diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2011-10-21 14:06:32 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-10-21 14:06:32 +0000 |
commit | da7d55d04ef1a98f44cdff112afdde3dda7810f6 (patch) | |
tree | 8212375b1e8bd0d94f06c4ce35311f36bca047e2 | |
parent | 2f66ca6e89707a3c85e80c9e4b79387633f1463a (diff) | |
download | alpine_aports-da7d55d04ef1a98f44cdff112afdde3dda7810f6.tar.bz2 alpine_aports-da7d55d04ef1a98f44cdff112afdde3dda7810f6.tar.xz alpine_aports-da7d55d04ef1a98f44cdff112afdde3dda7810f6.zip |
main/busybox: apply patches frrom upstream. re-enable sha512
Seems like sha512 got disabled during the 1.19 upgrade and forgotten.
-rw-r--r-- | main/busybox/0001-loginutils-use-sha512.patch | 106 | ||||
-rw-r--r-- | main/busybox/APKBUILD | 20 | ||||
-rw-r--r-- | main/busybox/loginutils-sha512.patch | 154 |
3 files changed, 124 insertions, 156 deletions
diff --git a/main/busybox/0001-loginutils-use-sha512.patch b/main/busybox/0001-loginutils-use-sha512.patch new file mode 100644 index 0000000000..c4c1cf34be --- /dev/null +++ b/main/busybox/0001-loginutils-use-sha512.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | From 253a5e60f5917b29da687b802f56a8503ff9b29a Mon Sep 17 00:00:00 2001 | ||
2 | From: Natanael Copa <natanael.copa@gmail.com> | ||
3 | Date: Fri, 21 Oct 2011 14:04:01 +0000 | ||
4 | Subject: [PATCH] loginutils: use sha512 | ||
5 | |||
6 | --- | ||
7 | libbb/pw_encrypt.c | 2 +- | ||
8 | loginutils/chpasswd.c | 23 +++++++++++++++-------- | ||
9 | loginutils/passwd.c | 2 +- | ||
10 | 3 files changed, 17 insertions(+), 10 deletions(-) | ||
11 | |||
12 | diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c | ||
13 | index 39ffa08..dcf6ca5 100644 | ||
14 | --- a/libbb/pw_encrypt.c | ||
15 | +++ b/libbb/pw_encrypt.c | ||
16 | @@ -59,7 +59,7 @@ char* FAST_FUNC crypt_make_pw_salt(char salt[MAX_PW_SALT_LEN], const char *algo) | ||
17 | *salt_ptr++ = '$'; | ||
18 | #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA | ||
19 | if (algo[0] == 's') { /* sha */ | ||
20 | - salt[1] = '5' + (strcmp(algo, "sha512") == 0); | ||
21 | + salt[1] = '6' + (strcmp(algo, "sha512") == 0); | ||
22 | len = 16/2; | ||
23 | } | ||
24 | #endif | ||
25 | diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c | ||
26 | index b7df57e..029ddfa 100644 | ||
27 | --- a/loginutils/chpasswd.c | ||
28 | +++ b/loginutils/chpasswd.c | ||
29 | @@ -13,22 +13,26 @@ | ||
30 | //usage: "Read user:password from stdin and update /etc/passwd\n" | ||
31 | //usage: IF_LONG_OPTS( | ||
32 | //usage: "\n -e,--encrypted Supplied passwords are in encrypted form" | ||
33 | -//usage: "\n -m,--md5 Use MD5 encryption instead of DES" | ||
34 | +//usage: "\n -m,--md5 Use MD5 encryption instead of SHA512" | ||
35 | +//usage: "\n -d,--des Use DES encryption instead of SHA512" | ||
36 | //usage: ) | ||
37 | //usage: IF_NOT_LONG_OPTS( | ||
38 | //usage: "\n -e Supplied passwords are in encrypted form" | ||
39 | -//usage: "\n -m Use MD5 encryption instead of DES" | ||
