[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#854923: busybox: "sed -i" bug corrected in version 1.23.0


Cyril Chaboisseau <cyril.chaboisseau@free.fr> (2017-02-18):
> Fine, but busybox will eventually be upgraded to a newer stable version
> at some point, or it will suffer from old/buggy version with potential
> security holes
> if not, it means that on the long run it will be very difficult to
> cherry-pick those security patches and the project wil not benefit from
> new features and improvements

I'm not disputing that, and that's why I mentioned in my first reply
that I called for help so that others give a hand and get a new upstream

> as for bug #854924, don't you think it would have never occured if a
> newer version of busybox were installed? (after 1.23 at least)

With a newer sed (that is: including the fix you linked to), sed -i
would fail because of a missing file to work on, and would have broken
the installation process instead of generating a file with strange
permissions. That's why I mentioned we need to guard the sed call with a
test on its existence. In other words, the fix pushed for #854924 was
needed either way.


Attachment: signature.asc
Description: Digital signature

Reply to: