Debian Bug report logs - #626820
busybox httpd is crippled: no cgi, no auth-md5, no encode url string

version graph

Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@lists.debian.org>; Source for busybox is src:busybox.

Reported by: Hartmut Goebel <h.goebel@goebel-consult.de>

Date: Sun, 15 May 2011 16:03:02 UTC

Severity: normal

Tags: patch

Found in version busybox/1:1.17.1-8

Fixed in version busybox/1:1.20.0-1

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#626820; Package busybox. (Sun, 15 May 2011 16:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hartmut Goebel <h.goebel@goebel-consult.de>:
New Bug report received and forwarded. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sun, 15 May 2011 16:03:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Hartmut Goebel <h.goebel@goebel-consult.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: busybox httpd is crippled: no cgi, no auth-md5, no encode url string
Date: Sun, 15 May 2011 16:00:11 +0000
[Message part 1 (text/plain, inline)]
Package: busybox
Version: 1:1.17.1-8
Severity: normal
Tags: squeeze patch

busybox httpd lacks quite a lot of features. Some may not be necessary for
a small-footprint binary, e.g. reverse-proxy and support for sendfile. But
the following features may be considered elemantary:
- support for CGI
- support for MD5 digest uthentication
- encoding/decoding strings from/to url

Activating these is is quite easy: in debian/config/pkg/deb just set

 CONFIG_FEATURE_HTTPD_AUTH_MD5=y
 CONFIG_FEATURE_HTTPD_CGI=y
 CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y

(see patch).

The size increase is negligible: Adding cgi-support increases the
/bin/busybox binary by only 4 Kb.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: armel (armv5tel)

Kernel: Linux 2.6.31.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages busybox depends on:
ii  libc6                         2.11.2-10  Embedded GNU C Library: Shared lib

busybox recommends no packages.

busybox suggests no packages.

-- no debconf information
[bb-cgi.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#626820; Package busybox. (Sun, 15 May 2011 21:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Otavio Salvador <otavio@ossystems.com.br>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sun, 15 May 2011 21:00:03 GMT) Full text and rfc822 format available.

Message #10 received at 626820@bugs.debian.org (full text, mbox):

From: Otavio Salvador <otavio@ossystems.com.br>
To: Hartmut Goebel <h.goebel@goebel-consult.de>, 626820@bugs.debian.org
Subject: Re: Bug#626820: busybox httpd is crippled: no cgi, no auth-md5, no encode url string
Date: Sun, 15 May 2011 17:57:39 -0300
On Sun, May 15, 2011 at 13:00, Hartmut Goebel
<h.goebel@goebel-consult.de> wrote:
> busybox httpd lacks quite a lot of features. Some may not be necessary for
> a small-footprint binary, e.g. reverse-proxy and support for sendfile. But
> the following features may be considered elemantary:
> - support for CGI
> - support for MD5 digest uthentication
> - encoding/decoding strings from/to url

What is the usage of those features? As Debian being a generic
distribution we try to keep busybox features as minimal as possible
but supporting general usage needs inside of the distribution itself.

Could you elaborate a bit what is your planned usage of it?

-- 
Otavio Salvador                             O.S. Systems
E-mail: otavio@ossystems.com.br  http://www.ossystems.com.br
Mobile: +55 53 9981-7854              http://projetos.ossystems.com.br




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#626820; Package busybox. (Mon, 16 May 2011 08:18:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hartmut Goebel <h.goebel@goebel-consult.de>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 16 May 2011 08:18:08 GMT) Full text and rfc822 format available.

Message #15 received at 626820@bugs.debian.org (full text, mbox):

From: Hartmut Goebel <h.goebel@goebel-consult.de>
To: Otavio Salvador <otavio@ossystems.com.br>, 626820@bugs.debian.org
Subject: Re: Bug#626820: busybox httpd is crippled: no cgi, no auth-md5, no encode url string
Date: Mon, 16 May 2011 10:15:40 +0200
[Message part 1 (text/plain, inline)]
Am 15.05.2011 22:57, schrieb Otavio Salvador:
> What is the usage of those features? As Debian being a generic
> distribution we try to keep busybox features as minimal as possible
> but supporting general usage needs inside of the distribution itself.
>
> Could you elaborate a bit what is your planned usage of it

For asking the crypto password from within linuxrc, I need a minimal web 
server which is able to run cgi scripts. The cgi script will "unlock" 
the crypted root partition (using cryptsetup luksOpen) and the system 
can continue booting.

Since the initrd should be kept small and busybox is already in initrc 
(for running the linuxrc script), using the busybox http is obvious. But 
that for it needs to support cgi and encoding/decoding.

-- 
Schönen Gruß - Regards
Hartmut Goebel
Dipl.-Informatiker (univ.), CISSP, CSSLP

Goebel Consult
Spezialist für IT-Sicherheit in komplexen Umgebungen
http://www.goebel-consult.de

Monatliche Kolumne: http://www.cissp-gefluester.de/
Goebel Consult mit Mitglied bei http://www.7-it.de


[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#626820; Package busybox. (Mon, 16 May 2011 12:08:49 GMT) Full text and rfc822 format available.

Acknowledgement sent to Otavio Salvador <otavio@ossystems.com.br>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 16 May 2011 12:08:56 GMT) Full text and rfc822 format available.