40 | +//usage: "\n -m Use MD5 encryption instead of SHA512" | ||
41 | +//usage: "\n -d Use DES encryption instead of SHA512" | ||
42 | //usage: ) | ||
43 | |||
44 | #if ENABLE_LONG_OPTS | ||
45 | static const char chpasswd_longopts[] ALIGN1 = | ||
46 | "encrypted\0" No_argument "e" | ||
47 | "md5\0" No_argument "m" | ||
48 | + "des\0" No_argument "d" | ||
49 | ; | ||
50 | #endif | ||
51 | |||
52 | #define OPT_ENC 1 | ||
53 | #define OPT_MD5 2 | ||
54 | +#define OPT_DES 4 | ||
55 | |||
56 | int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
57 | int chpasswd_main(int argc UNUSED_PARAM, char **argv) | ||
58 | @@ -39,9 +43,9 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) | ||
59 | if (getuid() != 0) | ||
60 | bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); | ||
61 | |||
62 | - opt_complementary = "m--e:e--m"; | ||
63 | + opt_complementary = "m--e:e--m:d--e:e--d:m--d:d--m"; | ||
64 | IF_LONG_OPTS(applet_long_options = chpasswd_longopts;) | ||
65 | - opt = getopt32(argv, "em"); | ||
66 | + opt = getopt32(argv, "emd"); | ||
67 | |||
68 | while ((name = xmalloc_fgetline(stdin)) != NULL) { | ||
69 | char *free_me; | ||
70 | @@ -59,13 +63,16 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) | ||
71 | if (!(opt & OPT_ENC)) { | ||
72 | char salt[sizeof("$N$XXXXXXXX")]; | ||
73 | |||
74 | - crypt_make_salt(salt, 1); | ||
75 | + crypt_make_salt(salt + 3, 4); | ||
76 | + salt[0] = '$'; | ||
77 | + salt[1] = '6'; | ||
78 | + salt[2] = '$'; | ||
79 | if (opt & OPT_MD5) { | ||
80 | - salt[0] = '$'; | ||
81 | salt[1] = '1'; | ||
82 | - salt[2] = '$'; | ||
83 | - crypt_make_salt(salt + 3, 4); | ||
84 | + } else if (opt & OPT_DES) { | ||
85 | + crypt_make_salt(salt, 1); | ||
86 | } | ||
87 | + | ||
88 | free_me = pass = pw_encrypt(pass, salt, 0); | ||
89 | } | ||
90 | |||
91 | diff --git a/loginutils/passwd.c b/loginutils/passwd.c | ||
92 | index 1cfafae..f29d66c 100644 | ||
93 | --- a/loginutils/passwd.c | ||
94 | +++ b/loginutils/passwd.c | ||
95 | @@ -94,7 +94,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv) | ||
96 | }; | ||
97 | unsigned opt; | ||
98 | int rc; | ||
99 | - const char *opt_a = "d"; /* des */ | ||
100 | + const char *opt_a = "s"; /* sha512 */ | ||
101 | const char *filename; | ||
102 | char *myname; | ||
103 | char *name; | ||
104 | -- | ||
105 | 1.7.7 | ||
106 | |||
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 117cc9a304..fe7ff3781f 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=busybox | 2 | pkgname=busybox |
3 | pkgver=1.19.2 | 3 | pkgver=1.19.2 |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | _bbsuidver=0.6 | 5 | _bbsuidver=0.6 |
6 | pkgdesc="Size optimized toolbox of many common UNIX utilities" | 6 | pkgdesc="Size optimized toolbox of many common UNIX utilities" |
7 | url=http://busybox.net | 7 | url=http://busybox.net |
@@ -15,9 +15,17 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 | |||
