* [bug#74004] [PATCH] gnu: busybox: Update to 1.37.0. [security fixes]
@ 2024-10-25 7:38 Nicolas Graves via Guix-patches via
2024-10-26 2:13 ` bug#74004: " Zheng Junjie
0 siblings, 1 reply; 4+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-25 7:38 UTC (permalink / raw)
To: 74004; +Cc: Nicolas Graves
This fixes CVE-2023-42363, CVE-2023-42364, CVE-2023-42365 and
CVE-2023-42366.
* gnu/packages/busybox.scm (busybox): Update to 1.37.0.
---
gnu/packages/busybox.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index f811a7175f..46398da213 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -36,7 +36,7 @@ (define-module (gnu packages busybox)
(define-public busybox
(package
(name "busybox")
- (version "1.36.1")
+ (version "1.37.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -44,7 +44,7 @@ (define-public busybox
version ".tar.bz2"))
(sha256
(base32
- "0573gpj51phcz04sg77iznvcxmf5jnbk9gn3g5r9x02daz4j9k5q"))))
+ "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
(build-system gnu-build-system)
(arguments
(list #:phases
--
2.46.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* bug#74004: [PATCH] gnu: busybox: Update to 1.37.0. [security fixes]
2024-10-25 7:38 [bug#74004] [PATCH] gnu: busybox: Update to 1.37.0. [security fixes] Nicolas Graves via Guix-patches via
@ 2024-10-26 2:13 ` Zheng Junjie
2024-10-26 23:22 ` [bug#74004] " Ludovic Courtès
0 siblings, 1 reply; 4+ messages in thread
From: Zheng Junjie @ 2024-10-26 2:13 UTC (permalink / raw)
To: Nicolas Graves via Guix-patches via; +Cc: 74004-done, Nicolas Graves
[-- Attachment #1: Type: text/plain, Size: 1134 bytes --]
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:
> This fixes CVE-2023-42363, CVE-2023-42364, CVE-2023-42365 and
> CVE-2023-42366.
>
> * gnu/packages/busybox.scm (busybox): Update to 1.37.0.
> ---
> gnu/packages/busybox.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
> index f811a7175f..46398da213 100644
> --- a/gnu/packages/busybox.scm
> +++ b/gnu/packages/busybox.scm
> @@ -36,7 +36,7 @@ (define-module (gnu packages busybox)
> (define-public busybox
> (package
> (name "busybox")
> - (version "1.36.1")
> + (version "1.37.0")
> (source (origin
> (method url-fetch)
> (uri (string-append
> @@ -44,7 +44,7 @@ (define-public busybox
> version ".tar.bz2"))
> (sha256
> (base32
> - "0573gpj51phcz04sg77iznvcxmf5jnbk9gn3g5r9x02daz4j9k5q"))))
> + "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
> (build-system gnu-build-system)
> (arguments
> (list #:phases
push, close.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [bug#74004] [PATCH] gnu: busybox: Update to 1.37.0. [security fixes]
2024-10-26 2:13 ` bug#74004: " Zheng Junjie
@ 2024-10-26 23:22 ` Ludovic Courtès
2024-10-27 3:38 ` Zheng Junjie
0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2024-10-26 23:22 UTC (permalink / raw)
To: Zheng Junjie; +Cc: 74004, 74004-done, Nicolas Graves
The updated package fails to build on powerpc64le-linux:
https://ci.guix.gnu.org/build/6263835/details
Excerpt:
--8<---------------cut here---------------start------------->8---
libbb/hash_md5_sha.c: In function ‘sha1_end’:
libbb/hash_md5_sha.c:1316:35: error: ‘sha1_process_block64_shaNI’ undeclared (first use in this function); did you mean ‘sha1_process_block64’?
1316 | || ctx->process_block == sha1_process_block64_shaNI
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
| sha1_process_block64
libbb/hash_md5_sha.c:1316:35: note: each undeclared identifier is reported only once for each function it appears in
make[1]: *** [scripts/Makefile.build:198: libbb/hash_md5_sha.o] Error 1
make: *** [Makefile:744: libbb] Error 2
--8<---------------cut here---------------end--------------->8---
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [bug#74004] [PATCH] gnu: busybox: Update to 1.37.0. [security fixes]
2024-10-26 23:22 ` [bug#74004] " Ludovic Courtès
@ 2024-10-27 3:38 ` Zheng Junjie
0 siblings, 0 replies; 4+ messages in thread
From: Zheng Junjie @ 2024-10-27 3:38 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 74004, 74004-done, Nicolas Graves
[-- Attachment #1.1: Type: text/plain, Size: 1012 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> The updated package fails to build on powerpc64le-linux:
>
> https://ci.guix.gnu.org/build/6263835/details
>
> Excerpt:
>
> --8<---------------cut here---------------start------------->8---
> libbb/hash_md5_sha.c: In function ‘sha1_end’:
> libbb/hash_md5_sha.c:1316:35: error: ‘sha1_process_block64_shaNI’ undeclared (first use in this function); did you mean ‘sha1_process_block64’?
> 1316 | || ctx->process_block == sha1_process_block64_shaNI
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~
> | sha1_process_block64
> libbb/hash_md5_sha.c:1316:35: note: each undeclared identifier is reported only once for each function it appears in
> make[1]: *** [scripts/Makefile.build:198: libbb/hash_md5_sha.o] Error 1
> make: *** [Makefile:744: libbb] Error 2
> --8<---------------cut here---------------end--------------->8---
>
> Ludo’.
please try this patch.
