvI e0dJYdEsdIuMBn4oejdustkwT1z1LEouw0nTVSKcUSpZ0iB4+m8= =4o2d -END PGP SIGNATURE- - End forwarded message -
Bug#1059049: busybox: CVE-2022-48174
Dear Debian staff, Could you please let me know if there are any plans to release a patch for the Busybox package in the near future regarding the "https://security-tracker.debian.org/tracker/CVE-2022-48174"; vulnerability? Also, I would like to know if there is an automated CVE tracking system for Debian OS. Also, I was wondering if you have specific repositories for security patches for older OS versions such as Debian 11. Regards, _ Nikita Krivykh Information Security Specialist
Bug#1071648: marked as done (busybox: FTBFS with Linux 6.8+)
Your message dated Tue, 16 Jul 2024 10:19:24 +
with message-id
and subject line Bug#1071648: fixed in busybox 1:1.36.1-8
has caused the Debian Bug report #1071648,
regarding busybox: FTBFS with Linux 6.8+
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071648: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071648
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: busybox
Version: 1:1.36.1-7
Severity: serious
Tags: ftbfs upstream
X-Debbugs-Cc: tia...@debian.org
The recent upload of src:linux to 6.8+ (specifically 6.8.9-1,
ironicially uploaded around the same time as the last busybox upload)
causes src:busybox to FTBFS (logs from reproducible-builds):
| /build/reproducible-path/busybox-1.36.1/networking/tc.c: In function
'cbq_print_opt':
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:237:27: error:
'TCA_CBQ_MAX' undeclared (first use in this function); did you mean
'TCA_CBS_MAX'?
| 237 | struct rtattr *tb[TCA_CBQ_MAX+1];
| | ^~~
| | TCA_CBS_MAX
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:237:27: note: each
undeclared identifier is reported only once for each function it appears in
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:250:16: error:
'TCA_CBQ_RATE' undeclared (first use in this function); did you mean
'TCA_TBF_RATE64'?
| 250 | if (tb[TCA_CBQ_RATE]) {
| |^~~~
| | TCA_TBF_RATE64
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:256:16: error:
'TCA_CBQ_LSSOPT' undeclared (first use in this function)
| 256 | if (tb[TCA_CBQ_LSSOPT]) {
| | ^~
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:257:61: error:
invalid application of 'sizeof' to incomplete type 'struct tc_cbq_lssopt'
| 257 | if (RTA_PAYLOAD(tb[TCA_CBQ_LSSOPT]) < sizeof(*lss))
| | ^
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:262:16: error:
'TCA_CBQ_WRROPT' undeclared (first use in this function)
| 262 | if (tb[TCA_CBQ_WRROPT]) {
| |^~
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:263:61: error:
invalid application of 'sizeof' to incomplete type 'struct tc_cbq_wrropt'
| 263 | if (RTA_PAYLOAD(tb[TCA_CBQ_WRROPT]) < sizeof(*wrr))
| | ^
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:268:16: error:
'TCA_CBQ_FOPT' undeclared (first use in this function)
| 268 | if (tb[TCA_CBQ_FOPT]) {
| |^~~~
| /build/reproducible-path/busybox-1.36.1/networking/tc.c:269:59: error:
invalid application of 'sizeof' to incomplete type 'struct tc_cbq_fopt'
| 269 | if (RTA_PAYLOAD(tb[TCA_CBQ_FOPT]) < sizeof(*fopt))
| | ^
https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/busybox_1.36.1-7.rbuild.log.gz
This has been reported upstream[1][2] (back in January), but with no
upstream resolution yet.
[1]: https://bugs.busybox.net/show_bug.cgi?id=15931
[2]: https://bugs.busybox.net/show_bug.cgi?id=15934
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.36.1-8
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGI
Re: busybox: CONFIG_FEATURE_DI_ENV_HACK: is it still needed?
On 25/06/2024 20:22, Cyril Brulebois wrote: Michael Tokarev (2024-06-25): 31.12.2023 19:11, Michael Tokarev wrote: Hi! There's a debian-specific patch in busybox since 2017 which adds ability to lift variable name filtering rules for d-i. A comment in there says: This is not a long term fix for this problem: a different approach is needed to parse the values from the kernel command-line, but we don't want to be responsible for holding up the debian-installer alpha release any longer than it has already. Is it still needed in 2024? A friendly ping? I can't dive into it right now to be 100% sure, but I can't think of a reason why we wouldn't need to keep that. (I'm not aware of any work in that area, except some extra fun with hostname last year, but maybe someone worked on that without my noticing.) I remember adding that. From memory, it's because we pass arguments to d-i as kernel command-line args. Those get converted to environment variables by the kernel (I think?), which is how d-i picks them up. But those arguments have odd characters (for environment variables) in them, such as slashes. At some point busybox started filtering out such invalid environment variables, so d-i stopped seeing them. The hack is needed to avoid filtering them out. Before we can remove this hack, d-i would need to presumably parse /proc/cmdline itself to get its arguments, rather than simply assuming they would be in the environment. As far as I'm aware this hasn't been done. HTH, Chris -- Chris Boot bo...@debian.org
Re: busybox: CONFIG_FEATURE_DI_ENV_HACK: is it still needed?
Michael Tokarev (2024-06-25): > 31.12.2023 19:11, Michael Tokarev wrote: > > Hi! > > > > There's a debian-specific patch in busybox since 2017 which adds ability > > to lift variable name filtering rules for d-i. A comment in there says: > > > > This is not a long term fix for this problem: a different approach is > > needed to parse the values from the kernel command-line, but we don't > > want to be responsible for holding up the debian-installer alpha > > release any longer than it has already. > > > > Is it still needed in 2024? > > A friendly ping? I can't dive into it right now to be 100% sure, but I can't think of a reason why we wouldn't need to keep that. (I'm not aware of any work in that area, except some extra fun with hostname last year, but maybe someone worked on that without my noticing.) Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: busybox: CONFIG_FEATURE_DI_ENV_HACK: is it still needed?
31.12.2023 19:11, Michael Tokarev wrote: Hi! There's a debian-specific patch in busybox since 2017 which adds ability to lift variable name filtering rules for d-i. A comment in there says: This is not a long term fix for this problem: a different approach is needed to parse the values from the kernel command-line, but we don't want to be responsible for holding up the debian-installer alpha release any longer than it has already. Is it still needed in 2024? A friendly ping? Thanks, /mjt
Bug#1060134: marked as done (kmod-udeb vs busybox-udeb: agree on who ships depmod)
Your message dated Thu, 16 May 2024 19:20:20 + with message-id and subject line Bug#1060134: fixed in busybox 1:1.36.1-7 has caused the Debian Bug report #1060134, regarding kmod-udeb vs busybox-udeb: agree on who ships depmod to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1060134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060134 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: kmod-udeb,busybox-udeb Severity: serious Justification: file conflict X-Debbugs-Cc: Cyril Brulebois , debian-boot@lists.debian.org Hi Cyril, On Sat, Jan 06, 2024 at 04:31:44AM +0100, Cyril Brulebois wrote: > d-i daily builds now FTBFS everywhere due to the merge-usr step, with > the following error: > > merge-usr "./tmp/cdrom/tree" > error: merge target 'usr//sbin/depmod' is a symlink > > It would be nice if you could investigate and suggest what fix(es) would > be best here. I suppose it could be some fallout from the kmod upload > which included some changes of yours, hence the ping. > > > https://tracker.debian.org/news/1491892/accepted-kmod-31-1-source-into-unstable/ Thank you for the report. In investigating it, I note that reproducing the failure was unexpectedly difficult. debian-installer fails to build from source in unstable for unrelated reasons. I request that you update the package more frequently and keep it in a buildable state to ease QA efforts of others. It turns out that /sbin/depmod points to /bin/busybox and /usr/sbin/depmod points to ../bin/kmod. As such, merge-usr does not have a good idea of what to do and rightly refuses to continue. These two files are to be considered a file conflict according to the Debian policy as they only differ in aliasing. I argue that this was a bug before merged-/usr and merged-/usr just makes it visible now. The underlying conflict has existed earlier and was resolved arbitrarily dependent on the order of unpacks. The real solution here is to agree on whether busybox-udeb or kmod-udeb is supposed to provide depmod and only ship it once. Since there is no other consumer of udebs, it does not make sense to install it in both. Cyril, please reassign the bug to the right package (i.e. the one that should not be providing depmod). I also recommend to establish QA for all udebs to automatically detect, report and address such conflicts as they evidently cause undefined behaviour otherwise. That can be as simple as collecting file lists of all udebs and comparing them. Helmut --- End Message --- --- Begin Message --- Source: busybox Source-Version: 1:1.36.1-7 Done: Michael Tokarev We believe that the bug you reported is fixed in the latest version of busybox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1060...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev (supplier of updated busybox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 May 2024 21:49:03 +0300 Source: busybox Architecture: source Version: 1:1.36.1-7 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Michael Tokarev Closes: 1060134 1069864 Changes: busybox (1:1.36.1-7) unstable; urgency=medium . * udeb: remove all modutils (kmod-udeb provides better alternatives) (Closes: #1060134) * deb, static, udeb: provide install applet (Closes: #1069864) * udhcpc/default.script: recognize $search dhcp parameter too, in addition to $domain (and simplify these parts a bit) Checksums-Sha1: c4a67d14dbdad9698c915485270c6f6bc7f588a7 1954 busybox_1.36.1-7.dsc 9b37bb6b1ddfe41eac4a551751d37bb37de8d5eb 66708 busybox_1.36.1-7.debian.tar.xz 93c723b6fb881663e3bf80c73363da943b3d96d9 6352 busybox_1.36.1-7_source.buildinfo Checksums-Sha256: 8d387dfc4159ea54832c878bc5602c8d9a9eebcba0d24a6f7091dcdbc51ec8a5 1954 busybox_1.36.1-7.dsc 602dd21460f6dff82fb23a3b71d40a4d402dbc3d8864704d7d89a8563dd9d62f 66708 busybox_1.36.1-7.debian.tar.xz c689e977c5937caed55fe249812e0de57516fcaede5241e222f1610f49b6a24a 6352 busybox_1.36.1-7_source.buildinfo File
Bug#1069864: marked as done (busybox: Please enable "install" applet)
Your message dated Thu, 16 May 2024 19:20:20 + with message-id and subject line Bug#1069864: fixed in busybox 1:1.36.1-7 has caused the Debian Bug report #1069864, regarding busybox: Please enable "install" applet to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069864 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox Version: 1:1.35.0-4+b3 Severity: wishlist Tags: patch Hi, BusyBox can provide a simple version of "install" command (https://busybox.net/downloads/BusyBox.html#install). Unfortunately, in the package configuration, the options responsible for enabling this applet are not set: # CONFIG_INSTALL is not set # CONFIG_FEATURE_INSTALL_LONG_OPTIONS is not set (for all 3 packages - regular, static and udeb) This is a quite frequently used command that is part of coreutils, so it is worth making it available in the minimal environment provided by BusyBox. Simple patch (for regular package) attached. Regards, Robert Paciorek -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-9-amd64 (SMP w/6 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages busybox depends on: ii libc6 2.36-9+deb12u4 busybox recommends no packages. busybox suggests no packages. -- no debconf information --- busybox-1.36.1.org/debian/config/pkg/deb2023-11-13 13:46:07.0 + +++ busybox-1.36.1/debian/config/pkg/deb2024-04-24 02:07:05.532609382 + @@ -265,8 +265,8 @@ CONFIG_HOSTID=y CONFIG_ID=y CONFIG_GROUPS=y -# CONFIG_INSTALL is not set -# CONFIG_FEATURE_INSTALL_LONG_OPTIONS is not set +CONFIG_INSTALL=y +CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y CONFIG_LINK=y CONFIG_LN=y CONFIG_LOGNAME=y --- End Message --- --- Begin Message --- Source: busybox Source-Version: 1:1.36.1-7 Done: Michael Tokarev We believe that the bug you reported is fixed in the latest version of busybox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev (supplier of updated busybox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 16 May 2024 21:49:03 +0300 Source: busybox Architecture: source Version: 1:1.36.1-7 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Michael Tokarev Closes: 1060134 1069864 Changes: busybox (1:1.36.1-7) unstable; urgency=medium . * udeb: remove all modutils (kmod-udeb provides better alternatives) (Closes: #1060134) * deb, static, udeb: provide install applet (Closes: #1069864) * udhcpc/default.script: recognize $search dhcp parameter too, in addition to $domain (and simplify these parts a bit) Checksums-Sha1: c4a67d14dbdad9698c915485270c6f6bc7f588a7 1954 busybox_1.36.1-7.dsc 9b37bb6b1ddfe41eac4a551751d37bb37de8d5eb 66708 busybox_1.36.1-7.debian.tar.xz 93c723b6fb881663e3bf80c73363da943b3d96d9 6352 busybox_1.36.1-7_source.buildinfo Checksums-Sha256: 8d387dfc4159ea54832c878bc5602c8d9a9eebcba0d24a6f7091dcdbc51ec8a5 1954 busybox_1.36.1-7.dsc 602dd21460f6dff82fb23a3b71d40a4d402dbc3d8864704d7d89a8563dd9d62f 66708 busybox_1.36.1-7.debian.tar.xz c689e977c5937caed55fe249812e0de57516fcaede5241e222f1610f49b6a24a 6352 busybox_1.36.1-7_source.buildinfo Files: 4b46ee0b205392c42ba7fb1986eb8c98 1954 utils optional busybox_1.36.1-7.dsc 264e149c43c1250200801066b8f7ee8a 66708 utils optional busybox_1.36.1-7.debian.tar.xz f0fdc456a88231b6006681560a91ab3e 6352 utils optional busybox_1.36.1-7_source.buildinfo -BEGIN PGP SIGNATURE- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmZGVVgPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5Z
Bug#1071227: marked as done (busybox-udeb: provides binaries that are also provided by kmod-udeb (e.g. modprobe))
Your message dated Thu, 16 May 2024 19:50:58 +0200 with message-id <87pltlprwd@hands.com> and subject line Re: Bug#1071227: busybox-udeb: provides binaries that are also provided by kmod-udeb (e.g. modprobe) has caused the Debian Bug report #1071227, regarding busybox-udeb: provides binaries that are also provided by kmod-udeb (e.g. modprobe) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071227 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox-udeb Severity: normal User: debian-rele...@lists.debian.org Hi, I notice that busybox-udeb provides the following binaries in /sbin: depmod insmod lsmod modinfo modprobe rmmod while kmod-udeb provides the same, except located in /usr/sbin. It would be better if this were not the case, especially now that D-I is /usr-merged, so one will presumably get to use whichever of those is unpacked last. This suggests to me that the versions from kmod-udeb should be used, and busybox-udeb should be configured to no longer generate these binaries. BTW I'm assuming that these binaries only make sense on Linux, so it's that it's fine that non-linux builds will not have them (kmod-udeb being linux only). Cheers, Phil. --- End Message --- --- Begin Message --- Michael Tokarev writes: > https://salsa.debian.org/installer-team/busybox/-/commit/a52da181d4cd0e41c04ab1d5be9130270df0f696 > #1060134 Oh, ooops -- sorry for the noise. I'll close that then. Cheers, Phil. -- Philip Hands -- https://hands.com/~phil--- End Message ---
Bug#1071227: busybox-udeb: provides binaries that are also provided by kmod-udeb (e.g. modprobe)
16.05.2024 20:17, Philip Hands пишет: Package: busybox-udeb Severity: normal User: debian-rele...@lists.debian.org Hi, I notice that busybox-udeb provides the following binaries in /sbin: depmod insmod lsmod modinfo modprobe rmmod while kmod-udeb provides the same, except located in /usr/sbin. https://salsa.debian.org/installer-team/busybox/-/commit/a52da181d4cd0e41c04ab1d5be9130270df0f696 #1060134 fwiw. /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Bug#1071227: busybox-udeb: provides binaries that are also provided by kmod-udeb (e.g. modprobe)
Package: busybox-udeb Severity: normal User: debian-rele...@lists.debian.org Hi, I notice that busybox-udeb provides the following binaries in /sbin: depmod insmod lsmod modinfo modprobe rmmod while kmod-udeb provides the same, except located in /usr/sbin. It would be better if this were not the case, especially now that D-I is /usr-merged, so one will presumably get to use whichever of those is unpacked last. This suggests to me that the versions from kmod-udeb should be used, and busybox-udeb should be configured to no longer generate these binaries. BTW I'm assuming that these binaries only make sense on Linux, so it's that it's fine that non-linux builds will not have them (kmod-udeb being linux only). Cheers, Phil.
