GNU bug report logs -
#74004
[PATCH] gnu: busybox: Update to 1.37.0. [security fixes]
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Fri, 25 Oct 2024 07:42:02 UTC
Severity: normal
Tags: patch
Done: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 74004 in the body.
You can then email your comments to 74004 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#74004; Package
guix-patches.
(Fri, 25 Oct 2024 07:42:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 25 Oct 2024 07:42:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-42363, CVE-2023-42364, CVE-2023-42365 and
CVE-2023-42366.
* gnu/packages/busybox.scm (busybox): Update to 1.37.0.
---
gnu/packages/busybox.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index f811a7175f..46398da213 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -36,7 +36,7 @@ (define-module (gnu packages busybox)
(define-public busybox
(package
(name "busybox")
- (version "1.36.1")
+ (version "1.37.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -44,7 +44,7 @@ (define-public busybox
version ".tar.bz2"))
(sha256
(base32
- "0573gpj51phcz04sg77iznvcxmf5jnbk9gn3g5r9x02daz4j9k5q"))))
+ "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
(build-system gnu-build-system)
(arguments
(list #:phases
--
2.46.0
Reply sent
to
Zheng Junjie <zhengjunjie <at> iscas.ac.cn>:
You have taken responsibility.
(Sat, 26 Oct 2024 02:15:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
bug acknowledged by developer.
(Sat, 26 Oct 2024 02:15:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 74004-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2023-42363, CVE-2023-42364, CVE-2023-42365 and
> CVE-2023-42366.
>
> * gnu/packages/busybox.scm (busybox): Update to 1.37.0.
> ---
> gnu/packages/busybox.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
> index f811a7175f..46398da213 100644
> --- a/gnu/packages/busybox.scm
> +++ b/gnu/packages/busybox.scm
> @@ -36,7 +36,7 @@ (define-module (gnu packages busybox)
> (define-public busybox
> (package
> (name "busybox")
> - (version "1.36.1")
> + (version "1.37.0")
> (source (origin
> (method url-fetch)
> (uri (string-append
> @@ -44,7 +44,7 @@ (define-public busybox
> version ".tar.bz2"))
> (sha256
> (base32
> - "0573gpj51phcz04sg77iznvcxmf5jnbk9gn3g5r9x02daz4j9k5q"))))
> + "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
> (build-system gnu-build-system)
> (arguments
> (list #:phases
push, close.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74004; Package
guix-patches.
(Sat, 26 Oct 2024 02:17:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74004; Package
guix-patches.
(Sat, 26 Oct 2024 23:26:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 74004 <at> debbugs.gnu.org (full text, mbox):
The updated package fails to build on powerpc64le-linux:
https://ci.guix.gnu.org/build/6263835/details
Excerpt:
--8<---------------cut here---------------start------------->8---
libbb/hash_md5_sha.c: In function ‘sha1_end’:
libbb/hash_md5_sha.c:1316:35: error: ‘sha1_process_block64_shaNI’ undeclared (first use in this function); did you mean ‘sha1_process_block64’?
1316 | || ctx->process_block == sha1_process_block64_shaNI
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| sha1_process_block64
libbb/hash_md5_sha.c:1316:35: note: each undeclared identifier is reported only once for each function it appears in
make[1]: *** [scripts/Makefile.build:198: libbb/hash_md5_sha.o] Error 1
make: *** [Makefile:744: libbb] Error 2
--8<---------------cut here---------------end--------------->8---
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74004; Package
guix-patches.
(Sat, 26 Oct 2024 23:26:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74004; Package
guix-patches.
(Sun, 27 Oct 2024 03:40:01 GMT)
Full text and
rfc822 format available.
Message #22 received at 74004 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
> The updated package fails to build on powerpc64le-linux:
>
> https://ci.guix.gnu.org/build/6263835/details
>
> Excerpt:
>
> --8<---------------cut here---------------start------------->8---
> libbb/hash_md5_sha.c: In function ‘sha1_end’:
> libbb/hash_md5_sha.c:1316:35: error: ‘sha1_process_block64_shaNI’ undeclared (first use in this function); did you mean ‘sha1_process_block64’?
> 1316 | || ctx->process_block == sha1_process_block64_shaNI
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> | sha1_process_block64
> libbb/hash_md5_sha.c:1316:35: note: each undeclared identifier is reported only once for each function it appears in
> make[1]: *** [scripts/Makefile.build:198: libbb/hash_md5_sha.o] Error 1
> make: *** [Makefile:744: libbb] Error 2
> --8<---------------cut here---------------end--------------->8---
>
> Ludo’.
please try this patch.
