diff options
| -rw-r--r-- | core/busybox/checksums | 7 | ||||
| -rw-r--r-- | core/busybox/files/.config | 6 | ||||
| -rw-r--r-- | core/busybox/files/.config-suid | 6 | ||||
| -rw-r--r-- | core/busybox/patches/libressl.patch | 44 | ||||
| -rw-r--r-- | core/busybox/sources | 3 | ||||
| -rwxr-xr-x | core/curl/build | 5 | ||||
| -rw-r--r-- | core/curl/depends | 3 | ||||
| -rw-r--r-- | core/curl/version | 2 | ||||
| -rwxr-xr-x | core/libressl/build (renamed from extra/libressl/build) | 0 | ||||
| -rw-r--r-- | core/libressl/checksums (renamed from extra/libressl/checksums) | 0 | ||||
| -rwxr-xr-x | core/libressl/files/update-certdata.sh (renamed from extra/libressl/files/update-certdata.sh) | 0 | ||||
| -rwxr-xr-x | core/libressl/post-install (renamed from extra/libressl/post-install) | 0 | ||||
| -rw-r--r-- | core/libressl/sources (renamed from extra/libressl/sources) | 0 | ||||
| -rwxr-xr-x | core/libressl/test (renamed from extra/libressl/test) | 0 | ||||
| -rw-r--r-- | core/libressl/version (renamed from extra/libressl/version) | 0 | ||||
| -rwxr-xr-x | extra/openssh/build | 3 | ||||
| -rw-r--r-- | extra/openssh/checksums | 2 | ||||
| -rw-r--r-- | extra/openssh/depends | 3 | ||||
| -rw-r--r-- | extra/openssh/sources | 2 |
19 files changed, 60 insertions, 26 deletions
diff --git a/core/busybox/checksums b/core/busybox/checksums index 76d0f4b0..91dd1880 100644 --- a/core/busybox/checksums +++ b/core/busybox/checksums @@ -1,6 +1,6 @@ -5416643ac976310a864b1c1ff5a683508258c38441c19912980cd651bcdb45ea busybox-1.33.0.tar.gz -03f4244bffd116f621659bde52d9454a49160e61cc61e9db024186da80c06e13 .config -93e5b0c5395bcc695a578f1e7d30ba65434c77ee856343b2124d35a0ef66148b .config-suid +d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd busybox-1.33.0.tar.bz2 +4b6e42049ce4cf78b109741917aa5f44b9daf8ada37860cdc8af6b21a59faf2c .config +4e6932d1b5fd50758b7c1d94783897782d8f04fefa4daa8245a9252600f6cb8c .config-suid ebd61afac770d3d9cae5c411f44002496fb18b28cf7b77520072a3909852246e acpid.run 814dea14ac612125e97dcc1d619219b2c9dfc14850bf48d858421fb2c98eca12 crond.run c8b3502bf493336542247683f8d291753130141e5b20ecfda7077936751e83a7 inittab @@ -15,3 +15,4 @@ e31be17d2e058c0bde645f12b38dd6d5a22f8751204304a2df994fc7e523ae9c modprobe-kerne 09c2f601fec4e5c10664c22f787dafb9424efe219bf826727c356da90dfd60d5 adduser-no-setgid.patch f0e17fefc0af6b10205d72b242b6ef7481a58ff07726c62890ebc5893b96a396 install-fix-chown.patch 68e0c7d5e96902d3b890e89d9b018ae11d53ed3104bfedd624a1485df58b11cb print-unicode.patch +6d50ac2d96fcdbf140cd70c48bc4b661c94d634189e6ae08ecacfc7d91f6efe8 libressl.patch diff --git a/core/busybox/files/.config b/core/busybox/files/.config index 27045dc1..ecf6c334 100644 --- a/core/busybox/files/.config +++ b/core/busybox/files/.