The patches have been used by Alpine for 5 months now and they were
posted on the Busybox mailing list mid-July with no review or comment.
According to Ariadne Conill[1] - though NVD CVSS 3.x Base Score seems to
disagree - this has a low security impact so we could probably just wait
for upstream to merge the patches or implement it the way they want.
Considering those patches have been public for 5 months and upstream
hasn't acted until now, let's take the patches from the mailing list
anyway as there's no indication the CVEs will be fixed upstream soon.
[1] https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This fixes CVE-2022-30065 by backporting a patch from the master branch.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
udhcpc default script can handle staticroutes but it is missing from the
default ifupdown options.
Signed-off-by: Remi Jouannet <remi.jouannet@outscale.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The typo was added in 2018 by commit
'f3da9ffff0 package/busybox: invert dependency with netcat-openbsd'
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit c343e01ac4 made udhcpc send a
single DHCP request (instead of 3) before going to the background, thus
speeding up the boot process if the DHCP lease is not obtained
immediately. Unfortunately, this can also slow down the acquisition of
the lease as, after going to the background, udhcpc waits for 20 seconds
(instead of 3) before retrying.
Speed up the lease acquisition by setting the retry timeout to 3
seconds.
Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Instead of waiting almost 10 seconds foreground (3 discovery packets for
3 seconds retry delay) at each boot, make only one request then fork to
background. This way, the behavior is the same for working interfaces,
but it's way faster for interfaces where the address cannot be obtained
straight away.
Acked-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The busybox-minimal.config, which is used by systems without an MMU, specifies
the "-b" command line option for udhcpc. However, this option is not supported
by BusyBox udhcpc anymore since version 1.27.0 when building for systems
without an MMU.
Remove the "-b" option from busybox-minimal.config to repair network
initialization on systems without an MMU.
This fixes the following network initialization failure:
udhcpc: invalid option -- b
FAIL
Signed-off-by: Vincent Stehlé <vincent.stehle@laposte.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Updating the busybox configuration files by loading and saving it back.
Signed-off-by: Michael Fischer <mf@go-sys.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The variable 'KERNEL_ARCH' is actually a normalized version of
'ARCH'/'BR2_ARCH'. For example, 'arcle' and 'arceb' both become 'arc', just
as all powerpc variants become 'powerpc'.
It is presumably called 'KERNEL_ARCH' because the Linux kernel is typically
the first place where support for a new architecture is added, and thus is
the entity that defines the normalized name.
However, the term 'KERNEL_ARCH' can also be interpreted as 'the architecture
used by the kernel', which need not be exactly the same as 'the normalized
name for a certain arch'. In particular, for cases where a 64-bit
architecture is running a 64-bit kernel but 32-bit userspace. Examples
include:
* aarch64 architecture, with aarch64 kernel and 32-bit (ARM) userspace
* x86_64 architecture, with x86_64 kernel and 32-bit (i386) userspace
In such cases, the 'architecture used by the kernel' needs to refer to the
64-bit name (aarch64, x86_64), whereas all userspace applications need to
refer the, potentially normalized, 32-bit name.
This means that there need to be two different variables:
KERNEL_ARCH: the architecture used by the kernel
NORMALIZED_ARCH: the normalized name for the current userspace architecture
At this moment, both will actually have the same content. But a subsequent
patch will add basic support for situations described above, in which
KERNEL_ARCH may become overwritten to the 64-bit architecture, while
NORMALIZED_ARCH needs to remain the same (32-bit) case.
This commit replaces use of KERNEL_ARCH where actually the userspace arch is
needed. Places that use KERNEL_ARCH in combination with building of kernel
modules are not touched.
There may be cases where a package builds both a kernel module as userspace,
in which case it may need to know about both KERNEL_ARCH and
NORMALIZED_ARCH, for the case where they differ. But this is to be fixed on
a per-need basis.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Arnout: Also rename BR2_KERNEL_ARCH to BR2_NORMALIZED_ARCH]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
We are not passing TARGET_CONFIGURE_OPTS when building busybox; instead
we are passing variables explicitly. As thus, it is missing the ar, nm,
and ranlib that we are using.
We add explicit AR, NM, and RANLIB, so that the ones we want to use
(i.e. the gcc-wrapped ones) are actually used.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- reword the commit log to explain why we need that
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Linux distros changed /var/run and /var/lock to reside on an tmpfs in
/run a long time ago, and buildroot seems to agree by providing this
tmpfs on all supported init systems.
Packages on the other hand are currently free to either use /var/run
or /run, and similarly using /var/lock should be identical to the
replacement /run/lock.
This series aims to ensure that *if* /var/lock is needed, then
it will be a symlink to /run/lock. Allowing packages to continue
working and allowing them to migrate to using /run/lock.
