Commit Graph

116 Commits

Author SHA1 Message Date
Simon Žlender
11472f0d1b busybox-sandbox-shell: replace pkgsStatic with useMusl 2024-12-01 21:50:55 +01:00
Thomas Gerbet
7c11ef0889 busybox: apply patches for CVE-2022-48174, CVE-2023-42366, CVE-2023-42363, CVE-2023-42364 and CVE-2023-42365
I used some patches from Ubuntu and Alpine instead of upstream directly to avoid some conflicts.
2024-08-17 16:52:17 +02:00
Alyssa Ross
bb8e9daada
busybox: disable tc
Busybox is very inactive maintained upstream, so I don't expect this
to be fixed any time soon.  Let's hope nobody needs it and
disable it, and if it turns out that they do, maybe we can patch out
the obsolete API uses.
2024-05-15 18:48:52 +02:00
Pavel Roskin
2456bfc6c3 busybox: lower priority to 15, below systemd and coreutils
Busybox, systemd and coreutils all have priority 10. Busybox binaries
have been observed to shadow systemd and coreutils binaries.

If systemd is used, its binaries should be preferred, as they are aware
of systemd. For instance, the busybox provided `reboot` cannot reboot
NVidia Jetson AGX Xavier, whereas the systemd `reboot` can.

This also gives busybox lower priority than coreutils. Busybox is meant
for embedded systems with limited resources. If busybox and coreutils
coexist, the resources are normally not an issue. Busybox should only
shadow binaries that are known to be deficient.

