aboutsummaryrefslogtreecommitdiffstats
path: root/package/utils/busybox
Commit message (Collapse)AuthorAgeFilesLines
* busybox: handle crypt() errors in loginutilsJo-Philipp Wich2019-01-222-1/+54
| | | | | | | | | | | | | | | | The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when the given salt is either invalid or when the requested algorithm is not implemented. In such a case, libbb's pw_encrypt() function will silently convert the crypt() NULL return value into an empty string which is then processed without further errors by utilities such as chpasswd or passwd, causing them to set an empty password when an unsupported cipher is requested. Patch the relevant users of pw_encrypt() to abort in case an empty hash is returned by pw_encrypt() in order to mitigate the problem. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: Add wrapper for uci_validate_section()Jeffery To2019-01-221-4/+8
| | | | | | | | | | | | | | | | | This adds a wrapper (uci_load_validate) for uci_validate_section() that allows callers (through a callback function) to access the values set by uci_validate_section(), without having to manually declare a (potentially long) list of local variables. The callback function receives two arguments when called, the config section name and the return value of uci_validate_section(). If no callback function is given, then the wrapper exits with the value returned by uci_validate_section(). This also updates several init scripts to use the new wrapper function. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* busybox: fix ALTERNATIVES alphabetical orderingHans Dedecker2019-01-131-2/+2
| | | | | | | Commit 3f0eb71dae added ALTERNATIVES for wget but not in correct alphabetical order; increase PKG_RELEASE as well. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: add ALTERNATIVES for wgetHans Dedecker2019-01-131-0/+1
| | | | | | | Busybox wget applet conflicts with the version from uclient. Fix this by using ALTERNATIVE support for wget in busybox. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: Add ALTERNATIVES for findutilsDaniel F. Dickinson2019-01-031-1/+3
| | | | | | | | | | | | Currently busybox find and xargs conflict with the versions from findutils package. Fix this by using ALTERNATIVES in busybox and the related findutils (from packages feed) commit. The conflict is due to the binaries being in the the same place in rootfs and opkg not being happy about that. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* busybox: update to 1.30.0Hannu Nyman2019-01-017-18/+65
| | | | | | | | | | | | | | | | | | Update busybox to 1.30.0. Refresh patches. Leave new features disabled by default. Config refreshed via: cd package/utils/busybox/config/ ../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0 make package/busybox/compile cd package/utils/busybox ./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0/.config > Config-defaults.in Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: fix IPv6 dependencyHans Dedecker2018-10-072-2/+3
| | | | | | | | | Commit 9f0cb135dd made BUSYBOX_CONFIG_FEATURE_IPV6 dependant on IPV6 but did not make its default value BUSYBOX_DEFAULT_FEATURE_IPV6 dependant on IPV6. BUSYBOX_DEFAULT_FEATURE_IPV6 will have as default value y if IPV6 is enabled otherwise n. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: fix dependency for IPV6Rosy Song2018-09-232-1/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* busybox: update to 1.29.3Hannu Nyman2018-09-151-2/+2
| | | | | | | | Update busybox to 1.29.3, minor bugfix release https://git.busybox.net/busybox/log/?h=1_29_3 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: prevent compile hang with bzip2 enabledRob Mosher2018-08-081-0/+9
| | | | | | | | The BZIP2_SMALL option was not being exposed via Config.in which caused the build to fail as 'yes' is piped to the config during build. As it's expecting a number, it gets stuck in a loop. Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
* busybox: update to 1.29.2Hannu Nyman2018-08-0211-149/+80
| | | | | | | | | | | | | | | * Update busybox to 1.29.2 * refresh default config * remove upstreamed patches Config refreshed with cd config/ ../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/busybox-1.29.2 cd .. ./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/busybox-1.29.2/.config > Config-defaults.in Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> Tested-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: compile with LTO enabledFelix Fietkau2018-07-132-5/+42
