rpms/busybox/devel busybox-1.1.1-anaconda.patch, NONE, 1.1 busybox-1.1.1-cve-2006-1058.patch, NONE, 1.1 busybox-1.1.1-selinux.patch, NONE, 1.1 busybox-1.1.1-static.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 busybox.spec, 1.32, 1.33 sources, 1.9, 1.10 busybox-anaconda.patch, 1.8, NONE busybox-selinux.patch, 1.7, NONE busybox-static.patch, 1.8, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 6 12:21:31 UTC 2006
- Previous message (by thread): rpms/kdenetwork/devel kdenetwork.spec,1.71,1.72 sources,1.40,1.41
- Next message (by thread): rpms/apr/devel apr-1.2.6.tar.gz.asc, NONE, 1.1 .cvsignore, 1.6, 1.7 apr.spec, 1.48, 1.49 sources, 1.6, 1.7 upstream, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: varekova
Update of /cvs/dist/rpms/busybox/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31776
Modified Files:
.cvsignore busybox.spec sources
Added Files:
busybox-1.1.1-anaconda.patch busybox-1.1.1-cve-2006-1058.patch
busybox-1.1.1-selinux.patch busybox-1.1.1-static.patch
Removed Files:
busybox-anaconda.patch busybox-selinux.patch
busybox-static.patch
Log Message:
- update to 1.1.1
- fix CVE-2006-1058 - BusyBox passwd command
fails to generate password with salt (#187386)
busybox-1.1.1-anaconda.patch:
Makefile | 2 +-
util-linux/nfsmount.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE busybox-1.1.1-anaconda.patch ---
--- busybox-1.1.1/util-linux/nfsmount.c.anaconda 2006-03-22 22:16:26.000000000 +0100
+++ busybox-1.1.1/util-linux/nfsmount.c 2006-04-05 13:00:33.401530040 +0200
@@ -439,7 +439,7 @@
intr = 0;
posix = 0;
nocto = 0;
- nolock = 0;
+ nolock = 1; /* anaconda disables this by default */
noac = 0;
retry = 10000; /* 10000 minutes ~ 1 week */
tcp = 0;
--- busybox-1.1.1/Makefile.anaconda 2006-03-22 22:16:26.000000000 +0100
+++ busybox-1.1.1/Makefile 2006-04-05 12:49:18.196176856 +0200
@@ -196,7 +196,7 @@
defconfig: scripts/config/conf
@./scripts/config/conf -y $(CONFIG_CONFIG_IN)
- @$(SED) -i -r -e "s/^(USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config
+ @$(SED) -i -r -e "s/^(CONFIG_FEATURE_UNARCHIVE_TAPE|CONFIG_FEATURE_LS_COLOR|CONFIG_FEATURE_VI_READONLY|CONFIG_INIT|CONFIG_POWEROFF|CONFIG_REBOOT|CONFIG_HALT|CONFIG_ASH_JOB_CONTROL|CONFIG_SYSLOGD|CONFIG_KLOGD|CONFIG_LOGGER|USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config
@./scripts/config/conf -o $(CONFIG_CONFIG_IN)
busybox-1.1.1-cve-2006-1058.patch:
passwd.c | 64 ++++++++++++++++++++++++---------------------------------------
1 files changed, 25 insertions(+), 39 deletions(-)
--- NEW FILE busybox-1.1.1-cve-2006-1058.patch ---
--- busybox-1.1.1/loginutils/passwd.c.cve-2006-1058 2006-03-22 22:16:24.000000000 +0100
+++ busybox-1.1.1/loginutils/passwd.c 2006-04-03 10:56:53.418268928 +0200
@@ -21,16 +21,6 @@
static void set_filesize_limit(int blocks);
-static int get_algo(char *a)
-{
- int x = 1; /* standard: MD5 */
-
- if (strcasecmp(a, "des") == 0)
- x = 0;
- return x;
-}
-
-
static int update_passwd(const struct passwd *pw, const char *crypt_pw)
{
char filename[1024];
@@ -131,6 +121,12 @@
}
}
+/*
+ * get_algo() returns:
+ * FALSE: in case of traditional MD5
+ * TRUE : in case of short SALT MD5
+ */
+#define get_algo(a) (!strcasecmp(a, "des"))
int passwd_main(int argc, char **argv)