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.33.0 -# Thu Feb 18 03:12:21 2021 +# Fri Jan 1 16:14:15 2021 # CONFIG_HAVE_DOT_CONFIG=y @@ -979,9 +979,7 @@ CONFIG_FEATURE_WGET_STATUSBAR=y CONFIG_FEATURE_WGET_AUTHENTICATION=y CONFIG_FEATURE_WGET_TIMEOUT=y CONFIG_FEATURE_WGET_HTTPS=y -CONFIG_FEATURE_WGET_BEARSSL=y -CONFIG_WGET_BEARSSL_CA_CERTIFICATE=y -CONFIG_WGET_BEARSSL_CA_CERTIFICATE_FILE="/etc/certificates/cert.pem" +CONFIG_FEATURE_WGET_OPENSSL=y CONFIG_WHOIS=y # CONFIG_ZCIP is not set # CONFIG_UDHCPD is not set diff --git a/core/busybox/files/.config-suid b/core/busybox/files/.config-suid index 93a9d8fe..b4e6730a 100644 --- a/core/busybox/files/.config-suid +++ b/core/busybox/files/.config-suid @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Busybox version: 1.33.0 -# Thu Feb 18 03:15:02 2021 +# Fri Jan 1 16:17:16 2021 # CONFIG_HAVE_DOT_CONFIG=y @@ -955,9 +955,7 @@ CONFIG_FEATURE_FANCY_PING=y # CONFIG_FEATURE_WGET_AUTHENTICATION is not set # CONFIG_FEATURE_WGET_TIMEOUT is not set # CONFIG_FEATURE_WGET_HTTPS is not set -# CONFIG_FEATURE_WGET_BEARSSL is not set -# CONFIG_WGET_BEARSSL_CA_CERTIFICATE is not set -CONFIG_WGET_BEARSSL_CA_CERTIFICATE_FILE="" +# CONFIG_FEATURE_WGET_OPENSSL is not set # CONFIG_WHOIS is not set # CONFIG_ZCIP is not set # CONFIG_UDHCPD is not set diff --git a/core/busybox/patches/libressl.patch b/core/busybox/patches/libressl.patch new file mode 100644 index 00000000..ac132332 --- /dev/null +++ b/core/busybox/patches/libressl.patch @@ -0,0 +1,44 @@ +busybox wget calls OpenSSL-specific options for higher security. It IS a +bummer that libressl does not support these, but we are patching busybox for +the time being. +--- busybox/networking/wget.c.orig 2021-03-18 17:26:14.456704013 +0300 ++++ busybox/networking/wget.c 2021-03-18 17:26:18.400719891 +0300 +@@ -670,8 +670,7 @@ + pid = xvfork(); + if (pid == 0) { + /* Child */ +- char *argv[13]; +- char **argp; ++ char *argv[9]; + + close(sp[0]); + xmove_fd(sp[1], 0); +@@ -694,25 +693,13 @@ + * TLS server_name (SNI) field are FQDNs (DNS hostnames). + * IPv4 and IPv6 addresses, port numbers are not allowed. + */ +- argp = &argv[5]; + if (!is_ip_address(servername)) { +- *argp++ = (char*)"-servername"; //[5] +- *argp++ = (char*)servername; //[6] ++ argv[5] = (char*)"-servername"; ++ argv[6] = (char*)servername; + } + if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { +- /* Abort on bad server certificate */ +- *argp++ = (char*)"-verify"; //[7] +- *argp++ = (char*)"100"; //[8] +- *argp++ = (char*)"-verify_return_error"; //[9] +- if (!is_ip_address(servername)) { +- *argp++ = (char*)"-verify_hostname"; //[10] +- *argp++ = (char*)servername; //[11] +- } else { +- *argp++ = (char*)"-verify_ip"; //[10] +- *argp++ = (char*)host; //[11] +- } ++ argv[7] = (char*)"-verify_return_error"; + } +- //[12] (or earlier) is NULL terminator + + BB_EXECVP(argv[0], argv); + xmove_fd(3, 2); diff --git a/core/busybox/sources b/core/busybox/sources index 8ea60f3c..7d7cd5e0 100644 --- a/core/busybox/sources +++ b/core/busybox/sources @@ -1,4 +1,4 @@ -https://git.carbslinux.org/forks/busybox/snapshot/busybox-1.33.0.tar.gz +https://busybox.net/downloads/busybox-1.33.0.tar.bz2 files/.config files/.config-suid files/acpid.run @@ -15,3 +15,4 @@ patches/modprobe-kernel-version.patch patches/adduser-no-setgid.patch patches/install-fix-chown.patch patches/print-unicode.patch +patches/libressl.patch diff --git a/core/curl/build b/core/curl/build