| | | | | | | In the default configuration on MIPS, it reduces the .ipk size from 214k to 207k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* busybox: rename udhcpc-remove-code-which-requires-server-ID-to-be-on patchHans Dedecker2018-06-211-0/+0
| | | | | | | Move udhcpc-remove-code-which-requires-server-ID-to-be-on patch from 500 to 400 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fixHans Dedecker2018-06-213-12/+118
| | | | | | | | Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix which removes the code which requires the server ID to be on local network Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: update to 1.28.4Magnus Kroken2018-06-181-3/+3
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* cron: add procd listeners for crontabsPaul Spooren2018-06-181-3/+5
| | | | | | | | Add procd file listeners to check files in `/etc/crontabs/`. Also unified a bit the function style. Signed-off-by: Paul Spooren <mail@aparcar.org>
* busybox: udhcpc: no MSG_DONTROUTE when sending packetAdi Shammout2018-06-072-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts a change made in Sep 2017 [1] which introduced MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a different subnet. That change violates RFC2131 by forcing fully configured clients, who got their configurations through an offer relayed by a DHCP relay, from renewing through a unicast request directly to the DHCP server, resulting in the client resorting to boradcasting lease extension requests instead of unicasting them, further breaking RFC2131. The problem with MSG_DONTROUTE appears when talking to a properly configured DHCP server that rejects non-compliant requests. Such server will reject lease extension attempts sent via broadcast rather than unicast, as is the case with Finnish ISPs Telia and DNA as well as Estonian ISP Starman. Once the lease expires without renewal, udhcpc enters init mode, taking down the interfaces with it, and thus causing interruption on every lease expiry. On some ISPs (such as the ones mentioned above) that can be once every 10-20 minutes. The interruptions appear in the logs as such: ---- udhcpc: sending renew to x.x.x.x udhcpc: send: Network unreachable udhcpc: sending renew to 0.0.0.0 udhcpc: sending renew to 0.0.0.0 ... udhcpc: lease lost, entering init state Interface 'wan' has lost the connection Interface 'wan' is now down Network alias 'eth0' link is down udhcpc: sending select for y.y.y.y udhcpc: lease of y.y.y.y obtained, lease time 1200 Network alias 'eth0' link is up Interface 'wan' is now up ---- During lease extension, a fully configured client should be able to reach out to the server from which it recieved the lease for extension, regardless in which network it is; that's up to the gateway to find. [2] This patch ensures that. [1] http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html [2] https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/ understanding-dhcp-relay-agents Signed-off-by: Adi Shammout <adi.shammout@outlook.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* flock: enable alternatives supportYousong Zhou2018-05-071-1/+2
| | | | | | Fixes FS#1510 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* busybox: order alternatives in alphabetical orderYousong Zhou2018-05-071-4/+4
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* busybox: update to 1.28.3Hannu Nyman2018-04-051-2/+2
| | | | | | | | | Bug fix release. 1.28.3 has fixes for * ash and hush (do not leave stray open file destriptors in children), * cpio (fix for symlink extraction), * grep ("grep -Fw a" was matching "aa"). Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: update to 1.28.2Hannu Nyman2018-04-0310-594/+578
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update busybox to 1.28.2, refresh patches and default config. * modify 230-add_nslookup_lede.patch as opt_complementary was removed Also move nslookup_longopts variable declaration to be inside the same conditional as the function itself. * modify 250-date-k-flag.patch to match upstream (opt_complementary) * remove 600-cve-2017-16544.patch that is upstreamed Notes about config changes: * Some applet-specific LONG_OPTIONS config options were removed * Config help text indentation changed, caused lots of text formatting changes for convert_menuconfig.pl * convert_defaults.pl moved lots of defaults around, summary of actual changes below New applets/features: --------------------- ARCH HEXEDIT MINIPS NETCAT NUKE RESUME RUN_INIT SETFATTR New options: ------------ FEATURE_CATN FEATURE_CROND_SPECIAL_TIMES FEATURE_LIBBUSYBOX_STATIC FEATURE_SETPRIV_CAPABILITIES FEATURE_SETPRIV_CAPABILITY_NAMES FEATURE_SETPRIV_DUMP FEATURE_SH_READ_FRAC FEATURE_SWAPONOFF_LABEL FEATURE_VOLUMEID_MINIX FEATURE_XARGS_SUPPORT_ARGS_FILE FEATURE_XARGS_SUPPORT_PARALLEL HUSH_GETOPTS HUSH_READONLY HUSH_TIMES Removed: -------- FEATURE_HAVE_RPC MSH Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: drop providing virtual package ipHans Dedecker2018-03-221-1/+0
