Commit Graph

222 Commits

Author SHA1 Message Date
Mark Mentovai
1310e4f1ae failsafe: fix console failsafe shell
When running a failsafe shell on a console, job control was unavailable,
and ^C did not function correctly.

This change invokes console failsafe shells via `setsid`, making them
session leaders and allowing them to claim controlling terminals, which
makes job control function properly. To support this, the busybox
`setsid` utility is enabled. This has a minimal 149-byte size impact on
a test x86_64 squashfs rootfs image.

^C was ignored in subprocesses of failsafe shells: it was not possible
to ^C out of a program that would not exit on its own, such as many
typical `ping` invocations. As job control was unavailable, it was not
possible to suspend these subprocesses either, causing a hung program to
tie up a console indefinitely, unless another means to signal the
program was available. This was caused by SIGINT being placed at
disposition SIG_IGN by the shell running preinit, which it did because
the console shell was executed asynchronously with &. That disposition
was inherited by the console shell and its subprocesses, generally
causing ^C to have no effect.

As there is no way in busybox `ash` to reset the disposition of a signal
already ignored at shell entry, and no apparent way to avoid SIGINT
being placed at SIG_IGN when & is used in preinit, an alternative
construct is needed. Now, `start-stop-daemon` is used to start (-S) the
console failsafe shell in the background (-b). This approach does not
alter SIGINT, allowing the console shell to be started with that
signal's handling intact, and normal ^C processing to occur.

busybox `ash` has some behaviors conditional on SHLVL, and while the
console shells ought to run at SHLVL=1, they were not by virtue of being
started by the shell-based preinit system. Additionally, a variety of
detritus was present in the console shell's environment, carried over
from preinit. These conditions are corrected by running the console
shell via `env -i` to clear the environment and establish a minimum and
correct set of environment variables for operation, in the same manner
as `login`. HOME is not explicitly set, because it's addressed in
/etc/profile. For non-failsafe console shells when
system.@system[0].ttylogin = 0, `login -f root` achieves a similar
effect. (`login` already started non-failsafe console shells when
ttylogin = 1 and behaved correctly. This brings the ttylogin = 0 case to
parity.) Note that even `login -f` is somewhat undesirable for failsafe
shells because it requires a viable /etc/passwd, hence the `env -i`
construct in that case.

The TERM environment variable from the preinit environment, with value
"linux", would rarely be correct for serial consoles. Now, the preinit
TERM value is preserved (or set to "linux" if unset) only when the
console is /dev/console or /dev/tty[0-9]*. Otherwise, it will be set to
a safe default appropriate for serial consoles, "vt102", as used for
serial consoles by busybox init. This "linux"/"vt102" TERM setting is
also duplicated for non-failsafe console shells.

This also indicates failsafe mode by showing "- failsafe -" on all
consoles (not just the last-defined one). It sets a hostname of
"OpenWrt-failsafe" in failsafe mode which is rendered in the shell's
prompt as a reminder of the mode during interactive failsafe use.
Previously, no hostname was set, which resulted in the kernel-default
hostname, "(none)", appearing in failsafe shell prompts.

Signed-off-by: Mark Mentovai <mark@mentovai.com>
Link: https://github.com/openwrt/openwrt/pull/16113
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-08-19 18:55:00 +02:00
Paul Spooren
10180295b8 busybox: switch to sha256 for passwd
Right now sha256 is considered more secure than md5, use it to harden
against password decryption.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-01-20 13:22:58 +00:00
Paul Spooren
86e3016896 busybox: enable sha hash for /etc/shadow
It appears `md5` is no longer state of the art. Let's switch it to
something slightly newer to increase security.

Suggested-by: abnoeh <abnoeh@mail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-01-20 13:22:58 +00:00
Nick Hainke
3b76f6eee4 busybox: update to 1.36.1
Release Notes:
http://lists.busybox.net/pipermail/busybox-cvs/2023-May/041510.html

Refresh commands, run after busybox is first built once (nothing changed
compared to 1.36.0):

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1
  cd ..
  ./convert_defaults.pl ../../../build_dir/target-mipsel_24kc_musl/busybox-default/busybox-1.36.1/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* Config-defaults.in: correct the default ports that get reset
  BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT    80
  BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT  23

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit a few Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-22 20:55:33 +02:00
Ilario Gelmetti
8f427f1a05 busybox: turn on BUSYBOX_DEFAULT_ASH_RANDOM_SUPPORT for having $RANDOM
$RANDOM shell variable is a convenient way for getting a random number from 0 to 32767

Signed-off-by: Ilario Gelmetti <iochesonome@gmail.com>
2023-04-25 22:01:20 +02:00
Hauke Mehrtens
fca966aab2 busybox: Activate resize tool by default
The resize tool will resize the prompt to match the current terminal
size. This is helpful when connecting to the system using UART to make
the vi or top output match the current terminal size.

