busybox.git/scripts, branch master Unnamed repository; edit this file 'description' to name the repository. archival: disallow path traversals (CVE-2023-39810) 2025-04-16T01:03:17+00:00 Denys Vlasenko vda.linux@googlemail.com 2024-10-02T08:12:05+00:00 9a8796436b9b0641e13480811902ea2ac57881d3 Create new configure option for archival/libarchive based extractions to disallow path traversals. As this is a paranoid option and might introduce backward incompatibility, default it to no. Fixes: CVE-2023-39810 Based on the patch by Peter Kaestle <peter.kaestle@nokia.com> function old new delta data_extract_all 921 945 +24 strip_unsafe_prefix 101 102 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0) Total: 25 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
Create new configure option for archival/libarchive based extractions to
disallow path traversals.
As this is a paranoid option and might introduce backward
incompatibility, default it to no.

Fixes: CVE-2023-39810

Based on the patch by Peter Kaestle <peter.kaestle@nokia.com>

function                                             old     new   delta
data_extract_all                                     921     945     +24
strip_unsafe_prefix                                  101     102      +1
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0)               Total: 25 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fixdep: add fstat error handling 2024-09-27T18:03:30+00:00 Sam James sam@gentoo.org 2024-04-23T20:10:18+00:00 480a07bd6828285628abbbe3fe8e5e3b25ce1a92 When `fstat` fails, `st` is left uninitialised. In our case, Ben Kohler noticed our release media builds were failing in Gentoo on x86 when building busybox with occasional SIGBUS. This turned out to be EOVERFLOW (from 32-bit ino_t) which wasn't being reported because nothing was checking the return value from `fstat`. Fix that to avoid UB (use of uninit var) and to give a more friendly error to the user. This actually turns out to be fixed already in the kernel from back in 2010 [0] and 2016 [1]. [0] https://github.com/torvalds/linux/commit/a3ba81131aca243bfecfa78c42edec0cd69f72d6 [1] https://github.com/torvalds/linux/commit/46fe94ad18aa7ce6b3dad8c035fb538942020f2b Reported-by: Ben Kohler <bkohler@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
When `fstat` fails, `st` is left uninitialised. In our case, Ben Kohler
noticed our release media builds were failing in Gentoo on x86 when building
busybox with occasional SIGBUS. This turned out to be EOVERFLOW (from 32-bit
ino_t) which wasn't being reported because nothing was checking the return value
from `fstat`.

Fix that to avoid UB (use of uninit var) and to give a more friendly
error to the user.

This actually turns out to be fixed already in the kernel from back in
2010 [0] and 2016 [1].

[0] https://github.com/torvalds/linux/commit/a3ba81131aca243bfecfa78c42edec0cd69f72d6
[1] https://github.com/torvalds/linux/commit/46fe94ad18aa7ce6b3dad8c035fb538942020f2b

Reported-by: Ben Kohler <bkohler@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
docproc: avoid segfault during file closing 2024-04-13T15:57:46+00:00 Yan Zhu zhuyan2015@foxmail.com 2023-09-11T16:03:09+00:00 681e4f5d922b9f0ea968238750d5c5d748eac809 In the function find_export_symbols, since the fopen file does not exit when it fails, there is a dereference problem in fclose(fp), which will cause a segmentation fault. Signed-off-by: Yan Zhu <zhuyan2015@foxmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
In the function find_export_symbols, since the fopen file does not
exit when it fails, there is a dereference problem in fclose(fp),
which will cause a segmentation fault.