15 | http://git.alpinelinux.org/cgit/bbsuid.git/snapshot/bbsuid-$_bbsuidver.tar.bz2 | 15 | http://git.alpinelinux.org/cgit/bbsuid.git/snapshot/bbsuid-$_bbsuidver.tar.bz2 |
16 | $pkgname-1.11.1-bb.patch | 16 | $pkgname-1.11.1-bb.patch |
17 | busybox-uname-is-not-gnu.patch | 17 | busybox-uname-is-not-gnu.patch |
18 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-android.patch | ||
19 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-buildsys.patch | ||
20 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-chpasswd.patch | ||
18 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-crond.patch | 21 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-crond.patch |
22 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-inetd.patch | ||
23 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-syslogd.patch | ||
24 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-tail.patch | ||
25 | http://busybox.net/downloads/fixes-1.19.2/busybox-1.19.2-tftp.patch | ||
26 | 0001-loginutils-use-sha512.patch | ||
27 | |||
19 | busyboxconfig" | 28 | busyboxconfig" |
20 | # loginutils-sha512.patch | ||
21 | 29 | ||
22 | _sdir="$srcdir"/$pkgname-$pkgver | 30 | _sdir="$srcdir"/$pkgname-$pkgver |
23 | _staticdir="$srcdir"/build-static | 31 | _staticdir="$srcdir"/build-static |
@@ -87,5 +95,13 @@ md5sums="50267054345f1a0b77fe65f6e0e5ba29 busybox-1.19.2.tar.bz2 | |||
87 | 968b3a058db04f95e9c4cdb44d7d3ddb bbsuid-0.6.tar.bz2 | 95 | 968b3a058db04f95e9c4cdb44d7d3ddb bbsuid-0.6.tar.bz2 |
88 | 4c0f3b486eaa0674961b7ddcd0c60a9b busybox-1.11.1-bb.patch | 96 | 4c0f3b486eaa0674961b7ddcd0c60a9b busybox-1.11.1-bb.patch |
89 | b5375210f13fd6e1ca61a565e8fabd35 busybox-uname-is-not-gnu.patch | 97 | b5375210f13fd6e1ca61a565e8fabd35 busybox-uname-is-not-gnu.patch |
98 | c695eea6c721e4f7f66fd3a1674ea6f5 busybox-1.19.2-android.patch | ||
99 | b239f0a6e6556a9df9beb7d8725907c4 busybox-1.19.2-buildsys.patch | ||
100 | 04ec247d117d93a0097185ccea03aec5 busybox-1.19.2-chpasswd.patch | ||
90 | 2707b318e733d5b091e2df301e418b5a busybox-1.19.2-crond.patch | 101 | 2707b318e733d5b091e2df301e418b5a busybox-1.19.2-crond.patch |
102 | 9d13b96b805e238e0fe33c5c9df9e9b1 busybox-1.19.2-inetd.patch | ||
103 | 6f158c07c70a6250d6db5fc05b4bda5d busybox-1.19.2-syslogd.patch | ||
104 | 4b291c97d371f0957d4c1698976e5569 busybox-1.19.2-tail.patch | ||
105 | ddeac26c403f8518212637731b5ae26b busybox-1.19.2-tftp.patch | ||
106 | 784383013b8f015fb0d214618c46b4b8 0001-loginutils-use-sha512.patch | ||
91 | 4ec89e4b45bcf667974a2778a559196f busyboxconfig" | 107 | 4ec89e4b45bcf667974a2778a559196f busyboxconfig" |
diff --git a/main/busybox/loginutils-sha512.patch b/main/busybox/loginutils-sha512.patch deleted file mode 100644 index 7c5028d374..0000000000 --- a/main/busybox/loginutils-sha512.patch +++ /dev/null | |||
@@ -1,154 +0,0 @@ | |||
1 | --- busybox-1.18.3/include/usage.src.h | ||
2 | +++ busybox.mod/include/usage.src.h | ||
3 | @@ -2798,23 +2798,25 @@ | ||
4 | "Change USER's password. If no USER is specified,\n" \ | ||
5 | "changes the password for the current user.\n" \ | ||
