From 88dba6535f34aa0f76d274eb0c7dcf1e36c28731 Mon Sep 17 00:00:00 2001 From: Cem Keylan Date: Thu, 18 Mar 2021 21:24:03 +0300 Subject: busybox: revert to libressl --- core/busybox/patches/libressl.patch | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 core/busybox/patches/libressl.patch (limited to 'core/busybox/patches') diff --git a/core/busybox/patches/libressl.patch b/core/busybox/patches/libressl.patch new file mode 100644 index 00000000..ac132332 --- /dev/null +++ b/core/busybox/patches/libressl.patch @@ -0,0 +1,44 @@ +busybox wget calls OpenSSL-specific options for higher security. It IS a +bummer that libressl does not support these, but we are patching busybox for +the time being. +--- busybox/networking/wget.c.orig 2021-03-18 17:26:14.456704013 +0300 ++++ busybox/networking/wget.c 2021-03-18 17:26:18.400719891 +0300 +@@ -670,8 +670,7 @@ + pid = xvfork(); + if (pid == 0) { + /* Child */ +- char *argv[13]; +- char **argp; ++ char *argv[9]; + + close(sp[0]); + xmove_fd(sp[1], 0); +@@ -694,25 +693,13 @@ + * TLS server_name (SNI) field are FQDNs (DNS hostnames). + * IPv4 and IPv6 addresses, port numbers are not allowed. + */ +- argp = &argv[5]; + if (!is_ip_address(servername)) { +- *argp++ = (char*)"-servername"; //[5] +- *argp++ = (char*)servername; //[6] ++ argv[5] = (char*)"-servername"; ++ argv[6] = (char*)servername; + } + if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT)) { +- /* Abort on bad server certificate */ +- *argp++ = (char*)"-verify"; //[7] +- *argp++ = (char*)"100"; //[8] +- *argp++ = (char*)"-verify_return_error"; //[9] +- if (!is_ip_address(servername)) { +- *argp++ = (char*)"-verify_hostname"; //[10] +- *argp++ = (char*)servername; //[11] +- } else { +- *argp++ = (char*)"-verify_ip"; //[10] +- *argp++ = (char*)host; //[11] +- } ++ argv[7] = (char*)"-verify_return_error"; + } +- //[12] (or earlier) is NULL terminator + + BB_EXECVP(argv[0], argv); + xmove_fd(3, 2); -- cgit v1.2.3