index f27b1522..4e2b82ac 100755 --- a/core/curl/build +++ b/core/curl/build @@ -15,10 +15,7 @@ --without-icu \ --without-libpsl \ --without-zstd \ - --with-pic \ - --with-bearssl \ - --with-ca-bundle=/etc/certificates/cert.pem \ - --without-ssl + --with-pic make curl_LDFLAGS=-all-static make DESTDIR="$1" install diff --git a/core/curl/depends b/core/curl/depends index cf6ff53d..9ee911ae 100644 --- a/core/curl/depends +++ b/core/curl/depends @@ -1,3 +1,2 @@ -bearssl -ca-certificates +libressl zlib diff --git a/core/curl/version b/core/curl/version index 31f8225b..6544806a 100644 --- a/core/curl/version +++ b/core/curl/version @@ -1 +1 @@ -7.75.0 1 +7.75.0 2 diff --git a/extra/libressl/build b/core/libressl/build index 86ade623..86ade623 100755 --- a/extra/libressl/build +++ b/core/libressl/build diff --git a/extra/libressl/checksums b/core/libressl/checksums index 36db443b..36db443b 100644 --- a/extra/libressl/checksums +++ b/core/libressl/checksums diff --git a/extra/libressl/files/update-certdata.sh b/core/libressl/files/update-certdata.sh index 611f944d..611f944d 100755 --- a/extra/libressl/files/update-certdata.sh +++ b/core/libressl/files/update-certdata.sh diff --git a/extra/libressl/post-install b/core/libressl/post-install index f39088e7..f39088e7 100755 --- a/extra/libressl/post-install +++ b/core/libressl/post-install diff --git a/extra/libressl/sources b/core/libressl/sources index a598bcc5..a598bcc5 100644 --- a/extra/libressl/sources +++ b/core/libressl/sources diff --git a/extra/libressl/test b/core/libressl/test index aabdfc94..aabdfc94 100755 --- a/extra/libressl/test +++ b/core/libressl/test diff --git a/extra/libressl/version b/core/libressl/version index a0fab29c..a0fab29c 100644 --- a/extra/libressl/version +++ b/core/libressl/version diff --git a/extra/openssh/build b/extra/openssh/build index a70f97a3..ff39eaa9 100755 --- a/extra/openssh/build +++ b/extra/openssh/build @@ -5,11 +5,8 @@ cpt-list libedit >/dev/null 2>&1 && libedit="--with-libedit" && LIBS="$(pkgconf --static --libs libedit)" export LIBS - export LDFLAGS="$LDFLAGS -static" -autoreconf -fi - ./configure \ --prefix=/usr \ --sbindir=/usr/bin \ diff --git a/extra/openssh/checksums b/extra/openssh/checksums index ad30e9ba..cecd0cbf 100644 --- a/extra/openssh/checksums +++ b/extra/openssh/checksums @@ -1,2 +1,2 @@ -bdd65f72c33a00fec5c154811c33e7b5a386c9b1aaabec3917b421af28adfc9a c80c7b3.tar.gz +f52f3f41d429aa9918e38cf200af225ccdd8e66f052da572870c89737646ec25 openssh-8.5p1.tar.gz 5d32a817344ac444424063d75e49afd95d7eb76d972ef5c5cfad355c8e8b1ff1 sshd.run diff --git a/extra/openssh/depends b/extra/openssh/depends index aefce7e1..3788ab13 100644 --- a/extra/openssh/depends +++ b/extra/openssh/depends @@ -1,3 +1,2 @@ -autoconf make -bearssl make +libressl make zlib make diff --git a/extra/openssh/sources b/extra/openssh/sources index b71f0e4c..b02eef54 100644 --- a/extra/openssh/sources +++ b/extra/openssh/sources @@ -1,2 +1,2 @@ -https://github.com/oasislinux/openssh/archive/c80c7b3.tar.gz +https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.5p1.tar.gz files/sshd.run |