If anyone wants to prefer busybox (e.g. memory constrained system with
plenty of non-volatile storage), it's up to them to prioritize busybox
manually above coreutils, util-linux and other packages. It's not a
common case.
2024-04-22 12:09:21 +02:00
Andreas Fuchs
a7c88406a6 busybox: Set shellPath up so that ash can be a login shell 2024-03-15 12:00:06 -04:00
Mario Rodas
8c15b21b27 busybox: 1.36.0 -> 1.36.1 2023-05-25 09:54:03 +00:00
Thomas Gerbet
4567743bcb busybox: 1.35.0 -> 1.36.0
Changes:
```
Aaro Koskinen:
      devmem: add 128-bit width

Bernhard Reutner-Fischer (3):
      kbuild: fix building sha256
      kbuild: Prefer -Oz over -Os
      seedrng: manually inline seed_rng

Brandon Maier:
      xxd: fix typo in trivial usage

Dario Binacchi (2):
      fbset: abort on not handled options
      fbset: support setting pixel clock rate

David Leonard:
      tsort: new applet

Denys Vlasenko:
      Makefile.flags: add resolv to LDLIBS for linux compilers too (not only gnu ones)
      build system: detect if build host has no bzip2
      scripts/echo.c: fix NUL handling in "abc\0 def"
      libbb/loop: fix compile failure (name collision)
      libbb/loop: optionally use ioctl(LOOP_CONFIGURE) to set up loopdevs
      libbb/loop: restore the correct return value of set_loop()
      libbb/sha1: add config-selectable fully unrolled version, closes 14391
      libbb/sha1: add config-selectable partially unrolled version
      libbb/sha1: assembly versions for x86
      libbb/sha1: optional x86 hardware accelerated hashing
      libbb/sha256: optional x86 hardware accelerated hashing
      libbb: change xstrndup, xmemdup to take size_t as size parameter
      libbb: factor out fflush_stdout_and_exit(EXIT_SUCCESS)
      libbb: fflush_stdout_and_exit(0) still exits with _error_ (not 0!) if fflush fails
      libbb: fix fallout from nth_string() robustification, closes 14726
      libbb: introduce and use chdir_or_warn()
      libbb: invert the meaning of SETUP_ENV_NO_CHDIR -> SETUP_ENV_CHDIR
      tls: P256: remove NOP macro sp_256_norm_8()
      tls: include signature_algorithms extension in client hello message
      examples/var_service/dhcp_if: make helper scripts more talkative
      testsuite/mount.tests: accomodate umount failure seen on 5.18.0
      testsuite/sha1sum.tests: fix false positive failure
      shell: add comments about SIGINT-related problems
      shell: fix compile failures in some configs
      ash,hush: fix handling of SIGINT while waiting for interactive input
      ash: ^C with SIG_INGed SIGINT should not exit the shell
      ash: do not truncate failed tilde expansion on unknown user names
      ash: fix ifs cleanup on error paths
      ash: fix unsafe use of mempcpy
      ash: fix use-after-free in pattern substitution code
      awk: input numbers are never octal or hex (only program consts can be)
      bc: hopefully fix bug 14956 (use-after-free)
      cut: build fix for FEATURE_CUT_REGEX
      ifplugd: split -a into -a and -A, latter disables upping in iface creation
      init: do not set HOME
      ls: implement ls -sh (human-readable allocated blocks)
      md5/shaXsum: use FEATURE_COPYBUF_KB to size the buffer instead of fixed 4k
      mv: fix error in !VERBOSE configs
      nmeter: %[md] %[mw] - dirty file-backed pages, writeback pages
      powertop: fix cpuid asm: ebx saving/restoring is properly done by gcc
      sed: correctly handle 'w FILE' commands writing to the same file
      sed: fix double-free in FEATURE_CLEAN_UP=y configs
      sed: fix handling of escaped delimiters in s/// replacement
      sed: fix handling of escaped delimiters in s/// search pattern, closes 14541
      seedrng: chdir to the SEED_DIRECTORY - avoid concat_path_file's
      seedrng: do not hash in a constant string, it's not adding entropy
      seedrng: do not hash lengths, they are very predictable
      seedrng: do not try to continue on unexpected errors (just exit)
      seedrng: explain why we need locking and fsync'ing
      seedrng: include file/dir names in error messages
      seedrng: re-add fsync after unlink, and explain its purpose
      seedrng: reduce MAX_SEED_LEN from 512 to 256
      seedrng: remove redundant assignment
      seedrng: remove unnecessary zero-filling of local variables
      seedrng: restore error check on fsync
      seedrng: simplify read_new_seed() to not have error return
      seedrng: use more xfuncs where appropriate
      shaNNNsum: accept one-space "HASH FILENAME" format for -c, closes 14866
      sort: fix -k2M (wasn't skipping leading whitespace)
      sort: fix -s -r interaction: 'stable' order is not affected by -r
      sort: fix sort -s -u, closes 14871
      sort: support -h
      sulogin: increase util-linux compatibility
      sulogin: start _login_ shell only with -p
      sulogin: util-linux does not say "normal startup" on Ctrl-D
      taskset: fix printf format mismatch in !FEATURE_TASKSET_FANCY config. closes 14616
      top: fix display of large PID/PPID
      top: improve large PID display in memory ('s') mode
      tree: make it unicode-aware
      tree: unicode tweak (use normal space char, 0x20)
      udhcpc6: add missed big-endian conversions
      udhcpc6: align FF02__1_2[]
      udhcpc6: downgrade "opening listen socket" log level to 2
      udhcpc6: fix binding to network aliases
      udhcpc6: fix sending of renew messages
      udhcpc6: use a different default config script
      xargs: implement -o, closes 15146
      xxd -r: handle offsets
      xxd -r: without -p, stop at more than one whitespace, closes 14786
      xxd: fix use of non-initialized data
      xxd: use bb_simple_perror_msg... where appropriate

Emanuele Giacomelli:
      XXXsum: handle binary sums with " " in the path

Grob Grobmann:
      vi: add 'ZQ' quitting command

Henrique Rodrigues:
      ping: fix typo in --help text

Jason A. Donenfeld (10):
      seedrng: import SeedRNG utility for kernel RNG seed files
      seedrng: use libbb functions
      seedrng: hoist bb_strtoul out of min/max
      seedrng: remove some global variables
      seedrng: further reduce size
      seedrng: use predefined strings where possible
      seedrng: avoid needless runtime strlen() call
      seedrng: compress format strings with %s arguments
      seedrng: code-golf even smaller
      seedrng: prune header includes

Khem Raj:
      apply const trick to ptr_to_globals

Louis Sautier:
      pkill: add -e to display the name and PID of the process being killed

Ludwig Nussel:
      libbb: mark stack in assembly files read-only

Natanael Copa (2):
      awk: fix use after free (CVE-2022-30065)
      more: accept and ignore -e

Paul Fox:
      crond: implement support for setting PATH in crontab files

Peter Kaestle:
      unzip -l: add missed big-endian conversions date and time

Roger Knecht:
      tree: new applet

Ron Yorston (8):
      libbb: restore special handling of nomsg errors
      libbb: make '--help' handling more consistent
      lineedit: get PWD from ash
      ash,hush: use HOME for tab completion and prompts
      vi: fix regression in autoindent handling
      vi: handle autoindent in 'cc' command
      vi: improved handling of backspace in replace mode
      vi: fix backspace over tab in commands

Samuel Thibault:
      Fix non-Linux builds

Shawn Landden:
      ash: optional sleep builtin

Sören Tempel (3):
      ed: add support for -s command-line option as mandated by POSIX
      ash: don't read past end of var in subvareval for bash substitutions
      ash: fix use-after-free in bash pattern substitution

Timo Teräs:
      mkfs.vfat: fix volume label to be padded with space

Vincent Stehlé:
      fdisk: recognize EBBR protective partitions

Walter Lozano:
      Add support for long options to cmp

Xiaoming Ni (4):
      loop: fix a race when a free loop device is snatched
      loop: refactor: extract subfunction get_next_free_loop()
      loop: simplify code of LOOP_SET_FD failure
      loop: refactor: extract subfunction set_loopdev_params()
```
2023-02-01 00:34:42 +00:00
06kellyjac
db4d8640c1 busybox: patch CVE-2022-30065
https://nvd.nist.gov/vuln/detail/CVE-2022-30065
2022-06-27 10:39:07 +00:00
Alyssa Ross
7d83997eb4 busybox: 1.34.1 -> 1.35.0 2022-04-16 13:23:37 +00:00
Alyssa Ross
ac60e92b15
busybox: fix CVE-2022-28391 2022-04-05 16:09:18 +00:00
Adam Joseph
78d815c5ef busybox: add enableAppletSymlinks?true
This commit adds an argument enableAppletSymlinks?true, which can be
set to false in order to turn off CONFIG_INSTALL_APPLET_SYMLINKS by
users if they only want the main busybox binary in their profile.
This is particularly useful when building pkgsStatic.busybox.
2022-02-23 14:36:12 -08:00
Alyssa Ross
9b3045bd2a busybox: enable debug info 2022-01-31 18:06:05 +00:00
Alyssa Ross
7ff58e4a86 busybox: use more featureful modprobe by default
The default version (modprobe-small) is missing important features,
and can also be _extremely_ slow (on purpose[1]).

