busybox-w32/scripts, branch busybox

*: placate warnings where strchr/strstr returns constant pointer

2026-02-15T14:15:30+00:00

Newer glibc is now smarter and can propagate const-ness from those! function old new delta readtoken1 3111 3108 -3 Signed-off-by: Denys Vlasenko

archival: disallow path traversals (CVE-2023-39810)

2025-04-16T01:03:17+00:00

Create new configure option for archival/libarchive based extractions to disallow path traversals. As this is a paranoid option and might introduce backward incompatibility, default it to no. Fixes: CVE-2023-39810 Based on the patch by Peter Kaestle function old new delta data_extract_all 921 945 +24 strip_unsafe_prefix 101 102 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0) Total: 25 bytes Signed-off-by: Denys Vlasenko

fixdep: add fstat error handling

2024-09-27T18:03:30+00:00

When `fstat` fails, `st` is left uninitialised. In our case, Ben Kohler noticed our release media builds were failing in Gentoo on x86 when building busybox with occasional SIGBUS. This turned out to be EOVERFLOW (from 32-bit ino_t) which wasn't being reported because nothing was checking the return value from `fstat`. Fix that to avoid UB (use of uninit var) and to give a more friendly error to the user. This actually turns out to be fixed already in the kernel from back in 2010 [0] and 2016 [1]. [0] https://github.com/torvalds/linux/commit/a3ba81131aca243bfecfa78c42edec0cd69f72d6 [1] https://github.com/torvalds/linux/commit/46fe94ad18aa7ce6b3dad8c035fb538942020f2b Reported-by: Ben Kohler Signed-off-by: Sam James Signed-off-by: Denys Vlasenko

docproc: avoid segfault during file closing

2024-04-13T15:57:46+00:00

In the function find_export_symbols, since the fopen file does not exit when it fails, there is a dereference problem in fclose(fp), which will cause a segmentation fault. Signed-off-by: Yan Zhu Signed-off-by: Denys Vlasenko

fixdep: avoid underflow when end of entry doesn't coincide with EOF

2023-02-27T12:09:44+00:00

Bug: https://bugs.gentoo.org/893776 Closes: https://bugs.busybox.net/show_bug.cgi?id=15326 Signed-off-by: Arsen Arsenović Signed-off-by: Denys Vlasenko

kbuild: fix building sha256

2022-04-21T11:37:10+00:00

Pass down the correct EXTRA_CFLAGS to the compiler driver when building assembler source. Otherwise building busybox for a multilib other than the default failed to link since hash_md5_sha256_x86-64_shaNI.o and hash_md5_sha_x86-64_shaNI.o were built for the default arch which might not what we requested in the EXTRA_CFLAGS. Signed-off-by: Bernhard Reutner-Fischer

build system: detect if build host has no bzip2

2022-01-04T13:32:41+00:00

Signed-off-by: Denys Vlasenko

scripts/echo.c: fix NUL handling in "abc\0 def"

2021-12-28T20:05:59+00:00

Signed-off-by: Denys Vlasenko

scripts/randomtest.loop: let user know about SKIP_MOUNT_MAND_TESTS

2021-08-16T18:03:07+00:00

Signed-off-by: Denys Vlasenko

*: remove remains of FEATURE_TOUCH_NODEREF

2021-08-15T18:50:13+00:00

Signed-off-by: Denys Vlasenko