Re: Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
Marco d'Itri (2024-04-26): > On Apr 26, Michael Tokarev wrote: > > > So, should I disable module utils in busybox-udeb now? > I think so. I haven't gotten any requests / seen any reasons to keep it; so, yes, please feel free to remove it whenever is convenient for you. > > Is kmod udeb ready and used in d-i already, or does it need some > > prep first? > AFAIK it works. Absolutely, that's been working since the small xz-utils tweak (the udeb addition, not the backdoor thing). Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
Ok, I'm removing whole modutils from busybox udeb (besides depmod, this is lsmod, insmod, rmmod, and modprobe). All these are provided by kmod-udeb as far as I can see (as symlinks to kod). -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Re: Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
On Apr 26, Michael Tokarev wrote: > So, should I disable module utils in busybox-udeb now? I think so. > Is kmod udeb ready and used in d-i already, or does it need some > prep first? AFAIK it works. -- ciao, Marco signature.asc Description: PGP signature
Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
09.04.2024 16:48, Cyril Brulebois wrote: Marco d'Itri (2024-04-09): Yes. Nowadays kmod has many more features related to compressed modules and verification of signatures. Can we agree that kmod should provide these programs for d-i? Or can the d-i maintainers just tell us what they want? I meant to come back to this after experimenting, then things happened… I picked kmod at the time because it worked, and because busybox didn't work, which I summed up in: https://salsa.debian.org/installer-team/debian-installer/-/commit/450daf0bd24ee94d4f466ab65908c079ef795145 (plus follow-up commit, woopsie https://salsa.debian.org/installer-team/debian-installer/-/commit/69777be465c5d0210d16159a456ab88535513a07 ) I'm fine with sticking to kmod regarding module support in d-i. I'm not sure we should keep support in two different modules, so dropping it from busybox would work for me. Others might have different views on this, though. So, should I disable module utils in busybox-udeb now? Wanted to spare some time on busybox, this bug report come in. Is kmod udeb ready and used in d-i already, or does it need some prep first? Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt
Bug#1069864: busybox: Please enable "install" applet
Package: busybox Version: 1:1.35.0-4+b3 Severity: wishlist Tags: patch Hi, BusyBox can provide a simple version of "install" command (https://busybox.net/downloads/BusyBox.html#install). Unfortunately, in the package configuration, the options responsible for enabling this applet are not set: # CONFIG_INSTALL is not set # CONFIG_FEATURE_INSTALL_LONG_OPTIONS is not set (for all 3 packages - regular, static and udeb) This is a quite frequently used command that is part of coreutils, so it is worth making it available in the minimal environment provided by BusyBox. Simple patch (for regular package) attached. Regards, Robert Paciorek -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-9-amd64 (SMP w/6 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages busybox depends on: ii libc6 2.36-9+deb12u4 busybox recommends no packages. busybox suggests no packages. -- no debconf information --- busybox-1.36.1.org/debian/config/pkg/deb2023-11-13 13:46:07.0 + +++ busybox-1.36.1/debian/config/pkg/deb2024-04-24 02:07:05.532609382 + @@ -265,8 +265,8 @@ CONFIG_HOSTID=y CONFIG_ID=y CONFIG_GROUPS=y -# CONFIG_INSTALL is not set -# CONFIG_FEATURE_INSTALL_LONG_OPTIONS is not set +CONFIG_INSTALL=y +CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y CONFIG_LINK=y CONFIG_LN=y CONFIG_LOGNAME=y
Re: Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
Hi, Marco d'Itri (2024-04-09): > Yes. Nowadays kmod has many more features related to compressed modules > and verification of signatures. > Can we agree that kmod should provide these programs for d-i? > Or can the d-i maintainers just tell us what they want? I meant to come back to this after experimenting, then things happened… I picked kmod at the time because it worked, and because busybox didn't work, which I summed up in: https://salsa.debian.org/installer-team/debian-installer/-/commit/450daf0bd24ee94d4f466ab65908c079ef795145 (plus follow-up commit, woopsie https://salsa.debian.org/installer-team/debian-installer/-/commit/69777be465c5d0210d16159a456ab88535513a07 ) I'm fine with sticking to kmod regarding module support in d-i. I'm not sure we should keep support in two different modules, so dropping it from busybox would work for me. Others might have different views on this, though. Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
On Jan 06, Michael Tokarev wrote: > Yes, some utils in busybox aren't as good as regular implementations. For Yes. Nowadays kmod has many more features related to compressed modules and verification of signatures. Can we agree that kmod should provide these programs for d-i? Or can the d-i maintainers just tell us what they want? -- ciao, Marco signature.asc Description: PGP signature
Re: kmod-udeb vs busybox-udeb: agree on who ships depmod
06.01.2024 11:40, Helmut Grohne: On Sat, Jan 06, 2024 at 09:01:12AM +0100, Helmut Grohne wrote: I also recommend to establish QA for all udebs to automatically detect, report and address such conflicts as they evidently cause undefined behaviour otherwise. That can be as simple as collecting file lists of all udebs and comparing them. This seems like a more generic problem. I downloaded all amd64 udebs and the following files (normalized to account for aliasing) pose a conflict: From this list, only a few utilities are from busybox, namely wget and module utilities (depmod/insmod/lsmod/modinfo/modprobe/rmmod). My initial plan - with regular busybox package and with busybox udeb - is to provide most things in busybox, so that other packages don't need to ship udeb packages and the whole thing (be it d-i or initrd) is small. Yes, some utils in busybox aren't as good as regular implementations. For example, I just found out busybox's xz does not perform compression, only decompression (-d option is mandatory). Or #1003757 - missing functionality in busybox ip. Still, overall, it is enough for most things. BTW, it looks like with compressed kernel modules, busybox m-i-t needs some (albiet minor) tweaks (it works but kernel produces warnings when busybox tries to load a module). Unfortunately this didn't work out for one reason or another. One of the reasons is perhaps #921556, where original util does more than needed but busybox didn't implement the unnecessary functionality. This needs to be thought about at a more general level. Including initrd stuff (if we still need it, instead of relying on mkosi-initrd). I use my own initrd for a good reason, and this one does not include 2 or even 3 libc as debian does.. /mjt
Re: kmod-udeb vs busybox-udeb: agree on who ships depmod
On Sat, Jan 06, 2024 at 09:01:12AM +0100, Helmut Grohne wrote: > I also recommend to establish QA for all udebs to automatically detect, > report and address such conflicts as they evidently cause undefined > behaviour otherwise. That can be as simple as collecting file lists of > all udebs and comparing them. This seems like a more generic problem. I downloaded all amd64 udebs and the following files (normalized to account for aliasing) pose a conflict: ./bin/netcfg ./bin/ptom ./bin/wget ./etc/console-setup/remap.inc ./lib/base-installer.d/40netcfg ./lib/finish-install.d/55netcfg-copy-config ./sbin/depmod ./sbin/insmod ./sbin/lsmod ./sbin/modinfo ./sbin/modprobe ./sbin/rmmod ./usr/share/console-setup/charmap_functions.sh ./usr/share/fonts/truetype/noto/NotoSansSinhala-Bold.ttf ./usr/share/fonts/truetype/noto/NotoSansSinhala-Regular.ttf ./usr/share/fonts/truetype/noto/NotoSerifGujarati-Bold.ttf ./usr/share/fonts/truetype/noto/NotoSerifGujarati-Regular.ttf ./usr/share/keymaps/i386/qwerty/it.kmap.gz ./usr/share/keymaps/i386/qwerty/jp106.kmap.gz ./usr/share/keymaps/i386/qwertz/mac-usb-de-latin1-nodeadkeys.kmap.gz ./usr/share/keymaps/i386/qwertz/mac-usb-de-latin1.kmap.gz ./usr/share/keymaps/i386/qwertz/mac-usb-de_CH.kmap.gz ./usr/share/keymaps/i386/qwertz/mac-usb-fr_CH-latin1.kmap.gz ./usr/share/keymaps/i386/qwertz/mac-usb-pt-latin1.kmap.gz ./usr/share/keymaps/include/compose.latin1.inc.gz So for busybox and kmod, it's not just depmod, but all the others as well. It's also busybox-udeb vs wget-udeb and a bunch of others though. All of the aliased ones will explode sooner or later. Helmut
Bug#1060134: kmod-udeb vs busybox-udeb: agree on who ships depmod
Package: kmod-udeb,busybox-udeb Severity: serious Justification: file conflict X-Debbugs-Cc: Cyril Brulebois , debian-boot@lists.debian.org Hi Cyril, On Sat, Jan 06, 2024 at 04:31:44AM +0100, Cyril Brulebois wrote: > d-i daily builds now FTBFS everywhere due to the merge-usr step, with > the following error: > > merge-usr "./tmp/cdrom/tree" > error: merge target 'usr//sbin/depmod' is a symlink > > It would be nice if you could investigate and suggest what fix(es) would > be best here. I suppose it could be some fallout from the kmod upload > which included some changes of yours, hence the ping. > > > https://tracker.debian.org/news/1491892/accepted-kmod-31-1-source-into-unstable/ Thank you for the report. In investigating it, I note that reproducing the failure was unexpectedly difficult. debian-installer fails to build from source in unstable for unrelated reasons. I request that you update the package more frequently and keep it in a buildable state to ease QA efforts of others. It turns out that /sbin/depmod points to /bin/busybox and /usr/sbin/depmod points to ../bin/kmod. As such, merge-usr does not have a good idea of what to do and rightly refuses to continue. These two files are to be considered a file conflict according to the Debian policy as they only differ in aliasing. I argue that this was a bug before merged-/usr and merged-/usr just makes it visible now. The underlying conflict has existed earlier and was resolved arbitrarily dependent on the order of unpacks. The real solution here is to agree on whether busybox-udeb or kmod-udeb is supposed to provide depmod and only ship it once. Since there is no other consumer of udebs, it does not make sense to install it in both. Cyril, please reassign the bug to the right package (i.e. the one that should not be providing depmod). I also recommend to establish QA for all udebs to automatically detect, report and address such conflicts as they evidently cause undefined behaviour otherwise. That can be as simple as collecting file lists of all udebs and comparing them. Helmut
busybox: CONFIG_FEATURE_DI_ENV_HACK: is it still needed?
Hi! There's a debian-specific patch in busybox since 2017 which adds ability to lift variable name filtering rules for d-i. A comment in there says: This is not a long term fix for this problem: a different approach is needed to parse the values from the kernel command-line, but we don't want to be responsible for holding up the debian-installer alpha release any longer than it has already. Is it still needed in 2024? Thanks, /mjt
Bug#1059053: busybox: CVE-2023-42366
Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2023-42366[0]: | A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the | next_token function at awk.c:1159. https://bugs.busybox.net/show_bug.cgi?id=15874 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42366 https://www.cve.org/CVERecord?id=CVE-2023-42366 Please adjust the affected versions in the BTS as needed.
Bug#1059052: busybox: CVE-2023-42365
Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2023-42365[0]: | A use-after-free vulnerability was discovered in BusyBox v.1.36.1 | via a crafted awk pattern in the awk.c copyvar function. https://bugs.busybox.net/show_bug.cgi?id=15871 (currently down) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42365 https://www.cve.org/CVERecord?id=CVE-2023-42365 Please adjust the affected versions in the BTS as needed.
Bug#1059050: busybox: CVE-2023-42363
Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2023-42363[0]: | A use-after-free vulnerability was discovered in xasprintf function | in xfuncs_printf.c:344 in BusyBox v.1.36.1. https://bugs.busybox.net/show_bug.cgi?id=15865 (currently down) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42363 https://www.cve.org/CVERecord?id=CVE-2023-42363 Please adjust the affected versions in the BTS as needed.
Bug#1059051: busybox: CVE-2023-42364
Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2023-42364[0]: | A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers | to cause a denial of service via a crafted awk pattern in the awk.c | evaluate function. https://bugs.busybox.net/show_bug.cgi?id=15868 (currently down) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42364 https://www.cve.org/CVERecord?id=CVE-2023-42364 Please adjust the affected versions in the BTS as needed.
Bug#1059049: busybox: CVE-2022-48174
Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2022-48174[0]: | There is a stack overflow vulnerability in ash.c:6030 in busybox | before 1.35. In the environment of Internet of Vehicles, this | vulnerability can be executed from command to arbitrary code | execution. https://bugs.busybox.net/show_bug.cgi?id=15216 https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-48174 https://www.cve.org/CVERecord?id=CVE-2022-48174 Please adjust the affected versions in the BTS as needed.