6 | "\nOptions:" \ | ||
7 | - "\n -a ALG Algorithm to use for password (des, md5)" /* ", sha1)" */ \ | ||
8 | + "\n -a ALG Algorithm to use for password (des, md5, sha512)" /* ", sha1)" */ \ | ||
9 | "\n -d Delete password for the account" \ | ||
10 | "\n -l Lock (disable) account" \ | ||
11 | "\n -u Unlock (re-enable) account" \ | ||
12 | |||
13 | #define chpasswd_trivial_usage \ | ||
14 | - IF_LONG_OPTS("[--md5|--encrypted]") IF_NOT_LONG_OPTS("[-m|-e]") | ||
15 | + IF_LONG_OPTS("[--des|--md5|--encrypted]") IF_NOT_LONG_OPTS("[-d|-m|-e]") | ||
16 | #define chpasswd_full_usage "\n\n" \ | ||
17 | "Read user:password from stdin and update /etc/passwd\n" \ | ||
18 | "\nOptions:" \ | ||
19 | IF_LONG_OPTS( \ | ||
20 | "\n -e,--encrypted Supplied passwords are in encrypted form" \ | ||
21 | - "\n -m,--md5 Use MD5 encryption instead of DES" \ | ||
22 | + "\n -m,--md5 Use MD5 encryption instead of SHA512" \ | ||
23 | + "\n -d,--des Use DES encryption instead of SHA512" \ | ||
24 | ) \ | ||
25 | IF_NOT_LONG_OPTS( \ | ||
26 | "\n -e Supplied passwords are in encrypted form" \ | ||
27 | - "\n -m Use MD5 encryption instead of DES" \ | ||
28 | + "\n -m Use MD5 encryption instead of SHA512" \ | ||
29 | + "\n -d Use DES encryption instead of SHA512" \ | ||
30 | ) | ||
31 | |||
32 | #define pgrep_trivial_usage \ | ||
33 | --- busybox-1.18.3/loginutils/chpasswd.c | ||
34 | +++ busybox.mod/loginutils/chpasswd.c | ||
35 | @@ -11,11 +11,13 @@ | ||
36 | static const char chpasswd_longopts[] ALIGN1 = | ||
37 | "encrypted\0" No_argument "e" | ||
38 | "md5\0" No_argument "m" | ||
39 | + "des\0" No_argument "d" | ||
40 | ; | ||
41 | #endif | ||
42 | |||
43 | -#define OPT_ENC 1 | ||
44 | -#define OPT_MD5 2 | ||
45 | +#define OPT_ENC 1 | ||
46 | +#define OPT_MD5 2 | ||
47 | +#define OPT_DES 4 | ||
48 | |||
49 | int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
50 | int chpasswd_main(int argc UNUSED_PARAM, char **argv) | ||
51 | @@ -28,9 +30,9 @@ | ||
52 | if (getuid()) | ||
53 | bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); | ||
54 | |||
55 | - opt_complementary = "m--e:e--m"; | ||
56 | + opt_complementary = "m--e:e--m:d--e:e--d:m--d:d--m"; | ||
57 | IF_LONG_OPTS(applet_long_options = chpasswd_longopts;) | ||
58 | - opt = getopt32(argv, "em"); | ||
59 | + opt = getopt32(argv, "emd"); | ||
60 | |||
61 | while ((name = xmalloc_fgetline(stdin)) != NULL) { | ||
62 | pass = strchr(name, ':'); | ||
63 | @@ -41,9 +43,13 @@ | ||
64 | xuname2uid(name); /* dies if there is no such user */ | ||
65 | |||
66 | if (!(opt & OPT_ENC)) { | ||
67 | - rnd = crypt_make_salt(salt, 1, rnd); | ||
68 | if (opt & OPT_MD5) { | ||
69 | strcpy(salt, "$1$"); | ||
70 | + rnd = crypt_make_salt(salt + 3, 4, rnd); | ||
71 | + } else if (opt & OPT_DES) { | ||
72 | + rnd = crypt_make_salt(salt, 1, rnd); | ||
73 | + } else { // OPT_SHA512 | ||
74 | + strcpy(salt, "$6$"); | ||
75 | rnd = crypt_make_salt(salt + 3, 4, rnd); | ||
76 | } | ||
