Fixes the following security issue:
- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
the error bit on the huft_build result pointer, with a resultant invalid
free or segmentation fault, via malformed gzip data.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check for a default route is inverted, causing the script to wait
for the timeout even when a default IPv6 route is available. Fix this up
so that it exits early as expected.
Reported-by: Bhattiprolu RaviKumar <ravikumar.bhattiprolu@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pick the below patch from upstream, in order to fix
'settimeofday: Invalid argument' introduced by using glibc v2.31+.
(busybox hasn't tagged a new version since).
See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Busybox is mainly licensed under the GPL-2.0, but the bzip2 part is a
modified copy of the bzip2/libbzip2 project, which comes with its own
license.
Update the licensing information accordingly.
Add the hash for the new license file, and fixup indentation (2 spaces).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
this way zcip will work out of the box when configured
Signed-off-by: Sven Oliver Moll <buildroot@svol.li>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ipcalc is an ancient and venerable tool for manipulating IP addresses,
networks, & interfaces from shell scripts. There is a subtool in busybox,
but it does not support everything the upstream tool [1] supports.
[1] https://gitlab.com/ipcalc/ipcalc
Signed-off-by: Derrick Lyndon Pallas <derrick@meter.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RFC3442 specifies a DHCP extension to provide the client with a list of
static routes to use. This is already handled by udhcpc and exposed as the
"staticroutes" environment variable, but currently not handled by the action
script.
Extend the script to do so. The RFC specifies that if this option is
provided by the server then the normal "routes" (3) option should be
ignored, so ensure that is done.
As we may now have more than just a default route on the interface, extend
the route cleanup logic to handle all routes for the interface (except for
the implied local 0.0.0.0 one).
Notice that this option is only sent by servers if explicitly requested by
the client, E.G. using the -O staticroutes option to udhcpc.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using a combination of udhcpc and avahi-autoipd in case of receiving IP
from a DHCP server, the following message can be seen:
"Failed to kill daemon: No such file or directory".
Add a check for a running avahi-autoipd to fix this issue.
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
watchdog is a flexible watchdog daemon that improves on the already
available Busybox watchdog daemon by providing more advanced features,
like defining custom system status checks and executing repair scripts
to react upon invariants that don't hold.
Due to "watchdog" being also provided by Busybox, we need to make that
package/watchdog installs the watchdog binary in the same place as
Busybox (i.e in /sbin), and need to add a dependency of Busybox on
this new watchdog package.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If the less package is not enable and systemd is enabled,
then configure the less applet to fully work with systemd.
systemd sets the flags for less in an environment variable
and requires a few options for correct display.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install the sysvinit scripts, for the moment, but not S02sysctl, since
openrc provides /etc/init.d/sysctl.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The scripts were already the same, except for some comments, so make the
busybox S02sysctl a symlink to the procps-ng one, which works with both
versions of the "sysctl" utility.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It was searching for CONFIG_ASH=y and CONFIG_HUSH=y at $(@D)/.config,
which does not contain the package build path at the target-finalize
step. Use $(BUSYBOX_DIR), instead.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Busybox 1.31.1 fails to build with glibc 2.31 due to the removal of
stime() from glibc. Pull a patch already applied upstream to fix the
problem.
The patch was rebased on version 1.31.1 to minimize the change, since
the original one depended on a previous commit which is not worthwhile
to pick.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN. <yann.morin.1998@free.fr>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Busybox 1.31.1 fails to build with musl 1.2.0 due to the direct use of
__NR_clock_gettime. Pull four patches already applied upstream to fix
the problem.
The patches were rebased to version 1.31.1 to minimize the change, since
the original ones depended on a previous commit which is not worthwhile
to pick.
Fixes:
http://autobuild.buildroot.net/results/f45f91aea6deee6699eabdfa618ac44873b8da51/
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN. <yann.morin.1998@free.fr>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Call BUSYBOX_INSTALL_INDIVIDUAL_BINARIES in BUSYBOX_INSTALL_TARGET_CMDS,
not in BUSYBOX_INSTALL_INIT_SYSV. This should have been done in commit
b1e07d6d79 but was somehow lost during the
review/aply process.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The default inittab files added by busybox and sysvinit run 'swapon -a'
during init and 'swapoff -a' during shutdown.
But, the swapon/swapoff programs are not guaranteed to be
available. For the busybox versions, it is steered by
CONFIG_SWAPON/CONFIG_SWAPOFF. For the util-linux versions, it is steered by
BR2_PACKAGE_UTIL_LINUX_BINARIES.
In a case where swapon/swapoff is not available but the inittab tries to
execute them, the boot log would be polluted by error messages like:
swapon: not found
Avoid this by commenting out the swapon/swapoff lines if the swapon/swapoff
binaries are not available.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Peter: test with -x]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following commit 0dcb5513ef
("package/refpolicy: remove dependency on policycoreutils"), we have a
build failure on some configurations:
Makefile:571: *** libselinux is in the dependency chain of busybox that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
This is because refpolicy selects the busybox SELinux support when
Busybox is enabled, which it turns selects libselinux, but we no
longer pay attention to the libselinux dependencies while doing this.
Since it's quite weird to have refpolicy mess with Busybox SELinux
support, this commit changes the logic to have Busybox automatically
enable its SELinux support as soon as SELinux support is enabled,
while still allowing it to be disabled.