This increases the busybox binary size by 136 bytes and the ipkg size by
335 bytes on aarch64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-25 22:00:03 +02:00
Felix Fietkau
3c3d797c4d busybox: enable taskset by default
This is useful for controlling process affinity on SMP systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-04-01 09:16:30 +02:00
Andre Heider
07730ff346
treewide: add support for "lto" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".

Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."

Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Hannu Nyman
98b09ba250 busybox: update to 1.36.0
Update busybox to version 1.36.0

* refresh patches (remove the backported upstream fix)
* refresh config

Config refresh:

Refresh commands, run after busybox is first built once:

cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.36.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.36.0/.config > Config-defaults.in

Manual edits needed after config refresh:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt config TARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* Config-defaults.in: correct the default ports that get reset
  BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT    80
  BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT  23

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit a few Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-01-07 17:22:54 +01:00
Hauke Mehrtens
8b383ee2a0 busybox: awk: fix use after free (CVE-2022-30065)
This backports a commit which fixes a use after free bug in awk.

CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:07:09 +01:00
Uwe Kleine-König
63e5ba8e69 busybox: nslookup: ensure unique transaction IDs for the DNS queries
On machines with a coarse monotonic clock (here: TP-Link RE200 powered
by a MediaTek MT7620A) it can happen that the two DNS requests (for A
and AAAA) share the same transaction ID. If this happens the second
reply is wrongly dropped and nslookup reports "No answer".

Fix this by ensuring that the transaction IDs are unique.

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
2022-10-14 20:51:35 +02:00
Hauke Mehrtens
d80336e1a9 busybox: Fix snprintf arguments in lock
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.

Fixes: 34567750db ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-03-31 18:46:53 +02:00
Qichao Zhang
34567750db busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
2022-03-30 18:33:38 +02:00
Hannu Nyman
a54b406ccb busybox: update to 1.35.0
Update busybox to 1.35.0

* refresh patches

Config refresh:

Refresh commands, run after busybox is first built once:

cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in

Manual edits needed after config refresh:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in : change at "Options common to all shells" the symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2022-01-08 00:49:59 +01:00
Hannu Nyman
9fb038ca64 busybox: update to 1.34.1
Update busybox to version 1.34.1, which is a minor
maintenance release. It contains just the two post-1.34.0
upstream patches that we earlier backported plus a few fixes
to awk.

* Remove the two backported upstream patches that are
  now unnecessary.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-10-05 20:59:32 +02:00
Hannu Nyman
b6cbbbb6ef busybox: update to version 1.34.0
Update busybox to version 1.34.0

* Remove upstreamed patches (205, 530, 540)

* Remove one old patch that does not apply any more. (203)
  That was originally introduced in 2008 with 563d23459,
  but does not apply after busybox restructuring with
  https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=e6007c4911c3ea26925f9473b9f156a692585f30
  and
  https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=1c7253726fcbab09917f143f0b703efbd2df55c3

* Refresh config and patches.

* Backport upstream fixes for
   - MIPS compilation breakage and
   - process substitution regression

Config refresh:

Refresh commands, run after busybox is first built once:

cd utils/busybox/
cd config/
../convert_menuconfig.pl ../../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0
cd ..
./convert_defaults.pl < ../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in:  OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in:  OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* Config-defaults.in:  OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
  BUSYBOX_DEFAULT_UDHCPC_DEFAULT_INTERFACE (just "")
* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in : change at "Options common to all shells"  the symbol
  SHELL_ASH  -->  BUSYBOX_CONFIG_SHELL_ASH
   (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
     Apparently our script does not see the hidden option while
     prepending config options with "BUSYBOX_CONFIG_" which leads to a
     missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-09-04 21:05:26 +02:00
Stijn Tintel
8ae3d5f9ca busybox: fix compilation with GCC 10
When compiling busybox with GCC 10 and CONFIG_PKG_ASLR_PIE_ALL=y, there
are hundreds of errors like:

relocation R_MIPS16_26 against `xzalloc' cannot be used when making a
shared object; recompile with -fPIC

