From 7dbb8c82819a418766b9a56be3b251db6b7a900d Mon Sep 17 00:00:00 2001 From: mandree Date: Tue, 5 Mar 2013 16:10:35 +0000 Subject: - Add support for concatenated .xz streams - Fix grep -Fw not respecting -w - Fix assorted crashes and two macros These, and the previous CVE fix in _2 were Obtained from: http://patch-tracker.debian.org/package/busybox/1:1.20.0-8 --- sysutils/busybox/Makefile | 2 +- ...tch-380c8a0-xz-support-concatenated-.xz-streams | 99 ++++++++++++++++++++++ ...fix-grep--Fw-not-respecting-the--w-option.patch | 94 ++++++++++++++++++++ .../files/patch-fix-move_to_unaligned16.patch | 22 +++++ .../busybox/files/patch-lineedit-initialize-delptr | 25 ++++++ .../busybox/files/patch-xz-fix-put_unaligned_e32 | 25 ++++++ 6 files changed, 266 insertions(+), 1 deletion(-) create mode 100644 sysutils/busybox/files/patch-380c8a0-xz-support-concatenated-.xz-streams create mode 100644 sysutils/busybox/files/patch-fix-grep--Fw-not-respecting-the--w-option.patch create mode 100644 sysutils/busybox/files/patch-fix-move_to_unaligned16.patch create mode 100644 sysutils/busybox/files/patch-lineedit-initialize-delptr create mode 100644 sysutils/busybox/files/patch-xz-fix-put_unaligned_e32 (limited to 'sysutils') diff --git a/sysutils/busybox/Makefile b/sysutils/busybox/Makefile index dcf683b08e85..b7e96ef25bb3 100644 --- a/sysutils/busybox/Makefile +++ b/sysutils/busybox/Makefile @@ -3,7 +3,7 @@ PORTNAME= busybox PORTVERSION= 1.20.2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= sysutils misc shells MASTER_SITES= http://www.busybox.net/downloads/ diff --git a/sysutils/busybox/files/patch-380c8a0-xz-support-concatenated-.xz-streams b/sysutils/busybox/files/patch-380c8a0-xz-support-concatenated-.xz-streams new file mode 100644 index 000000000000..b3794901013f --- /dev/null +++ b/sysutils/busybox/files/patch-380c8a0-xz-support-concatenated-.xz-streams @@ -0,0 +1,99 @@ +commit 380c8a0763462692eef8d00df4872a561ff7aa7b +Author: Lasse Collin +Date: Wed Feb 27 17:26:40 2013 +0100 + + xz: support concatenated .xz streams + + function old new delta + xz_dec_reset - 77 +77 + unpack_xz_stream 2402 2397 -5 + + Signed-off-by: Lasse Collin + Signed-off-by: Denys Vlasenko + +diff --git a/archival/libarchive/decompress_unxz.c b/archival/libarchive/decompress_unxz.c +index 79b48a1..e9ddd37 100644 +--- ./archival/libarchive/decompress_unxz.c ++++ ./archival/libarchive/decompress_unxz.c +@@ -40,6 +40,7 @@ static uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc) + IF_DESKTOP(long long) int FAST_FUNC + unpack_xz_stream(transformer_aux_data_t *aux, int src_fd, int dst_fd) + { ++ enum xz_ret xz_result; + struct xz_buf iobuf; + struct xz_dec *state; + unsigned char *membuf; +@@ -63,9 +64,8 @@ unpack_xz_stream(transformer_aux_data_t *aux, int src_fd, int dst_fd) + /* Limit memory usage to about 64 MiB. */ + state = xz_dec_init(XZ_DYNALLOC, 64*1024*1024); + ++ xz_result = X_OK; + while (1) { +- enum xz_ret r; +- + if (iobuf.in_pos == iobuf.in_size) { + int rd = safe_read(src_fd, membuf, BUFSIZ); + if (rd < 0) { +@@ -73,28 +73,57 @@ unpack_xz_stream(transformer_aux_data_t *aux, int src_fd, int dst_fd) + total = -1; + break; + } ++ if (rd == 0 && xz_result == XZ_STREAM_END) ++ break; + iobuf.in_size = rd; + iobuf.in_pos = 0; + } ++ if (xz_result == XZ_STREAM_END) { ++ /* ++ * Try to start decoding next concatenated stream. ++ * Stream padding must always be a multiple