From da7d55d04ef1a98f44cdff112afdde3dda7810f6 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 21 Oct 2011 14:06:32 +0000 Subject: main/busybox: apply patches frrom upstream. re-enable sha512 Seems like sha512 got disabled during the 1.19 upgrade and forgotten. --- main/busybox/0001-loginutils-use-sha512.patch | 106 ++++++++++++++++++ main/busybox/APKBUILD | 20 +++- main/busybox/loginutils-sha512.patch | 154 -------------------------- 3 files changed, 124 insertions(+), 156 deletions(-) create mode 100644 main/busybox/0001-loginutils-use-sha512.patch delete mode 100644 main/busybox/loginutils-sha512.patch (limited to 'main') diff --git a/main/busybox/0001-loginutils-use-sha512.patch b/main/busybox/0001-loginutils-use-sha512.patch new file mode 100644 index 0000000000..c4c1cf34be --- /dev/null +++ b/main/busybox/0001-loginutils-use-sha512.patch @@ -0,0 +1,106 @@ +From 253a5e60f5917b29da687b802f56a8503ff9b29a Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Fri, 21 Oct 2011 14:04:01 +0000 +Subject: [PATCH] loginutils: use sha512 + +--- + libbb/pw_encrypt.c | 2 +- + loginutils/chpasswd.c | 23 +++++++++++++++-------- + loginutils/passwd.c | 2 +- + 3 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c +index 39ffa08..dcf6ca5 100644 +--- a/libbb/pw_encrypt.c ++++ b/libbb/pw_encrypt.c +@@ -59,7 +59,7 @@ char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo) + *salt_ptr++ = '$'; + #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA + if (algo[0] == 's') { /* sha */ +- salt[1] = '5' + (strcmp(algo, "sha512") == 0); ++ salt[1] = '6' + (strcmp(algo, "sha512") == 0); + len = 16/2; + } + #endif +diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c +index b7df57e..029ddfa 100644 +--- a/loginutils/chpasswd.c ++++ b/loginutils/chpasswd.c +@@ -13,22 +13,26 @@ + //usage: "Read user:password from stdin and update /etc/passwd\n" + //usage: IF_LONG_OPTS( + //usage: "\n -e,--encrypted Supplied passwords are in encrypted form" +-//usage: "\n -m,--md5 Use MD5 encryption instead of DES" ++//usage: "\n -m,--md5 Use MD5 encryption instead of SHA512" ++//usage: "\n -d,--des Use DES encryption instead of SHA512" + //usage: ) + //usage: IF_NOT_LONG_OPTS( + //usage: "\n -e Supplied passwords are in encrypted form" +-//usage: "\n -m Use MD5 encryption instead of DES" ++//usage: "\n -m Use MD5 encryption instead of SHA512" ++//usage: "\n -d Use DES encryption instead of SHA512" + //usage: ) + + #if ENABLE_LONG_OPTS + static const char chpasswd_longopts[] ALIGN1 = + "encrypted\0" No_argument "e" + "md5\0" No_argument "m" ++ "des\0" No_argument "d" + ; + #endif + + #define OPT_ENC 1 + #define OPT_MD5 2 ++#define OPT_DES 4 + + int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; + int chpasswd_main(int argc UNUSED_PARAM, char **argv) +@@ -39,9 +43,9 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) + if (getuid() != 0) + bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); + +- opt_complementary = "m--e:e--m"; ++ opt_complementary = "m--e:e--m:d--e:e--d:m--d:d--m"; + IF_LONG_OPTS(applet_long_options = chpasswd_longopts;) +- opt = getopt32(argv, "em"); ++ opt = getopt32(argv, "emd"); + + while ((name = xmalloc_fgetline(stdin)) != NULL) { + char *free_me; +@@ -59,13 +63,16 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) + if (!