{
@@ -287,33 +283,19 @@
return 0;
}
-static int i64c(int i)
-{
- if (i <= 0)
- return ('.');
- if (i == 1)
- return ('/');
- if (i >= 2 && i < 12)
- return ('0' - 2 + i);
- if (i >= 12 && i < 38)
- return ('A' - 12 + i);
- if (i >= 38 && i < 63)
- return ('a' - 38 + i);
- return ('z');
-}
+const unsigned char bb_base64[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJLKMNOPQRSTUVWXYZ0123456789./";
+#define bb_i64c(a) (bb_base64[((unsigned char)(a))%64])
-static char *crypt_make_salt(void)
+static void bb_read_random64_string(unsigned char *str, int len)
{
- time_t now;
- static unsigned long x;
- static char result[3];
-
- time(&now);
- x += now + getpid() + clock();
- result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);
- result[1] = i64c(((x >> 12) ^ x) & 077);
- result[2] = '\0';
- return result;
+ int i;
+ FILE *fp;
+ if(!(fp = fopen("/dev/random", "r")))
+ bb_perror_msg_and_die("open /dev/random");
+ bb_xread_all(fileno(fp), str, len);
+ for(i = 0; i < len; i++)
+ str[i] = bb_i64c(str[i]);
+ str[i] = 0; //close the string
}
@@ -324,6 +306,8 @@
char *cp;
char orig[200];
char pass[200];
+ unsigned char salt[12] = "$1$";
+
if (!amroot && crypt_passwd[0]) {
if (!(clear = bb_askpass(0, "Old password:"))) {
@@ -377,10 +361,12 @@
memset(cp, 0, strlen(cp));
memset(orig, 0, sizeof(orig));
- if (algo == 1) {
- cp = pw_encrypt(pass, "$1$");
- } else
- cp = pw_encrypt(pass, crypt_make_salt());
+ if(algo)
+ bb_read_random64_string(&salt[3], 8);
+ else
+ bb_read_random64_string(salt, 2);
+ cp = pw_encrypt(pass,salt);
+
memset(pass, 0, sizeof pass);
safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
return 0;
busybox-1.1.1-selinux.patch:
Config.in | 1
Makefile | 4 +--
include/applets.h | 1
include/usage.h | 9 ++++++++
selinux/Config.in | 16 ++++++++++++++
selinux/Makefile | 30 +++++++++++++++++++++++++++
selinux/Makefile.in | 35 +++++++++++++++++++++++++++++++
selinux/load_policy.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 149 insertions(+), 2 deletions(-)
--- NEW FILE busybox-1.1.1-selinux.patch ---
--- /dev/null 2006-04-06 08:55:50.820704048 +0200
+++ busybox-1.1.1/selinux/Makefile.in 2006-04-06 12:28:37.485563704 +0200
@@ -0,0 +1,35 @@
+# Makefile for busybox
+#
+# Copyright (C) 2003 by Dan Walsh <dwalsh at redhat.com>
+# Copyright (C) 1999-2003 by Erik Andersen <andersen at codepoet.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+SELINUX_AR:=selinux.a
+ifndef $(SELINUX_DIR)
+SELINUX_DIR:=$(TOPDIR)selinux/
+endif
+
+SELINUX-y:=
+SELINUX-$(CONFIG_LOAD_POLICY) += load_policy.o
+libraries-y+=$(SELINUX_DIR)$(SELINUX_AR)
+
+$(SELINUX_DIR)$(SELINUX_AR): $(patsubst %,$(SELINUX_DIR)%, $(SELINUX-y))
+ $(AR) -ro $@ $(patsubst %,$(SELINUX_DIR)%, $(SELINUX-y))
+
+$(SELINUX_DIR)%.o: $(SELINUX_DIR)%.c
+ $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $<
+
--- /dev/null 2006-04-06 08:55:50.820704048 +0200
+++ busybox-1.1.1/selinux/Config.in 2006-04-06 12:28:37.490562944 +0200
@@ -0,0 +1,16 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/kbuild/config-language.txt.
+#
+
+menu "Selinux Utilities"
+
+if CONFIG_SELINUX
+config CONFIG_LOAD_POLICY
+ bool "load_policy"
+ default n
+ help
+ Enable support for loading SE Linux into the kernel.