Fixes:
http://autobuild.buildroot.net/results/5d8fda7c488a03c14942d87467d501acd633d24a/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If a inittab file was already provided in the skeleton, don't overwrite
it with the one that comes with the busybox package.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
udhcpc6 implements "stateful" DHCPv6 for explicitly requesting an address
and other configuration information. A major difference between DHCPv4
and DHCPv6 is that DHCPv6 does *not* advertise a default route; this is
determined by normal IPv6 autoconfiguration.
Add logic to wait up to IF_WAIT_DELAY seconds for the IPv6 route to be
configured; as above this doesn't come from DHCPv6 but rather the IPv6
Router Advertisement (RA) which happens independently from udhcpc6. The
intent here is to try and ensure that the interface is route-able upon the
script's completion as it would be if called from udhcpc.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
udhcpc6 will call the default script with the stateful address set in the
"ipv6" variable. Set "ip" to this address if present, using the /128 prefix
used by stateful DHCPv6 so the existing renew/bound logic can be used like
in DHCPv4.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the "Run a getty" option is disabled, busybox doesn't remove the
/etc/inittab line from previous builds. With this patch, the line is
correctly commented out.
Signed-off-by: Stephen Bos <stephen.bos@hagergroup.com>
Co-authored-by: Stephen Bos <stephen.bos@hagergroup.com>
Co-authored-by: Christophe Blaess <christophe.blaess@logilin.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
libselinux is now available on ARC, so we can re-enable the SELinux
support in Busybox on ARC as well.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
libselinux can now be selected for non-glibc toolchains, so
BR2_PACKAGE_BUSYBOX_SELINUX can loose its BR2_TOOLCHAIN_USES_GLIBC
dependency.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add a simple init script that invokes sysctl early in the initialization
process to configure kernel parameters. This is already performed by
systemd (systemd-sysctl) but there is no sysvinit/busybox counterpart.
Files are read from directories in the following list in the given order
from top to bottom:
/run/sysctl.d/*.conf
/etc/sysctl.d/*.conf
/usr/local/lib/sysctl.d/*.conf
/usr/lib/sysctl.d/*.conf
/lib/sysctl.d/*.conf
/etc/sysctl.conf
A file may be used more than once, since there can be multiple symlinks
to it. No attempt is made to prevent this.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The domain search option is from RFC3397, not RFC3359 (which is about TLV
codepoints), so fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is useful in networks with internal resources as it allows
to use much shorter names.
E.g. instead of "server.internal.company.com" it's possible
to use just "server" if DHCP server is configured with:
---------------------------->8-----------------------
option domain-search "internal.company.com";
---------------------------->8-----------------------
This improvement consists of 2 parts:
1. Enable handling of RFC3397 so DHCP client is ready for processing
corresponding data from DHCP server.
2. Some DHCP servers always send out search list if it is set in server's
configuration and some servers only provide search list if client
asks for that (sending list of options it expects to get).
And exactly for those stubborn DHCP servers we need to add "-O search"
to udhcp's command line via CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Ignacy Gawedzki <ignacy.gawedzki@green-communications.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Enable the mdev daemon mode in Busybox default config
- Update the S10mdev init script to use the daemon mode
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove 0003-libbb-mark-scripted_main-as-externally-visible.patch
as it was committed upstream in 3193cb56d6
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
dosfstools and busybox may each install mkfs.vfat, so dosfstools must
be installed before busybox.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the help test of individual binaries:
With this option enabled, each applet is a separate binary, which is
needed for proper operation with SELinux
As such, it makes sense to select this option when SELinux support is
selected as well.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.org/results/053/0539b3765eaa99029c4185ae89db6adb9e867078/
Kudos to Thomas for pinpointing the actual issue.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
base64 reuses the uuencode logic, so only adds very little extra overhead,
is enabled by default upstream and is used more often than uuencode - So
enable it in the default busybox config.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update from version 1.29.3 to 1.30.1. The new version
includes the removed patches.
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch to resolve CVE-2019-5747 which affects versions prior
to 1.30.0
More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2019-5747
This applies to both master and 2019.02
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Patch to resolve CVE-2018-20679 which affects versions prior
to 1.30.0
More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2018-20679
This applies to both master and 2019.02
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since commit 50dc350c65 (package/busybox: update to 1.29.0), we no
longer define the BUSYBOX_NOCLOBBER_INSTALL macro, so it expands to an
empty string, so we end up with no action in BUSYBOX_CONFIGURE_CMDS.
Drop BUSYBOX_CONFIGURE_CMDS now that it serves no purpose.
Signed-off-by: Yann MORIN <yann.morin@orange.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Split S01logging into S01syslogd and S02klogd. Install them only if no
other syslog package is selected and the corresponding daemons are
selected in the Busybox configuration.
- Support /etc/default/$DAEMON configuration files.
- Detect and report start/stop errors (previous version ignored them and
always reported OK).
- Use a separate function for restart.
- Implement reload as restart.
The dependency of busybox on rsyslog and syslog-ng was only needed
because those packages also installed S01logging. Since now they no
longer install the same file, these dependencies are no longer needed.
The dependency on sysklogd is still needed since that one installs the
syslogd and klogd executables with the same name as busybox.
The -n option of syslogd/klogd is obligatory because start-stop-daemon
starts it in the background. Therefore, move it out of the
SYSLOGD_ARGS resp. KLOGD_ARGS variable so the user can no longer remove
it.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Arnout: keep dependency on sysklogd]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
