[OE-core] [V2][PATCH] busybox: update to 1.28.3

Andre McCurdy armccurdy at gmail.com
Tue May 22 23:06:18 UTC 2018 

On Mon, May 21, 2018 at 12:21 PM, Andre McCurdy <armccurdy at gmail.com> wrote:
> On Mon, May 21, 2018 at 12:13 PM, akuster808 <akuster808 at gmail.com> wrote:
>> On 05/21/2018 11:18 AM, Andre McCurdy wrote:
>>> On Sun, May 20, 2018 at 7:49 AM, Armin Kuster <akuster808 at gmail.com> wrote:
>>>> From: Armin Kuster <akuster808 at gmail.com>
>>>>
>>>> [v2]
>>>> Add back busybox-udhcpc-no_deconfig.patch ti SRC_URI, missed earlier
>>>>
>>>> [v1]
>>>> removed patches included in update:
>>>> busybox/CVE-2011-5325.patch
>>>> busybox/CVE-2017-15873.patch
>>>> busybox/busybox-CVE-2017-16544.patch
>>>>
>>>> refactored busybox-udhcpc-no_deconfig.patch for this update
>>> Did you check the defconfig?
>>  That patch does not touch the defconfigs? It changes the dhcpd.c it self.
>
> Right, removing that patch has nothing to do with the busybox
> defconfig. I wasn't commenting that particular line in the patch.
>
>>> Often it needs a refresh, otherwise any new config options added
>>> between busybox 1.27.2 and 1.28.3 will take busybox's defaults (which
>>> may enable new applets or features which we haven't historically
>>> enabled when configuring busybox for OE).
>> am I missing some context here?
>
> Refreshing (or at least checking) the busybox defconfig is something
> that should ideally be done whenever the busybox version is updated
> and it wasn't clear from your patch that it's been done, so I just
> wanted to double check.

Building before and after Armin's patch and then diffing .config files
in each build directory gives:

Old 1.27.2 specific config options removed:

-CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS=y
-CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y
-CONFIG_FEATURE_ENV_LONG_OPTIONS=y
-CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
-CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y

New 1.28.3 specific options added:

+CONFIG_BB_ARCH=y
+CONFIG_FEATURE_CATN=y
+CONFIG_FEATURE_SH_READ_FRAC=y
+CONFIG_FEATURE_SWAPONOFF_LABEL=y
+CONFIG_FEATURE_VOLUMEID_MINIX=y
+CONFIG_FEATURE_XARGS_SUPPORT_ARGS_FILE=y
+CONFIG_FEATURE_XARGS_SUPPORT_PARALLEL=y
+CONFIG_HEXEDIT=y
+CONFIG_NUKE=y
+CONFIG_RESUME=y
+CONFIG_RUN_INIT=y
+CONFIG_SETFATTR=y

So new applets hexedit, nuke, etc, are going to sneak in to our builds
unless we refresh our defconfig to disable them.

More information about the Openembedded-core mailing list