of four ++ * bytes to preserve four-byte alignment. To keep the ++ * code slightly smaller, we aren't as strict here as ++ * the .xz spec requires. We just skip all zero-bytes ++ * without checking the alignment and thus can accept ++ * files that aren't valid, e.g. the XZ utils test ++ * files bad-0pad-empty.xz and bad-0catpad-empty.xz. ++ */ ++ do { ++ if (membuf[iobuf.in_pos] != 0) { ++ xz_dec_reset(state); ++ goto do_run; ++ } ++ iobuf.in_pos++; ++ } while (iobuf.in_pos < iobuf.in_size); ++ } ++ do_run: + // bb_error_msg(">in pos:%d size:%d out pos:%d size:%d", + // iobuf.in_pos, iobuf.in_size, iobuf.out_pos, iobuf.out_size); +- r = xz_dec_run(state, &iobuf); ++ xz_result = xz_dec_run(state, &iobuf); + // bb_error_msg(" +Date: Sun Jan 20 16:57:19 2013 +0100 +Bug-Debian: http://bugs.debian.org/695862 + + grep: fix grep -Fw not respecting the -w option. Closes 5792 + + Signed-off-by: Denys Vlasenko + +diff --git a/findutils/grep.c b/findutils/grep.c +index de4fcf5..70f3516 100644 +--- ./findutils/grep.c ++++ ./findutils/grep.c +@@ -344,10 +344,34 @@ static int grep_file(FILE *file) + while (pattern_ptr) { + gl = (grep_list_data_t *)pattern_ptr->data; + if (FGREP_FLAG) { +- found |= (((option_mask32 & OPT_i) +- ? strcasestr(line, gl->pattern) +- : strstr(line, gl->pattern) +- ) != NULL); ++ char *match; ++ char *str = line; ++ opt_f_again: ++ match = ((option_mask32 & OPT_i) ++ ? strcasestr(str, gl->pattern) ++ : strstr(str, gl->pattern) ++ ); ++ if (match) { ++ if (option_mask32 & OPT_x) { ++ if (match != str) ++ goto opt_f_not_found; ++ if (str[strlen(gl->pattern)] != '\0') ++ goto opt_f_not_found; ++ } else ++ if (option_mask32 & OPT_w) { ++ char c = (match != str) ? match[-1] : ' '; ++ if (!isalnum(c) && c != '_') { ++ c = match[strlen(gl->pattern)]; ++ if (!c || (!isalnum(c) && c != '_')) ++ goto opt_f_found; ++ } ++ str = match + 1; ++ goto opt_f_again; ++ } ++ opt_f_found: ++ found = 1; ++ opt_f_not_found: ; ++ } + } else { + if (!(gl->flg_mem_alocated_compiled & COMPILED)) { + gl->flg_mem_alocated_compiled |= COMPILED; +@@ -376,7 +400,8 @@ static int grep_file(FILE *file) + if (option_mask32 & OPT_x) { + found = (gl->matched_range.rm_so == 0 + && line[gl->matched_range.rm_eo] == '\0'); +- } else if (!(option_mask32 & OPT_w)) { ++ } else ++ if (!(option_mask32 & OPT_w)) { + found = 1; + } else { + char c = ' '; +@@ -387,6 +412,8 @@ static int grep_file(FILE *file) + if (!c || (!isalnum(c) && c != '_')) + found = 1; + } ++//BUG: "echo foop foo | grep -w foo" should match, but doesn't: ++//we bail out on first "mismatch" because it's not a word. + } + } + } +diff --git a/testsuite/grep.tests b/testsuite/grep.tests +index 006a215..4781f22 100755 +--- ./testsuite/grep.tests ++++ ./testsuite/grep.tests +@@ -115,6 +115,18 @@ testing "grep -v -f EMPTY_FILE" \ + "" \ + "test\n" + ++testing "grep -Fw matches only words" \ ++ "grep -Fw foo input" \ ++ "" \ ++ "foop\n" \ ++ "" ++ ++testing "grep -Fw doesn't stop on 1st mismatch" \ ++ "grep -Fw foo input" \ ++ "foop foo\n" \ ++ "foop foo\n" \ ++ "" ++ + # testing "test name" "commands" "expected result" "file input" "stdin" + # file input will be file called "input" + # test can create a file "actual" instead of writing to stdout diff --git a/sysutils/busybox/files/patch-fix-move_to_unaligned16.patch b/sysutils/busybox/files/patch-fix-move_to_unaligned16.patch new file mode 100644 index 