+endif
+endmenu
+
--- /dev/null 2006-04-06 08:55:50.820704048 +0200
+++ busybox-1.1.1/selinux/Makefile 2006-04-06 12:28:37.491562792 +0200
@@ -0,0 +1,30 @@
+# Makefile for busybox
+#
+# Copyright (C) 1999-2003 by Erik Andersen <andersen at codepoet.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+TOPDIR:= ../
+SELINUX_DIR:=./
+include $(TOPDIR).config
+include $(TOPDIR)Rules.mak
+include Makefile.in
+all: $(libraries-y)
+-include $(TOPDIR).depend
+
+clean:
+ rm -f *.o *.a $(AR_TARGET)
+
--- /dev/null 2006-04-06 08:55:50.820704048 +0200
+++ busybox-1.1.1/selinux/load_policy.c 2006-04-06 12:28:37.491562792 +0200
@@ -0,0 +1,55 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <selinux/selinux.h>
+#include <locale.h> /* for setlocale() */
+#include <libintl.h> /* for gettext() */
+#define _(msgid) gettext (msgid)
+#ifndef PACKAGE
+#define PACKAGE "policycoreutils" /* the name of this package lang translation */
+#endif
+
+extern int load_policy_main(int argc, char **argv)
+{
+ int fd, ret;
+ struct stat sb;
+ void *map;
+
+ if (argc != 2) {
+ fprintf(stderr, _("usage: %s policyfile\n"), argv[0]);
+ return 1;
+ }
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, _("Can't open '%s': %s\n"),
+ argv[1], strerror(errno));
+ return 2;
+ }
+
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr, _("Can't stat '%s': %s\n"),
+ argv[1], strerror(errno));
+ return 2;
+ }
+
+ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr, _("Can't map '%s': %s\n"),
+ argv[1], strerror(errno));
+ return 2;
+ }
+
+ ret = security_load_policy(map, sb.st_size);
+ if (ret < 0) {
+ fprintf(stderr, _("%s: security_load_policy failed\n"), argv[0]);
+ return 3;
+ }
+ return EXIT_SUCCESS;
+}
--- busybox-1.1.1/include/usage.h.selinux 2006-03-22 22:16:24.000000000 +0100
+++ busybox-1.1.1/include/usage.h 2006-04-06 12:28:37.493562488 +0200
@@ -2413,6 +2413,15 @@
#else
#define USAGE_PS "\nOptions:"
#endif
+
+#define load_policy_trivial_usage \
+ ""
+#define load_policy_full_usage \
+ "load SELinux policy\n"
+
+#define load_policy_example_usage \
+ "$ load_policy /etc/selinux/strict/policy/policy.17\n"
+
#if ENABLE_FEATURE_PS_WIDE
#define USAGE_PS_WIDE(a) a
#else
--- busybox-1.1.1/include/applets.h.selinux 2006-03-22 22:16:24.000000000 +0100
+++ busybox-1.1.1/include/applets.h 2006-04-06 12:28:37.494562336 +0200
@@ -163,6 +163,7 @@
USE_SETARCH(APPLET_NOUSAGE(linux64, setarch_main, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_FEATURE_INITRD(APPLET_NOUSAGE(linuxrc, init_main, _BB_DIR_ROOT, _BB_SUID_NEVER))
USE_LN(APPLET(ln, ln_main, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_LOAD_POLICY(APPLET(load_policy, load_policy_main, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_LOADFONT(APPLET(loadfont, loadfont_main, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_LOADKMAP(APPLET(loadkmap, loadkmap_main, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_LOGGER(APPLET(logger, logger_main, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
--- busybox-1.1.1/Config.in.selinux 2006-03-22 22:16:26.000000000 +0100
+++ busybox-1.1.1/Config.in 2006-04-06 12:28:37.494562336 +0200
@@ -405,3 +405,4 @@
source procps/Config.in
source shell/Config.in
source sysklogd/Config.in
+source selinux/Config.in
--- busybox-1.1.1/Makefile.selinux 2006-03-22 22:16:26.000000000 +0100
+++ busybox-1.1.1/Makefile 2006-04-06 12:30:20.636882320 +0200
@@ -27,7 +27,7 @@
DIRS:=applets archival archival/libunarchive coreutils console-tools \
debianutils editors findutils init miscutils modutils networking \
- networking/libiproute networking/udhcp procps loginutils shell \
+ networking/libiproute networking/udhcp procps loginutils selinux shell \
sysklogd util-linux e2fsprogs libpwdgrp coreutils/libcoreutils libbb
