GNU bug report logs - #73689
[PATCH] gnu: toybox: Update to 0.8.11. [security fixes]

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Sharlatan Hellseher <sharlatanus <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#73689: closed ([PATCH] gnu: toybox: Update to 0.8.11.
 [security fixes])
Date: Fri, 11 Oct 2024 13:33:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Fri, 11 Oct 2024 14:31:21 +0100
with message-id <875xpyrck6.fsf <at> gmail.com>
and subject line gnu: toybox: Update to 0.8.11. [security fixes]
has caused the debbugs.gnu.org bug report #73689,
regarding [PATCH] gnu: toybox: Update to 0.8.11. [security fixes]
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
73689: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=73689
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: guix-patches <at> gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [PATCH] gnu: toybox: Update to 0.8.11. [security fixes]
Date: Tue,  8 Oct 2024 08:19:26 +0200

This fixes CVE-2022-32298.

* gnu/packages/busybox.scm (toybox): Update to 0.8.11.
[arguments]<#:phases>: Adjust phase 'fix-or-skip-broken-tests.
---
 gnu/packages/busybox.scm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index a8b775b944..f811a7175f 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -130,7 +130,7 @@ (define-public busybox
 (define-public toybox
   (package
     (name "toybox")
-    (version "0.8.7")
+    (version "0.8.11")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -138,7 +138,7 @@ (define-public toybox
                     version ".tar.gz"))
               (sha256
                (base32
-                "150lvp7hf9ndafvmr42kb8xi86hxjd2zj4binwwhgjw2dwrvy25m"))))
+                "1p37zqxhj48klwwxl8jc2hw1x7pr2w39bfb1nx6qghaf5y1kzahm"))))
     (build-system gnu-build-system)
     (arguments
      (list #:make-flags
@@ -154,11 +154,15 @@ (define-public toybox
                  (lambda _
                    ;; Some tests expect $USER to magically be the current user.
                    (setenv "USER" (passwd:name (getpwnam (geteuid))))
+                   ;; This uses /bin/sh.
+                   (substitute* "tests/timeout.test"
+                     (("/bin/sh") (which "bash")))
                    ;; This expects directories to be exactly 4K.  They aren't!
                    (delete-file "tests/du.test")
                    ;; Delete tests that expect a root or 0 user to exist.
                    (substitute* "tests/id.test"
-                     (("^testing .*[ \\(]root.*") ""))))
+                     (("^testing .*[ \\(]root.*") ""))
+                   (delete-file "tests/tar.test")))
                (add-after 'install 'remove-usr-directory
                  (lambda* (#:key outputs #:allow-other-keys)
                    (delete-file-recursively (string-append #$output "/usr")))))
-- 
2.46.0

[Message part 3 (message/rfc822, inline)]

From: Sharlatan Hellseher <sharlatanus <at> gmail.com>
To: 73689-done <at> debbugs.gnu.org
Subject: gnu: toybox: Update to 0.8.11. [security fixes]
Date: Fri, 11 Oct 2024 14:31:21 +0100

[Message part 4 (text/plain, inline)]

Pushed as e347386a7ff96fce644894ba2a0889d273500e11 to master.

Thanks,
Oleg

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.