From 0de4bffe24c71604a19d95222011d1b2e6d41f10 Mon Sep 17 00:00:00 2001 From: michaellee-splunk <96087429+michaellee-splunk@users.noreply.github.com> Date: Tue, 16 Apr 2024 10:07:56 -0700 Subject: [PATCH] install busybox 1.36.1 in base redhat 8 (#664) --- base/redhat-8/install.sh | 22 +++++++++++++++------- docs/CHANGELOG.md | 15 +++++++++++++++ 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index b9bf7ac0..63e7950c 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -28,7 +28,8 @@ export LANG=en_US.utf8 # Install utility packages microdnf -y --nodocs install wget sudo shadow-utils procps tar make gcc \ openssl-devel bzip2-devel libffi-devel findutils \ - libssh-devel libcurl-devel glib2-devel ncurses-devel + libssh-devel libcurl-devel glib2-devel ncurses-devel \ + diffutils bzip2 # Patch security updates microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nettle \ libpwquality libxml2 systemd-libs lz4-libs curl \ @@ -39,6 +40,18 @@ microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nett # Reinstall tzdata (originally stripped from minimal image): https://bugzilla.redhat.com/show_bug.cgi?id=1903219 microdnf -y --nodocs reinstall tzdata || microdnf -y --nodocs update tzdata +# Build and install busybox direct from the multiarch since EPEL isn't available yet for redhat8 +cd ~ +wget https://busybox.net/downloads/busybox-1.36.1.tar.bz2 +bzip2 -d busybox-1.36.1.tar.bz2 +tar -xf busybox-1.36.1.tar +cd busybox-1.36.1 +make defconfig +make +cp busybox /bin/busybox +cd ~ +rm -rf busybox-1.36.1.tar busybox-1.36.1/ + # Install Python and necessary packages PY_SHORT=${PYTHON_VERSION%.*} wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz @@ -74,14 +87,9 @@ ldconfig microdnf remove -y make gcc openssl-devel bzip2-devel findutils glib2-devel glibc-devel cpp binutils \ keyutils-libs-devel krb5-devel libcom_err-devel libffi-devel libcurl-devel \ libselinux-devel libsepol-devel libssh-devel libverto-devel libxcrypt-devel \ - ncurses-devel pcre2-devel zlib-devel + ncurses-devel pcre2-devel zlib-devel diffutils bzip2 microdnf clean all -# Install busybox direct from the multiarch since EPEL isn't available yet for redhat8 -BUSYBOX_URL=${BUSYBOX_URL:=https://busybox.net/downloads/binaries/1.35.0-`arch`-linux-musl/busybox} -wget -O /bin/busybox ${BUSYBOX_URL} -chmod +x /bin/busybox - # Enable busybox symlinks cd /bin BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi ) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 843fdf07..1a83e886 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -14,6 +14,7 @@ Red Hat images will continue to be published. * [9.2.0.1](#9201) * [9.2.0](#920) * [9.1.4](#914) +* [9.1.3-patch1](#913p1) * [9.1.3](#913) * [9.1.2](#912) * [9.1.1](#911) @@ -159,6 +160,20 @@ Red Hat images will continue to be published. --- +## 9.1.3-patch1 + +#### What's New? +* Install busybox 1.36.1 for remediation of CVE-2022-28391 and CVE-2022-30065 + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 9.1.3](https://docs.splunk.com/Documentation/Splunk/9.1.3/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.1.3) + +#### splunk-ansible changes: +* Docs updated +* Bugfixes + +--- + ## 9.1.3 #### What's New?