(opt & OPT_ENC)) { + char salt[sizeof("$N$XXXXXXXX")]; + +- crypt_make_salt(salt, 1); ++ crypt_make_salt(salt + 3, 4); ++ salt[0] = '$'; ++ salt[1] = '6'; ++ salt[2] = '$'; + if (opt & OPT_MD5) { +- salt[0] = '$'; + salt[1] = '1'; +- salt[2] = '$'; +- crypt_make_salt(salt + 3, 4); ++ } else if (opt & OPT_DES) { ++ crypt_make_salt(salt, 1); + } ++ + free_me = pass = pw_encrypt(pass, salt, 0); + } + +diff --git a/loginutils/passwd.c b/loginutils/passwd.c +index 1cfafae..f29d66c 100644 +--- a/loginutils/passwd.c ++++ b/loginutils/passwd.c +@@ -94,7 +94,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv) + }; + unsigned opt; + int rc; +- const char *opt_a = "d"; /* des */ ++ const char *opt_a = "s"; /* sha512 */ + const char *filename; + char *myname; + char *name; +-- +1.7.7 + diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 117cc9a304..fe7ff3781f 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=busybox pkgver=1.19.2 -pkgrel=0 +pkgrel=1 _bbsuidver=0.6 pkgdesc="Size optimized toolbox of many common UNIX utilities" url=http://busybox.net @@ -15,9 +15,17 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 http://git.alpinelinux.org/cgit/bbsuid.git/snapshot/bbsuid-$_bbsuidver.tar.bz2 $pkgname-1.11.1-bb.patch busybox-uname-is-not-gnu.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-android.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-buildsys.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-chpasswd.patch http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-crond.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-inetd.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-syslogd.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-tail.patch + http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-tftp.patch + 0001-loginutils-use-sha512.patch + busyboxconfig" -# loginutils-sha512.patch _sdir="$srcdir"/$pkgname-$pkgver _staticdir="$srcdir"/build-static @@ -87,5 +95,13 @@ md5sums="50267054345f1a0b77fe65f6e0e5ba29 busybox-1.19.2.tar.bz2 968b3a058db04f95e9c4cdb44d7d3ddb bbsuid-0.6.tar.bz2 4c0f3b486eaa0674961b7ddcd0c60a9b busybox-1.11.1-bb.patch b5375210f13fd6e1ca61a565e8fabd35 busybox-uname-is-not-gnu.patch +c695eea6c721e4f7f66fd3a1674ea6f5 busybox-1.19.2-android.patch +b239f0a6e6556a9df9beb7d8725907c4 busybox-1.19.2-buildsys.patch +04ec247d117d93a0097185ccea03aec5 busybox-1.19.2-chpasswd.patch 2707b318e733d5b091e2df301e418b5a busybox-1.19.2-crond.patch +9d13b96b805e238e0fe33c5c9df9e9b1 busybox-1.19.2-inetd.patch +6f158c07c70a6250d6db5fc05b4bda5d busybox-1.19.2-syslogd.patch +4b291c97d371f0957d4c1698976e5569 busybox-1.19.2-tail.patch +ddeac26c403f8518212637731b5ae26b busybox-1.19.2-tftp.patch +784383013b8f015fb0d214618c46b4b8 0001-loginutils-use-sha512.patch 4ec89e4b45bcf667974a2778a559196f busyboxconfig" diff --git a/main/busybox/loginutils-sha512.patch b/main/busybox/loginutils-sha512.patch deleted file mode 100644 index 7c5028d374..0000000000 --- a/main/busybox/loginutils-sha512.patch +++ /dev/null @@ -1,154 +0,0 @@ ---- busybox-1.18.3/include/usage.src.h -+++ busybox.mod/include/usage.src.h -@@ -2798,23 +2798,25 @@ - "Change USER's password. If no USER is specified,\n" \ - "changes the password for the current user.\n" \ - "\nOptions:" \ -- "\n -a ALG Algorithm to use for password (des, md5)" /* ", sha1)" */ \ -+ "\n -a ALG Algorithm to use for password (des, md5, sha512)" /* ", sha1)" */ \ - "\n -d Delete password for the account" \ - "\n -l Lock (disable) account" \ - "\n -u Unlock (re-enable) account" \ - - #define chpasswd_trivial_usage \ -- IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]") -+ IF_LONG_OPTS("[--des|--md5|--encrypted]") IF_NOT_LONG_OPTS("[-d|-m|-e]") - #define chpasswd_full_usage "\n\n" \ - "Read user:password from stdin and update /etc/passwd\n" \ - "\nOptions:" \ - IF_LONG_OPTS( \ - "\n -e,--encrypted Supplied passwords are in encrypted form" \ -- "\n -m,--md5 Use MD5 encryption instead of DES" \ -+ "\n -m,--md5 Use MD5 encryption instead of SHA512" \ -+ "\n -d,--des Use DES encryption instead of SHA512" \ - ) \ - IF_NOT_LONG_OPTS( \ - "\n -e Supplied passwords are in encrypted form" \ -- "\n -m Use MD5 