Bug#1057219: marked as done (busybox: possible file loss during upgrade arising from /usr-merge)
Your message dated Tue, 12 Dec 2023 15:46:03 +0100 with message-id <20231212144603.ga68...@subdivi.de> and subject line Re: busybox: possible file loss during upgrade arising from /usr-merge has caused the Debian Bug report #1057219, regarding busybox: possible file loss during upgrade arising from /usr-merge to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057219 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox Version: 1:1.36.1-6 Severity: serious User: helm...@debian.org Usertags: dep17p1 Hi Chris and Michael, I am very sorry to tell you that I found a contrieved /usr-merge problem with the busybox upload. In essence, Conflicts allow for concurrent unpacks in weired situations. As a consequence, you may miss the busybox binary if you upgrade from bookworm to trixie and change from busybox-static to busybox or vice versa in the process. I do not have a solution at this time and file this bug as a migration blocker. If you want to get rid of the rc bug, you may upload a revert. Otherwise, please wait until we have a better understanding of the problem. I am filing a detailed report for systemd-sysv with a very similar issue. Helmut --- End Message --- --- Begin Message --- Hi, On Fri, Dec 01, 2023 at 07:07:20PM +0100, Helmut Grohne wrote: > I am very sorry to tell you that I found a contrieved /usr-merge problem > with the busybox upload. In essence, Conflicts allow for concurrent > unpacks in weired situations. As a consequence, you may miss the busybox > binary if you upgrade from bookworm to trixie and change from > busybox-static to busybox or vice versa in the process. I do not have a > solution at this time and file this bug as a migration blocker. If you > want to get rid of the rc bug, you may upload a revert. Otherwise, > please wait until we have a better understanding of the problem. We now have a better understanding. In particular, the loss scenario requires "scheduling a package for removal" using "dpkg --set-selections" and then unpacking a conflicting package. apt only ever does this when it has to perform a temporary removal. The only known scenario where this was observed for real is when two packages are upgraded and the updated versions mutualy conflict with old versions of one another. This is not the case for busybox and also not for openresolv. For systemd, we will be restoring lost files in postinst. If we ever encounter real loss scenarios for either package, it can be mitigated as follows: 1. Identify all of the lost files. 2. For all regular files, create backup copies in your package in the data.tar. I suggest to use hard links to avoid increasing the package size. 3. In postinst check for absence of any lost file and restore it from the backup copy. In case the lost file is not a regular file, no backup copy is necessary. Directories and symbolic links can be restored directly. This mitigation needs to be in effect until the trixie release and then can be removed. I am now closing these bugs, because apt handles the multiple providers-for-the-same-facility situation without temporary removals. For instance, if you have a bookworm systemd with busybox and miniramfs (an arbitrary package that happens to depend on busybox). Then you change your sources to sid (which has a /usr-moved busybox) and apt install busybox-static (thus changing provider). Then apt will remove busybox (from bookworm with files in /sbin) before installing busybox-static (from sid with files in /usr/sbin) hence not causing the loss scenario. What I'm saying about busybox here likewise holds for openresolv. The way to experience this loss appears to require using dpkg directly and we consider that sufficiently unlikely that we don't handle this case. The release-notes already require upgrades to be performed with apt and we can add an additional warning about this case. Helmut--- End Message ---
Bug#1057219: busybox: possible file loss during upgrade arising from /usr-merge
Package: busybox Version: 1:1.36.1-6 Severity: serious User: helm...@debian.org Usertags: dep17p1 Hi Chris and Michael, I am very sorry to tell you that I found a contrieved /usr-merge problem with the busybox upload. In essence, Conflicts allow for concurrent unpacks in weired situations. As a consequence, you may miss the busybox binary if you upgrade from bookworm to trixie and change from busybox-static to busybox or vice versa in the process. I do not have a solution at this time and file this bug as a migration blocker. If you want to get rid of the rc bug, you may upload a revert. Otherwise, please wait until we have a better understanding of the problem. I am filing a detailed report for systemd-sysv with a very similar issue. Helmut
Bug#1039142: marked as done (busybox: ships sysv-init script without systemd unit)
Your message dated Sat, 18 Nov 2023 20:01:31 +0300 with message-id and subject line Re: Bug#1039142: busybox: ships sysv-init script without systemd unit has caused the Debian Bug report #1039142, regarding busybox: ships sysv-init script without systemd unit to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1039142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox Severity: important User: bl...@debian.org Usertags: missing-systemd-service Dear Maintainer(s), busybox has been flagged by Lintian as shipping a sysv-init script without a corresponding systemd unit file. The default init system in Debian is systemd, and so far this worked because a transitional sysv-init-to-unit generator was shipped by systemd. This is in the process of being deprecated and will be removed by the time Trixie ships, so the remaining packages that ship init scripts without systemd units will stop working. There are various advantages to using native units, for example the legacy generator cannot tell the different between a oneshot service and a long running daemon. Also, sanboxing and security features become available for services. For more information, consult the systemd documentation: https://www.freedesktop.org/software/systemd/man/systemd.unit.html You can find the Lintian warning here: https://lintian.debian.org/sources/busybox In case this is a false positive, please add a Lintian override to silence it and then close this bug. Thanks! --- End Message --- --- Begin Message --- Version: 1:1.36.1-5 17.11.2023 04:54, Michael Biebl: That should do: diff --git a/debian/rules b/debian/rules index 04018718b..54e5cc225 100755 --- a/debian/rules +++ b/debian/rules @@ -175,6 +175,4 @@ execute_before_dh_installinit-indep: override_dh_installsystemd-indep: # explicitly list all packages with .service files here dh_installsystemd -pbusybox-syslogd --name=busybox-klogd - dh_installsystemd -pbusybox-syslogd -# the following does not work (see #1039142 for details): -# dh_installsystemd -pudhcpd --no-enable --no-start + dh_installsystemd -pudhcpd --no-enable This is the very first thing I tried. Dunno why it didn't work for me. Re-tried it again and it worked. I've also dropped After=syslog.service as syslog is socket activated by default, so this is not necessary. Heh. busybox-syslogd knows absolutely nothing about systemd. I just made it socket-activated, see https://salsa.debian.org/installer-team/busybox/-/commit/5fa354a144a79cea7e2b5d33bcf43a3b35f94faa for details :) It is interesting that even socket-activated it needs to be enabled still, or else it is not activated. And your suggested change above (which omits dh_installsystemd for busybox-syslogd entirely) is more wrong, since this way we also omit shipping the service file). Uploaded, but forgot to close this bug report. Doing this now. Thank you for the help! /mjt--- End Message ---
Bug#1039142: busybox: ships sysv-init script without systemd unit
Am 17.11.23 um 02:54 schrieb Michael Biebl: That should do: [snip patch] oops, dropped one line too much from debian/rules. Fixed patch attached. diff --git a/debian/rules b/debian/rules index 04018718b..b24b8f46f 100755 --- a/debian/rules +++ b/debian/rules @@ -176,5 +176,4 @@ override_dh_installsystemd-indep: # explicitly list all packages with .service files here dh_installsystemd -pbusybox-syslogd --name=busybox-klogd dh_installsystemd -pbusybox-syslogd -# the following does not work (see #1039142 for details): -# dh_installsystemd -pudhcpd --no-enable --no-start + dh_installsystemd -pudhcpd --no-enable diff --git a/debian/udhcpd.service b/debian/udhcpd.service index 0cdc24bc7..0d01d9722 100644 --- a/debian/udhcpd.service +++ b/debian/udhcpd.service @@ -1,7 +1,7 @@ [Unit] Description=Busybox udhcpd DHCP daemon Documentation=man:udhcpd(8) -After=syslog.service network.target +After=network.target [Service] Environment=DHCPD_OPTS="-S" OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1039142: busybox: ships sysv-init script without systemd unit
On Tue, 14 Nov 2023 17:41:23 +0300 Michael Tokarev wrote: 14.11.2023 14:56, Luca Boccassi wrote: > On Mon, 13 Nov 2023 18:42:09 +0300 Michael Tokarev > wrote: .. >> With just dh_installsystemd --no-enable, it is still started. >> With dh_installsystemd --no-enable --no-start, it is started >> as well, - apparently because initscript is started. Also, >> with --no-enable --no-start, it is not restarted on upgrades >> if enabled locally. >> >> After doing several iterations, I decided to abandon this attempt, - >> it just does not work, and I've no time to fight with the tools. >> >> If someone has a working recipe for all this madness, please >> share a patch for d/rules. >> >> Tagging with "help" for now. > > Could you please share a branch or a patch with your attempt? What you > tried should work, but it's hard to say without looking at the > implementation in details. Sure thing, it is in current busybox master on salsa, here: https://salsa.debian.org/installer-team/busybox/-/blob/master/debian/rules#L172 with udhcpd.service & udhcpd.init in the same dir. That should do: diff --git a/debian/rules b/debian/rules index 04018718b..54e5cc225 100755 --- a/debian/rules +++ b/debian/rules @@ -175,6 +175,4 @@ execute_before_dh_installinit-indep: override_dh_installsystemd-indep: # explicitly list all packages with .service files here dh_installsystemd -pbusybox-syslogd --name=busybox-klogd - dh_installsystemd -pbusybox-syslogd -# the following does not work (see #1039142 for details): -# dh_installsystemd -pudhcpd --no-enable --no-start + dh_installsystemd -pudhcpd --no-enable diff --git a/debian/udhcpd.service b/debian/udhcpd.service index 0cdc24bc7..0d01d9722 100644 --- a/debian/udhcpd.service +++ b/debian/udhcpd.service @@ -1,7 +1,7 @@ [Unit] Description=Busybox udhcpd DHCP daemon Documentation=man:udhcpd(8) -After=syslog.service network.target +After=network.target [Service] Environment=DHCPD_OPTS="-S" Only "--no-enable" is necessary. disabled services won't be (re)started. Once enabled by the user, future package upgrades will restart the service. I've also dropped After=syslog.service as syslog is socket activated by default, so this is not necessary. root@pluto:~# apt install /tmp/udhcpd_1.36.1-5_all.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'udhcpd' instead of '/tmp/udhcpd_1.36.1-5_all.deb' The following NEW packages will be installed: udhcpd 0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded. Need to get 0 B/12.4 kB of archives. After this operation, 51.2 kB of additional disk space will be used. Get:1 /tmp/udhcpd_1.36.1-5_all.deb udhcpd all 1:1.36.1-5 [12.4 kB] Retrieving bug reports... Done Parsing Found/Fixed information... Done Selecting previously unselected package udhcpd. (Reading database ... 403057 files and directories currently installed.) Preparing to unpack /tmp/udhcpd_1.36.1-5_all.deb ... Unpacking udhcpd (1:1.36.1-5) ... Setting up udhcpd (1:1.36.1-5) ... udhcpd.service is a disabled or a static unit, not starting it. Processing triggers for man-db (2.12.0-1) ... root@pluto:~# systemctl status udhcpd.service ○ udhcpd.service - Busybox udhcpd DHCP daemon Loaded: loaded (/usr/lib/systemd/system/udhcpd.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:udhcpd(8) OpenPGP_signature.asc Description: OpenPGP digital signature
Bug#1039142: busybox: ships sysv-init script without systemd unit
14.11.2023 14:56, Luca Boccassi wrote: On Mon, 13 Nov 2023 18:42:09 +0300 Michael Tokarev wrote: .. With just dh_installsystemd --no-enable, it is still started. With dh_installsystemd --no-enable --no-start, it is started as well, - apparently because initscript is started. Also, with --no-enable --no-start, it is not restarted on upgrades if enabled locally. After doing several iterations, I decided to abandon this attempt, - it just does not work, and I've no time to fight with the tools. If someone has a working recipe for all this madness, please share a patch for d/rules. Tagging with "help" for now. Could you please share a branch or a patch with your attempt? What you tried should work, but it's hard to say without looking at the implementation in details. Sure thing, it is in current busybox master on salsa, here: https://salsa.debian.org/installer-team/busybox/-/blob/master/debian/rules#L172 with udhcpd.service & udhcpd.init in the same dir. Thanks, /mjt
Bug#1039142: busybox: ships sysv-init script without systemd unit
On Mon, 13 Nov 2023 18:42:09 +0300 Michael Tokarev wrote: > Control: tag -1 + help > > On Sun, 25 Jun 2023 23:20:24 +0100 bl...@debian.org wrote: > > Package: busybox > > Severity: important > > User: bl...@debian.org > > Usertags: missing-systemd-service > > > > Dear Maintainer(s), > > > > busybox has been flagged by Lintian as shipping a sysv-init script > > without a corresponding systemd unit file. The default init system in > > Debian is systemd, and so far this worked because a transitional > > sysv-init-to-unit generator was shipped by systemd. This is in the > > process of being deprecated and will be removed by the time Trixie > > ships, so the remaining packages that ship init scripts without > > systemd units will stop working. > > > > There are various advantages to using native units, for example the > > legacy generator cannot tell the different between a oneshot service > > and a long running daemon. Also, sanboxing and security features > > become available for services. For more information, consult the > > systemd documentation: > > https://www.freedesktop.org/software/systemd/man/systemd.unit.html > > > > You can find the Lintian warning here: > > > > https://lintian.debian.org/sources/busybox > > This site can't be found. But it's ok. Yeah things around Lintian publishing have changed since these bugs have been filed > So in current state, only udhcpd lacks systemd file. So I tried to > provide one. The initscript for udhcpd checks for UDHCPD_ENABLED=yes/no > in /etc/default/udhcpd and does nothing if it is not enabled, which > is the default. Since there's no way in systemd to check for that > (well, there is, with ExecConditional, but it ugly at best), I thought > to ship udhcpd.service not enabled by default. Except it doesn't > work. > > With just dh_installsystemd --no-enable, it is still started. > With dh_installsystemd --no-enable --no-start, it is started > as well, - apparently because initscript is started. Also, > with --no-enable --no-start, it is not restarted on upgrades > if enabled locally. > > After doing several iterations, I decided to abandon this attempt, - > it just does not work, and I've no time to fight with the tools. > > If someone has a working recipe for all this madness, please > share a patch for d/rules. > > Tagging with "help" for now. Could you please share a branch or a patch with your attempt? What you tried should work, but it's hard to say without looking at the implementation in details. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#1039142: busybox: ships sysv-init script without systemd unit
Control: tag -1 + help On Sun, 25 Jun 2023 23:20:24 +0100 bl...@debian.org wrote: Package: busybox Severity: important User: bl...@debian.org Usertags: missing-systemd-service Dear Maintainer(s), busybox has been flagged by Lintian as shipping a sysv-init script without a corresponding systemd unit file. The default init system in Debian is systemd, and so far this worked because a transitional sysv-init-to-unit generator was shipped by systemd. This is in the process of being deprecated and will be removed by the time Trixie ships, so the remaining packages that ship init scripts without systemd units will stop working. There are various advantages to using native units, for example the legacy generator cannot tell the different between a oneshot service and a long running daemon. Also, sanboxing and security features become available for services. For more information, consult the systemd documentation: https://www.freedesktop.org/software/systemd/man/systemd.unit.html You can find the Lintian warning here: https://lintian.debian.org/sources/busybox This site can't be found. But it's ok. So in current state, only udhcpd lacks systemd file. So I tried to provide one. The initscript for udhcpd checks for UDHCPD_ENABLED=yes/no in /etc/default/udhcpd and does nothing if it is not enabled, which is the default. Since there's no way in systemd to check for that (well, there is, with ExecConditional, but it ugly at best), I thought to ship udhcpd.service not enabled by default. Except it doesn't work. With just dh_installsystemd --no-enable, it is still started. With dh_installsystemd --no-enable --no-start, it is started as well, - apparently because initscript is started. Also, with --no-enable --no-start, it is not restarted on upgrades if enabled locally. After doing several iterations, I decided to abandon this attempt, - it just does not work, and I've no time to fight with the tools. If someone has a working recipe for all this madness, please share a patch for d/rules. Tagging with "help" for now. Thanks, /mjt
Processed: Re: Bug#1039142: busybox: ships sysv-init script without systemd unit
Processing control commands: > tag -1 + help Bug #1039142 [busybox] busybox: ships sysv-init script without systemd unit Added tag(s) help. -- 1039142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#984816: marked as done (busybox resume fails to resume with swap file after hibernation)
Your message dated Mon, 13 Nov 2023 18:55:56 +0300 with message-id <9a2028ef-55db-4f09-992b-454cb6d0e...@tls.msk.ru> and subject line Re: Bug#984816: busybox resume fails to resume with swap file after hibernation has caused the Debian Bug report #984816, regarding busybox resume fails to resume with swap file after hibernation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 984816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984816 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox-static Version: 1:1.30.1-6 Hi. I wasn't able to figure out all the details yet and likely won't get to that in the next few weeks. However, I tried getting hibernation to work on a machine with only a swap file. This failed miserably (machine appeared to hibernate properly, but on reboot, the script in the initrd (local-premount/resume, from initramfs-tools) did call /usr/bin/resume properly (I added some echo/sleep commands to see what happens), but that just terminated apparently, without any error message or similar. Reproduction (on ext4, btrfs needs more involved procedure for offset): 1) create a sufficiently large file /swap 2) mkswap /swap 3) Add swap to /etc/fstab 4) Figure out parameters for resume/resume_offset, /sys/power/resume_offset and /sys/power/resume resume=$(findmnt -no SOURCE -T /swap) findmnt -no MAJ:MIN -T /swap > /sys/power/resume resume_offset=$(debugfs -R 'bmap /swap 0' $resume 2>/dev/null) cat > /etc/initramfs-tools/conf.d/resume < /sys/power/resume_offset (Note the different capitalization for conf.d/resume - it is needed this way) Run 'update-initramfs -k all -u' Now you should be ready to hibernate (NOTE: Unless the bug is fixed or you configured initramfs-tools to _not_ use busybox, this will potentially lead to data loss, close all programs) echo shutdown > /sys/power/disk echo disk > /sys/power/state your system should now suspend to disk and power off. On power-on, the expected state would be that the machine resumes. The actual state is that the machine does a fresh boot (after running /usr/bin/resume $resume $resume_offset though). Cross-check: Modify /usr/share/initramfstools/hooks/klibc-utils by adding: rm "$DESTDIR/bin/resume" cp -pL /usr/lib/klibc/bin/resume "$DESTDIR/bin/resume" Re-run the steps from "resume=" above. The system properly resumes from hibernation. I know that the "resume" tool in busybox originates from the code in klibc-utils, but right now, the one in busybox doesn't work in this scenario while the one from klibc-utils does. Cheers, Sven --- End Message --- --- Begin Message --- Version: 1.35.0-1 On Fri, 19 Mar 2021 09:29:48 +0100 Sven Mueller wrote: Tags 984816 + patch upstream Severity 984816 important This is https://bugs.busybox.net/show_bug.cgi?id=12006 - which also has a patch which wasn't adopted yet (but is straight from klibc-utils, so really should get adopted). This has been fixed in upstream 1.33 version, and in debian 1.35.0-1. Closing this bugreport now. Thanks, /mjt--- End Message ---
Bug#964579: marked as done (lsblk not included in busybox version used with installer)
Your message dated Mon, 13 Nov 2023 15:15:08 +0300 with message-id and subject line Re: Bug#964579: lsblk not included in busybox version used with installer has caused the Debian Bug report #964579, regarding lsblk not included in busybox version used with installer to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 964579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox Version: 1:1.30.1-4 Severity: wishlist x-debbugs-cc: Russell Weber submitter: Russell Weber On Wed, Jul 08, 2020 at 02:43:43PM -0600, Russell Weber wrote: > Package: busybox > Version: 1:1.30.1-4 > Severity: wishlist > lsblk is a very useful tool for understanding your current disks and block > devices. It can be used to > query lots of information including disk manufacturer, serial number, model > number, the structure of your disks if the disk is already in use for > another block device. Given that the installer has mission critical goals > associated with the disks, it's a bit of a mystery that lsblk isn't > included into the busy box implementation used in the installer. This is > especially important when seeding automatic/unattended installs for debian > since many of the seed files used will query information from disks in > scripts using the "d-i partman/early_command string" of debconf. I can see > that this issue has been raised in multiple places online: stack overflow, > IRC. However, scanning older tickets, I was not able to find a ticket > which raises the issue. Is there any reason that lsblk as a command is not > included? As far as I can tell, the bloat size would only be around 20-40 > KiB in size. May I suggest that we start including the lsblk binaries in > the next versions of Debian? I hope this works out for a proper bugreport as intended. cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature --- End Message --- --- Begin Message --- On Thu, 12 May 2022 12:02:54 -0700 (PDT) Metztli Information Technology wrote: Niltze- On Sun, May 8, 2022 at 2:06 PM Michael Tokarev wrote: > This applet is not written. Busybox utilities have their limitations. For instance, I had to create mount/umount UDEBs because the d-i busybox equivalents would fail on Reiser4 SFRN4/SFRN5 file systems when installing Debian. < https://metztli.blog/media/blogs/calli/Bullseye-SFRN5/xonecuiltzin-5.13.19-reizer4-sfrn-5.1.3.mp4?mtime=1636642043 > Accordingly, probably including an lsblk UDEB in d-i would likely be more adequate, i.e., the last two(2) UDEBs -- which already exist -- are required for lsblk in d-i: I still fail to see how one can include something which does not exist. Once again: lsblk busybox applet is not written, it should be written before it is possible to include it. I'm closing this bugreport now, as there's no reason to keep it open. /mjt--- End Message ---
Bug#1055307: busybox: CVE-2023-39810
Source: busybox X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for busybox. CVE-2023-39810[0]: | An issue in the CPIO command of Busybox v1.33.2 allows attackers to | execute a directory traversal. https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-39810 https://www.cve.org/CVERecord?id=CVE-2023-39810 Please adjust the affected versions in the BTS as needed.
