The version bump doesn't inherently fix the security issues, however the
added CVE patches do, which fix:
CVE-2016-2147 - out of bounds write (heap) due to integer underflow in
udhcpc.
CVE-2016-2148 - heap-based buffer overflow in OPTION_6RD parsing.
Drop patches that are upstream as well.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#8736
When IPv6 and largefile options were removed from Buildroot, the code to
force these options in busybox were still left in.
There's no strong reason to forcefully enable these options (only to disable
options if the system cannot support it like we do for nommu), so instead
enable the options in our default defconfig, allowing people to override
this if they use a custom config.
While we're at it, enable the prefer-ipv4 option so network applets like
ntpd doesn't fail when dual stacked hosts are resolved from a system without
IPv6 support enabled in the kernel.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Musl doesn't implemented wmtp, and its utmp support is not sufficient
to build the latest versions of Busybox, so let's disable wtmp and
utmp support in Busybox for musl toolchains.
We re-use an existing define BUSYBOX_INTERNAL_SHADOW_PASSWORDS that
was used to do some musl-related tweaks to the Busybox configuration
around shadow password functions, and extend it to also do the
utmp/wtmp tweaks. In the process, we rename the define to
BUSYBOX_MUSL_TWEAKS.
Note that BUSYBOX_KCONFIG_FIXUP_CMDS continues to call
BUSYBOX_INTERNAL_SHADOW_PASSWORDS because there is another definition
of this macro under other conditions.
Fixes:
http://autobuild.buildroot.org/results/b96/b96ffad13bca5e6fbf7ce79538aacbfe27b1eff3/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
As pointed by Rich Fekler on IRC the basic hush shell is pretty much
useless since it doesn't support if conditionals, loops, functions, case
or even interactive mode.
So enable the full feature-set.
Size delta: +10184 bytes uncompressed for blackfin fdpic.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Disable CONFIG_FEATURE_SYNC_FANCY in the busybox.config because that
option causes build failures for any uClibc based toolchains since it
requires syncfs() support, which doens't exist in uClibc.
This new option has been introduced in 1.24.0, so despite of disabling
it, we are not losing anything that we had before.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Instead of hardcoding the flags needed for libtirpc, use pkg-config.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a configure option to enable the SELinux support in the
busybox configuration from the Buildroot menuconfig.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Those checks should only be done when the package is actually enabled.
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a check (before we call kconfig-package) that ensures the user has
set a kconfig-file.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The folder init.d is currently installed by default since it's part of
our skeleton.
This patch creates a package out of it and make busybox/sysvinit depends
on it.
This way, if you chose another init, you don't end up with a useless
init.d folder.
[Thomas:
- make the initscripts package selectable via a hidden bool
- remove some unneeded changes in sysvinit.mk.]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If target has connection to the network it might be pretty useful to
have telnet connection to it instead of serial console or even in
addition to serial console.
This changes makes the busybox package automatically install an init
script, and tune the securetty file to make telnetd work when
CONFIG_FEATURE_TELNETD_STANDALONE is enabled in the Busybox
configuration.
[Thomas:
- don't create a new Buildroot Config.in option, just test if
CONFIG_FEATURE_TELNETD_STANDALONE is enabled or not in the Busybox
configuration
- move the securetty tuning in busybox.mk instead of system.mk
- use start-stop-daemon in the init script, in order to properly
implement the stop and restart actions
- misc other minor improvements in the init script.]
[yann.morin.1998@free.fr:
- don't use securetty
- drop stray variable BUSYBOX_SET_STANDALONE_TELNETD]
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
It doesn't make sense to install such a scripts if UDHCPC was not
selected.
Also remove the entry from BUSYBOX_PERMISSIONS as the install command
does the same job.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In commit f21b2558a0 ("busybox: added
linux-pam support"), we added optional support for PAM in
Busybox. However, this support requires the toolchain to have thread
support, which causes build failures with non-thread capable
toolchains.
This commit therefore enables Busybox PAM support only if the
linux-pam package is available *and the toolchain has thread support.
Fixes:
http://autobuild.buildroot.org/results/1a3/1a380aaca9303b67cc59165d56cf12f35966fe26/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since it isn't optional any more just force IPv6 on in busybox to avoid
problems.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop the buildroot toolchain non-largefile support option since it's
being removed.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Both "netkitbase" and "netkittelnet" packages were removed by this
commit:
http://git.buildroot.net/buildroot/commit/?id=560fe85bf7fb81956e80848c8bb28d7a6d00a2a2
Now we may safely remove reminders in busybox.mk that depend on
mentioned packages that are no longer in Buildroot.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The (u)dhcpc hook installed by the busybox package configures the
network and exits. If we want to do anything further with a DHCP lease,
we'd have to replace the script entirely.
This change introduces a .d directory for hooks (based on the script
filename), which are executed after the interface configuration. This
allows packages to drop a script file in the .d directory to perform
actions on DHCP events.
We'll use this in a later change to notify petitboot of DHCP boot
information.
[Thomas: update to latest Buildroot, fix indentation.]
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
As discussed, users should use a rootfs overlay or a post-build script
instead of a custom skeleton to override files installed by Buildroot,
so there is no point in having conditions when installing init scripts
or configuration files.
[Peter: drop && conditional from watchdog installation as noted by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Change LIBFOO_PERMISSIONS everywhere to be a space-separated list.