If all relevant packages are fixed,
the compatibility symlinks in /var can be dropped.
Status before this patch:
* Systemd
/run will be mounted by PID1, /var/run will be recreated by
/usr/lib/tmpfiles.d/var.conf.
Creating /run/lock/subsys and the compatibility symlink is handled
in /usr/lib/tmpfiles.d/legacy.conf.
But this is *currently not installed* by Buildroot, see [1].
* OpenRC
Seems to check for existence of a /run directory and does all
necessary setup.
* SysV
/var/lock is currently a symlink to /tmp.
* Busybox
Same as sysv (Buildroot uses the sysv skeleton)
Note that we create /run/lock/subsys, so sysv scrips could expect this
directory to exist. Apart from simplifying scripts, creating the dir
early as root adds some security.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The current behavior for busybox' udhcpc is to terminate if no lease is
obtained at start up. Therefore no address is acquired if the link is
established afterwards.
By setting the -b flag udhcpc will background allowing the link to be
established at any time.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
[Peter: drop incompatible -n, also fixup busybox-minimal.config]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Sam Voss <sam.voss@collins.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- introduce BUSYBOX_INSTALL_TELNET_SERVICE
- move _INSTALL_INIT_SYSTEMD alphabetically between openrc and sysv
- drop the comment about Type=simple (Arnout)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
commit f79a420825 (package/busybox/udhcpc.script: support RFC3442
static routes) used 'set --' clobbering the positional arguments, causing
the action argument to not be correctly forwarded to hook scripts for the
renew / bound cases if static routes are provided by the server.
As a workaround, save the action argument at the beginning of the script and
use that when calling hook scripts.
Reported-by: 王琦 <wangwangqi2011@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e6b3913cfc converted busybox to the generic kconfig help text
infrastructure, but set the wrong variable to flag that it doesn't
support defconfig files. Fix that.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
As Thomas put it:
The <pkg>_HELP_CMDS variable allows packages using the
kconfig-package infrastructure to display their specific
targets related to the handling of their configuration.
However, it was not consistently used and handled by the
different packages.
So, this commit switches all the kconfig-based package to use the
generic help helper.
As a consequence:
- all kconfig packages now advetise their kconfig-related actions,
where some were previously missing: at91bootstrap3, linux-backports,
swupdate, xvisor;
- busybox advertises it does not support defconfig files;
- the 'foo-savedfconfig' action is no longer advertised: it is to be
considered an internal implementation detail.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fixes the following security issue:
- CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles
the error bit on the huft_build result pointer, with a resultant invalid
free or segmentation fault, via malformed gzip data.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check for a default route is inverted, causing the script to wait
for the timeout even when a default IPv6 route is available. Fix this up
so that it exits early as expected.
Reported-by: Bhattiprolu RaviKumar <ravikumar.bhattiprolu@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Pick the below patch from upstream, in order to fix
'settimeofday: Invalid argument' introduced by using glibc v2.31+.
(busybox hasn't tagged a new version since).
See https://bugs.busybox.net/show_bug.cgi?id=12756 for more info.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Busybox is mainly licensed under the GPL-2.0, but the bzip2 part is a
modified copy of the bzip2/libbzip2 project, which comes with its own
license.
Update the licensing information accordingly.
Add the hash for the new license file, and fixup indentation (2 spaces).
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
this way zcip will work out of the box when configured
Signed-off-by: Sven Oliver Moll <buildroot@svol.li>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ipcalc is an ancient and venerable tool for manipulating IP addresses,
networks, & interfaces from shell scripts. There is a subtool in busybox,
but it does not support everything the upstream tool [1] supports.
[1] https://gitlab.com/ipcalc/ipcalc
Signed-off-by: Derrick Lyndon Pallas <derrick@meter.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
RFC3442 specifies a DHCP extension to provide the client with a list of
static routes to use. This is already handled by udhcpc and exposed as the
"staticroutes" environment variable, but currently not handled by the action
script.
Extend the script to do so. The RFC specifies that if this option is
provided by the server then the normal "routes" (3) option should be
ignored, so ensure that is done.
As we may now have more than just a default route on the interface, extend
the route cleanup logic to handle all routes for the interface (except for
the implied local 0.0.0.0 one).
Notice that this option is only sent by servers if explicitly requested by
the client, E.G. using the -O staticroutes option to udhcpc.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using a combination of udhcpc and avahi-autoipd in case of receiving IP
from a DHCP server, the following message can be seen:
"Failed to kill daemon: No such file or directory".
Add a check for a running avahi-autoipd to fix this issue.
Signed-off-by: Lukasz Tekieli <tekieli.lukasz@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
watchdog is a flexible watchdog daemon that improves on the already
available Busybox watchdog daemon by providing more advanced features,
like defining custom system status checks and executing repair scripts
to react upon invariants that don't hold.
