busybox: update to 1.27.2

Refresh patches, delete patches backported from upstream.

This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

2 files changed, 139 insertions, 87 deletions

diff --git a/package/utils/busybox/config/networking/Config.in b/package/utils/busybox/config/networking/Config.in
index 4ae8779dc6..14875d5e68 100644
--- a/package/utils/busybox/config/networking/Config.in
+++ b/package/utils/busybox/config/networking/Config.in
@@ -101,7 +101,7 @@ config BUSYBOX_CONFIG_FTPD
 	bool "ftpd"
 	default BUSYBOX_DEFAULT_FTPD
 	help
-	  simple FTP daemon. You have to run it via inetd.
+	  Simple FTP daemon. You have to run it via inetd.
 
 config BUSYBOX_CONFIG_FEATURE_FTPD_WRITE
 	bool "Enable upload commands"
@@ -143,8 +143,6 @@ config BUSYBOX_CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS
 	bool "Enable long options in ftpget/ftpput"
 	default BUSYBOX_DEFAULT_FEATURE_FTPGETPUT_LONG_OPTIONS
 	depends on BUSYBOX_CONFIG_LONG_OPTS && (BUSYBOX_CONFIG_FTPGET || BUSYBOX_CONFIG_FTPPUT)
-	help
-	  Support long options for the ftpget/ftpput applet.
 config BUSYBOX_CONFIG_HOSTNAME
 	bool "hostname"
 	default BUSYBOX_DEFAULT_HOSTNAME
@@ -160,7 +158,7 @@ config BUSYBOX_CONFIG_HTTPD
 	bool "httpd"
 	default BUSYBOX_DEFAULT_HTTPD
 	help
-	  Serve web pages via an HTTP server.
+	  HTTP server.
 
 config BUSYBOX_CONFIG_FEATURE_HTTPD_RANGES
 	bool "Support 'Ranges:' header"
@@ -214,7 +212,7 @@ config BUSYBOX_CONFIG_FEATURE_HTTPD_CGI
 	  when specific URLs are requested.
 
 config BUSYBOX_CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
-	bool "Support for running scripts through an interpreter"
+	bool "Support running scripts through an interpreter"
 	default BUSYBOX_DEFAULT_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR
 	depends on BUSYBOX_CONFIG_FEATURE_HTTPD_CGI
 	help
@@ -243,7 +241,7 @@ config BUSYBOX_CONFIG_FEATURE_HTTPD_ENCODE_URL_STR
 	  "&#60Hello&#32World&#62".
 
 config BUSYBOX_CONFIG_FEATURE_HTTPD_ERROR_PAGES
-	bool "Support for custom error pages"
+	bool "Support custom error pages"
 	default BUSYBOX_DEFAULT_FEATURE_HTTPD_ERROR_PAGES
 	depends on BUSYBOX_CONFIG_HTTPD
 	help
@@ -256,7 +254,7 @@ config BUSYBOX_CONFIG_FEATURE_HTTPD_ERROR_PAGES
 	  message.
 
 config BUSYBOX_CONFIG_FEATURE_HTTPD_PROXY
-	bool "Support for reverse proxy"
+	bool "Support reverse proxy"
 	default BUSYBOX_DEFAULT_FEATURE_HTTPD_PROXY
 	depends on BUSYBOX_CONFIG_HTTPD
 	help
@@ -268,7 +266,7 @@ config BUSYBOX_CONFIG_FEATURE_HTTPD_PROXY
 	  http://hostname[:port]/new/path/myfile.
 
 config BUSYBOX_CONFIG_FEATURE_HTTPD_GZIP
-	bool "Support for GZIP content encoding"
+	bool "Support GZIP content encoding"
 	default BUSYBOX_DEFAULT_FEATURE_HTTPD_GZIP
 	depends on BUSYBOX_CONFIG_HTTPD
 	help
@@ -383,14 +381,14 @@ config BUSYBOX_CONFIG_FEATURE_IFUPDOWN_IP
 	  utilities, or enable these applets in Busybox.
 