Simply solve this by no longer disabling PKG_ASLR_PIE, so that $(FPIC)
is properly added to the CFLAGS and LDFLAGS.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-18 20:48:38 +03:00
Alexey Dobrovolsky
88114f617a busybox: sysntpd: add trigger to reload server
sysntpd server becomes unavailable if the index of the bound
interface changes. So let's add an interface trigger to reload sysntpd.

This patch also adds the ability for the sysntpd script to handle
uci interface name from configuration.

Fixes: 4da60500ebd2 ("busybox: sysntpd: option to bind server to iface")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-06-27 23:54:06 +02:00
Sergey Ponomarev
bffee5ea19 busybox: disable bzip2
bzip2 adds about 8kb of size. For tiny builds it's often disabled.
It's not directly used by stock OpenWrt programs.
Kernel images compressed with bzip2 are also not fully supported.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
[fix \ indention]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-06-20 14:17:49 -10:00
Paul Spooren
efee640716 busybox: mention SRV support in help message
The SRV was added some time ago and should be mentioned in the short
help message to avoid confusion about missing features.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-24 20:30:04 +02:00
Chen Minqiang
a9ebd3a0ea busybox: nslookup applet link with resolv if use glibc
This fixed b36b8b6929
("busybox: remove nslookup_lede/openwrt.patch")

It is likely dropped by mistake, This add back the changes

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2021-05-21 11:31:46 +02:00
Philip Prindeville
b810d649fb busybox: preserve crontabs
/etc/syslog.conf is used by sysklogd, and /etc/crontabs is used
by crond, both features of busybox.  Given this, ownership for
these files should be bound to busybox, especially if one day
there's a way to do an in-place opkg update of busybox.

There's also the busybox provided syslogd which uses this file
if CONFIG_BUSYBOX_FEATURE_SYSLOGD_CFG is set.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-05-19 15:50:50 +02:00
Nick Hainke
b36b8b6929 busybox: remove nslookup_lede/openwrt.patch
The nslookup_lede/openwrt applet was introduced in de5b8e5. It was
introduced because:

  Add a new LEDE nslookup applet which is compatible with musl libc
  and providing more features like ability to specify query type.

  In contrast to busybox' builtin nslookup applet, this variant does
  not rely on libc resolver internals but uses explicit send logic
  and the libresolv primitives to parse received DNS responses.

In busybox this applet is added in 0dd3be8. In particular, this commit
introduces the variable NSLOOKUP_BIG. We set the default to true and
so nothing changes.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-19 01:08:23 +02:00
Paul Spooren
a725382978 busybox: show reproducible timestamp
On login busybox shows a timestamp per default contianing the build
date. Since the build date isn't reproducible per default this behaviour
was disabled by default via 34df4d40 "busybox: disable timestamp in
version".

This commit modifies busybox so that the printed timestamp reproducible
using SOURCE_DATE_EPOCH and therefore shouldn't be disabled anymore.

Before:

    BusyBox v1.33.1 () built-in shell (ash)

After:

    BusyBox v1.33.1 (2021-05-13 09:34:34 UTC) built-in shell (ash)

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-19 00:32:46 +02:00
Paul Spooren
25fdb42249 busybox: use $(AUTORELEASE) and SPDX
use AUTORELEASE since BusyBox is often updaten and PKG_RELEASE is not
consistently bumped. Also use SPDX license headers to be machine
readable and bump the copyright year to 2021.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-18 19:20:23 +02:00
Baptiste Jonglez
7fea9d9f5d busybox: disable PREFER_IPV4_ADDRESS
PREFER_IPV4_ADDRESS is broken on IPv6-only hosts, as it causes busybox
utilities (ping, traceroute, ntpd) to forcibly use the A record instead of
the AAAA record when resolving a DNS name.  This obviously fails when
there is no IPv4 connectivity.  Since IPv6-only hosts or routers will only
become more common over time, disable PREFER_IPV4_ADDRESS to support this
use-case.