77 | pass = pw_encrypt(pass, salt, 0); | ||
78 | --- busybox-1.18.3/loginutils/cryptpw.c | ||
79 | +++ busybox.mod/loginutils/cryptpw.c | ||
80 | @@ -91,7 +91,7 @@ | ||
81 | *salt_ptr++ = '$'; | ||
82 | #if !ENABLE_USE_BB_CRYPT || ENABLE_USE_BB_CRYPT_SHA | ||
83 | if (opt_m[0] == 's') { /* sha */ | ||
84 | - salt[1] = '5' + (strcmp(opt_m, "sha512") == 0); | ||
85 | + salt[1] = '6' + (strcmp(opt_m, "sha512") == 0); | ||
86 | len = 16/2; | ||
87 | } | ||
88 | #endif | ||
89 | --- busybox-1.18.3/loginutils/passwd.c | ||
90 | +++ busybox.mod/loginutils/passwd.c | ||
91 | @@ -12,6 +12,11 @@ | ||
92 | |||
93 | static char* new_password(const struct passwd *pw, uid_t myuid, int algo) | ||
94 | { | ||
95 | + enum { | ||
96 | + STATE_ALGO_md5 = 0x10, | ||
97 | + STATE_ALGO_des = 0x20, | ||
98 | + STATE_ALGO_sha512 = 0x40, | ||
99 | + }; | ||
100 | char salt[sizeof("$N$XXXXXXXX")]; /* "$N$XXXXXXXX" or "XX" */ | ||
101 | char *orig = (char*)""; | ||
102 | char *newp = NULL; | ||
103 | @@ -51,10 +56,14 @@ | ||
104 | goto err_ret; | ||
105 | } | ||
106 | |||
107 | - crypt_make_salt(salt, 1, 0); /* des */ | ||
108 | - if (algo) { /* MD5 */ | ||
109 | + if (algo & STATE_ALGO_md5) { /* md5 */ | ||
110 | strcpy(salt, "$1$"); | ||
111 | crypt_make_salt(salt + 3, 4, 0); | ||
112 | + } else if (algo & STATE_ALGO_des) { /* des */ | ||
113 | + crypt_make_salt(salt, 1, 0); | ||
114 | + } else if (algo & STATE_ALGO_sha512) { /* sha512 */ | ||
115 | + strcpy(salt, "$6$"); | ||
116 | + crypt_make_salt(salt + 3, 4, 0); | ||
117 | } | ||
118 | /* pw_encrypt returns malloced str */ | ||
119 | ret = pw_encrypt(newp, salt, 1); | ||
120 | @@ -79,7 +88,8 @@ | ||
121 | OPT_delete = 0x8, /* -d - delete password */ | ||
122 | OPT_lud = 0xe, | ||
123 | STATE_ALGO_md5 = 0x10, | ||
124 | - //STATE_ALGO_des = 0x20, not needed yet | ||
125 | + STATE_ALGO_des = 0x20, | ||
126 | + STATE_ALGO_sha512 = 0x40, | ||
127 | }; | ||
128 | unsigned opt; | ||
129 | int rc; | ||
130 | @@ -104,10 +114,12 @@ | ||
131 | //argc -= optind; | ||
132 | argv += optind; | ||
133 | |||
134 | - if (strcasecmp(opt_a, "des") != 0) /* -a */ | ||
135 | + if (strcasecmp(opt_a, "md5") == 0) /* -a */ | ||
136 | opt |= STATE_ALGO_md5; | ||
137 | - //else | ||
138 | - // opt |= STATE_ALGO_des; | ||
139 | + else if (strcasecmp(opt_a, "des") == 0) | ||
140 | + opt |= STATE_ALGO_des; | ||
141 | + else //if (strcasecmp(opt_a, "sha512") == 0) | ||
142 | + opt |= STATE_ALGO_sha512; | ||
143 | myuid = getuid(); | ||
144 | /* -l, -u, -d require root priv and username argument */ | ||
145 | if ((opt & OPT_lud) && (myuid || !argv[0])) | ||
146 | @@ -158,7 +170,7 @@ | ||
147 | "locked password for %s", name); | ||
148 | } | ||
149 | printf("Changing password for %s\n", name); | ||
150 | - newp = new_password(pw, myuid, opt & STATE_ALGO_md5); | ||
151 | + newp = new_password(pw, myuid, opt); | ||
152 | if (!newp) { | ||
153 | logmode = LOGMODE_STDIO; | ||
154 | bb_error_msg_and_die("password for %s is unchanged", name); | ||