 config BUSYBOX_CONFIG_FEATURE_IFUPDOWN_IPV4
-	bool "Support for IPv4"
+	bool "Support IPv4"
 	default BUSYBOX_DEFAULT_FEATURE_IFUPDOWN_IPV4
 	depends on BUSYBOX_CONFIG_IFUP || BUSYBOX_CONFIG_IFDOWN
 	help
 	  If you want ifup/ifdown to talk IPv4, leave this on.
 
 config BUSYBOX_CONFIG_FEATURE_IFUPDOWN_IPV6
-	bool "Support for IPv6"
+	bool "Support IPv6"
 	default BUSYBOX_DEFAULT_FEATURE_IFUPDOWN_IPV6
 	depends on (BUSYBOX_CONFIG_IFUP || BUSYBOX_CONFIG_IFDOWN) && BUSYBOX_CONFIG_FEATURE_IPV6
 	help
@@ -406,7 +404,7 @@ config BUSYBOX_CONFIG_FEATURE_IFUPDOWN_MAPPING
 	  a weird network setup you don't need it.
 
 config BUSYBOX_CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP
-	bool "Support for external dhcp clients"
+	bool "Support external DHCP clients"
 	default BUSYBOX_DEFAULT_FEATURE_IFUPDOWN_EXTERNAL_DHCP
 	depends on BUSYBOX_CONFIG_IFUP || BUSYBOX_CONFIG_IFDOWN
 	help
@@ -585,6 +583,11 @@ config BUSYBOX_CONFIG_IPCALC
 	  ipcalc takes an IP address and netmask and calculates the
 	  resulting broadcast, network, and host range.
 
+config BUSYBOX_CONFIG_FEATURE_IPCALC_LONG_OPTIONS
+	bool "Enable long options"
+	default BUSYBOX_DEFAULT_FEATURE_IPCALC_LONG_OPTIONS
+	depends on BUSYBOX_CONFIG_IPCALC && BUSYBOX_CONFIG_LONG_OPTS
+
 config BUSYBOX_CONFIG_FEATURE_IPCALC_FANCY
 	bool "Fancy IPCALC, more options, adds 1 kbyte"
 	default BUSYBOX_DEFAULT_FEATURE_IPCALC_FANCY
@@ -592,13 +595,6 @@ config BUSYBOX_CONFIG_FEATURE_IPCALC_FANCY
 	help
 	  Adds the options hostname, prefix and silent to the output of
 	  "ipcalc".
-
-config BUSYBOX_CONFIG_FEATURE_IPCALC_LONG_OPTIONS
-	bool "Enable long options"
-	default BUSYBOX_DEFAULT_FEATURE_IPCALC_LONG_OPTIONS
-	depends on BUSYBOX_CONFIG_IPCALC && BUSYBOX_CONFIG_LONG_OPTS
-	help
-	  Support long options for the ipcalc applet.
 config BUSYBOX_CONFIG_FAKEIDENTD
 	bool "fakeidentd"
 	default BUSYBOX_DEFAULT_FAKEIDENTD
@@ -685,7 +681,7 @@ config BUSYBOX_CONFIG_NETSTAT
 	  netstat prints information about the Linux networking subsystem.
 
 config BUSYBOX_CONFIG_FEATURE_NETSTAT_WIDE
-	bool "Enable wide netstat output"
+	bool "Enable wide output"
 	default BUSYBOX_DEFAULT_FEATURE_NETSTAT_WIDE
 	depends on BUSYBOX_CONFIG_NETSTAT
 	help
@@ -779,6 +775,12 @@ config BUSYBOX_CONFIG_SLATTACH
 	help
 	  slattach is a small utility to attach network interfaces to serial
 	  lines.
+config BUSYBOX_CONFIG_SSL_CLIENT
+	bool "ssl_client"
+	default BUSYBOX_DEFAULT_SSL_CLIENT
+	select BUSYBOX_CONFIG_TLS
+	help
+	  This tool pipes data to/from a socket, TLS-encrypting it.
 config BUSYBOX_CONFIG_TCPSVD
 	bool "tcpsvd"
 	default BUSYBOX_DEFAULT_TCPSVD
@@ -817,6 +819,11 @@ config BUSYBOX_CONFIG_FEATURE_TELNET_AUTOLOGIN
 	  remote host you are connecting to. This is useful when you need to
 	  log into a machine without telling the username (autologin). This
 	  option enables `-a' and `-l USER' arguments.
+
+config BUSYBOX_CONFIG_FEATURE_TELNET_WIDTH
+	bool "Enable window size autodetection"
+	default BUSYBOX_DEFAULT_FEATURE_TELNET_WIDTH
+	depends on BUSYBOX_CONFIG_TELNET
 config BUSYBOX_CONFIG_TELNETD
 	bool "telnetd"
 	default BUSYBOX_DEFAULT_TELNETD
@@ -936,11 +943,9 @@ config BUSYBOX_CONFIG_FEATURE_TFTP_BLOCKSIZE
 	  "blksize" and "tsize" options.
 