As a side-effect, disabling PREFER_IPV4_ADDRESS changes the default
resolution behaviour of busybox utilities on dual-stack hosts.  Busybox
utilities now simply use the order given by getaddrinfo(), so they will
now prefer IPv6 addresses when resolving a name with both A and AAAA
records if there is IPv6 connectivity.  This is in line with RFC 6724.

PREFER_IPV4_ADDRESS was likely intended to work around naive
implementations of getaddrinfo() that could return AAAA records first,
even on an IPv4-only host.  But both musl (since 1.1.3) and glibc
correctly implement RFC 6724 for getaddrinfo() and check connectivity to
determine the correct order in which to return records.  On IPv4-only
hosts, getaddrinfo() will return A records first, so there is no need for
the PREFER_IPV4_ADDRESS hack.

See also: https://bugs.busybox.net/show_bug.cgi?id=12381

Fixes: FS#84
Fixes: FS#2608
References: https://github.com/openwrt/openwrt/pull/4167
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2021-05-14 15:56:20 +02:00
Leonardo Mörlein
b993b68b6c build: introduce $(MKHASH)
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. In most of the cases, I just saw warnings like this:

    make: Entering directory '/home/.../package/gluon-status-page'
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    [...]

While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.

After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2021-05-13 15:13:15 +02:00
Nick Hainke
6713fe030f busybox: update to 1.33.1
Remove backports:
- 001-backport1330fix-ash-make-strdup-copy.patch
- 002-backport1330fix-traceroute.patch
- 005-backport-CVE-2021-28831.patch

Remove upstreamed:
- 010-fix-wrong-variable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
[don't use $(AUTORELEASE) for now]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-12 18:32:03 +02:00
Perry Melange
3a359398f0 busybox: add SRV support to nslookup_lede.c patch
Add support for querying and parsing SRV DNS records to nslookup_lede.c

This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-05-12 13:19:47 +02:00
Hauke Mehrtens
13397b2b95 busybox: backport fix for CVE-2021-28831
This backports a fix for the low priority CVE-2021-28831:
  decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
  on the huft_build result pointer, with a resultant invalid free or
  segmentation fault, via malformed gzip data.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-02 19:06:02 +02:00
Russell Senior
1c04365071 busybox: udhcpc, allow zero length dhcp options
This patch skips zero length DHCP options instead of failing.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-03-19 01:25:26 +01:00
Hannu Nyman
c1f3c52564 busybox: backport fixes for 1.33.0
Backport two fixes for 1.33.0
* history file storing
* traceroute command option parsing

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-03-13 21:18:02 +01:00
Alexey Dobrovolsky
e12fcf0fe5 busybox: sysntpd: option to bind server to iface
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
2021-03-01 00:34:22 +01:00
Rosen Penev
ce4cb8e51d busybox: remove useless busybox patches
The first two are useless as /bin/sh can execute those scripts just
fine. Shellcheck reports no problems.

Telnetd patch is useless as telnet is no longer used in OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:36:09 +01:00
Rosen Penev
0275ee5dde busybox: update to 1.33
Remove stime backport.

Remove static libgcc patch as upstream fixed it with
BUSYBOX_DEFAULT_STATIC_LIBGCC which defauls to off.

Remove date -k patch as it no longer applies. It's also pointless as
busybox' hwclock utility can do the same thing.

Remove ntpd patch as that seems to have been applied upstream.

Add smalll patch fixing compilation with SELinux. Upstream commit
2496616b0a8d1c80cd1416b73a4847b59b9f969a renamed the variable without
renaming it in the SELinux path.

Refresh config and patches.

Config refresh:

Refresh commands, run after busybox is first built once:

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0
  cd ..
  ./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in:  OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in:  OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* shell/Config.in : change at "Options common to all shells"  the symbol
  SHELL_ASH  -->  BUSYBOX_CONFIG_SHELL_ASH
   (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
     Apparently our script does not see the hidden option while
     prepending config options with "BUSYBOX_CONFIG_" which leads to a
     missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, networking/Config.in and util-linux/Config.in (commit 1da014f)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Added comments from Hannu Nyman to commit message]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:15:32 +01:00
Daniel Golle
29a6a71d52 busybox: sysntpd: make use of new ubus hotplug.ntp object
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Maxim Storchak
f17c300983 busybox: define BUSYBOX_SYM before the first use
Since PKG_FILE_MODES relies on BUSYBOX_SYM, it should be defined early enough

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-12-29 12:19:39 -10:00
Daniel Golle
aa6fe00a48 busybox: add check for capabilities file
Similar to the previous commit adding a check to the init script of
umdns, do a similar change for sysntpd, just to be on the safe side.