The non-small modprobe implementation doesn't have all features
enabled by default, so by changing implementation we'd be risking
regression.  To mitigate that, I've ensured every feature checked for
in modprobe.c is enabled.  So unless there's functionality that's
_only_ in modprobe-small, we should be fine.

[1]: https://git.busybox.net/busybox/tree/modutils/Config.src?h=1_34_1#n8
2021-10-13 17:30:25 +00:00
Alyssa Ross
a24951ed7b
busybox: 1.33.1 -> 1.34.1; adopt
Tested rebuilding the bootstrap tools.
2021-10-12 09:46:21 +00:00
Vladimír Čunát
f526256a6f
busybox-sandbox-shell: use 64-bit numbers in test command
The default is C int, which usually gives 32-bit even on 64-bit Linux.
This will be the right way to fix #110149 (but needs to be deployed).
2021-07-06 10:43:39 +02:00
Alyssa Ross
cd92f32734 busybox: 1.32.1 -> 1.33.1; clarify license
The patch for CVE-2021-28831 is included in this release.
2021-06-09 18:29:07 +00:00
Tethys Svensson
a376d4944c
busybox: Add a fix for CVE-2021-28831 (#121578) 2021-05-03 19:01:09 +02:00
Jörg Thalheim
8fb7c7fdfa
busybox: fix patchShebangs & build
Our patchShebangs expect coreutils stat instead of busybox stat.
This broke patching the dispatch script. By enabling strict
dependencies and using explicit --host parameter we not only
avoid cross-compiling breackages but also work around this problem.

Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
2021-02-16 21:06:37 +01:00
Pavol Rusnak
a6ce00c50c
treewide: remove stdenv where not needed 2021-01-25 18:31:47 +01:00
Ben Siraphob
16d91ee628 pkgs/os-specific: stdenv.lib -> lib 2021-01-17 23:26:08 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Arnout Engelen
ac24eaff9e
busybox: 1.32.0 -> 1.32.1
Fixes #108675, a tty deadlock issue that affected one of the
texinfoInteractive tests.

Co-Authored-By: Sandro <sandro.jaeckel@gmail.com>
2021-01-08 09:42:46 +01:00
John Ericson
f52263ced0 treewide: Start to break up static overlay
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.

CC @FRidh @matthewbauer
2021-01-03 19:18:16 +00:00
James Landrein
565c6a2a57
busybox: 1.31.1 -> 1.32.0 2020-11-24 00:58:36 +01:00
Tethys Svensson
a9597f9573 busybox: Use git to fetch debian.script from debian
Debian has yanked the upstream tarball we use to get default.script. We
could simply bump the version number to get the new tarball, but to
avoid the problem in the future, we should instead fetch it from git.
2020-09-13 12:34:08 +02:00
Tethys Svensson
87af0f9871 busybox: Pull in upstream patch for CVE-2018-1000500 2020-08-09 15:05:34 +02:00
Jörg Thalheim
b75f2114ea
Merge pull request #92581 from TethysSvensson/busybox-udhcpc-script 2020-07-31 07:09:45 +01:00
Tethys Svensson
b657c899d6 busybox: Use fetchzip instead of fetchTarball to get the dispatcher script 2020-07-29 10:33:58 +02:00
Tethys Svensson
dcc963bd2d busybox: Download and patch the dispatcher script from upstream 2020-07-29 00:24:19 +02:00
Tethys Svensson
179b74c216 maintainers: add TethysSvensson 2020-07-28 22:59:51 +02:00
Tethys Svensson
b98ad8de37 busybox: Add a default udhcpc dispatcher script
The udhcpc binary which currently ships as part of the busybox
derivation will by default search for a dispatcher script at the
location /usr/share/udhcpc/default.script.