 config BUSYBOX_CONFIG_FEATURE_TFTP_PROGRESS_BAR
-	bool "Enable tftp progress meter"
+	bool "Enable progress bar"
 	default BUSYBOX_DEFAULT_FEATURE_TFTP_PROGRESS_BAR
 	depends on BUSYBOX_CONFIG_TFTP && BUSYBOX_CONFIG_FEATURE_TFTP_BLOCKSIZE
-	help
-	  Show progress bar.
 
 config BUSYBOX_CONFIG_TFTP_DEBUG
 	bool "Enable debug"
@@ -949,6 +954,9 @@ config BUSYBOX_CONFIG_TFTP_DEBUG
 	help
 	  Make tftp[d] print debugging messages on stderr.
 	  This is useful if you are diagnosing a bug in tftp[d].
+config BUSYBOX_CONFIG_TLS
+	bool #No description makes it a hidden option
+	default BUSYBOX_DEFAULT_TLS
 config BUSYBOX_CONFIG_TRACEROUTE
 	bool "traceroute"
 	default BUSYBOX_DEFAULT_TRACEROUTE
@@ -975,8 +983,6 @@ config BUSYBOX_CONFIG_FEATURE_TRACEROUTE_USE_ICMP
 	bool "Enable -I option (use ICMP instead of UDP)"
 	default BUSYBOX_DEFAULT_FEATURE_TRACEROUTE_USE_ICMP
 	depends on BUSYBOX_CONFIG_TRACEROUTE || BUSYBOX_CONFIG_TRACEROUTE6
-	help
-	  Add option -I to use ICMP ECHO instead of UDP datagrams.
 config BUSYBOX_CONFIG_TUNCTL
 	bool "tunctl"
 	default BUSYBOX_DEFAULT_TUNCTL
@@ -1004,12 +1010,15 @@ config BUSYBOX_CONFIG_WGET
 	  wget is a utility for non-interactive download of files from HTTP
 	  and FTP servers.
 
+config BUSYBOX_CONFIG_FEATURE_WGET_LONG_OPTIONS
+	bool "Enable long options"
+	default BUSYBOX_DEFAULT_FEATURE_WGET_LONG_OPTIONS
+	depends on BUSYBOX_CONFIG_WGET && BUSYBOX_CONFIG_LONG_OPTS
+
 config BUSYBOX_CONFIG_FEATURE_WGET_STATUSBAR
-	bool "Enable a nifty process meter (+2k)"
+	bool "Enable progress bar (+2k)"
 	default BUSYBOX_DEFAULT_FEATURE_WGET_STATUSBAR
 	depends on BUSYBOX_CONFIG_WGET
-	help
-	  Enable the transfer progress bar for wget transfers.
 
 config BUSYBOX_CONFIG_FEATURE_WGET_AUTHENTICATION
 	bool "Enable HTTP authentication"
@@ -1018,13 +1027,6 @@ config BUSYBOX_CONFIG_FEATURE_WGET_AUTHENTICATION
 	help
 	  Support authenticated HTTP transfers.
 