| | | | | | | | | | | | | | Drop providing the virtual package ip by busybox which was added in commit 1cec4d4ef0. Letting busybox provide the virtual package ip is not optimal for the following reasons : - Applications depending on ip expect either the ip-full or ip-tiny package to be enabled. - Busybox ip applet cannot be added or removed at runtime Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: remove i386-specific build flagsMatthias Schiffer2018-03-121-0/+10
| | | | | | | | | | busybox tries to be smart and passes a number of additional flags to the compiler. Unfortunately, the i386-specific flags break ABI compatiblity with libc. Fixes busybox crashes observed on x86-generic with GCC 7. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-271-0/+3
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* busybox: clean up patch fuzzKevin Darbyshire-Bryant2018-01-052-8/+3
| | | | | | Refresh patches to tidy up fuzz. No functional changes Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* busybox: enable flock by defaultRoman Yeryomin2018-01-021-1/+1
| | | | | | | This is needed for procd init script protection to work. flock adds 4248 bytes to stripped busybox binary. Signed-off-by: Roman Yeryomin <roman@advem.lv>
* busybox: backport cve-2017-16544 fixJohn Crispin2018-01-021-0/+40
| | | | | | | | | | | | | | | | | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Fixes: FS#1181 - CVE-2017-16544: Backport the patch from: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 https://nvd.nist.gov/vuln/detail/CVE-2017-16544 Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com> Signed-off-by: John Crispin <john@phrozen.org>
* busybox: add missing TARGET_CPPFLAGS and TARGET_LDFLAGSMatthias Schiffer2017-12-281-2/+3
| | | | | | | | | | | | | Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and TARGET_LDFLAGS (passed only in certain non-default configuration before the Makefile streamlining). Without these flags, hardening options (PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox. The addition of these flags increases the size of the stripped busybox binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro") with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* busybox: streamline MakefileMatthias Schiffer2017-12-281-50/+17
| | | | | | | Use default Build/Install steps where possible. No binary change in default configuration, so PKG_RELEASE is not incremented. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* busybox: enable find -newer needed for shorewall firewall, no size increase ↵Lucian Cristian2017-12-142-2/+2
| | | | | | on binary Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* busybox: fix glibc libresolv dependency for LEDE nslook appletJo-Philipp Wich2017-12-101-1/+1
| | | | | | | Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config. Fixes FS#1212. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patchZoltan HERPAI2017-12-083-16/+16
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* busybox: provide "ip"Hans Dedecker2017-10-141-0/+1
| | | | | | | Let busybox provide "ip" as it supports the ip applets link, address, route, rule and neighbor Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: update to 1.27.2Magnus Kroken2017-08-3030-1121/+951
| | | | | | | | | | Refresh patches, delete patches backported from upstream. This fixes ntpd sync issues (ntpd would not sync if the first provided peer address was unreachable). Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* busybox: move passwd applet to /binDaniel Golle2017-08-301-0/+11
| | | | | | | | | | busybox currently installs passwd into /usr/bin which prevents its 'full' shadow-utils variant from being installed. Move the passwd applet to /bin to avoid that collision. shadow also provides /usr/bin/login which doesn't collide with busybox as the busybox login applet is installed at /bin/login. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* busybox: move traceroute applets to /binDaniel Golle2017-08-302-8/+13
