diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-07-12 14:48:02 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-07-13 23:28:31 +0100 |
commit | 0a494c8224b961dbfcf17f856d86038c8e5bae07 (patch) | |
tree | 85b9e12ef75b13fe9bd8f2d93fd1c7886696504e /meta/recipes-core/busybox | |
parent | ebb0f1e390814a2ccd647558cca7ba22037cf373 (diff) | |
download | poky-0a494c8224b961dbfcf17f856d86038c8e5bae07.tar.gz |
busybox: reconfigure wget https support by default for security
The default busybox wget https support is suboptimal, it silently ignores
checking certificate validity which isn't great for security.
Switch our defaults to disable the internal busybox tls code and the
https support using it and configure the openssl backend instead.
This this is done by spawning an openssl command, we don't need
dependencies on openssl for build. For runtime, we can assume
people would install openssl if they need/want this.
These changes put our default busybox configuration in a more secure
initial set of settings.
[YOCTO #14125]
(From OE-Core rev: 5d4ad13462f12355ff0f2bc1773ab4b1814b165a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox')
-rw-r--r-- | meta/recipes-core/busybox/busybox/defconfig | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig index f3d545dc3f..8e3b6e480c 100644 --- a/meta/recipes-core/busybox/busybox/defconfig +++ b/meta/recipes-core/busybox/busybox/defconfig | |||
@@ -983,7 +983,7 @@ CONFIG_FEATURE_TFTP_GET=y | |||
983 | CONFIG_FEATURE_TFTP_PUT=y | 983 | CONFIG_FEATURE_TFTP_PUT=y |
984 | # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set | 984 | # CONFIG_FEATURE_TFTP_BLOCKSIZE is not set |
985 | # CONFIG_TFTP_DEBUG is not set | 985 | # CONFIG_TFTP_DEBUG is not set |
986 | CONFIG_TLS=y | 986 | # CONFIG_TLS is not set |
987 | CONFIG_TRACEROUTE=y | 987 | CONFIG_TRACEROUTE=y |
988 | # CONFIG_TRACEROUTE6 is not set | 988 | # CONFIG_TRACEROUTE6 is not set |
989 | # CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set | 989 | # CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set |
@@ -997,8 +997,8 @@ CONFIG_FEATURE_WGET_STATUSBAR=y | |||
997 | CONFIG_FEATURE_WGET_FTP=y | 997 | CONFIG_FEATURE_WGET_FTP=y |
998 | CONFIG_FEATURE_WGET_AUTHENTICATION=y | 998 | CONFIG_FEATURE_WGET_AUTHENTICATION=y |
999 | CONFIG_FEATURE_WGET_TIMEOUT=y | 999 | CONFIG_FEATURE_WGET_TIMEOUT=y |
1000 | CONFIG_FEATURE_WGET_HTTPS=y | 1000 | # CONFIG_FEATURE_WGET_HTTPS is not set |
1001 | # CONFIG_FEATURE_WGET_OPENSSL is not set | 1001 | CONFIG_FEATURE_WGET_OPENSSL=y |
1002 | # CONFIG_WHOIS is not set | 1002 | # CONFIG_WHOIS is not set |
1003 | # CONFIG_ZCIP is not set | 1003 | # CONFIG_ZCIP is not set |
1004 | CONFIG_UDHCPD=y | 1004 | CONFIG_UDHCPD=y |