encryption instead of DES" \ -+ "\n -m Use MD5 encryption instead of SHA512" \ -+ "\n -d Use DES encryption instead of SHA512" \ - ) - - #define pgrep_trivial_usage \ ---- busybox-1.18.3/loginutils/chpasswd.c -+++ busybox.mod/loginutils/chpasswd.c -@@ -11,11 +11,13 @@ - static const char chpasswd_longopts[] ALIGN1 = - "encrypted\0" No_argument "e" - "md5\0" No_argument "m" -+ "des\0" No_argument "d" - ; - #endif - --#define OPT_ENC 1 --#define OPT_MD5 2 -+#define OPT_ENC 1 -+#define OPT_MD5 2 -+#define OPT_DES 4 - - int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; - int chpasswd_main(int argc UNUSED_PARAM, char **argv) -@@ -28,9 +30,9 @@ - if (getuid()) - bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); - -- opt_complementary = "m--e:e--m"; -+ opt_complementary = "m--e:e--m:d--e:e--d:m--d:d--m"; - IF_LONG_OPTS(applet_long_options = chpasswd_longopts;) -- opt = getopt32(argv, "em"); -+ opt = getopt32(argv, "emd"); - - while ((name = xmalloc_fgetline(stdin)) != NULL) { - pass = strchr(name, ':'); -@@ -41,9 +43,13 @@ - xuname2uid(name); /* dies if there is no such user */ - - if (!(opt & OPT_ENC)) { -- rnd = crypt_make_salt(salt, 1, rnd); - if (opt & OPT_MD5) { - strcpy(salt, "$1$"); -+ rnd = crypt_make_salt(salt + 3, 4, rnd); -+ } else if (opt & OPT_DES) { -+ rnd = crypt_make_salt(salt, 1, rnd); -+ } else { // OPT_SHA512 -+ strcpy(salt, "$6$"); - rnd = crypt_make_salt(salt + 3, 4, rnd); - } - pass = pw_encrypt(pass, salt, 0); ---- busybox-1.18.3/loginutils/cryptpw.c -+++ busybox.mod/loginutils/cryptpw.c -@@ -91,7 +91,7 @@ - *salt_ptr++ = '$'; - #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA - if (opt_m[0] == 's') { /* sha */ -- salt[1] = '5' + (strcmp(opt_m, "sha512") == 0); -+ salt[1] = '6' + (strcmp(opt_m, "sha512") == 0); - len = 16/2; - } - #endif ---- busybox-1.18.3/loginutils/passwd.c -+++ busybox.mod/loginutils/passwd.c -@@ -12,6 +12,11 @@ - - static char* new_password(const struct passwd *pw, uid_t myuid, int algo) - { -+ enum { -+ STATE_ALGO_md5 = 0x10, -+ STATE_ALGO_des = 0x20, -+ STATE_ALGO_sha512 = 0x40, -+ }; - char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */ - char *orig = (char*)""; - char *newp = NULL; -@@ -51,10 +56,14 @@ - goto err_ret; - } - -- crypt_make_salt(salt, 1, 0); /* des */ -- if (algo) { /* MD5 */ -+ if (algo & STATE_ALGO_md5) { /* md5 */ - strcpy(salt, "$1$"); - crypt_make_salt(salt + 3, 4, 0); -+ } else if (algo & STATE_ALGO_des) { /* des */ -+ crypt_make_salt(salt, 1, 0); -+ } else if (algo & STATE_ALGO_sha512) { /* sha512 */ -+ strcpy(salt, "$6$"); -+ crypt_make_salt(salt + 3, 4, 0); - } - /* pw_encrypt returns malloced str */ - ret = pw_encrypt(newp, salt, 1); -@@ -79,7 +88,8 @@ - OPT_delete = 0x8, /* -d - delete password */ - OPT_lud = 0xe, - STATE_ALGO_md5 = 0x10, -- //STATE_ALGO_des = 0x20, not needed yet -+ STATE_ALGO_des = 0x20, -+ STATE_ALGO_sha512 = 0x40, - }; - unsigned opt; - int rc; -@@ -104,10 +114,12 @@ - //argc -= optind; - argv += optind; - -- if (strcasecmp(opt_a, "des") != 0) /* -a */ -+ if (strcasecmp(opt_a, "md5") == 0) /* -a */ - opt |= STATE_ALGO_md5; -- //else -- // opt |= STATE_ALGO_des; -+ else if (strcasecmp(opt_a, "des") == 0) -+ opt |= STATE_ALGO_des; -+ else //if (strcasecmp(opt_a, "sha512") == 0) -+ opt |= STATE_ALGO_sha512; - myuid = getuid(); - /* -l, -u, -d require root priv and username argument */ - if ((opt & OPT_lud) && (myuid || !argv[0])) -@@ -158,7 +170,7 @@ - "locked password for %s", name); - } - printf("Changing password for %s\n", name); -- newp = new_password(pw, myuid, opt & STATE_ALGO_md5); -+ newp = new_password(pw, myuid, opt); - if (!newp) { - logmode = LOGMODE_STDIO; - bb_error_msg_and_die("password for %s is unchanged", name); -- cgit v1.2.3