-config BUSYBOX_CONFIG_FEATURE_WGET_LONG_OPTIONS
-	bool "Enable long options"
-	default BUSYBOX_DEFAULT_FEATURE_WGET_LONG_OPTIONS
-	depends on BUSYBOX_CONFIG_WGET && BUSYBOX_CONFIG_LONG_OPTS
-	help
-	  Support long options for the wget applet.
-
 config BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT
 	bool "Enable timeout option -T SEC"
 	default BUSYBOX_DEFAULT_FEATURE_WGET_TIMEOUT
@@ -1039,18 +1041,59 @@ config BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT
 	  FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
 	  will work in addition to -T.
 
+config BUSYBOX_CONFIG_FEATURE_WGET_HTTPS
+	bool "Support HTTPS using internal TLS code"
+	default BUSYBOX_DEFAULT_FEATURE_WGET_HTTPS
+	depends on BUSYBOX_CONFIG_WGET
+	select BUSYBOX_CONFIG_TLS
+	help
+	  wget will use internal TLS code to connect to https:// URLs.
+	  Note:
+	  On NOMMU machines, ssl_helper applet should be available
+	  in the $PATH for this to work. Make sure to select that applet.
+
+	  Note: currently, TLS code only makes TLS I/O work, it
+	  does *not* check that the peer is who it claims to be, etc.
+	  IOW: it uses peer-supplied public keys to establish encryption
+	  and signing keys, then encrypts and signs outgoing data and
+	  decrypts incoming data.
+	  It does not check signature hashes on the incoming data:
+	  this means that attackers manipulating TCP packets can
+	  send altered data and we unknowingly receive garbage.
+	  (This check might be relatively easy to add).
+	  It does not check public key's certificate:
+	  this means that the peer may be an attacker impersonating
+	  the server we think we are talking to.
+
+	  If you think this is unacceptable, consider this. As more and more
+	  servers switch to HTTPS-only operation, without such "crippled"
+	  TLS code it is *impossible* to simply download a kernel source
+	  from kernel.org. Which can in real world translate into
+	  "my small automatic tooling to build cross-compilers from sources
+	  no longer works, I need to additionally keep a local copy
+	  of ~4 megabyte source tarball of a SSL library and ~2 megabyte
+	  source of wget, need to compile and built both before I can
+	  download anything. All this despite the fact that the build
+	  is done in a QEMU sandbox on a machine with absolutely nothing
+	  worth stealing, so I don't care if someone would go to a lot
+	  of trouble to intercept my HTTPS download to send me an altered
+	  kernel tarball".
+
+	  If you still think this is unacceptable, send patches.
+
+	  If you still think this is unacceptable, do not want to send
+	  patches, but do want to waste bandwidth expaining how wrong
+	  it is, you will be ignored.
+
 config BUSYBOX_CONFIG_FEATURE_WGET_OPENSSL
 	bool "Try to connect to HTTPS using openssl"
 	default BUSYBOX_DEFAULT_FEATURE_WGET_OPENSSL
 	depends on BUSYBOX_CONFIG_WGET
 	help
-	  Choose how wget establishes SSL connection for https:// URLs.
-
-	  Busybox itself contains no SSL code. wget will spawn
-	  a helper program to talk over HTTPS.
+	  Try to use openssl to handle HTTPS.
 
 	  OpenSSL has a simple SSL client for debug purposes.
-	  If you select "openssl" helper, wget will effectively run:
+	  If you select this option, wget will effectively run:
 	  "openssl s_client -quiet -connect hostname:443
 	  -servername hostname 2>/dev/null" and pipe its data
 	  through it. -servername is not used if hostname is numeric.
@@ -1063,24 +1106,9 @@ config BUSYBOX_CONFIG_FEATURE_WGET_OPENSSL
 	  openssl is also a big binary, often dynamically linked
 	  against ~15 libraries.
 
