summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/busybox
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2024-07-12 14:48:02 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2024-07-13 23:28:31 +0100
commit0a494c8224b961dbfcf17f856d86038c8e5bae07 (patch)
tree85b9e12ef75b13fe9bd8f2d93fd1c7886696504e /meta/recipes-core/busybox
parentebb0f1e390814a2ccd647558cca7ba22037cf373 (diff)
downloadpoky-0a494c8224b961dbfcf17f856d86038c8e5bae07.tar.gz
busybox: reconfigure wget https support by default for security
The default busybox wget https support is suboptimal, it silently ignores checking certificate validity which isn't great for security. Switch our defaults to disable the internal busybox tls code and the https support using it and configure the openssl backend instead. This this is done by spawning an openssl command, we don't need dependencies on openssl for build. For runtime, we can assume people would install openssl if they need/want this. These changes put our default busybox configuration in a more secure initial set of settings. [YOCTO #14125] (From OE-Core rev: 5d4ad13462f12355ff0f2bc1773ab4b1814b165a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/busybox')
-rw-r--r--meta/recipes-core/busybox/busybox/defconfig6
1 files changed, 3 insertions, 3 deletions
diff --git a/meta/recipes-core/busybox/busybox/defconfig b/meta/recipes-core/busybox/busybox/defconfig
index f3d545dc3f..8e3b6e480c 100644
--- a/meta/recipes-core/busybox/busybox/defconfig
+++ b/meta/recipes-core/busybox/busybox/defconfig
@@ -983,7 +983,7 @@ CONFIG_FEATURE_TFTP_GET=y
983CONFIG_FEATURE_TFTP_PUT=y 983CONFIG_FEATURE_TFTP_PUT=y
984# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set 984# CONFIG_FEATURE_TFTP_BLOCKSIZE is not set
985# CONFIG_TFTP_DEBUG is not set 985# CONFIG_TFTP_DEBUG is not set
986CONFIG_TLS=y 986# CONFIG_TLS is not set
987CONFIG_TRACEROUTE=y 987CONFIG_TRACEROUTE=y
988# CONFIG_TRACEROUTE6 is not set 988# CONFIG_TRACEROUTE6 is not set
989# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set 989# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set
@@ -997,8 +997,8 @@ CONFIG_FEATURE_WGET_STATUSBAR=y
997CONFIG_FEATURE_WGET_FTP=y 997CONFIG_FEATURE_WGET_FTP=y
998CONFIG_FEATURE_WGET_AUTHENTICATION=y 998CONFIG_FEATURE_WGET_AUTHENTICATION=y
999CONFIG_FEATURE_WGET_TIMEOUT=y 999CONFIG_FEATURE_WGET_TIMEOUT=y
1000CONFIG_FEATURE_WGET_HTTPS=y 1000# CONFIG_FEATURE_WGET_HTTPS is not set
1001# CONFIG_FEATURE_WGET_OPENSSL is not set 1001CONFIG_FEATURE_WGET_OPENSSL=y
1002# CONFIG_WHOIS is not set 1002# CONFIG_WHOIS is not set
1003# CONFIG_ZCIP is not set 1003# CONFIG_ZCIP is not set
1004CONFIG_UDHCPD=y 1004CONFIG_UDHCPD=y