Bug#1039710: marked as done (busybox-udeb: /var/log/syslog is empty)
Your message dated Thu, 03 Aug 2023 23:20:30 + with message-id and subject line Bug#1039710: fixed in busybox 1:1.36.1-3.1 has caused the Debian Bug report #1039710, regarding busybox-udeb: /var/log/syslog is empty to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1039710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: debian-installer Version: daily build 2023-06-28T05:19Z Severity: grave Tags: d-i Justification: renders package unusable X-Debbugs-Cc: p...@hands.com Hello Debian-installer maintainers, On openQA [1] the installation tests with the latest netinst image [2] fail, because GRUB cannot install. I've tried to look a bit deeper into the issue, but I cannot proceed, because /var/log/syslog is empty. So effectively there are possibly two issues in this report: 1) Failure in grub 2) No logging to /var/log/syslog My findings so far: * The command line arguments of syslogd and klogd (both from Busybox) have not changed between Bookworm and Trixie. * At the moment of the failure, the /var/log folder contains only 3 files [3]: syslog (a single line, stating that syslog was started from Busybox [4]), partman and Xorg.0.log * When running `logger`, an entry should have been created in /var/log/syslog, but that doesn't happen. The netinst image from Bookworm works correctly. * Possibly relevant packages that have been updated: busybox, libc, linux- image, bsdutils With kind regards, Roland Clobus [1] https://openqa.debian.net/tests/167456 [2] https://get.debian.org/images/daily-builds/daily/arch-latest/amd64/iso- cd/debian-testing-amd64-netinst.iso [3] https://openqa.debian.net/tests/167456/file/grub-var_log.tar [4] https://openqa.debian.net/tests/167456/logfile?filename=DI_syslog.txt PS: Attached system information is from my personal computer, not the installed system -- System Information: Debian Release: 12.0 APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- Source: busybox Source-Version: 1:1.36.1-3.1 Done: Steve McIntyre <93...@debian.org> We believe that the bug you reported is fixed in the latest version of busybox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1039...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve McIntyre <93...@debian.org> (supplier of updated busybox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 03 Aug 2023 21:22:44 +0100 Source: busybox Architecture: source Version: 1:1.36.1-3.1 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Steve McIntyre <93...@debian.org> Closes: 1039710 Changes: busybox (1:1.36.1-3.1) unstable; urgency=medium . * NMU * Revert recent changes that have broken syslogd in d-i. Closes: #1039710 Checksums-Sha1: 2c296d809815f286fb98eede39da174716b6b999 2312 busybox_1.36.1-3.1.dsc f1127d7cdaad49d1c036cb47cf4cab5fa0645985 64680 busybox_1.36.1-3.1.debian.tar.xz f3bc7ce917ed5b80d9000948f87f38a7b2d3b4ce 6160 busybox_1.36.1-3.1_source.buildinfo Checksums-Sha256: 764e284a165dbf37a008a02fbfaf8a3ab2186a309fcd3a905aa32501d81a0682 2312 busybox_1.36.1-3.1.dsc acbdd882ea73b62e2320198f3e68d79a960c1da7046a90601060f406a44c051d 64680 busybox_1.36.1-3.1.debian.tar.xz e1f591ede73556c8b01a004afdbe981b77986555fa518e714cfe99b9cf06e01c 6160 busybox_1.36.1-3.1_source.buildinfo Files: 7af430428d576204910350271d1da8b3 2312 utils optional busybox_1.36.1-3.1.dsc 9107eefb885a9e72ba0636ca3246374a 64680 utils optional busybox_1.36.1-3.1.debian.tar.xz 5c71cc338babaa7fc3f66decbe6bb88d 6160 utils optional busybox_1.36.1-3.1_source.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCAAvFiEE
Processed: Re: Bug#1039710: busybox-udeb: /var/log/syslog is empty
Processing control commands: > retitle -1 busybox-udeb: /var/log/syslog is empty Bug #1039710 [busybox-udeb] debian-installer: Grub installation fails and /var/log/syslog is empty Changed Bug title to 'busybox-udeb: /var/log/syslog is empty' from 'debian-installer: Grub installation fails and /var/log/syslog is empty'. -- 1039710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1039710: busybox-udeb: /var/log/syslog is empty
Control: retitle -1 busybox-udeb: /var/log/syslog is empty On 28/06/2023 22:54, Cyril Brulebois wrote: With a local build, confirmed -3 is buggy, and that reverting only busybox-udeb to -1 is sufficient to restore syslog support in the installer. Confirmed and details to reproduce: * Download the busybox binary file from [1] and extract the file `busybox` * Run the latest netinst image in Qemu/KVM (sid) * Select the installer * Answer all the questions and let it run until an error (to make sure that the network is properly configured) * Select a shell in the installer * Download the older busybox binary file (you can use my server) `cd /` `wget http://pioneers.game-host.org/busybox` `chmod a+x busybox` * Kill the running syslogd `ps | grep syslogd` `kill ` * Restart syslogd from the older busybox `/busybox syslogd -m 0 -O /var/log/syslog -S` * Log something `logger -t Test It works now` * Send Ctrl-Alt-F4, to see the output in the log With kind regards, Roland Clobus [1] https://snapshot.debian.org/archive/debian/20230608T144245Z/pool/main/b/busybox/busybox-udeb_1.36.1-1_amd64.udeb OpenPGP_signature Description: OpenPGP digital signature
Bug#1039142: busybox: ships sysv-init script without systemd unit
Package: busybox Severity: important User: bl...@debian.org Usertags: missing-systemd-service Dear Maintainer(s), busybox has been flagged by Lintian as shipping a sysv-init script without a corresponding systemd unit file. The default init system in Debian is systemd, and so far this worked because a transitional sysv-init-to-unit generator was shipped by systemd. This is in the process of being deprecated and will be removed by the time Trixie ships, so the remaining packages that ship init scripts without systemd units will stop working. There are various advantages to using native units, for example the legacy generator cannot tell the different between a oneshot service and a long running daemon. Also, sanboxing and security features become available for services. For more information, consult the systemd documentation: https://www.freedesktop.org/software/systemd/man/systemd.unit.html You can find the Lintian warning here: https://lintian.debian.org/sources/busybox In case this is a false positive, please add a Lintian override to silence it and then close this bug. Thanks!
Bug#907189: marked as done (busybox-syslogd: Please provide systemd .service files (attached))
Your message dated Thu, 08 Jun 2023 08:49:12 + with message-id and subject line Bug#907189: fixed in busybox 1:1.36.1-1 has caused the Debian Bug report #907189, regarding busybox-syslogd: Please provide systemd .service files (attached) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 907189: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907189 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox-syslogd Version: 1:1.22.0-19 Tags: patch Please add systemd .service files to busybox-syslogd. The attached files are taken from OpenEmbedded and seem to work on my embedded device on Debian 9. Thanks in advance! References: https://raw.githubusercontent.com/dirtybit/gumstix-yocto/master/meta-openembedded/meta-oe/recipes-core/busybox/busybox/busybox-syslog.service.in https://git.congatec.com/yocto/meta-openembedded/raw/c48a6a605c6d8d38cfbc5df39b3dc310bffc07c1/meta-oe/recipes-core/busybox/busybox/busybox-syslog.service.in https://raw.githubusercontent.com/dirtybit/gumstix-yocto/master/meta-openembedded/meta-oe/recipes-core/busybox/busybox/busybox-klogd.service.in https://git.congatec.com/yocto/meta-openembedded/raw/c48a6a605c6d8d38cfbc5df39b3dc310bffc07c1/meta-oe/recipes-core/busybox/busybox/busybox-klogd.service.in [Unit] Description=System Logging Service Wants=busybox-klogd.service [Service] EnvironmentFile=-/etc/default/busybox-syslogd ExecStart=/sbin/syslogd -n $OPTIONS Sockets=syslog.socket [Install] WantedBy=multi-user.target Also=busybox-klogd.service [Unit] Description=Kernel Logging Service [Service] ExecStart=/sbin/klogd -n [Install] WantedBy=multi-user.target --- End Message --- --- Begin Message --- Source: busybox Source-Version: 1:1.36.1-1 Done: Michael Tokarev We believe that the bug you reported is fixed in the latest version of busybox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 907...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev (supplier of updated busybox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Jun 2023 11:36:09 +0300 Source: busybox Architecture: source Version: 1:1.36.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Michael Tokarev Closes: 857760 893843 907189 Changes: busybox (1:1.36.1-1) unstable; urgency=medium . * new upstream release 1.36.0 (and bugfix release 1.36.1) (Closes: CVE-2022-30065, use after free in awk) * use-libresolv-on-non-linux-too.patch: remove for now (upstream did it in a different, incomplete way) * spelling.diff: remove hunks which are applied upstream * fix-non-linux-build.patch: remove hunks which are applied upstream * refresh configs: enable ash sleep builtin, sha1/sha256 hwaccel, loop configure ioctl. New applets (tsort, seedrngm, tree) are not enabled * d/control: remove lsb-base from Depends of busybox-syslogd & udhcpd lsb-base was in Depends becase it provided /lib/lsb/init-functions file for the sysvinit initscripts in these packages. Now, sysvinit-utils has eaten this file. But this package is essential, so there's no need to depend on things providing init-functions anymore. * move udhcpd files from debian/tree/udhcpd/ to debian/ * deb,static: enable nbd-client applet (Closes: #893843) * d/control: bump Standards-Version to 4.6.2 (no changes) * deb,static: enable nbd-client applet (Closes: #893843) * syslogd: - deb,static: enable syslog.conf and log rotation support for syslogd (Closes: #857760) - +syslogd-fork-after-init-not-before.patch: make syslogd init failures and error messages visible - busybox-syslogd package: - rewrite busybox-syslogd.init and busybox-klogd.init: - provide simple busybox-syslogd.service and busybox-klogd.service for systemd (Closes: #907189) - ship simple /etc/syslog.conf and syslog.conf.txt in docs * d/control: fix udhcpc & udhcpd names * udhcpc & udhcpd: make them Architecture: all instead of (linux-)any. The packages does not have any archi
Bug#857760: marked as done (busybox-syslogd: Needs CONFIG_FEATURE_SYSLOGD_DUP to support duplicate message suppression (-D option))
Your message dated Thu, 08 Jun 2023 08:49:12 + with message-id and subject line Bug#857760: fixed in busybox 1:1.36.1-1 has caused the Debian Bug report #857760, regarding busybox-syslogd: Needs CONFIG_FEATURE_SYSLOGD_DUP to support duplicate message suppression (-D option) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 857760: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857760 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: busybox Version: 1:1.22.0-19 Severity: normal The -D option to busybox-syslogd needs the build config option FEATURE_SYSLOGD_DUP. The default file for the busybox-syslogd initscript alludes to duplicate message suppression but doesn't use it, which is why I've set this to normal rather than wishlist priority. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) --- End Message --- --- Begin Message --- Source: busybox Source-Version: 1:1.36.1-1 Done: Michael Tokarev We believe that the bug you reported is fixed in the latest version of busybox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 857...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev (supplier of updated busybox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Jun 2023 11:36:09 +0300 Source: busybox Architecture: source Version: 1:1.36.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Michael Tokarev Closes: 857760 893843 907189 Changes: busybox (1:1.36.1-1) unstable; urgency=medium . * new upstream release 1.36.0 (and bugfix release 1.36.1) (Closes: CVE-2022-30065, use after free in awk) * use-libresolv-on-non-linux-too.patch: remove for now (upstream did it in a different, incomplete way) * spelling.diff: remove hunks which are applied upstream * fix-non-linux-build.patch: remove hunks which are applied upstream * refresh configs: enable ash sleep builtin, sha1/sha256 hwaccel, loop configure ioctl. New applets (tsort, seedrngm, tree) are not enabled * d/control: remove lsb-base from Depends of busybox-syslogd & udhcpd lsb-base was in Depends becase it provided /lib/lsb/init-functions file for the sysvinit initscripts in these packages. Now, sysvinit-utils has eaten this file. But this package is essential, so there's no need to depend on things providing init-functions anymore. * move udhcpd files from debian/tree/udhcpd/ to debian/ * deb,static: enable nbd-client applet (Closes: #893843) * d/control: bump Standards-Version to 4.6.2 (no changes) * deb,static: enable nbd-client applet (Closes: #893843) * syslogd: - deb,static: enable syslog.conf and log rotation support for syslogd (Closes: #857760) - +syslogd-fork-after-init-not-before.patch: make syslogd init failures and error messages visible - busybox-syslogd package: - rewrite busybox-syslogd.init and busybox-klogd.init: - provide simple busybox-syslogd.service and busybox-klogd.service for systemd (Closes: #907189) - ship simple /etc/syslog.conf and syslog.conf.txt in docs * d/control: fix udhcpc & udhcpd names * udhcpc & udhcpd: make them Architecture: all instead of (linux-)any. The packages does not have any architecture-dependent parts at all (just the startup scripts), the only reason to make them arch-any is to exclude non-linux architectures. But it seems it isn't worth the efforts really. Both packages becomes installable on non-linux but will not work. * udhcpd: rewrite the startup script * d/rules: adjust arch/indep rules so it build just the required parts, simplify install/link rules Checksums-Sha1: 60c60924c57e118c7250ba4df8f35e65300e9874 2204 busybox_1.36.1-1.dsc a5d40ca0201b20909f7a8
Bug#907189: busybox-syslogd: Please provide systemd .service files (attached)
21.01.2023 19:49, Michael Tokarev wrote: .. What's the reason to provide these systemd services for busybox-syslogd? In my view, busybox-syslogd can be used as a minimal syslogging service on a bare minimal system without much else besides busybox itself. On a system with systemd, systemd-journald is already running, and provides far better logging services than busybox-syslogd, including kernel logging and /dev/log redirection. I don't really see the point in providing systemd .services for busybox-syslogd. After some thinking and facing issues with logging on a low-power machine where systemd-journald is taking just too much time to find journal entries, I think it is a good idea to provide busybox-syslogd. In /etc/init.d/busybox-klogd, we have if running_under_systemd; then exit; fi - added by me, with a comment stating klogd makes no sense under systemd. This is apparently wrong, - yes, journald does intercept kernel log and logs it to the journal, but it suffers from the same prob: on a low-power machine these journal entries takes ages to retrieve. So it makes sense to package klogd too, and to provide systemd service file for it. Doing that now. /mjt
Bug#1014243: marked as done (busybox-syslogd: The 'syslog' daemon is running, but no configuration file can be found.)