This commit includes a working default script with udhcpc and updates
the location where udhcpc searches for this script.

The script was taken the script from the udhcpc package in debian
buster. The only changes from that script is to make it use paths from
the nix store and remove the run-time check for /sbin/resolvconf.
2020-07-07 15:31:31 +02:00
Maximilian Bosch
4847222db1
busybox: fix build w/glibc-2.31 2020-06-29 14:41:42 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
R. RyanTM
7b599dc25e busybox: 1.30.1 -> 1.31.1
(#72452)
2019-11-14 00:07:53 +01:00
Vladimír Čunát
d0ec32c4fd
Partially revert "busybox: fix musl builds"
Original commit 5ba8c04ae5 destroyed the meaning
of the *overridable* flag, and incidentally we were
relying on it in channel-critical stuff:
https://hydra.nixos.org/build/102298542
2019-10-12 08:52:07 +02:00
Domen Kožar
5ea4c9184b
busybox: remove the missing diff 2019-09-29 18:43:32 +02:00
Domen Kožar
39769df9df
busybox: flip around logic how musl is determined 2019-09-29 16:56:16 +02:00
Jörg Thalheim
64d821d9f4
Revert "busybox: fix musl builds"
This reverts commit 5ba8c04ae5.

Broke non-musl busybox.

fixes: #70007
2019-09-29 15:31:50 +01:00
Matthew Bauer
5ba8c04ae5
busybox: fix musl builds
You shouldn’t need to add anything with musl builds. The libc will
configure these values for you.
2019-09-29 11:19:56 +02:00
Matthew Bauer
78879ae0e9 Revert "busybox: fix static builds"
This reverts commit b4f6931acd.

Broke busybox-sandbox-shell

https://hydra.nixos.org/build/100470231
2019-09-09 17:49:10 -04:00
Matthew Bauer
b4f6931acd busybox: fix static builds
Fixes #52074
2019-08-28 14:34:05 -04:00
Derek Kulinski
7e7e26e9b1 busybox: apply clang-cross patch when host is different than build system.
It looks like the original comparrision was incorrect:
host platform - system on which the binary will run
target platform - system for which compiler generates code
                  (used with compilers)
build platform - system on which the build is invoked

see: https://nixos.org/nixpkgs/manual/#sec-cross-platform-parameters

This change allows to cross compile busybox on OS X
2019-08-09 22:49:23 -07:00
Matthew Bauer
dbd1a4481f busybox: only use stdenv.cc.libc.static when it exists
causes on evaluation error on macOS otherwise
2019-05-08 21:54:27 -04:00
Matthew Bauer
3bf69b1e40 busybox: add patch to allow cross in llvm
Fixes #57670

$ nix build -f. --arg crossSystem '{ config = "aarch64-unknown-linux-musl"; useLLVM = true; }' busybox
2019-04-14 22:03:33 -04:00
Will Dietz
8019d4a1c7 busybox: 1.29.3 -> 1.30.1
For changes see https://busybox.net
(most of which are part of 1.30.0).
2019-02-18 13:17:10 -06:00
Matthew Bauer
1c02863317
busybox: give priority of 10
Lots of packages provide this. Usually we don't want the busybox version.
2019-01-18 18:16:37 -05:00
Matthew Bauer
76c956be5c treewide: disable pie in more places
Some packages don’t work correctly with pie. Here I disable it for:

- busybox
- linux kernel
- kexectools

I also get rid of the Musl conditional for disabling pie in GCC and
Binutils. Some day we might want to enable PIE without Musl and it
will be useful to have the *just* work with our compiler and linkers.
2018-11-13 07:03:31 -06:00
Matthew Bauer
0d30f7b023
Update sandbox-shell.nix 2018-11-05 15:16:45 -06:00
Will Dietz
30500d23bc busybox: 1.29.2 -> 1.29.3 (#46458) 2018-09-10 08:43:55 +02:00
John Ericson
0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00