-config BUSYBOX_CONFIG_FEATURE_WGET_SSL_HELPER
-	bool "Try to connect to HTTPS using ssl_helper"
-	default BUSYBOX_DEFAULT_FEATURE_WGET_SSL_HELPER
-	depends on BUSYBOX_CONFIG_WGET
-	help
-	  Choose how wget establishes SSL connection for https:// URLs.
-
-	  Busybox itself contains no SSL code. wget will spawn
-	  a helper program to talk over HTTPS.
-
-	  ssl_helper is a tool which can be built statically
-	  from busybox sources against a small embedded SSL library.
-	  Please see networking/ssl_helper/README.
-	  It does not require double host resolution and emits
-	  error messages to stderr.
-
-	  Precompiled static binary may be available at
-	  http://busybox.net/downloads/binaries/
+	  If openssl can't be executed, internal TLS code will be used
+	  (if you enabled it); if openssl can be executed but fails later,
+	  wget can't detect this, and download will fail.
 config BUSYBOX_CONFIG_WHOIS
 	bool "whois"
 	default BUSYBOX_DEFAULT_WHOIS
diff --git a/package/utils/busybox/config/networking/udhcp/Config.in b/package/utils/busybox/config/networking/udhcp/Config.in
index cdba5d5d17..e7a98750d2 100644
--- a/package/utils/busybox/config/networking/udhcp/Config.in
+++ b/package/utils/busybox/config/networking/udhcp/Config.in
@@ -5,36 +5,44 @@
 #
 
 config BUSYBOX_CONFIG_UDHCPC6
-	bool "udhcp client for DHCPv6 (udhcpc6)"
+	bool "udhcpc6 (DHCPv6 client, EXPERIMENTAL)"
 	default BUSYBOX_DEFAULT_UDHCPC6  # not yet ready
 	depends on BUSYBOX_CONFIG_FEATURE_IPV6
 	help
 	  udhcpc6 is a DHCPv6 client
 
+config BUSYBOX_CONFIG_FEATURE_UDHCPC6_RFC3646
+	bool "Support RFC 3646 (DNS server and search list)"
+	default BUSYBOX_DEFAULT_FEATURE_UDHCPC6_RFC3646
+	depends on BUSYBOX_CONFIG_UDHCPC6
+	help
+	  List of DNS servers and domain search list can be requested with
+	  "-O dns" and "-O search". If server gives these values,
+	  they will be set in environment variables "dns" and "search".
+
+config BUSYBOX_CONFIG_FEATURE_UDHCPC6_RFC4704
+	bool "Support RFC 4704 (Client FQDN)"
+	default BUSYBOX_DEFAULT_FEATURE_UDHCPC6_RFC4704
+	depends on BUSYBOX_CONFIG_UDHCPC6
+	help
+	  You can request FQDN to be given by server using "-O fqdn".
+
+config BUSYBOX_CONFIG_FEATURE_UDHCPC6_RFC4833
+	bool "Support RFC 4833 (Timezones)"
+	default BUSYBOX_DEFAULT_FEATURE_UDHCPC6_RFC4833
+	depends on BUSYBOX_CONFIG_UDHCPC6
+	help
+	  You can request POSIX timezone with "-O tz" and timezone name
+	  with "-O timezone".
+
 config BUSYBOX_CONFIG_UDHCPD
-	bool "udhcp server (udhcpd)"
+	bool "udhcpd (DHCP server)"
 	default BUSYBOX_DEFAULT_UDHCPD
 	select BUSYBOX_CONFIG_PLATFORM_LINUX
 	help
 	  udhcpd is a DHCP server geared primarily toward embedded systems,
 	  while striving to be fully functional and RFC compliant.
 
-config BUSYBOX_CONFIG_DHCPRELAY
-	bool "dhcprelay"
-	default BUSYBOX_DEFAULT_DHCPRELAY
-	help
-	  dhcprelay listens for dhcp requests on one or more interfaces
-	  and forwards these requests to a different interface or dhcp
-	  server.
-
-config BUSYBOX_CONFIG_DUMPLEASES
-	bool "Lease display utility (dumpleases)"
-	default BUSYBOX_DEFAULT_DUMPLEASES
-	help
-	  dumpleases displays the leases written out by the udhcpd server.
-	  Lease times are stored in the file by time remaining in lease, or
-	  by the absolute time that it expires in seconds from epoch.
-
 config BUSYBOX_CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY
 	bool "Rewrite the lease file at every new acknowledge"
 	default BUSYBOX_DEFAULT_FEATURE_UDHCPD_WRITE_LEASES_EARLY
@@ -67,8 +75,24 @@ config BUSYBOX_CONFIG_DHCPD_LEASES_FILE
 	  udhcpd stores addresses in a lease file. This is the absolute path
 	  of the file. Normally it is safe to leave it untouched.
 