Your message dated Tue, 6 Jun 2023 17:31:41 +0300 with message-id <9d994014-4330-109f-5040-30c21fc16...@tls.msk.ru> and subject line Re: Bug#1014243: busybox-syslogd: The 'syslog' daemon is running, but no configuration file can be found. has caused the Debian Bug report #1014243, regarding busybox-syslogd: The 'syslog' daemon is running, but no configuration file can be found. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1014243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox-syslogd Version: 1:1.35.0-1 Severity: important X-Debbugs-Cc: tmcconnell...@gmail.com Dear Maintainer, What led up to the situation? No idea, I've never touched the configuration (that I know of) What exactly did you do (or not do) that was effective (or ineffective)? not sure, it was in a cron daily report.And wasn't in the previous one. What was the outcome of this action? received email from Cron Daily with subject line :"[rkhunter] DebianTim - Daily report" and in the body of the email it states: "Warning: The 'syslog' daemon is running, but no configuration file can be found." I have no idea where that might be to check it, the man pages point to this program for syslog. What outcome did you expect instead? Not to get this type of email -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.18.0-2-rt-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages busybox-syslogd depends on: ii busybox 1:1.35.0-1 ii init-system-helpers 1.63 ii lsb-base 11.2 busybox-syslogd recommends no packages. busybox-syslogd suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- On Sat, 02 Jul 2022 12:30:48 -0500 Tim McConnell wrote: Package: busybox-syslogd Version: 1:1.35.0-1 Severity: important X-Debbugs-Cc: tmcconnell...@gmail.com Dear Maintainer, What led up to the situation? No idea, I've never touched the configuration (that I know of) This is definitely not a bug in busybox-syslogd: current version of syslogd implementation in busybox, as shipped in debian, does not use a configuration file. I've no idea which software produced the warning mentioned in the subject line. Again, it is not busybox. Closing this bugreport. Thanks, /mjt--- End Message ---
Processed: Re: Bug#907189: busybox-syslogd: Please provide systemd .service files (attached)
Processing control commands: > tag -1 + moreinfo Bug #907189 [busybox-syslogd] busybox-syslogd: Please provide systemd .service files (attached) Added tag(s) moreinfo. -- 907189: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907189 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#907189: busybox-syslogd: Please provide systemd .service files (attached)
Control: tag -1 + moreinfo On Fri, 24 Aug 2018 16:39:00 +0200 "W. Martin Borgert" wrote: Package: busybox-syslogd Version: 1:1.22.0-19 Tags: patch Please add systemd .service files to busybox-syslogd. The attached files are taken from OpenEmbedded and seem to work on my embedded device on Debian 9. Thanks in advance! What's the reason to provide these systemd services for busybox-syslogd? In my view, busybox-syslogd can be used as a minimal syslogging service on a bare minimal system without much else besides busybox itself. On a system with systemd, systemd-journald is already running, and provides far better logging services than busybox-syslogd, including kernel logging and /dev/log redirection. I don't really see the point in providing systemd .services for busybox-syslogd. Thanks, /mjt
Bug#1023503: marked as done (busybox-static: "ALERT! UUID=xxx does not exist. Dropping to a shell!" since 1:1.35.0-3)
Your message dated Sat, 21 Jan 2023 19:52:12 +0300 with message-id <19e888b1-c7be-78af-1b16-e51acc21d...@msgid.tls.msk.ru> and subject line Re: busybox-static: "ALERT! UUID=xxx does not exist. Dropping to a shell!" since 1:1.35.0-3 has caused the Debian Bug report #1023503, regarding busybox-static: "ALERT! UUID=xxx does not exist. Dropping to a shell!" since 1:1.35.0-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1023503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023503 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox-static Version: 1:1.35.0-3 Severity: normal Hello everynyan! Since 1:1.35.0-3, initramfs doesn't find the UUID of the root partition anymore and drops me to a shell. In the shell however, the uuid is listed in both /dev/disk/by-uuid and blkid. At first, I didn't even know how I would boot going forward. First I tried seting rootdelay in grub, but without any success. Only randomly would I try to go root=/dev/sda2, setting the root partition by path, thereby being able to see my login screen again. Unsure of what to do, I tune2fs -U random every uuid and change the fstab accordingly, followed by update-initramfs -u and update-grub. When rebooting, initramfs just complains that it can't locate the new uuid. Next I randomly downgrade packages that apt updated recently. Ultimately I discover that when using busybox-static 1:1.35.0-2, the problem is gone. When upgrading back to 1:1.35.0-3, it's there again. There you go, Bye -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-2-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information --- End Message --- --- Begin Message --- Version: 1:1.35.0-4 On Sat, 5 Nov 2022 15:37:32 +0100 Stefan Berzl wrote: Package: busybox-static Version: 1:1.35.0-3 Severity: normal Hello everynyan! Since 1:1.35.0-3, initramfs doesn't find the UUID of the root partition anymore and drops me to a shell. In the shell however, the uuid is listed in both /dev/disk/by-uuid and blkid. This is #1023501, which has been fixed in 1.35.0-4: busybox (1:1.35.0-4) unstable; urgency=medium * static build: disable blkid applet (CONFIG_BLKID, #1023501) Since static build has CONFIG_FEATURE_PREFER_APPLETS=y, enabling any utility which is also provided by the system in other ways can be risky, since busybox shell will choose its applet version instead of running the actual utility, even if that utility file exists in $PATH. After enabling blkid, we effectively overwrote blkid from libblkid as used in initramfs. The result was non- working udev rules for block devices (not creating /dev/disk/by-*/), and the system's unbootable. Disable it for now at least on static build. Closes: 1023501 Thanks, /mjt--- End Message ---
Re: Cross-compiling Busybox debian package
Hi, On Fri, 30 Dec 2022 at 23:26, Clément Péron wrote: > > Dear Debian Mentors and Busybox Deb maintainers, > > This is my first debian package compilation :) > > I'm trying to cross compile the busybox deb package (ADM64 -> ARM64). > > After reading a bit of doc on the compilation I do the following steps: > > dpkg --add-architecture arm64 > apt build-dep -aarm64 -y busybox > apt source busybox > cd busybox-1.35.0 > export DEB_BUILD_OPTIONS=nocheck > debuild --host-arch arm64 -b --no-sign > > You can find the complete step on my github repo: > https://github.com/clementperon/busybox-ubnt-build/blob/main/.github/workflows/default.yml#L37-L71 > > But I got the following errors: > dpkg-shlibdeps: error: cannot find library libresolv.so.2 needed by > debian/busybox/bin/busybox (ELF format: 'elf64-littleaarch64' abi: > '020100b7'; RPATH: '') > 2474dpkg-shlibdeps: error: cannot find library libc.so.6 needed by > debian/busybox/bin/busybox (ELF format: 'elf64-littleaarch64' abi: > '020100b7'; RPATH: '') > 2475dpkg-shlibdeps: error: cannot find library ld-linux-aarch64.so.1 > needed by debian/busybox/bin/busybox (ELF format: > 'elf64-littleaarch64' abi: '020100b7'; RPATH: '') > 2476 > > The arm64 shared libs are stored in > '/usr/aarch64-linux-gnu/lib/libc.so.6' > I tried to set LD_LIBRARY_PATH to /usr/aarch64-linux-gnu/lib > But it didn't help :( > > Do you have any idea what I'm missing ? Thanks to felixdoerre that resolved my issue on GH. If this can help: I was missing an "apt install libc-dev:arm64" and I have to change: $> debuild --host-arch arm64 -b --no-sign to $> debuild -aarm64 -b --no-sign BR, Clement > > Thanks for your help, > BR, > Clement
Cross-compiling Busybox debian package
Dear Debian Mentors and Busybox Deb maintainers, This is my first debian package compilation :) I'm trying to cross compile the busybox deb package (ADM64 -> ARM64). After reading a bit of doc on the compilation I do the following steps: dpkg --add-architecture arm64 apt build-dep -aarm64 -y busybox apt source busybox cd busybox-1.35.0 export DEB_BUILD_OPTIONS=nocheck debuild --host-arch arm64 -b --no-sign You can find the complete step on my github repo: https://github.com/clementperon/busybox-ubnt-build/blob/main/.github/workflows/default.yml#L37-L71 But I got the following errors: dpkg-shlibdeps: error: cannot find library libresolv.so.2 needed by debian/busybox/bin/busybox (ELF format: 'elf64-littleaarch64' abi: '020100b7'; RPATH: '') 2474dpkg-shlibdeps: error: cannot find library libc.so.6 needed by debian/busybox/bin/busybox (ELF format: 'elf64-littleaarch64' abi: '020100b7'; RPATH: '') 2475dpkg-shlibdeps: error: cannot find library ld-linux-aarch64.so.1 needed by debian/busybox/bin/busybox (ELF format: 'elf64-littleaarch64' abi: '020100b7'; RPATH: '') 2476 The arm64 shared libs are stored in '/usr/aarch64-linux-gnu/lib/libc.so.6' I tried to set LD_LIBRARY_PATH to /usr/aarch64-linux-gnu/lib But it didn't help :( Do you have any idea what I'm missing ? Thanks for your help, BR, Clement
Bug#1023501: marked as done (busybox-static: version 1:1.35.0-3 breaks boot)
Your message dated Sun, 06 Nov 2022 08:49:16 + with message-id and subject line Bug#1023501: fixed in busybox 1:1.35.0-4 has caused the Debian Bug report #1023501, regarding busybox-static: version 1:1.35.0-3 breaks boot to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1023501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023501 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox-static Version: 1:1.35.0-2 Severity: normal Dear Maintainer, With 1:1.35.0-3, boot ends in initramfs: Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done. Begin: Running /scripts/local-premount ... done. Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically mdadm: error opening /dev/md?*: No such file or directory mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or
Processed: Re: busybox-static: version 1:1.35.0-3 breaks boot on hppa
Processing control commands: > tag -1 + confirmed Bug #1023501 [busybox-static] busybox-static: version 1:1.35.0-3 breaks boot Added tag(s) confirmed. -- 1023501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023501 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1023501: busybox-static: version 1:1.35.0-3 breaks boot on hppa
Control: tag -1 + confirmed On Sat, 5 Nov 2022 21:18:58 +0100 Robert Luberda wrote: severity 1023501 grave retitle 1023501 busybox-static: version 1:1.35.0-3 breaks boot on hppa and amd64 found 1023501 1:1.35.0-3 notfound 1023501 1:1.35.0-2 On Sat, 05 Nov 2022 13:31:51 + John David Anglin wrote: > Package: busybox-static > Version: 1:1.35.0-2 > Severity: normal > > Dear Maintainer, > > With 1:1.35.0-3, boot ends in initramfs: > > Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done. > Begin: Running /scripts/local-premount ... done. > Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically > done. > Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically > > > > - Missing modules (cat /proc/modules; ls /dev) > > ALERT! LABEL=ROOT2 does not exist. Dropping to a shell! I had the same issue on amd64. Removing mdadm package did not help. Downgrading busybox-static to 1.35.0-2 fixed the issue. Now this is interesting. In -3, I included these changes: commit ac478f88b64d5884d5e81bcd8f8344f0ec72df6a Author: Michael Tokarev Date: Mon Oct 17 12:52:23 2022 +0300 deb,static: enable blkid applet (useful for rescue purposes) commit d371992b4a0394f02cd29cb9cb946080414f8afb Author: Michael Tokarev Date: Mon Oct 17 13:00:16 2022 +0300 deb,static: enable findfs applet (useful for rescue purposes) Both really are useful for rescue purposes, I've hit this - the lack of blkid and findfs in busybox - several times, and finally decided to enable them.. It's a minimal version, it can help in many situations. But it turns out debian initramfs generator includes its own blkiid, which is more advanced than busybox's. For regular (non-static) build, busybox adds links to itself for applets it have but which aren't provided by other tools already. However, for the static build, it has CONFIG_PREFER_APPLETS=y (in order to be more useful when the filesystem is damaged/incomplete), so it ignores external implementation of these utilities. And we end up in this situation. And for the static build, it is even more interesting to have these utils available. *sigh* I'll disable one of them for -static build for now, to work around this issue (have to check which one is to blame, most likely blkid). But.. *sigh* :) Thanks, /mjt
Processed: retitle 1023501 to busybox-static: version 1:1.35.0-3 breaks boot
Processing commands for cont...@bugs.debian.org: > retitle 1023501 busybox-static: version 1:1.35.0-3 breaks boot Bug #1023501 [busybox-static] busybox-static: version 1:1.35.0-3 breaks boot on hppa Changed Bug title to 'busybox-static: version 1:1.35.0-3 breaks boot' from 'busybox-static: version 1:1.35.0-3 breaks boot on hppa'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1023501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023501 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed (with 5 errors): Re: busybox-static: version 1:1.35.0-3 breaks boot on hppa
Processing commands for cont...@bugs.debian.org: > severity 1023501 grave Bug #1023501 [busybox-static] busybox-static: version 1:1.35.0-3 breaks boot on hppa Severity set to 'grave' from 'normal' > retitle 1023501 busybox-static: version 1:1.35.0-3 breaks boot on hppa Bug #1023501 [busybox-static] busybox-static: version 1:1.35.0-3 breaks boot on hppa Ignoring request to change the title of bug#1023501 to the same title > and amd64 Unknown command or malformed arguments to command. > found 1023501 1:1.35.0-3 Bug #1023501 [busybox-static] busybox-static: version 1:1.35.0-3 breaks boot on hppa Marked as found in versions busybox/1:1.35.0-3. > notfound 1023501 1:1.35.0-2 Bug #1023501 [busybox-static] busybox-static: version 1:1.35.0-3 breaks boot on hppa No longer marked as found in versions busybox/1:1.35.0-2. > On Sat, 05 Nov 2022 13:31:51 + John David Anglin Unknown command or malformed arguments to command. > wrote: Unknown command or malformed arguments to command. > > Package: busybox-static Unknown command or malformed arguments to command. > > Version: 1:1.35.0-2 Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. -- 1023501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023501 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1023501: busybox-static: version 1:1.35.0-3 breaks boot on hppa
severity 1023501 grave retitle 1023501 busybox-static: version 1:1.35.0-3 breaks boot on hppa and amd64 found 1023501 1:1.35.0-3 notfound 1023501 1:1.35.0-2 On Sat, 05 Nov 2022 13:31:51 + John David Anglin wrote: Package: busybox-static Version: 1:1.35.0-2 Severity: normal Dear Maintainer, With 1:1.35.0-3, boot ends in initramfs: Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done. Begin: Running /scripts/local-premount ... done. Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically I had the same issue on amd64. Removing mdadm package did not help. Downgrading busybox-static to 1.35.0-2 fixed the issue. I'm including the system information generated by reportbug below: -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (990, 'unstable-debug'), (990, 'unstable'), (990, 'testing'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') merged-usr: no Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-2-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages busybox depends on: ii libc6 2.36-4 busybox recommends no packages. busybox suggests no packages. -- no debconf information Regards, Robert
Re: busybox uploads
Hi, Michael Tokarev (2022-11-04): > I uploaded a new busybox release today (mostly non-linux changes, > it now builds on hurd), but thought maybe I should've asked here > before doing that. But it was too late already. > > Should I ask the next time? Don't worry, that's fine. Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Bug#1023501: busybox-static: version 1:1.35.0-3 breaks boot on hppa
Package: busybox-static Version: 1:1.35.0-2 Severity: normal Dear Maintainer, With 1:1.35.0-3, boot ends in initramfs: Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done. Begin: Running /scripts/local-premount ... done. Begin: Waiting for root file system ... Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically mdadm: error opening /dev/md?*: No such file or directory mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. mdadm: No arrays found in config file or automatically Begin: Running /scripts/local-block ... mdadm: No arrays found in config file or automatically done. done. Gave up waiting for root file system device. Common problems: - Boot args (cat /proc/cmdline) - Check rootdelay= (did the system wait long enough?) - Missing modules (cat /proc/modules; ls /dev) ALERT! LABEL=ROOT2 does not exist. Dropping to a shell! BusyBox v1.35.0 (Debian 1:1.35.0-3) built-in shell (ash) Enter 'help' for a list of built-in commands. (initramfs) dave@mx3210:~$ cat /proc/cmdline root=LABEL=ROOT2 console=ttyS0 HOME=/ rootfstype=xfs clocksource=jiffies TERM=xterm palo_kernel=2/vmlinuz The LABEL=ROOT2 does exist: dave@mx3210:~$ ls /dev/disk/by-label BOOT2 DAVE HOME2 ROOT2 VAR2 There are no mdadm arrays on system. Reverting to 1:1.35.0-2 and updating affected initrd.img f
busybox uploads
Hi! I uploaded a new busybox release today (mostly non-linux changes, it now builds on hurd), but thought maybe I should've asked here before doing that. But it was too late already. Should I ask the next time? Thanks, /mjt
I'd like know how to resolve that matter👎👎👎👎 BusyBox v1.35.0 (Debian 1:1.35.0-1) built in shell fsck
Bsj
Bug#1014243: busybox-syslogd: The 'syslog' daemon is running, but no configuration file can be found.