[-- Attachment #1.2: 0001-gnu-busybox-Fix-build-on-non-x86-platform.patch --]
[-- Type: text/x-patch, Size: 5017 bytes --]
From f50eacabce6a9955e3b673c202d6a0a6fa2c2623 Mon Sep 17 00:00:00 2001
Message-ID: <f50eacabce6a9955e3b673c202d6a0a6fa2c2623.1730000285.git.zhengjunjie@iscas.ac.cn>
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
Date: Sun, 27 Oct 2024 11:20:16 +0800
Subject: [PATCH] gnu: busybox: Fix build on non x86 platform.
* gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/busybox.scm (busybox): Use it.
Change-Id: I1e6a24dd5b86871a3479ab6ecd247b31c746ec75
---
gnu/local.mk | 1 +
gnu/packages/busybox.scm | 5 +-
.../busybox-add-missing-sha-NI-guard.patch | 48 +++++++++++++++++++
3 files changed, 53 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 6bd7c750900..af9a08f0613 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1032,6 +1032,7 @@ dist_patch_DATA = \
%D%/packages/patches/breezy-fix-gio.patch \
%D%/packages/patches/byobu-writable-status.patch \
%D%/packages/patches/bubblewrap-fix-locale-in-tests.patch \
+ %D%/packages/patches/busybox-add-missing-sha-NI-guard.patch \
%D%/packages/patches/cadical-add-shared-library.patch \
%D%/packages/patches/calibre-no-updates-dialog.patch \
%D%/packages/patches/calibre-remove-test-sqlite.patch \
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index 46398da2136..053994a52af 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016-2020, 2023 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018–2022 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2022 LuHui <luhux76@gmail.com>
+;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -44,7 +45,9 @@ (define-public busybox
version ".tar.bz2"))
(sha256
(base32
- "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))))
+ "1923f21rnlbv1qjvk2qhgqnki5mkgr6z0p8dvzs9jr3l5vrxy49k"))
+ (patches
+ (search-patches "busybox-add-missing-sha-NI-guard.patch"))))
(build-system gnu-build-system)
(arguments
(list #:phases
diff --git a/gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch b/gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch
new file mode 100644
index 00000000000..9fe78cb0bed
--- /dev/null
+++ b/gnu/packages/patches/busybox-add-missing-sha-NI-guard.patch
@@ -0,0 +1,48 @@
+from https://lists.busybox.net/pipermail/busybox/2024-September/090899.html
+
+The ENABLE_SHA1_HWACCEL Kconfig symbol is meant to be archicture
+agnostic, so can be enabled regardless of whether your build
+architecture provides hardware acceleration or not.
+ At the moment only
+x86 implements this, so every piece of optimised code should be guarded
+by both ENABLE_SHA1_HWACCEL and (__x86_64__ || __i386__).
+ This is missing
+at one place, so compiling for arm64 breaks when ENABLE_SHA1_HWACCEL is
+enabled:
+================================
+libbb/hash_md5_sha.c: In function ‘sha1_end’:
+libbb/hash_md5_sha.c:1316:28: error: ‘sha1_process_block64_shaNI’ undeclared (first use in this function); did you mean ‘sha1_process_block64’?
+
+ 1316 | || ctx->process_block == sha1_process_block64_shaNI
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~
+ | sha1_process_block64
+libbb/hash_md5_sha.c:1316:28: note: each undeclared identifier is reported only once for each function it appears in
+make[1]: *** [scripts/Makefile.build:197: libbb/hash_md5_sha.o] Error 1
+make: *** [Makefile:744: libbb] Error 2
+================================
+
+Add the missing guards around the call to sha1_process_block64_shaNI to
+fix the build on other architectures with ENABLE_SHA1_HWACCEL enabled.
+
+Change-Id: I40bba388422625f4230abf15a5de23e1fdc654fc
+Signed-off-by: Andre Przywara <andre.przywara at arm.com>
+---
+ libbb/hash_md5_sha.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c
+index 57a801459..75a61c32c 100644
+--- a/libbb/hash_md5_sha.c
++++ b/libbb/hash_md5_sha.c
+@@ -1313,7 +1313,9 @@ unsigned FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
+ hash_size = 8;
+ if (ctx->process_block == sha1_process_block64
+ #if ENABLE_SHA1_HWACCEL
++# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
+ || ctx->process_block == sha1_process_block64_shaNI
++# endif
+ #endif
+ ) {
+ hash_size = 5;
+--
+2.25.1
\ No newline at end of file
base-commit: 269e4034fcaf55324187efffb6ed5ba14d5e9286
prerequisite-patch-id: f64c7b345e9d8e398b2f8c146ea8f161679ad369
prerequisite-patch-id: b752a2999f51803f96394183d08b19003d1e6bc0
--
2.46.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-10-27 3:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-25 7:38 [bug#74004] [PATCH] gnu: busybox: Update to 1.37.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 2:13 ` bug#74004: " Zheng Junjie
2024-10-26 23:22 ` [bug#74004] " Ludovic Courtès
2024-10-27 3:38 ` Zheng Junjie
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.