+config BUSYBOX_CONFIG_DUMPLEASES
+	bool "dumpleases"
+	default BUSYBOX_DEFAULT_DUMPLEASES
+	help
+	  dumpleases displays the leases written out by the udhcpd.
+	  Lease times are stored in the file by time remaining in lease, or
+	  by the absolute time that it expires in seconds from epoch.
+
+config BUSYBOX_CONFIG_DHCPRELAY
+	bool "dhcprelay"
+	default BUSYBOX_DEFAULT_DHCPRELAY
+	help
+	  dhcprelay listens for dhcp requests on one or more interfaces
+	  and forwards these requests to a different interface or dhcp
+	  server.
+
 config BUSYBOX_CONFIG_UDHCPC
-	bool "udhcp client (udhcpc)"
+	bool "udhcpc (DHCP client)"
 	default BUSYBOX_DEFAULT_UDHCPC
 	select BUSYBOX_CONFIG_PLATFORM_LINUX
 	help
@@ -99,6 +123,15 @@ config BUSYBOX_CONFIG_FEATURE_UDHCPC_SANITIZEOPT
 	  they will be replaced with string "bad" when exporting
 	  to the environment.
 
+config BUSYBOX_CONFIG_UDHCPC_DEFAULT_SCRIPT
+	string "Absolute path to config script"
+	default BUSYBOX_DEFAULT_UDHCPC_DEFAULT_SCRIPT
+	depends on BUSYBOX_CONFIG_UDHCPC
+	help
+	  This script is called after udhcpc receives an answer. See
+	  examples/udhcp for a working example. Normally it is safe
+	  to leave this untouched.
+
 config BUSYBOX_CONFIG_FEATURE_UDHCP_PORT
 	bool "Enable '-P port' option for udhcpd and udhcpc"
 	default BUSYBOX_DEFAULT_FEATURE_UDHCP_PORT
@@ -120,7 +153,7 @@ config BUSYBOX_CONFIG_UDHCP_DEBUG
 	  are very verbose and useful for debugging only.
 
 config BUSYBOX_CONFIG_FEATURE_UDHCP_RFC3397
-	bool "Support for RFC3397 domain search (experimental)"
+	bool "Support RFC3397 domain search (experimental)"
 	default BUSYBOX_DEFAULT_FEATURE_UDHCP_RFC3397
 	depends on BUSYBOX_CONFIG_UDHCPD || BUSYBOX_CONFIG_UDHCPC
 	help
@@ -129,22 +162,13 @@ config BUSYBOX_CONFIG_FEATURE_UDHCP_RFC3397
 	  and SIP servers option 120, specified in RFC 3361.
 
 config BUSYBOX_CONFIG_FEATURE_UDHCP_8021Q
-	bool "Support for 802.1Q VLAN parameters"
+	bool "Support 802.1Q VLAN parameters"
 	default BUSYBOX_DEFAULT_FEATURE_UDHCP_8021Q
 	depends on BUSYBOX_CONFIG_UDHCPD || BUSYBOX_CONFIG_UDHCPC
 	help
 	  If selected, both client and server will support passing of VLAN
 	  ID and priority via options 132 and 133 as per 802.1Q.
 
-config BUSYBOX_CONFIG_UDHCPC_DEFAULT_SCRIPT
-	string "Absolute path to config script"
-	default BUSYBOX_DEFAULT_UDHCPC_DEFAULT_SCRIPT
-	depends on BUSYBOX_CONFIG_UDHCPC
-	help
-	  This script is called after udhcpc receives an answer. See
-	  examples/udhcp for a working example. Normally it is safe
-	  to leave this untouched.
-
 config BUSYBOX_CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS
 	int "DHCP options slack buffer size"
 	default BUSYBOX_DEFAULT_UDHCPC_SLACK_FOR_BUGGY_SERVERS