Package: busybox-syslogd Followup-For: Bug #1014243 Hi, > What led up to the situation? No idea, I've never touched the configuration > (that I know of) > > What exactly did you do (or not do) that was effective (or ineffective)? not > sure, it was in a cron daily report.And wasn't in the previous one. > > What was the outcome of this action? received email from Cron Daily with > subject line :"[rkhunter] DebianTim - Daily report" and in the body of the > email it states: "Warning: The 'syslog' daemon is running, but no > configuration > file can be found." > I have no idea where that might be to check it, the man pages point to this > program for syslog. > > What outcome did you expect instead? Not to get this type of email > The busybox's syslogd provided by Debian does not require a configuration file. The settings will need to be set with the syslogd command line option. This warning is output by rkhunter. If you want to control this warning output, I think you need to control it with rkhunter. Best regards, Nobuhiro
Bug#789499: busybox: FTBFS with clang instead of gcc
Package: busybox Version: 1:1.35.0-1 Followup-For: Bug #789499 Hi, latest version of busybox can build with clang. so, we can close this issue. Best regards, Nobuhiro -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: armhf, arm64, i386 Kernel: Linux 5.18.0-2-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages busybox depends on: ii libc6 2.33-8 busybox recommends no packages. busybox suggests no packages. -- no debconf information
Bug#1014243: busybox-syslogd: The 'syslog' daemon is running, but no configuration file can be found.
Package: busybox-syslogd Version: 1:1.35.0-1 Severity: important X-Debbugs-Cc: tmcconnell...@gmail.com Dear Maintainer, What led up to the situation? No idea, I've never touched the configuration (that I know of) What exactly did you do (or not do) that was effective (or ineffective)? not sure, it was in a cron daily report.And wasn't in the previous one. What was the outcome of this action? received email from Cron Daily with subject line :"[rkhunter] DebianTim - Daily report" and in the body of the email it states: "Warning: The 'syslog' daemon is running, but no configuration file can be found." I have no idea where that might be to check it, the man pages point to this program for syslog. What outcome did you expect instead? Not to get this type of email -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.18.0-2-rt-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages busybox-syslogd depends on: ii busybox 1:1.35.0-1 ii init-system-helpers 1.63 ii lsb-base 11.2 busybox-syslogd recommends no packages. busybox-syslogd suggests no packages. -- no debconf information
Re: busybox upload and further maintenance
Hi Michael, On 04/06/2022 10:20, Michael Tokarev wrote: Ok, it's been almost a month since my initial email here. If there's no objections, I'll upload the new busybox release tomorrow (from the "mjt" branch). It's enough waiting :) Sorry, life has just been way too busy to get to busybox maintenance on my part - or, it seems, even replying to list mail like this. I'm very glad to see you working on it in Debian again, and thanks for doing the upload a couple of weeks ago to bring it up to date. I want to enable awk applet for d-i (udeb) config before the upload, for some things it is much easier to use than e.g. sed. That makes sense to me. I don't think we're nearly as anal as we used to be about keeping the installer small (e.g. we dumped the businesscard CD images in 2012) so it makes sense to enable genuinely useful functionality in busybox. I do have some more thoughts, including some doubts about the way I changed the build procedure (it looks like there's a simpler way), but that's for the future. I'd be interested to see that. I fought with the build process for quite a while to get it where it seemed to work nicely, so if you can improve it then that's great! If you have any questions do feel free to mail me directly, I'm much more likely to see your mail that way. Cheers, Chris -- Chris Boot bo...@debian.org OpenPGP_signature Description: OpenPGP digital signature
Bug#1012828: Please enable busybox sha3sum (SHA3/SHA-3/Keccak)
Package: busybox Version: 1:1.30.1-6+b3 Severity: wishlist File: /usr/bin/busybox Is there any reason NOT to enable busybox sha3sums? (I don't care busybox-udeb or busybox-static.) https://sources.debian.org/src/busybox/1%3A1.35.0-1/debian/config/pkg/deb/#L280 -# CONFIG_SHA3SUM is not set +CONFIG_SHA3SUM=y Per this handy reference table, everyone should be on SHA-3 by now: https://valerieaurora.org/hash.html I'd like to switch from b2sum to sha3sum, but 1) Debian only ships coreutils 8.32, and even latest coreutils (9.1) lacks "cksum -a sha3"; and 2) Debian's busybox is built without "busybox sha3sum". 3) Debian's python3 understands SHA-3 (hashlib.sha3_512), but lacks a turnkey equivalent of "sha3sum --check SHA3SUMS" and "sha3sum --tag -- *.changes >SHA3SUMS". -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.16.0-0.bpo.4-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages busybox depends on: ii libc6 2.31-13+deb11u3 busybox recommends no packages. busybox suggests no packages. -- no debconf information
Bug#998804: marked as done (busybox: please enable bas64)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#998804: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #998804,
regarding busybox: please enable bas64
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
998804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998804
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox
Version: 1:1.30.1-7+b1
Severity: wishlist
Hi.
Could you please enable CONFIG_BASE64?
base64 is normally guaranteed to be avialble because it's part of coreutils.
But it is not in e.g. the initramfs.
While Debian’s busybox has in principle uuencode/uudecode as alternatives
enabled, these have a number of disadvantages, mostly their unsafe in interace
(see e.g. #995833).
busybox' base64 seems to reuse the functions from it's uuencode/uudecode, so I
guess the impact on additionally required space will be very little.
Thanks,
Chris
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 998...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and static (Closes: #998804)
* d/rules: stop filtering -Wformat-security from CFLAG, it is okay now
* d/rules: simplify the clean rule, omit dh in there
* d/rules: made build-% depending on config-%
* d/rules: steal build targets from dh which adds unnecessary indirection
* d/rules: only do install & binary targets with dh
* d/rules: set SHELL to sh -e to catch errors in shell fragments
* d/rules: rework build/install procedure to be more robust wrt the
environment variables: ensure busybox is built only once with right
CFLAGS/CPPFLAGS/etc settings and not rebuilt during install time
* many more smaller tweaks to d/rules:
- fast inline version of architecture.mk
- move examples & docs install from d/rules to d/*.{docs,examples}
- switch from ${b} to $b
- allow overriding verbose build by specifying V=
- add shortcut targets build-deb configure-udeb test-static etc
- export ECHO=/bin/echo for testsuite (it bui
Bug#999567: marked as done (busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34))
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#999567: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #999567,
regarding busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
999567: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox
Version: 1:1.30.1-7+b1
Severity: important
Tags: security upstream fixed-upstream
X-Debbugs-Cc: Debian Security Team
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://security-tracker.debian.org/tracker/source-package/busybox
already shows them. I learned it through
https://thehackernews.com/2021/11/14-new-security-flaws-found-in-busybox.html
which indicates they have all been fixed in version 1.34, but upstream
also has 1.34.1.
This is also a request for a new upstream version, but due to the
security fixes, I made the severity 'important' like bug #985674.
Cheers,
Diederik
- -- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 5.14.0-4-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages busybox depends on:
ii libc6 2.32-4
busybox recommends no packages.
busybox suggests no packages.
- -- no debconf information
-BEGIN PGP SIGNATURE-
iHUEARYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCYY6OFQAKCRDXblvOeH7b
biIrAQDEY0MCuFS7FFhp6ivPG7/BMf/yL8WuQRnVQrvV4mbi2wD+P8hajCNFE++6
fpBcTvu8uNnwWPBeUtRIdWpPBTXNcQk=
=tqra
-END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 999...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet
Bug#998803: marked as done (busybox: Debian’s busybox’ tr violates POSIX)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#998803: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #998803,
regarding busybox: Debian’s busybox’ tr violates POSIX
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
998803: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998803
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox
Version: 1:1.30.1-7+b1
Severity: important
Hey.
Unlike mandated by POSIX:
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/tr.html
busybox' tr in Debian doesn't seem to understand any of the character
classes,...
and I'd guess neither the other formats given in the EXTENDED DESCRIPTION of
POSIX.
Not only does it not understand this, but it even takes such characters literal
so e.g. when using
busybox tr -d '[:alpha:]' it will remove 'a' and so on.
It seems that this comes from:
# CONFIG_FEATURE_TR_CLASSES is not set
in the various configs.
And I guess:
# CONFIG_FEATURE_TR_EQUIV is not set
should be set as well.
Actually, this bug has probably severity grave, since it may easily break any
unrelated package which expects tr to work as it should.
Cheers,
Chris.
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 998...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and static (Closes: #998804)
* d/rules: stop filtering -Wformat-security from CFLAG, it is okay now
* d/rules: simplify the clean rule, omit dh in there
* d/rules: made build-% depending on config-%
* d/rules: steal build targets from dh which adds unnecessary indirection
* d/rules: only do install & binary targets with dh
* d/rules: set SHELL to sh -e to catch errors in shell fragments
* d/rules: rework build/install procedure to be more robust wrt the
environment variables: ensure busybox is built only once with right
CFLAGS/CPPFLAGS/etc settings and not rebuilt during install time
* many more smaller tweaks to d/rules:
- fast inline version of architect
Bug#995833: marked as done (busybox: uudecode doesn't recognise the special decode_pathname /dev/stdout)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#995833: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #995833,
regarding busybox: uudecode doesn't recognise the special decode_pathname
/dev/stdout
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
995833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox
Version: 1:1.30.1-7+b1
Severity: normal
Tags: upstream patch
Hey.
Since it's unclear whether and when upstream will react and how long it then
takes that this actually lands in Debian, could you possibly consider to
cherry pick the patch I provided at:
https://bugs.busybox.net/show_bug.cgi?id=14241
for inclusion in the Debian package?
The issue is basically, that uudecode is mandated by POSIX to consider
/dev/stdout as a special symbol (and not a file) that causes output written
to standard output (and not to whichever file the uuENcoded data indicates.
Under normal user space this wouldn't be that much of an issue, since
/dev/stdout exists and is a symlink to /proc/self/fd/1.
But within the initramfs, this symlink doesn't sem to exist, so any output
that should go to stdout would actually go to that file (or cause error
if that's not writable).
I should also note, that the sharutils version of uudecode behaves correctly
and completely ignores any file /dev/stdout if it exists.
Thanks,
Chris.
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 995...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and static (Closes: #998804)
* d/rules: stop filtering -Wformat-security from CFLAG, it is okay now
* d/rules: simplify the clean rule, omit dh in there
* d/rules: made build-% depending on config-%
* d/rules: steal build targets from dh which adds unnecessary indirection
* d/rules: only do install & binary targets with dh
* d/rules: set SHELL to sh -e to catch errors in shell fragments
* d/rules: rework build/install procedure to
Bug#949626: marked as done (busybox-static: Please include less and ftpput in busybox-udeb)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#949626: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #949626,
regarding busybox-static: Please include less and ftpput in busybox-udeb
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
949626: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949626
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox-static
Version: 1:1.30.1-4
Severity: normal
Dear Maintainer,
it is really hard to debug issues and read long log files (like syslog),
especially in debian-installer failures.
There is more, but it is really equivalent to cat. It doesn't actually do
paging.
Please include functional less, just like in busybox-static with the same
build options.
ftpput to transfer files out would good option too.
Thanks.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.2.0-3-amd64 (SMP w/32 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and static (Closes: #998804)
* d/rules: stop filtering -Wformat-security from CFLAG, it is okay now
* d/rules: simplify the clean rule, omit dh in there
* d/rules: made build-% depending on config-%
* d/rules: steal build targets from dh which adds unnecessary indirection
* d/rules: only do install & binary targets with dh
* d/rules: set SHELL to sh -e to catch errors in shell fragments
* d/rules: rework build/install procedure to be more robust wrt the
environment variables: ensur
Bug#891857: marked as done (busybox: Special case for /32 subnets not working as expected)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#891857: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #891857,
regarding busybox: Special case for /32 subnets not working as expected
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
891857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891857
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox
Severity: normal
Dear Maintainer,
Many of our customers would like to use the debian installer in order to set up
their own VMs. Our DHCP servers currently offer addresses with /32 subnets, and
we've come to realize that the debian installer does not properly configure the
default route.
A fix for /32 has already been implemented in an earlier version of busybox,
but it doesn't seem to work as expected, because the interface isn't defined
while adding the relevant route.
Here's a suggested fix, which would probably also clear up what I mean:
##
--- tree/debian/tree/busybox-udeb/etc/udhcpc/default.script 2018-03-01
15:45:33.0 +0100
+++ tree/debian/tree/busybox-udeb/etc/udhcpc/default.script_proposed
2018-03-01 15:47:37.259206527 +0100
@@ -68,7 +68,7 @@
# special case for /32 subnets, use onlink when adding routes
[ ".$subnet" = .255.255.255.255 ] \
-&& onlink=onlink || onlink=
+&& onlink="dev $interface onlink" || onlink=
for r in "$router"; do
ip -4 route add default via "$r" $onlink
done
##
We would appreciate it if you could patch all current/relevant versions to use
this fix.
Thank you!
Yuval Freund, ProfitBricks GmbH
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and sta
Bug#1002663: marked as done (busybox: new upstream version)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#1002663: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #1002663,
regarding busybox: new upstream version
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1002663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002663
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: busybox
Version: 1:1.30.1-7+b2
Severity: wishlist
Hey.
Today, 1.35 was released.
Would be nice to see that upgraded :-)
Thanks,
Chris.
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1002...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and static (Closes: #998804)
* d/rules: stop filtering -Wformat-security from CFLAG, it is okay now
* d/rules: simplify the clean rule, omit dh in there
* d/rules: made build-% depending on config-%
* d/rules: steal build targets from dh which adds unnecessary indirection
* d/rules: only do install & binary targets with dh
* d/rules: set SHELL to sh -e to catch errors in shell fragments
* d/rules: rework build/install procedure to be more robust wrt the
environment variables: ensure busybox is built only once with right
CFLAGS/CPPFLAGS/etc settings and not rebuilt during install time
* many more smaller tweaks to d/rules:
- fast inline version of architecture.mk
- move examples & docs install from d/rules to d/*.{docs,examples}
- switch from ${b} to $b
- allow overriding verbose build by specifying V=
- add shortcut targets build-deb configure-udeb test-static etc
- export ECHO=/bin/echo for testsuite (it builds its own if no -e)
* remove scripts-echo.c-fix-NUL-handling-in-abc-0-def.patch - not needed
with the right ECHO=
* d/bysybox-static.lintian-overrides: add uses-dpkg-database-directly
* spelling.diff: two spelling fixes for the source
* d/changelog: strip trailing space
* d/control: mark zip build-dependency with
* udeb config: enable awk applet the same way as for regular/static bui
Bug#891806: marked as done (busybox: Please include stty in busybox-udeb)
Your message dated Mon, 06 Jun 2022 18:48:58 +
with message-id
and subject line Bug#891806: fixed in busybox 1:1.35.0-1
has caused the Debian Bug report #891806,
regarding busybox: Please include stty in busybox-udeb
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
891806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891806
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: busybox
Version: 1:1.27.2-2
Severity: normal
Tags: a11y
Hello,
In order to be able to tune the console size for better accessibility in
the Debian installer, we would need to have the stty tool available in
d-i, could you enable it?
Thanks,
Samuel
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500,
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1,
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
Samuel
* B kicks DW (non mais franchement)
* DW was kicked
-+- #ens-mim - comment ça hopeless ? -+-
--- End Message ---
--- Begin Message ---
Source: busybox
Source-Version: 1:1.35.0-1
Done: Michael Tokarev
We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 891...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev (supplier of updated busybox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jun 2022 21:25:41 +0300
Source: busybox
Architecture: source
Version: 1:1.35.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team
Changed-By: Michael Tokarev
Closes: 891806 891857 949626 985674 995833 998803 998804 999567 1002663
Changes:
busybox (1:1.35.0-1) unstable; urgency=medium
.
[ Nobuhiro Iwamatsu ]
* Enable stty applet in busybox-udeb. Closes: #891806
.
[ Diederik de Haas ]
* Enable CONFIG_FEATURE_TR_CLASSES and CONFIG_FEATURE_TR_EQUIV in deb
config. Closes: #998803
.
[ Yuval Freund ]
* Fix special case for /32 subnets. Closes: #891857
.
[ Chris Boot ]
* New upstream release. Closes: #1002663
- Closes: #985674 [CVE-2021-28831]
- Closes: #999567 [CVE-2021-42373, CVE-2021-42374, CVE-2021-42375,
CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379,
CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
CVE-2021-42384, CVE-2021-42385, CVE-2021-42386]
- Closes: #995833 (uudecode /dev/stdout)
* Refresh and rework patches:
- Drop patches cherry-picked from upstream.
- Drop ignore-ip-valid_lft.patch: no longer needed.
- Rework version.patch: KBUILD_STR() has been dropped.
- Temporarily drop kFreeBSD patches pending rework.
* Update busybox configurations for new upstream version
* Don't run test suite in verbose mode: it's easier to read without.
.