As nothing was specified in the manual but all our lists are space
separated, there is no reason that this one should be made an exception.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS as per the manual example.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_KCONFIG_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_KCONFIG_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The configure step of the busybox package performs 'make oldconfig', which
causes the .config file to be updated. Thus, the .config file is more recent
than our stamp file .stamp_kconfig_fixup_done. On a subsequent build, our
dependency rules would kick in, and run the config fixup again, thus
kicking in the package's configure, build and install steps yet once
more, that, ad infinitum.
One solution is to modify kconfig-package to introduce an explicit touch of
the .kconfig_fixup_config_done stamp file, as post-configure hook.
Another solution, implemented by this patch, is to move the oldconfig call
from the package's .mk file to the kconfig-package infrastructure and make
sure it is done as part of the fixup commands. This way, the stamp file will
only be touched once, after the full fixup (including oldconfig) and no
endless rebuilds will occur.
Reported-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch converts the busybox package to the new kconfig-package
infrastructure, thus removing code duplication and ensuring a consistent
behavior of kconfig packages.
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit removes the version selection for the busybox
package. Busybox is very well maintained, and bugs are typically fixed
in a timely fashion. Moreover, regressions are fairly unlikely in this
very stable and well-tested tool.
Therefore, there isn't a very compelling reason to have a version
selection for Busybox since we don't accept such a version selection
for the vast majority of other packages, unless there is a strong
reason to do so.
Consequently, this commit:
* Removes the 1.19.4, 1.20.2 and 1.21.1 Busybox versions, patches and
default configuration file.
* Moves the 1.22.1 patches from package/busybox/1.22.1 to just
package/busybox/ like all other packages.
* Renames the default 1.22.1 configuration file to just
busybox.config.
* Adapts the busybox.mk makefile to encode the current version to
use.
* Adds appropriate options to Config.in.legacy. However, even though
the BR2_BUSYBOX_VERSION_1_22_X is removed, we don't add a
Config.in.legacy option for it, since it would cause a legacy
warning for virtually *all* users as most people are currently
using 1.22.x.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We support a busybox-menuconfig target so that the BusyBox
configuration can be adjusted as needed. However, depending
on what other packages are enabled, re-installing BusyBox
symlinks that duplicate "real" apps after the configuration
change can result in bad behaviors:
* At best, the BusyBox applet will be used after the
install, versus the desired "real" app.
* At worst, the built rootfs can become unbootable.
The BusyBox install.sh has some capability to avoid this issue
by means of a --noclobber option. By default, this option is
disabled. When enabled, the install.sh will not overwrite a
target file with a symlink or hardlink, be it an actual file
or a previously installed BusyBox link.
The install.sh's argument processing is somewhat broken, so this
patch simply changes the default value of the noclobber option
to on, rather than add --noclobber to the install.sh invocation.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The correct capitalised form appears to be "BusyBox" rather than "Busybox";
fix all references to the latter form. (Most such references occur in the
manual and in commentary in package makefiles.)
Signed-off-by: Simon Dawson <spdawson@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The musl C library does not yet implemented the getpwent_r() function,
needed by the Busybox password code when CONFIG_USE_BB_PWD_GRP is
disabled. So we enable it when the musl C library is used.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The three typical packages that use .config files in buildroot copy the
config file at different times in the build process:
busybox copies its .config from the post-extract hook.
linux copies its .config in the configure_cmds.
uclibc copies its .config from the post-patch hook.
Copying the .config file from the configure step is the only way to properly
support an OVERRIDE_SRCDIR that does not yet have the .config file, because
the extract and patch steps are skipped in that case.
For example, when setting a BUSYBOX_OVERRIDE_SRCDIR to a cleanly extracted
busybox tarball:
$ make busybox-dirclean busybox
rm -Rf [..]/output/build/busybox-custom
>>> busybox custom Syncing from source dir
>>> /home/tdescham/repo/contrib/busybox-1.21.1
rsync -au --exclude .svn --exclude .git --exclude .hg --exclude .bzr
--exclude CVS /home/tdescham/repo/contrib/busybox-1.21.1/
[..]/output/build/busybox-custom
>>> busybox custom Configuring
/bin/sed -i -e "/\\<CONFIG_NOMMU\\>/d"
[..]/output/build/busybox-custom/.config
/bin/sed: can't read [..]/output/build/busybox-custom/.config:
No such file or directory
make: *** [[..]/output/build/busybox-custom/.stamp_configured] Error 2
This patch modifies busybox.mk to copy the config file from the configure
step instead, as linux is doing, and fixing the described scenario.
This fixes bug #5030: https://bugs.busybox.net/show_bug.cgi?id=5030
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As reported on IRC, our default busybox configuration doesn't support SHA
encoded passwords, breaking login if enabled under system configuration.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If $(BUSYBOX_CONFIG_FILE) is read-only (eg. because Buildroot's
source dir is), the sed fixups to $(BUSYBOX_BUILD_CONFIG) fail.
Fixes: #4363
Signed-off-by: Nathan Lynch <ntl@pobox.com>
[yann.morin.1998@free.fr: use $(INSTALL) instead of cp]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Set busybox .config CONFIG_NOMMU appropiately and streamline this new
setting with the previous BUSYBOX_DISABLE_MMU_APPLETS in a single
BUSYBOX_SET_MMU definition (since it's not just applets now).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The kernel headers are part of the staging directory, so there is no
reason to point the Busybox CFLAGS directly to them.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Don't change the busybox STATIC option if buildroots PREFER_STATIC_LIB option
is not set. Not to prefer static linking doesn't imply prefer dynamic linking
for all packages.
Signed-off-by: Patrick Ziegler <patrick.ziegler@fh-kl.de>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>