000000000000..4bb4719f55af --- /dev/null +++ b/sysutils/busybox/files/patch-fix-move_to_unaligned16.patch @@ -0,0 +1,22 @@ +commit e3e321682cd1e9861ba7680e61ab6dadaf1e2e32 +Author: Denys Vlasenko +Date: Wed Feb 27 15:49:38 2013 +0100 +Bug-Debian: http://bugs.debian.org/701968 + + Fix move_to_unaligned16 + + Signed-off-by: Denys Vlasenko + +diff --git a/include/platform.h b/include/platform.h +index 1282306..f4deb30 100644 +--- ./include/platform.h ++++ ./include/platform.h +@@ -228,7 +228,7 @@ typedef uint32_t bb__aliased_uint32_t FIX_ALIASING; + # define move_from_unaligned32(v, u32p) (memcpy(&(v), (u32p), 4)) + # define move_to_unaligned16(u16p, v) do { \ + uint16_t __t = (v); \ +- memcpy((u16p), &__t, 4); \ ++ memcpy((u16p), &__t, 2); \ + } while (0) + # define move_to_unaligned32(u32p, v) do { \ + uint32_t __t = (v); \ diff --git a/sysutils/busybox/files/patch-lineedit-initialize-delptr b/sysutils/busybox/files/patch-lineedit-initialize-delptr new file mode 100644 index 000000000000..5b50f6741ccb --- /dev/null +++ b/sysutils/busybox/files/patch-lineedit-initialize-delptr @@ -0,0 +1,25 @@ +commit 46031da862a60422f80050a905cea0b67026b021 +Author: Shawn J. Goff +Date: Wed Feb 27 18:30:05 2013 +0100 +Bug-Debian: http://bugs.debian.org/701959 + + lineedit: initialize delptr + + In vi mode, the 'p' and 'P' commands caused a segfault when nothing had + been put in the buffer yet because the delptr was not initialized. + + Signed-off-by: Shawn J. Goff + Signed-off-by: Denys Vlasenko + +diff --git a/libbb/lineedit.c b/libbb/lineedit.c +index dbe6164..52b49e8 100644 +--- ./libbb/lineedit.c ++++ ./libbb/lineedit.c +@@ -187,6 +187,7 @@ extern struct lineedit_statics *const lineedit_ptr_to_statics; + cmdedit_termw = 80; \ + IF_FEATURE_EDITING_FANCY_PROMPT(num_ok_lines = 1;) \ + IF_USERNAME_OR_HOMEDIR(home_pwd_buf = (char*)null_str;) \ ++ IF_FEATURE_EDITING_VI(delptr = delbuf;) \ + } while (0) + + static void deinit_S(void) diff --git a/sysutils/busybox/files/patch-xz-fix-put_unaligned_e32 b/sysutils/busybox/files/patch-xz-fix-put_unaligned_e32 new file mode 100644 index 000000000000..741e35aeee13 --- /dev/null +++ b/sysutils/busybox/files/patch-xz-fix-put_unaligned_e32 @@ -0,0 +1,25 @@ +commit f59d563399be3d9af3e7b4673e13905d28f2339b +Author: Leonid Lisovskiy +Date: Wed Feb 27 18:32:58 2013 +0100 +Bug-Debian: http://bugs.debian.org/701968 + + xz: fix put_unaligned_{l,b}e32 + + Signed-off-by: Leonid Lisovskiy + Signed-off-by: Denys Vlasenko + +diff --git a/archival/libarchive/decompress_unxz.c b/archival/libarchive/decompress_unxz.c +index e9ddd37..986b7b1 100644 +--- ./archival/libarchive/decompress_unxz.c ++++ ./archival/libarchive/decompress_unxz.c +@@ -30,8 +30,8 @@ static uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc) + /* We use arch-optimized unaligned accessors */ + #define get_unaligned_le32(buf) ({ uint32_t v; move_from_unaligned32(v, buf); SWAP_LE32(v); }) + #define get_unaligned_be32(buf) ({ uint32_t v; move_from_unaligned32(v, buf); SWAP_BE32(v); }) +-#define put_unaligned_le32(val, buf) move_to_unaligned16(buf, SWAP_LE32(val)) +-#define put_unaligned_be32(val, buf) move_to_unaligned16(buf, SWAP_BE32(val)) ++#define put_unaligned_le32(val, buf) move_to_unaligned32(buf, SWAP_LE32(val)) ++#define put_unaligned_be32(val, buf) move_to_unaligned32(buf, SWAP_BE32(val)) + + #include "unxz/xz_dec_bcj.c" + #include "unxz/xz_dec_lzma2.c" -- cgit