| | | | | | | | | | | busybox currently installs traceroute and traceroute6 into /usr/bin which prevents their 'full' iputils variants from being installed. Move those applets to /bin so they can coexist with their iputils siblings using the same PATH convention already applied for coreutils and other drop-in 'full' versions. Refresh existing patch while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "busybox: ash/hush fix for read-builtin command"Jo-Philipp Wich2017-08-231-147/+0
| | | | | | | | | | Revert this commit as it introduces a patchfile at a wrong location. Since the patch was never effective, we can assume that this particular commit was not properly tested. This reverts commit dde9da46c1586c0bda54e7fa6de05f0fc76e557a. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: ash/hush fix for read-builtin commandBastian Bittorf2017-06-241-0/+147
| | | | | | | | | | | this is a cherrypick from busybox-git HEAD: f5470419404d643070db99d058405b714695b817 and can be removed when upgrading to next busybox release. discussion here: http://lists.busybox.net/pipermail/busybox/2017-May/085439.html Signed-off-by: Bastian Bittorf <bb@npl.de>
* busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'Stefan Tomanek2017-06-241-0/+145
| | | | | | | | This is a backport from the busybox repository (192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the suppress_{prefixlength,ifgroup} flags for policy routing rules. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* busybox: alternatives: accomodate CONFIG_BUSYBOX_CUSTOM=yYousong Zhou2017-05-031-14/+15
| | | | | | | | When busybox customisation is enabled, we should depend on config symbols CONFIG_BUSYBOX_CONFIG_xxx to form alternatives specs Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* busybox: add alternatives specs for those also provided by procps-ngYousong Zhou2017-05-031-2/+14
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* busybox: add as an alternative of /sbin/ipYousong Zhou2017-05-021-1/+2
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* busybox: nslookup_lede: mimic output format of old Busybox appletJo-Philipp Wich2017-04-272-22/+61
| | | | | | | | | | | | | When invoking "nslookup_lede" with a domain argument and without explicit query type, issue both A and AAAA queries and display the resulting IP addresses in a numbered list style, similar to how the old BusyBox nslookup used to output the records. This is required for compatibility with certain scripts. Ref: https://forum.lede-project.org/t/nslookup-ipv6-in-lede-17-01-1 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: nslookup_lede: fix compatibility with v1.25Jo-Philipp Wich2017-04-272-6/+7
| | | | | | | | | | | | | | The ":*" optstring syntax was only recently introduced with BusyBox v1.26, older versions need a corresponding hint in the "opt_complementary" variable to denote flag values that should be stored as llist entries. Add the required opt_complementary entry to fix random SIGBUS, SIGILL or SIGSEGV related crashes on BusyBox 1.25.x when attempting to use the "-q" flag of the "nslookup_lede" applet. Ref: https://forum.lede-project.org/t/nslookup-ipv6-in-lede-17-01-1 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: Enable sendfile by defaultDaniel Engberg2017-04-261-1/+1
| | | | | | Enable sendfile system call by default. http://lists.busybox.net/pipermail/busybox-cvs/2014-November/034831.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* busybox: fix build of nslookup_lede applet without IPv6 (#728)Jo-Philipp Wich2017-04-211-9/+33
| | | | | | | | | Protect any IPv6 related with appropriate guards to fix compilation with disabled IPv6 support in Busybox. Fixes #728. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: Move libresolv detection to LEDE MakefileFlorian Fainelli2017-04-122-18/+6
| | | | | | | | | | | Since the LEDE nslookup applet is already specific to LEDE, move the libresolv detection into the busybox Makefile that LEDE uses. This fixes builds with external toolchains that don't automatically search for headers and/or libraries without being told so. Fixes: de5b8e5d2fe1 ("busybox: add musl compatible nslookup replacement") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* busybox: add musl compatible nslookup replacementJo-Philipp Wich2017-04-103-1/+931
| | | | | | | | Add an alternative nslookup applet implementation which is compatible with musl libc wrt. name server selection and which supports a number of additional features such as query type selection. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: fix installation of cron and ntpd scripts in the default configFelix Fietkau2017-04-041-2/+2
| | | | | Fixes: 0b24850e9778 ("busybox: don't install NTP scripts if NTP isn't configured") Signed-off-by: Felix Fietkau <nbd@nbd.name>