Inspired-by: 520403cd49 ("umdns: add check for seccomp list")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:01 +00:00
Lukas Tribus
1b493aabb9 busybox: enable find -mmin support by default
Enable busybox's find -mmin time support, which is extremely small,
however also very useful in scripts:

72d1a2357d

Comparing package sizes...
Change 	Local	Remote 	Package
+7	229009	229002	busybox

Signed-off-by: Lukas Tribus <lukas@ltri.eu>
[fix commit message long line and missing size change]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-25 08:13:14 -10:00
Bruno Randolf
7185c5ec7d busybox: Let procd respawn cron
On some systems I see the issue that crond dies after a few days.
Simply letting procd respawn the process is a simple safety-net.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2020-11-12 18:19:44 +01:00
Daniel Golle
2e746b4d29 busybox: make username consistent
ntpd in packages feed had already a user 'ntp' with UID 123 declared.
Rename the username of busybox-ntpd to be 'ntp' instead of 'ntpd' so
it doesn't clash.

Reported-by: Etienne Champetier <champetier.etienne@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 17:26:30 +00:00
Daniel Golle
2d34355e16 busybox: allow ntpd to run as non-root ntpd user
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 13:01:35 +00:00
Paul Spooren
7d26f294cd busybox: Use PKG_FILE_MODES for SUID
Instead of using INSTALL_SUID use the more flexible PKG_FILE_MODES
variable withn the Makefile to set the SUID bit.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 11:15:17 +01:00
Daniel Golle
2eaf03b4d8 busybox: fix typo in Makefile
'conffiiles' -> 'conffiles'

Fixes: 2e06f8ae24 ("busybox: add selinux variant")
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-23 23:59:37 +01:00
Paul Spooren
2e06f8ae24 busybox: add selinux variant
This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-23 23:37:08 +01:00
Magnus Kroken
4165232c45 busybox: delete redundant patch
This problem has been fixed in upstream commit
6b6a3d9339f1c08efaa18a7fb7357e20b48bdc95. This patch now (harmlessly)
adds the same definition a second time.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
Rui Salvaterra
eb24a57b7f busybox: store applet usage messages uncompressed
The rootfs squashfs is already highly (XZ) compressed. Storing the applet
messages in compressed form will increase the entropy and reduce the overall
image compression ratio.

Size diffs (compressed vs uncompressed):

busybox (the executable): 364596 vs 384804 bytes.

OpenWrt target images (the kernel image is unchanged, obviously):

 omnia-medkit-openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs.tar.gz:

  9163597 vs 9162531 bytes (1066 bytes difference).

openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin:

  9161688 vs 9160600 bytes (1088 bytes difference).

openwrt-mvebu-cortexa9-cznic_turris-omnia-sysupgrade.img.gz:

 9729550 vs 9729230 bytes (320 bytes difference).

All in all, we save just a little bit over 1 kiB. As an added bonus, we
also don't have to decompress the messages twice, (first from squashfs,
then from the bzip2 message storage).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[added additional size comparision diff detaisl]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 14:42:32 +02:00
Rui Salvaterra
c5c652e5ad busybox: use CLOCK_MONOTONIC instead of gettimeofday
The clock_gettime(CLOCK_MONOTONIC) syscall exists for so long that the first
kernel version to support it is not even specified in the man page [1]. Let's
enable it on BusyBox by default. Otherwise, gettimeofday will be used instead,
which will give wrong results if the date/time is reset (time moving backwards).

[1] https://linux.die.net/man/2/clock_gettime

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Hauke Mehrtens
7637b84fde busybox: backport Remove stime() function calls
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:36 +02:00
Eneas U de Queiroz
1da014fcca busybox: quote 'source' filenames in Config.in
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive.  These are the last ones not using them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00