SRC_DIRS:=$(patsubst %,$(top_srcdir)/%,$(DIRS))
@@ -196,7 +196,7 @@
defconfig: scripts/config/conf
@./scripts/config/conf -y $(CONFIG_CONFIG_IN)
- @$(SED) -i -r -e "s/^(USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|SELINUX|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config
+ @$(SED) -i -r -e "s/^(USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config
@./scripts/config/conf -o $(CONFIG_CONFIG_IN)
busybox-1.1.1-static.patch:
Makefile | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE busybox-1.1.1-static.patch ---
--- busybox-1.1.1/Makefile.static 2006-03-22 22:16:26.000000000 +0100
+++ busybox-1.1.1/Makefile 2006-04-05 13:40:07.889552992 +0200
@@ -196,7 +196,7 @@
defconfig: scripts/config/conf
@./scripts/config/conf -y $(CONFIG_CONFIG_IN)
- @$(SED) -i -r -e "s/^(USING_CROSS_COMPILER|CONFIG_(DEBUG.*|STATIC|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config
+ @$(SED) -i -r -e "s/^(CONFIG_FEATURE_LS_COLOR|CONFIG_ASH|CONFIG_FDFLUSH|USING_CROSS_COMPILER|CONFIG_(DEBUG.*|BUILD_(AT_ONCE|LIBBUSYBOX)|FEATURE_(DEVFS|FULL_LIBBUSYBOX|SHARED_BUSYBOX|MTAB_SUPPORT|CLEAN_UP|UDHCP_DEBUG)|INSTALL_NO_USR))=.*/# \1 is not set/" .config
@./scripts/config/conf -o $(CONFIG_CONFIG_IN)
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/busybox/devel/.cvsignore,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- .cvsignore 1 Sep 2005 13:12:02 -0000 1.9
+++ .cvsignore 6 Apr 2006 12:21:29 -0000 1.10
@@ -1 +1 @@
-busybox-1.01.tar.bz2
+busybox-1.1.1.tar.bz2
Index: busybox.spec
===================================================================
RCS file: /cvs/dist/rpms/busybox/devel/busybox.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- busybox.spec 17 Feb 2006 18:54:23 -0000 1.32
+++ busybox.spec 6 Apr 2006 12:21:29 -0000 1.33
@@ -1,14 +1,15 @@
Summary: Statically linked binary providing simplified versions of system commands
Name: busybox
-Version: 1.01
-Release: 3
+Version: 1.1.1
+Release: 1
Epoch: 1
License: GPL
Group: System Environment/Shells
Source: http://www.busybox.net/downloads/%{name}-%{version}.tar.bz2
-Patch: busybox-static.patch
-Patch1: busybox-anaconda.patch
-Patch2: busybox-selinux.patch
+Patch: busybox-1.1.1-static.patch
+Patch1: busybox-1.1.1-anaconda.patch
+Patch2: busybox-1.1.1-selinux.patch
+Patch3: busybox-1.1.1-cve-2006-1058.patch
URL: http://www.busybox.net
BuildRoot: %{_tmppath}/%{name}-root
BuildRequires: libselinux-devel >= 1.27.7-2
@@ -33,11 +34,10 @@
%prep
%setup -q
-cp sysdeps/linux/defconfig .config
#SELINUX Patch
%patch2 -b .selinux -p1
%patch -b .static -p1
-#%patch1 -b .anaconda -p1
+%patch3 -b .cve-2006-1058 -p1
%build
make defconfig
@@ -75,6 +75,11 @@
/sbin/busybox.anaconda
%changelog
+* Wed Apr 6 2006 Ivana Varekova <varekova at redhat.com> - 1:1.1.1-1
+- update to 1.1.1
+- fix CVE-2006-1058 - BusyBox passwd command
+ fails to generate password with salt (#187386)
+
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1:1.01-2.2.1
- bump again for double-long bug on ppc(64)
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/busybox/devel/sources,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- sources 1 Sep 2005 13:12:02 -0000 1.9
+++ sources 6 Apr 2006 12:21:29 -0000 1.10
@@ -1 +1 @@
-f250842dae2854a38470ed16a46bba66 busybox-1.01.tar.bz2
+ff1ade47255c643b68c9113c267ce712 busybox-1.1.1.tar.bz2
--- busybox-anaconda.patch DELETED ---
--- busybox-selinux.patch DELETED ---
--- busybox-static.patch DELETED ---
- Previous message (by thread): rpms/kdenetwork/devel kdenetwork.spec,1.71,1.72 sources,1.40,1.41
- Next message (by thread): rpms/apr/devel apr-1.2.6.tar.gz.asc, NONE, 1.1 .cvsignore, 1.6, 1.7 apr.spec, 1.48, 1.49 sources, 1.6, 1.7 upstream, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list