[0001-gnu-busybox-Fix-build-on-non-x86-platform.patch (text/x-patch, inline)]
From f50eacabce6a9955e3b673c202d6a0a6fa2c2623 Mon Sep 17 00:00:00 2001
Message-ID: <f50eacabce6a9955e3b673c202d6a0a6fa2c2623.1730000285.git.zhengjunjie <at> iscas.ac.cn>
From: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>
Date: Sun, 27 Oct 2024 11:20:16 +0800
Subject: [PATCH] gnu: busybox: Fix build on non x86 platform.
* gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/busybox.scm (busybox): Use it.
Change-Id: I1e6a24dd5b86871a3479ab6ecd247b31c746ec75
---
gnu/local.mk | 1 +
gnu/packages/busybox.scm | 5 +-
.../busybox-add-missing-sha-NI-guard.patch | 48 +++++++++++++++++++
3 files changed, 53 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 6bd7c750900..af9a08f0613 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1032,6 +1032,7 @@ dist_patch_DATA = \
%D%/packages/patches/breezy-fix-gio.patch \
%D%/packages/patches/byobu-writable-status.patch \
%D%/packages/patches/bubblewrap-fix-locale-in-tests.patch \
+ %D%/packages/patches/busybox-add-missing-sha-NI-guard.patch \
%D%/packages/patches/cadical-add-shared-library.patch \
%D%/packages/patches/calibre-no-updates-dialog.patch \
%D%/packages/patches/calibre-remove-test-sqlite.patch \
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index 46398da2136..053994a52af 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016-2020, 2023 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2018–2022 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2022 LuHui <luhux76 <at> gmail.com>
+;;; Copyright © 2024 Zheng Junjie <873216071 <at> qq.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -44,7 +45,9 @@ (define-public busybox
version ".tar.bz2"))
(sha256
(base32
- "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
+ "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))
+ (patches
+ (search-patches "busybox-add-missing-sha-NI-guard.patch"))))
(build-system gnu-build-system)
(arguments
(list #:phases
diff --git a/gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch b/gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch
new file mode 100644
index 00000000000..9fe78cb0bed
--- /dev/null
+++ b/gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch
@@ -0,0 +1,48 @@
+from https://lists.busybox.net/pipermail/busybox/2024-September/090899.html
+
+The ENABLE_SHA1_HWACCEL Kconfig symbol is meant to be archicture
+agnostic, so can be enabled regardless of whether your build
+architecture provides hardware acceleration or not.
+ At the moment only
+x86 implements this, so every piece of optimised code should be guarded
+by both ENABLE_SHA1_HWACCEL and (__x86_64__ || __i386__).
+ This is missing
+at one place, so compiling for arm64 breaks when ENABLE_SHA1_HWACCEL is
+enabled:
+================================
+libbb/hash_md5_sha.c: In function ‘sha1_end’:
+libbb/hash_md5_sha.c:1316:28: error: ‘sha1_process_block64_shaNI’ undeclared (first use in this function); did you mean ‘sha1_process_block64’?
+
+ 1316 | || ctx->process_block == sha1_process_block64_shaNI
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~
+ | sha1_process_block64
+libbb/hash_md5_sha.c:1316:28: note: each undeclared identifier is reported only once for each function it appears in
+make[1]: *** [scripts/Makefile.build:197: libbb/hash_md5_sha.o] Error 1
+make: *** [Makefile:744: libbb] Error 2
+================================
+
+Add the missing guards around the call to sha1_process_block64_shaNI to
+fix the build on other architectures with ENABLE_SHA1_HWACCEL enabled.
+
+Change-Id: I40bba388422625f4230abf15a5de23e1fdc654fc
+Signed-off-by: Andre Przywara <andre.przywara at arm.com>
+---
+ libbb/hash_md5_sha.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c
+index 57a801459..75a61c32c 100644
+--- a/libbb/hash_md5_sha.c
++++ b/libbb/hash_md5_sha.c
+@@ -1313,7 +1313,9 @@ unsigned FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
+ hash_size = 8;
+ if (ctx->process_block == sha1_process_block64
+ #if ENABLE_SHA1_HWACCEL
++# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
+ || ctx->process_block == sha1_process_block64_shaNI
++# endif
+ #endif
+ ) {
+ hash_size = 5;
+--
+2.25.1
\ No newline at end of file
base-commit: 269e4034fcaf55324187efffb6ed5ba14d5e9286
prerequisite-patch-id: f64c7b345e9d8e398b2f8c146ea8f161679ad369
prerequisite-patch-id: b752a2999f51803f96394183d08b19003d1e6bc0
--
2.46.0
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74004; Package
guix-patches.
(Sun, 27 Oct 2024 03:40:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sun, 24 Nov 2024 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 208 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.