[ Michael Tokarev ]
* d/control: add myself to upladers
* switch to debhelper-compat=13
* d/control: add ${misc:Pre-Depends} for packages with the startup scripts
* enable tr classes for static build to
* enable less applet for udeb (Closes: #949626)
* enable base64 applet for regular and static (Closes: #998804)
* d/rules: stop filtering -Wformat-security from CFLAG, it is okay now
* d/rules: simplify the clean rule, omit dh in there
* d/rules: made build-% depending on config-%
* d/rules: steal build targets from dh which adds unnecessary indirection
* d/rules: only do install & binary targets with dh
* d/rules: set SHELL to sh -e to catch errors in shell fragments
* d/rules: rework
Re: busybox upload and further maintenance
Ok, it's been almost a month since my initial email here. If there's no objections, I'll upload the new busybox release tomorrow (from the "mjt" branch). It's enough waiting :) I want to enable awk applet for d-i (udeb) config before the upload, for some things it is much easier to use than e.g. sed. I do have some more thoughts, including some doubts about the way I changed the build procedure (it looks like there's a simpler way), but that's for the future. Thanks, /mjt
busybox is marked for autoremoval from testing
busybox 1:1.30.1-7 is marked for autoremoval from testing on 2022-06-30 It (build-)depends on packages with these RC bugs: 1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192 https://bugs.debian.org/1011146 This mail is generated by: https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl Autoremoval data is generated by: https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl
Bug#964579: lsblk not included in busybox version used with installer
Niltze- On Sun, May 8, 2022 at 2:06 PM Michael Tokarev wrote: > > Control: tag -1 + moreinfo > > On Wed, 8 Jul 2020 23:23:51 + Holger Levsen wrote: > > Package: busybox > > Version: 1:1.30.1-4 > > Severity: wishlist > > x-debbugs-cc: Russell Weber > > submitter: Russell Weber > > > > On Wed, Jul 08, 2020 at 02:43:43PM -0600, Russell Weber wrote: > > > Package: busybox > > > Version: 1:1.30.1-4 > > > Severity: wishlist > > > lsblk is a very useful tool for understanding your current disks and block > > > devices. It can be used to > > > query lots of information including disk manufacturer, serial number, > > > modelb > > > number, the structure of your disks if the disk is already in use for > > > another block device. Given that the installer has mission critical goals > > > associated with the disks, it's a bit of a mystery that lsblk isn't > > > included into the busy box implementation used in the installer. This is > > > especially important when seeding automatic/unattended installs for debian > > > since many of the seed files used will query information from disks in > > > scripts using the "d-i partman/early_command string" of debconf. Â I can > > > see > > > that this issue has been raised in multiple places online: stack overflow, > > > IRC. Â However, scanning older tickets, I was not able to find a ticket > > > which raises the issue. Â Is there any reason that lsblk as a command is > > > not > > > included? Â As far as I can tell, the bloat size would only be around > > > 20-40 > > > KiB in size. Â May I suggest that we start including the lsblk binaries in > > > the next versions of Debian? > > Hi Russel! > > Thank you for the detailed bug description. > > The only question remain is who will write lsblk for busybox, who > writes the actual code to do all this? Â Can you help with that, > to collect all the mentioned information in a useful for the user > form? > > This applet is not written. > > Thanks, > > /mjt > Busybox utilities have their limitations. For instance, I had to create mount/umount UDEBs because the d-i busybox equivalents would fail on Reiser4 SFRN4/SFRN5 file systems when installing Debian. < https://metztli.blog/media/blogs/calli/Bullseye-SFRN5/xonecuiltzin-5.13.19-reizer4-sfrn-5.1.3.mp4?mtime=1636642043 > Accordingly, probably including an lsblk UDEB in d-i would likely be more adequate, i.e., the last two(2) UDEBs -- which already exist -- are required for lsblk in d-i: lsblk-udeb_2.38-4.1_amd64.udeb libudev1-udeb_250.4-1~bpo11+1_amd64.udeb libsmartcols1-udeb_2.38-4.1_amd64.udeb < https://metztli.it/bullseye/netboot-exp/d-i-lsblk.png > netboot with lsblk UDEB included in d-i: < https://metztli.it/bullseye/netboot-exp/metztli-reiser4.iso > < https://metztli.it/bullseye/netboot-exp/metztli-reiser4.iso.SHA256SUM > Best Professional Regards. -- Jose R R http://metztli.it - Download Metztli Reiser4: Debian Bullseye w/ Linux 5.16.20 AMD64 - feats ZSTD compression https://sf.net/projects/metztli-reiser4/ - or SFRN 5.1.3, Metztli Reiser5 https://sf.net/projects/debian-reiser4/ --- Official current Reiser4 resources: https://reiser4.wiki.kernel.org/
Bug#896902: marked as done (busybox: Segmentation fault in microcom applet)
Your message dated Mon, 9 May 2022 00:34:02 +0300 with message-id and subject line Re: Bug#896902: busybox: Segmentation fault in microcom applet has caused the Debian Bug report #896902, regarding busybox: Segmentation fault in microcom applet to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 896902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896902 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: busybox Version: 1:1.27.2-2 Severity: normal Hello user@host:~$ busybox microcom Segmentation fault (core dumped) reproduces on two different amd64 machines. Could also reproduce on an armel porter machine (abel, in the sid schroot). 1:1.22.0-19+b3 isn't affected. Best regards Uwe -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (700, 'testing'), (600, 'unstable'), (500, 'unstable-debug'), (500, 'stable'), (499, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages busybox depends on: ii libc6 2.27-3 busybox recommends no packages. busybox suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Version: 1:1.30.1-1 On Wed, 25 Apr 2018 17:16:49 +0200 Uwe Kleine-König wrote: Package: busybox Version: 1:1.27.2-2 Severity: normal Hello user@host:~$ busybox microcom Segmentation fault (core dumped) reproduces on two different amd64 machines. Could also reproduce on an armel porter machine (abel, in the sid schroot). 1:1.22.0-19+b3 isn't affected. This appears to be fixed since 1.28 upstream release and since 1.30.1-1 debian release. Closing this bugreport now. Thanks, /mjt--- End Message ---
Bug#720002: marked as done (busybox: FTBFS with make 3.82)
Your message dated Mon, 9 May 2022 00:24:13 +0300 with message-id <6a37c608-7f1e-5f29-f767-d4c725c15...@msgid.tls.msk.ru> and subject line Re: Bug#720002: busybox: FTBFS with make 3.82 has caused the Debian Bug report #720002, regarding busybox: FTBFS with make 3.82 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720002 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: busybox Version: 1:1.20.0-8.1 Severity: important >From my pbuilder build log, using a chroot with make 3.82-1 from experimental installed: ... GEN libbb/Kbuild GEN libbb/Config.in make[1]: Leaving directory `/tmp/buildd/busybox-1.20.0/debian/build/udeb' cat debian/config/pkg/udeb >> debian/build/udeb/.config /usr/bin/make -C debian/build/udeb oldconfig make[1]: Entering directory `/tmp/buildd/busybox-1.20.0/debian/build/udeb' .config:417: *** missing separator. Stop. make[1]: *** [scripts_basic] Error 2 make[1]: Leaving directory `/tmp/buildd/busybox-1.20.0/debian/build/udeb' make: *** [debian/build/udeb/.setup] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- Daniel Schepler --- End Message --- --- Begin Message --- On Tue, 10 Dec 2013 02:29:49 +0400 Michael Tokarev wrote: Control: tag -1 + moreinfo unreproducible ... Hmm. I tried to reproduce this, but can not, neither with 1.20 version from wheezy nor with 1.21 version from sid, with parallel make or not. So, after almost 10 years, with current make at version 4.3, I don't think this bug is relevant anymore.. Closing this bugreport now. Thanks, /mjt--- End Message ---
Processed: Re: Bug#980127: busybox-static: Please enable the "hush" applet
Processing control commands: > tag -1 + moreinfo Bug #980127 [busybox-static] busybox-static: Please enable the "hush" applet Added tag(s) moreinfo. -- 980127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980127 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#980127: busybox-static: Please enable the "hush" applet
Control: tag -1 + moreinfo On Thu, 14 Jan 2021 13:12:58 -0800 Josh Triplett wrote: Package: busybox-static Version: 1:1.30.1-6 Severity: wishlist X-Debbugs-Cc: j...@joshtriplett.org For busybox-static, I'd love to have the "hush" applet available. It's a more feature-complete shell, including features such as brace expansion. Please consider enabling CONFIG_HUSH and CONFIG_HUSH_BASH_COMPAT in busybox-static. Hi Josh! Myself I haven't used hush in busybox but I always used ash. If we're to enable hush, I think we should remove ash and make hush the only shell. And do that in regular deb config too, - there's no good reason to keep them different. But I wonder what implications we might have there, if we switch from ash to hush. How compatible the two shells are? I dunno. I think it needs to be verified at least.. busybox's ash is very limited indeed. Thanks, /mjt
Processed: Re: Bug#964579: lsblk not included in busybox version used with installer
Processing control commands: > tag -1 + moreinfo Bug #964579 [busybox] lsblk not included in busybox version used with installer Added tag(s) moreinfo. -- 964579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#964579: lsblk not included in busybox version used with installer
Control: tag -1 + moreinfo On Wed, 8 Jul 2020 23:23:51 + Holger Levsen wrote: Package: busybox Version: 1:1.30.1-4 Severity: wishlist x-debbugs-cc: Russell Weber submitter: Russell Weber On Wed, Jul 08, 2020 at 02:43:43PM -0600, Russell Weber wrote: > Package: busybox > Version: 1:1.30.1-4 > Severity: wishlist > lsblk is a very useful tool for understanding your current disks and block > devices. It can be used to > query lots of information including disk manufacturer, serial number, model > number, the structure of your disks if the disk is already in use for > another block device. Given that the installer has mission critical goals > associated with the disks, it's a bit of a mystery that lsblk isn't > included into the busy box implementation used in the installer. This is > especially important when seeding automatic/unattended installs for debian > since many of the seed files used will query information from disks in > scripts using the "d-i partman/early_command string" of debconf. I can see > that this issue has been raised in multiple places online: stack overflow, > IRC. However, scanning older tickets, I was not able to find a ticket > which raises the issue. Is there any reason that lsblk as a command is not > included? As far as I can tell, the bloat size would only be around 20-40 > KiB in size. May I suggest that we start including the lsblk binaries in > the next versions of Debian? Hi Russel! Thank you for the detailed bug description. The only question remain is who will write lsblk for busybox, who writes the actual code to do all this? Can you help with that, to collect all the mentioned information in a useful for the user form? This applet is not written. Thanks, /mjt
Processed: Re: Bug#921556: busybox: Enable more applets to support initramfs-tools
Processing control commands: > tag -1 + upstream Bug #921556 [busybox] busybox: Enable more applets to support initramfs-tools Added tag(s) upstream. -- 921556: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921556 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#921556: busybox: Enable more applets to support initramfs-tools
Control: tag -1 + upstream On Wed, 06 Feb 2019 18:58:06 + Ben Hutchings wrote: Package: busybox Version: 1:1.27.2-3 Severity: wishlist Once we have busybox 1.28.0, we could enable these extra applets on Linux: ipconfig [CONFIG_IPCONFIG] nuke [CONFIG_NUKE] resume[CONFIG_RESUME] run-init [CONFIG_RUN_INIT] So this is almost there, except of ipconfig which is not implemented yet. There's just a wip version, a first draft, klibc-utils/ipconfig.c.txt, not touched since initial import in Sep-2017. It's an interesting goal there, to have everything in busybox to stop providing two libCs and two shells and two everything in initramfs.. Thanks, /mjt
Re: busybox upload and further maintenance
08.05.2022 23:06, Cyril Brulebois wrote: Michael Tokarev (2022-05-08): The prob is not the burden of maintaining it, I'm okay with that one. It is just that the whole thing seems wrong :) Again, I'm definitely not arguing for dropping it right now, but we either plan to do this some other way, or we don't. If we do, we can start some discussion/review in this area. If you want to double check every single place where preseeding can happen, and prepare a plan to make this patch dispensable, feel free to. It just seems to me that the cost of doing so is huge compared to the gain over the current situation it would represent. yeah, that's a long way forward, I know. Personally, I'd rather spend my time on finally letting go of gtk2, for example. (And that's because I have to, not because I want to.) Yeah. The argument "it only affects the udeb" is lame :) Udeb does not need to suffer - neither this one nor any other udeb, and actually it does not only affect udeb, it affect busybox as a whole, and the upstream change which we revert is there for a reason :) For the avoidance of doubt, that patch guards the “new” code with a macro check, keeping the “old” code when an option is set. That option is only set in the udeb build: debian/config/pkg/deb:# CONFIG_FEATURE_DI_ENV_HACK is not set debian/config/pkg/static:# CONFIG_FEATURE_DI_ENV_HACK is not set debian/config/pkg/udeb:CONFIG_FEATURE_DI_ENV_HACK=y so I'm not sure my argument is wrong in addition to being lame? Cyrill, I was nothing more than joking about the lame part, really. Please note the smile. As of the DI_ENV_HACK, I wondered what an interesting name it is, which is being noticed if I forget to apply patches. And I stand corrected, - indeed, you're absolutely right, this is something specific to udeb due to this new config feature check. I haven't noticed it when I initially looked at the patch (briefly). Thank you for correcting me there! /mjt
Re: busybox upload and further maintenance
Michael Tokarev (2022-05-08): > The prob is not the burden of maintaining it, I'm okay with that one. > It is just that the whole thing seems wrong :) > > Again, I'm definitely not arguing for dropping it right now, but we > either plan to do this some other way, or we don't. If we do, we can > start some discussion/review in this area. If you want to double check every single place where preseeding can happen, and prepare a plan to make this patch dispensable, feel free to. It just seems to me that the cost of doing so is huge compared to the gain over the current situation it would represent. Personally, I'd rather spend my time on finally letting go of gtk2, for example. (And that's because I have to, not because I want to.) > The argument "it only affects the udeb" is lame :) Udeb does not need > to suffer - neither this one nor any other udeb, and actually it does > not only affect udeb, it affect busybox as a whole, and the upstream > change which we revert is there for a reason :) For the avoidance of doubt, that patch guards the “new” code with a macro check, keeping the “old” code when an option is set. That option is only set in the udeb build: debian/config/pkg/deb:# CONFIG_FEATURE_DI_ENV_HACK is not set debian/config/pkg/static:# CONFIG_FEATURE_DI_ENV_HACK is not set debian/config/pkg/udeb:CONFIG_FEATURE_DI_ENV_HACK=y so I'm not sure my argument is wrong in addition to being lame? Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
Re: busybox upload and further maintenance
08.05.2022 19:39, Cyril Brulebois wrote: Hi, Michael Tokarev (2022-05-08): I don't understand what is holding an upload right now, -- the salsa busybox repository is more than 3 months old now. I think it is ready for an upload, - I think we should do it and deal with any issues which may come. Without knowing about the busybox situation specifically, it happens that people prepare stuff but don't feel the need or confidence to upload, so they can stay around for a while. Yeah, I know this feeling very well, been there myself ;) I prepared some changes in a separate branch (for now) named "mjt", it is on top of current master - the changes I'd do in there. There are many other things in there which needs to be reviewed. Yet I don't see any reason to hold the upload further. I'd love to hear opinion by Chris Boot who did most recent work in there, - if it is okay for him if I merge my branch into master. And next, let's upload this thing. I can do that, or Chris can do that, - provided he is not against me doing some stuff in there. In d/patches/ there's a hackish patch temp-deb-installer-hack.patch which seriously needs addressing I think (not in this upload though), -- has anything been done in this direction, to get values from the kernel command line in some more sane place than shell environment? Oh, what a blast from the past. It's been temporary for 5 years… Yeah. As usual :) I'm still not familiar with d-i and its internals, so I need some help there. At least some discussion should be happening, I think, because this seems to be a serious change for the d-i. Yet keeping this patch does not seem to be a good idea. Well, I can understand the feeling but unless maintaining the patch itself is a burden (which I kind of doubt, given it's quite targeted), in which case I'm happy to help, it only affects the udeb, and makes sure we don't break preseeding gratuitously… The prob is not the burden of maintaining it, I'm okay with that one. It is just that the whole thing seems wrong :) Again, I'm definitely not arguing for dropping it right now, but we either plan to do this some other way, or we don't. If we do, we can start some discussion/review in this area. The argument "it only affects the udeb" is lame :) Udeb does not need to suffer - neither this one nor any other udeb, and actually it does not only affect udeb, it affect busybox as a whole, and the upstream change which we revert is there for a reason :) Let's upload the thing and see what happen. I'm ready to help and to bring it up if it falls into pieces :) Thanks! /mjt
Re: busybox upload and further maintenance
Hi, Michael Tokarev (2022-05-08): > I don't understand what is holding an upload right now, -- the salsa > busybox repository is more than 3 months old now. I think it is ready > for an upload, - I think we should do it and deal with any issues > which may come. Without knowing about the busybox situation specifically, it happens that people prepare stuff but don't feel the need or confidence to upload, so they can stay around for a while. > I'd only do some minor touches there which I noticed immediately - > like, enabling the tr equivalence classes for the static busybox > build too, just like it is done for the regular deb. > > In d/patches/ there's a hackish patch temp-deb-installer-hack.patch > which seriously needs addressing I think (not in this upload though), > -- has anything been done in this direction, to get values from the > kernel command line in some more sane place than shell environment? Oh, what a blast from the past. It's been temporary for 5 years… > I'm still not familiar with d-i and its internals, so I need some > help there. At least some discussion should be happening, I think, > because this seems to be a serious change for the d-i. Yet keeping > this patch does not seem to be a good idea. Well, I can understand the feeling but unless maintaining the patch itself is a burden (which I kind of doubt, given it's quite targeted), in which case I'm happy to help, it only affects the udeb, and makes sure we don't break preseeding gratuitously… > So, to sum it up the tl;dr way: > > - is it okay for you if I help with bb, with its upload and with > further maintenance? Absolutely, thanks for stepping up. > - is there anything that is holding the upload now which I'm not > aware of? No idea about that one. I'm fine with a temporary breakage in unstable anyway, in case things don't work out immediately. > - do we have anything in the d-i kernel command line processing > front, in moving stuff from $env-vars to some saner place? I don't recall whatever happened after we introduced this patch, I'm not sure we did much work there. Cheers, -- Cyril Brulebois (k...@debian.org)<https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant signature.asc Description: PGP signature
busybox upload and further maintenance
Hi! Quite some years ago I stepped down as a busybox maintainer, in a somewhat scandalous way even, and the details of that story are now started escaping my memory. At any rate, I become older, much less touchy than before, and that time wasn't my easiest period of my life which might have prompted something unwanted. I don't remember who was wrong and who was right, if I you think I did some wrong, please accept my apologies. It definitely was not my intention to harm anyone, it was just other issues I had at that time. Today I thought I'd give busybox another try, if you please. Just like I maintained it locally for many years before I become bb maintainer, I continue to maintain it locally after stepping down (and after nothing in it happened for years again). I looked at the current packaging, - Chris Boot did a good job there, it seems. It is not an easiest package wrt the amount of bug reports in there, one has to be brave enough to do some work with it :) I don't understand what is holding an upload right now, -- the salsa busybox repository is more than 3 months old now. I think it is ready for an upload, - I think we should do it and deal with any issues which may come. I'd only do some minor touches there which I noticed immediately - like, enabling the tr equivalence classes for the static busybox build too, just like it is done for the regular deb. In d/patches/ there's a hackish patch temp-deb-installer-hack.patch which seriously needs addressing I think (not in this upload though), -- has anything been done in this direction, to get values from the kernel command line in some more sane place than shell environment? I'm still not familiar with d-i and its internals, so I need some help there. At least some discussion should be happening, I think, because this seems to be a serious change for the d-i. Yet keeping this patch does not seem to be a good idea. So, to sum it up the tl;dr way: - is it okay for you if I help with bb, with its upload and with further maintenance? - is there anything that is holding the upload now which I'm not aware of? - do we have anything in the d-i kernel command line processing front, in moving stuff from $env-vars to some saner place? Thank you! /mjt
Processed: Re: busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34)
Processing control commands: > tag -1 pending Bug #999567 [busybox] busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34) Added tag(s) pending. -- 999567: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#999567: busybox: CVE-2021-42373 through CVE-2021-42386 (fixed in 1.34)
Control: tag -1 pending On 12 Nov 2021 16:54:06 +0100 Diederik de Haas wrote: > Package: busybox > Version: 1:1.30.1-7+b1 > Severity: important > Tags: security upstream fixed-upstream The new upstream version fixing these CVEs (and others) have been ready in salsa for several months now. I'd really appreciate it if what's ready in salsa could be uploaded soon (tm). Cheers, Diederik signature.asc Description: This is a digitally signed message part.