Due to "watchdog" being also provided by Busybox, we need to make that
package/watchdog installs the watchdog binary in the same place as
Busybox (i.e in /sbin), and need to add a dependency of Busybox on
this new watchdog package.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If the less package is not enable and systemd is enabled,
then configure the less applet to fully work with systemd.
systemd sets the flags for less in an environment variable
and requires a few options for correct display.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Install the sysvinit scripts, for the moment, but not S02sysctl, since
openrc provides /etc/init.d/sysctl.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The scripts were already the same, except for some comments, so make the
busybox S02sysctl a symlink to the procps-ng one, which works with both
versions of the "sysctl" utility.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
It was searching for CONFIG_ASH=y and CONFIG_HUSH=y at $(@D)/.config,
which does not contain the package build path at the target-finalize
step. Use $(BUSYBOX_DIR), instead.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Busybox 1.31.1 fails to build with glibc 2.31 due to the removal of
stime() from glibc. Pull a patch already applied upstream to fix the
problem.
The patch was rebased on version 1.31.1 to minimize the change, since
the original one depended on a previous commit which is not worthwhile
to pick.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN. <yann.morin.1998@free.fr>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Busybox 1.31.1 fails to build with musl 1.2.0 due to the direct use of
__NR_clock_gettime. Pull four patches already applied upstream to fix
the problem.
The patches were rebased to version 1.31.1 to minimize the change, since
the original ones depended on a previous commit which is not worthwhile
to pick.
Fixes:
http://autobuild.buildroot.net/results/f45f91aea6deee6699eabdfa618ac44873b8da51/
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Yann E. MORIN. <yann.morin.1998@free.fr>
Cc: arc-buildroot@synopsys.com
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Call BUSYBOX_INSTALL_INDIVIDUAL_BINARIES in BUSYBOX_INSTALL_TARGET_CMDS,
not in BUSYBOX_INSTALL_INIT_SYSV. This should have been done in commit
b1e07d6d79 but was somehow lost during the
review/aply process.
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The default inittab files added by busybox and sysvinit run 'swapon -a'
during init and 'swapoff -a' during shutdown.
But, the swapon/swapoff programs are not guaranteed to be
available. For the busybox versions, it is steered by
CONFIG_SWAPON/CONFIG_SWAPOFF. For the util-linux versions, it is steered by
BR2_PACKAGE_UTIL_LINUX_BINARIES.
In a case where swapon/swapoff is not available but the inittab tries to
execute them, the boot log would be polluted by error messages like:
swapon: not found
Avoid this by commenting out the swapon/swapoff lines if the swapon/swapoff
binaries are not available.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
[Peter: test with -x]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following commit 0dcb5513ef
("package/refpolicy: remove dependency on policycoreutils"), we have a
build failure on some configurations:
Makefile:571: *** libselinux is in the dependency chain of busybox that has added it to its _DEPENDENCIES variable without selecting it or depending on it from Config.in. Stop.
This is because refpolicy selects the busybox SELinux support when
Busybox is enabled, which it turns selects libselinux, but we no
longer pay attention to the libselinux dependencies while doing this.
Since it's quite weird to have refpolicy mess with Busybox SELinux
support, this commit changes the logic to have Busybox automatically
enable its SELinux support as soon as SELinux support is enabled,
while still allowing it to be disabled.
Fixes:
http://autobuild.buildroot.net/results/5d8fda7c488a03c14942d87467d501acd633d24a/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
If a inittab file was already provided in the skeleton, don't overwrite
it with the one that comes with the busybox package.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
udhcpc6 implements "stateful" DHCPv6 for explicitly requesting an address
and other configuration information. A major difference between DHCPv4
and DHCPv6 is that DHCPv6 does *not* advertise a default route; this is
determined by normal IPv6 autoconfiguration.
Add logic to wait up to IF_WAIT_DELAY seconds for the IPv6 route to be
configured; as above this doesn't come from DHCPv6 but rather the IPv6
Router Advertisement (RA) which happens independently from udhcpc6. The
intent here is to try and ensure that the interface is route-able upon the
script's completion as it would be if called from udhcpc.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
udhcpc6 will call the default script with the stateful address set in the
"ipv6" variable. Set "ip" to this address if present, using the /128 prefix
used by stateful DHCPv6 so the existing renew/bound logic can be used like
in DHCPv4.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the "Run a getty" option is disabled, busybox doesn't remove the
/etc/inittab line from previous builds. With this patch, the line is
correctly commented out.
Signed-off-by: Stephen Bos <stephen.bos@hagergroup.com>
Co-authored-by: Stephen Bos <stephen.bos@hagergroup.com>
Co-authored-by: Christophe Blaess <christophe.blaess@logilin.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