Signed-off-by: Yan Zhu <zhuyan2015@foxmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fixdep: avoid underflow when end of entry doesn't coincide with EOF 2023-02-27T12:09:44+00:00 Arsen Arsenović arsen@gentoo.org 2023-02-21T19:20:31+00:00 2d4a3d9e6c1493a9520b907e07a41aca90cdfd94 Bug: https://bugs.gentoo.org/893776 Closes: https://bugs.busybox.net/show_bug.cgi?id=15326 Signed-off-by: Arsen Arsenović <arsen@gentoo.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
Bug: https://bugs.gentoo.org/893776
Closes: https://bugs.busybox.net/show_bug.cgi?id=15326
Signed-off-by: Arsen Arsenović <arsen@gentoo.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
kbuild: fix building sha256 2022-04-21T11:37:10+00:00 Bernhard Reutner-Fischer rep.dot.nop@gmail.com 2022-04-21T11:37:10+00:00 831c754c91f798c53a133bc2cb84eaf38ed32352 Pass down the correct EXTRA_CFLAGS to the compiler driver when building assembler source. Otherwise building busybox for a multilib other than the default failed to link since hash_md5_sha256_x86-64_shaNI.o and hash_md5_sha_x86-64_shaNI.o were built for the default arch which might not what we requested in the EXTRA_CFLAGS. Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> 
Pass down the correct EXTRA_CFLAGS to the compiler driver when building
assembler source.
Otherwise building busybox for a multilib other than the default failed
to link since hash_md5_sha256_x86-64_shaNI.o and
hash_md5_sha_x86-64_shaNI.o were built for the default arch which might
not what we requested in the EXTRA_CFLAGS.

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
build system: detect if build host has no bzip2 2022-01-04T13:32:41+00:00 Denys Vlasenko vda.linux@googlemail.com 2022-01-04T13:32:41+00:00 ed2af2e82dbcfccb7392e9fbc3f837de1594c103 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
scripts/echo.c: fix NUL handling in "abc\0 def" 2021-12-28T20:05:59+00:00 Denys Vlasenko vda.linux@googlemail.com 2021-12-28T20:05:59+00:00 0fcc7f5f738e38766cde59ffd193643458c26cba Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
scripts/randomtest.loop: let user know about SKIP_MOUNT_MAND_TESTS 2021-08-16T18:03:07+00:00 Denys Vlasenko vda.linux@googlemail.com 2021-08-16T18:03:07+00:00 540aa116615713ad53e5ac98850993162e27c32d Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
*: remove remains of FEATURE_TOUCH_NODEREF 2021-08-15T18:50:13+00:00 Denys Vlasenko vda.linux@googlemail.com 2021-08-15T18:50:13+00:00 d32ef3174bdcad429680b393372cb49fa8144289 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
build system: use SOURCE_DATE_EPOCH for timestamp if available 2021-06-05T16:13:00+00:00 Paul Spooren mail@aparcar.org 2021-05-13T21:39:05+00:00 947a22b33262c93e5c50286b723b9086a33a4c1f The SOURCE_DATE_EPOCH is an effort of the Reproducible Builds organization to make timestamps/build dates in compiled tools deterministic over several repetitive builds. Busybox shows by default the build date timestamp which changes whenever compiled. To have a reasonable accurate build date while staying reproducible, it's possible to use the *date of last source modification* rather than the current time and date. Further information on SOURCE_DATE_EPOCH are available online [1]. This patch modifies `confdata.c` so that the content of the SOURCE_DATE_EPOCH env variable is used as timestamp. To be independent of different timezones between builds, whenever SOURCE_DATE_EPOCH is defined the GMT time is used. [1]: https://reproducible-builds.org/docs/source-date-epoch/ Signed-off-by: Paul Spooren <mail@aparcar.org> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 
The SOURCE_DATE_EPOCH is an effort of the Reproducible Builds
organization to make timestamps/build dates in compiled tools
deterministic over several repetitive builds.

Busybox shows by default the build date timestamp which changes whenever
compiled. To have a reasonable accurate build date while staying
reproducible, it's possible to use the *date of last source
modification* rather than the current time and date.

Further information on SOURCE_DATE_EPOCH are available online [1].

This patch modifies `confdata.c` so that the content of the
SOURCE_DATE_EPOCH env variable is used as timestamp.

To be independent of different timezones between builds, whenever
SOURCE_DATE_EPOCH is defined the GMT time is used.

[1]: https://reproducible-builds.org/docs/source-date-epoch/

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>