Bug#1009309: udhcpc: allow usage without busybox
13.04.2022 09:31, Helmut Grohne wrote: Control: tags -1 + moreinfo On Wed, Apr 13, 2022 at 09:13:58AM +0300, Michael Tokarev wrote: No, as far as I understand. B/c udhcpc package lacks the main binary if there's no busybox... ;) Can you explain please? :) Head -> table. I now understand why udhcpc is so small. Thank you for your kind reply. There is nothing to change here. I'll look into the reverse (and usual) solution to space saving: replace everything else with busybox. That was good Helmut! Thank you! On a related note, I have been wondering whether we could somehow put the integration of busybox on more solid footing. A possible route could be adding tiny symlink packages e.g. iproute2-minimal containing ip, kmod-minimal containing lsmod and friends or procps-minimal containing top et al. These would have to conflict with iproute2, kmod and procps respectively as they're sharing paths. To make that actually useful, downstream packages could update their depends to foo | foo-minimal when they are known to work with busybox. If toybox wants to join, -minimal would refer to the minimal baselines provided by both busybox and toybox. It's a lot of small packages and metadata though. I'm not convinced yet and merely sharing thoughts. Properly minimizing Debian chroots with busybox is not a "it just works" experience yet. I thought about this back when I stepped on as busybox maintainer a few years back. Busybox isn't really suitable as a full-blown implementation for many system utilities. For one, quite some things on the system will break when you replace something with busybox, due to maintscripts, or startup scripts, whatever, usage of options/features/lack-of-bugs of the busybox's large brothers. Eg, file^Wcoreutils or [mg]awk provides much more features than busybox counterparts, and these features are being used in debian. This isn't difficult to fix in most places but you know the drill with cross-compile, how slow this process is :) But busybox is basically not maintained in Debian. I tried to at least reduce the number of active bug reports (there were many of them), updated version to current one (previous update was a few versions behind), tried to sync different configuration with each other and with reality.. until something happened a few debian releases ago and I was pissed off and stepped down. I don't even remember what happened, just a vague memory of someone uploading busybox backing up changes I did and refusing my changes to go, or some such.. So after that, busybox basically froze again. I still maintain it locally for our needs just like I did before, but I don't do that in Debian anymore. Maybe I should try again... /mjt
Bug#1009309: marked as done (udhcpc: allow usage without busybox)
Your message dated Wed, 13 Apr 2022 08:31:03 +0200
with message-id
and subject line Re: Bug#1009309: udhcpc: allow usage without busybox
has caused the Debian Bug report #1009309,
regarding udhcpc: allow usage without busybox
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1009309: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009309
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: busybox
Version: 1:1.30.1-7
Severity: wishlist
Tags: patch
Hi Aurelien,
would it be possible to avoid the udhcpc -> busybox dependency? It may
seem strange to remove busybox in a quest to reduce file system usage at
first, but if you need iproute2 for other reasons, it should be fine at
providing what udhcpc needs. I'm attaching a patch so you can judge the
impact.
If that's not a reasonable move forward, how about demoting the
dependency to Recommends? Admittedly, the case of using udhcpc without
using its default script is rare, so I wasn't convinced about that
approach yet.
What do you think?
Helmut
diff --minimal -Nru busybox-1.30.1/debian/changelog
busybox-1.30.1/debian/changelog
--- busybox-1.30.1/debian/changelog 2021-08-22 16:39:45.00000 +0200
+++ busybox-1.30.1/debian/changelog 2022-04-11 13:59:07.0 +0200
@@ -1,3 +1,10 @@
+busybox (1:1.30.1-7.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Allow using udhcpc without busybox. (Closes: #-1)
+
+ -- Helmut Grohne Mon, 11 Apr 2022 13:59:07 +0200
+
busybox (1:1.30.1-7) unstable; urgency=medium
[ Debian Janitor ]
diff --minimal -Nru busybox-1.30.1/debian/control busybox-1.30.1/debian/control
--- busybox-1.30.1/debian/control 2021-08-22 11:37:14.00000 +0200
+++ busybox-1.30.1/debian/control 2022-04-11 13:59:04.0 +0200
@@ -104,7 +104,7 @@
Section: net
Architecture: linux-any
Depends:
- busybox (>> ${source:Upstream-Version}) | busybox-static (>>
${source:Upstream-Version}),
+ busybox (>> ${source:Upstream-Version}) | busybox-static (>>
${source:Upstream-Version}) | iproute2,
${misc:Depends},
Description: Provides the busybox DHCP client implementation
Busybox contains a very small yet fully functional RFC compliant DHCP
diff --minimal -Nru busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script
busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script
--- busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script 2019-08-07
23:12:03.0 +0200
+++ busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script 2022-04-11
13:58:08.0 +0200
@@ -12,28 +12,33 @@
logger -t "udhcpc[$PPID]" -p daemon.$1 "$interface: $2"
}
+command -v ip >/dev/null && ip_exe=ip || ip_exe="busybox ip"
+command -v awk >/dev/null && awk_exe=awk || awk_exe="busybox awk"
+
case $1 in
bound|renew)
# Configure new IP address.
# Do it unconditionally even if the address hasn't changed,
# to also set subnet, broadcast, mtu, ...
- busybox ifconfig $interface ${mtu:+mtu $mtu} \
- $ip netmask $subnet ${broadcast:+broadcast $broadcast}
+ [ -n "$mtu" ] && $ip_exe link set dev $interface mtu $mtu
+ $ip_exe -4 addr flush dev $interface
+ $ip_exe -4 addr add $ip/$subnet ${broadcast:+broadcast $broadcast} \
+ dev $interface
# get current ("old") routes (after setting new IP)
- crouter=$(busybox ip -4 route show dev $interface |
- busybox awk '$1 == "default" { print $3; }')
+ crouter=$($ip_exe -4 route show dev $interface |
+ $awk_exe '$1 == "default" { print $3; }')
router="${router%% *}" # linux kernel supports only one (default) route
if [ ".$router" != ".$crouter" ]; then
# reset just default routes
- busybox ip -4 route flush exact 0.0.0.0/0 dev $interface
+ $ip_exe -4 route flush exact 0.0.0.0/0 dev $interface
fi
if [ -n "$router" ]; then
# special case for /32 subnets: use onlink keyword
[ ".$subnet" = .255.255.255.255 ] \
&& onlink=onlink || onlink=
- busybox ip -4 route add default via $router dev $interface $onlink
+ $ip_exe -4 route add default via $router dev $interface $onlink
fi
# Update resolver configuration file
@@ -53,9 +58,9 @@
;;
Bug#1009309: udhcpc: allow usage without busybox
11.04.2022 15:21, Helmut Grohne wrote: Source: busybox Version: 1:1.30.1-7 Severity: wishlist Tags: patch Hi Aurelien, would it be possible to avoid the udhcpc -> busybox dependency? It may seem strange to remove busybox in a quest to reduce file system usage at first, but if you need iproute2 for other reasons, it should be fine at providing what udhcpc needs. I'm attaching a patch so you can judge the impact. Helmut, I'm not sure I follow you here. udhcpc itself is provided by bysybox. There's no udhcpc without busybox. udhcpc package is just a set of support files for busybox's udhcpc applet. This is exactly why I implemented it this way in the dhcp script: we're absolutely sure busybox implementations of awk and ip are always here, since without these there would be udhcpc. If that's not a reasonable move forward, how about demoting the dependency to Recommends? Admittedly, the case of using udhcpc without No, as far as I understand. B/c udhcpc package lacks the main binary if there's no busybox... ;) Can you explain please? :) /mjt
Bug#1009309: udhcpc: allow usage without busybox
Source: busybox
Version: 1:1.30.1-7
Severity: wishlist
Tags: patch
Hi Aurelien,
would it be possible to avoid the udhcpc -> busybox dependency? It may
seem strange to remove busybox in a quest to reduce file system usage at
first, but if you need iproute2 for other reasons, it should be fine at
providing what udhcpc needs. I'm attaching a patch so you can judge the
impact.
If that's not a reasonable move forward, how about demoting the
dependency to Recommends? Admittedly, the case of using udhcpc without
using its default script is rare, so I wasn't convinced about that
approach yet.
What do you think?
Helmut
diff --minimal -Nru busybox-1.30.1/debian/changelog
busybox-1.30.1/debian/changelog
--- busybox-1.30.1/debian/changelog 2021-08-22 16:39:45.00000 +0200
+++ busybox-1.30.1/debian/changelog 2022-04-11 13:59:07.0 +0200
@@ -1,3 +1,10 @@
+busybox (1:1.30.1-7.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Allow using udhcpc without busybox. (Closes: #-1)
+
+ -- Helmut Grohne Mon, 11 Apr 2022 13:59:07 +0200
+
busybox (1:1.30.1-7) unstable; urgency=medium
[ Debian Janitor ]
diff --minimal -Nru busybox-1.30.1/debian/control busybox-1.30.1/debian/control
--- busybox-1.30.1/debian/control 2021-08-22 11:37:14.00000 +0200
+++ busybox-1.30.1/debian/control 2022-04-11 13:59:04.0 +0200
@@ -104,7 +104,7 @@
Section: net
Architecture: linux-any
Depends:
- busybox (>> ${source:Upstream-Version}) | busybox-static (>>
${source:Upstream-Version}),
+ busybox (>> ${source:Upstream-Version}) | busybox-static (>>
${source:Upstream-Version}) | iproute2,
${misc:Depends},
Description: Provides the busybox DHCP client implementation
Busybox contains a very small yet fully functional RFC compliant DHCP
diff --minimal -Nru busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script
busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script
--- busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script 2019-08-07
23:12:03.0 +0200
+++ busybox-1.30.1/debian/tree/udhcpc/etc/udhcpc/default.script 2022-04-11
13:58:08.0 +0200
@@ -12,28 +12,33 @@
logger -t "udhcpc[$PPID]" -p daemon.$1 "$interface: $2"
}
+command -v ip >/dev/null && ip_exe=ip || ip_exe="busybox ip"
+command -v awk >/dev/null && awk_exe=awk || awk_exe="busybox awk"
+
case $1 in
bound|renew)
# Configure new IP address.
# Do it unconditionally even if the address hasn't changed,
# to also set subnet, broadcast, mtu, ...
- busybox ifconfig $interface ${mtu:+mtu $mtu} \
- $ip netmask $subnet ${broadcast:+broadcast $broadcast}
+ [ -n "$mtu" ] && $ip_exe link set dev $interface mtu $mtu
+ $ip_exe -4 addr flush dev $interface
+ $ip_exe -4 addr add $ip/$subnet ${broadcast:+broadcast $broadcast} \
+ dev $interface
# get current ("old") routes (after setting new IP)
- crouter=$(busybox ip -4 route show dev $interface |
- busybox awk '$1 == "default" { print $3; }')
+ crouter=$($ip_exe -4 route show dev $interface |
+ $awk_exe '$1 == "default" { print $3; }')
router="${router%% *}" # linux kernel supports only one (default) route
if [ ".$router" != ".$crouter" ]; then
# reset just default routes
- busybox ip -4 route flush exact 0.0.0.0/0 dev $interface
+ $ip_exe -4 route flush exact 0.0.0.0/0 dev $interface
fi
if [ -n "$router" ]; then
# special case for /32 subnets: use onlink keyword
[ ".$subnet" = .255.255.255.255 ] \
&& onlink=onlink || onlink=
- busybox ip -4 route add default via $router dev $interface $onlink
+ $ip_exe -4 route add default via $router dev $interface $onlink
fi
# Update resolver configuration file
@@ -53,9 +58,9 @@
;;
deconfig)
- busybox ip link set $interface up
- busybox ip -4 addr flush dev $interface
- busybox ip -4 route flush dev $interface
+ $ip_exe link set $interface up
+ $ip_exe -4 addr flush dev $interface
+ $ip_exe -4 route flush dev $interface
[ -x /sbin/resolvconf ] &&
resolvconf -d "$interface.udhcpc"
log notice "deconfigured"
Bug#881626: busybox: enable telnetd
On Tuesday, 18 January 2022 01:17:38 CET Jonathan Rubenstein wrote: > Maybe this is an indication that busybox-static needs to be audited, or > that all 3 configurations should be audited to make sure something isn't > missing that has no reason to be. IIUC, that is planned: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998803#25 signature.asc Description: This is a digitally signed message part.
Bug#881626: busybox: enable telnetd
busybox-stable Pardon me, I need to proofread. I mean busybox-static. Best Regards, Jonathan Rubenstein