Message #20 received at 626820@bugs.debian.org (full text, mbox):

From: Otavio Salvador <otavio@ossystems.com.br>
To: Hartmut Goebel <h.goebel@goebel-consult.de>
Cc: 626820@bugs.debian.org
Subject: Re: Bug#626820: busybox httpd is crippled: no cgi, no auth-md5, no encode url string
Date: Mon, 16 May 2011 09:07:00 -0300
On Mon, May 16, 2011 at 05:15, Hartmut Goebel
<h.goebel@goebel-consult.de> wrote:
>> What is the usage of those features? As Debian being a generic
>> distribution we try to keep busybox features as minimal as possible
>> but supporting general usage needs inside of the distribution itself.
>>
>> Could you elaborate a bit what is your planned usage of it
>
> For asking the crypto password from within linuxrc, I need a minimal web
> server which is able to run cgi scripts. The cgi script will "unlock" the
> crypted root partition (using cryptsetup luksOpen) and the system can
> continue booting.
>
> Since the initrd should be kept small and busybox is already in initrc (for
> running the linuxrc script), using the busybox http is obvious. But that for
> it needs to support cgi and encoding/decoding.

Is it something going to be put onto Debian itself? If not, it would
be better to it to be done while customizing Debian for the project
specially because it won't be the only change most probably.

-- 
Otavio Salvador                             O.S. Systems
E-mail: otavio@ossystems.com.br  http://www.ossystems.com.br
Mobile: +55 53 9981-7854              http://projetos.ossystems.com.br




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#626820; Package busybox. (Mon, 16 May 2011 22:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hartmut Goebel <h.goebel@goebel-consult.de>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 16 May 2011 22:42:05 GMT) Full text and rfc822 format available.

Message #25 received at 626820@bugs.debian.org (full text, mbox):

From: Hartmut Goebel <h.goebel@goebel-consult.de>
To: Otavio Salvador <otavio@ossystems.com.br>
Cc: 626820@bugs.debian.org
Subject: Re: Bug#626820: busybox httpd is crippled: no cgi, no auth-md5, no encode url string
Date: Tue, 17 May 2011 00:39:53 +0200
[Message part 1 (text/plain, inline)]
Am 16.05.2011 14:07, schrieb Otavio Salvador:
> Is it something going to be put onto Debian itself? If not, it would
> be better to it to be done while customizing Debian for the project
> specially because it won't be the only change most probably.
I do not know whether this will go into Debian someday. I'm currently
building this for my own needs. But if it is for interest for inclusion
into Debian, I'm happy to support this.

-- 
Schönen Gruß - Regards
Hartmut Goebel
Dipl.-Informatiker (univ.), CISSP, CSSLP

Goebel Consult 
Spezialist für IT-Sicherheit in komplexen Umgebungen
http://www.goebel-consult.de

Monatliche Kolumne: http://www.cissp-gefluester.de/
Goebel Consult mit Mitglied bei http://www.7-it.de


[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#626820; Package busybox. (Mon, 16 May 2011 23:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Otavio Salvador <otavio@ossystems.com.br>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 16 May 2011 23:57:03 GMT) Full text and rfc822 format available.

Message #30 received at 626820@bugs.debian.org (full text, mbox):

From: Otavio Salvador <otavio@ossystems.com.br>
To: Hartmut Goebel <h.goebel@goebel-consult.de>
Cc: 626820@bugs.debian.org
Subject: Re: Bug#626820: busybox httpd is crippled: no cgi, no auth-md5, no encode url string
Date: Mon, 16 May 2011 20:55:14 -0300
On Mon, May 16, 2011 at 19:39, Hartmut Goebel
<h.goebel@goebel-consult.de> wrote:
> Am 16.05.2011 14:07, schrieb Otavio Salvador:
>> Is it something going to be put onto Debian itself? If not, it would
>> be better to it to be done while customizing Debian for the project
>> specially because it won't be the only change most probably.
> I do not know whether this will go into Debian someday. I'm currently
> building this for my own needs. But if it is for interest for inclusion
> into Debian, I'm happy to support this.

In this case I think it is better to not enable it into default
busybox and you do it locally until you get something usable and
propose it to get into Debian.

-- 
Otavio Salvador                             O.S. Systems
E-mail: otavio@ossystems.com.br  http://www.ossystems.com.br
Mobile: +55 53 9981-7854              http://projetos.ossystems.com.br




Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Wed, 16 May 2012 10:51:58 GMT) Full text and rfc822 format available.

Notification sent to Hartmut Goebel <h.goebel@goebel-consult.de>:
Bug acknowledged by developer. (Wed, 16 May 2012 10:52:01 GMT) Full text and rfc822 format available.

Message #35 received at 626820-close@bugs.debian.org (full text, mbox):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 626820-close@bugs.debian.org
Subject: Bug#626820: fixed in busybox 1:1.20.0-1
Date: Wed, 16 May 2012 10:47:35 +0000
Source: busybox
Source-Version: 1:1.20.0-1

We believe that the bug you reported is fixed in the latest version of
busybox, which is due to be installed in the Debian FTP archive:

busybox-static_1.20.0-1_i386.deb
  to main/b/busybox/busybox-static_1.20.0-1_i386.deb
busybox-syslogd_1.20.0-1_all.deb
  to main/b/busybox/busybox-syslogd_1.20.0-1_all.deb
busybox-udeb_1.20.0-1_i386.udeb
  to main/b/busybox/busybox-udeb_1.20.0-1_i386.udeb
busybox_1.20.0-1.debian.tar.gz
  to main/b/busybox/busybox_1.20.0-1.debian.tar.gz
busybox_1.20.0-1.dsc
  to main/b/busybox/busybox_1.20.0-1.dsc
busybox_1.20.0-1_i386.deb
  to main/b/busybox/busybox_1.20.0-1_i386.deb
busybox_1.20.0.orig.tar.bz2
  to main/b/busybox/busybox_1.20.0.orig.tar.bz2
udhcpc_1.20.0-1_i386.deb
  to main/b/busybox/udhcpc_1.20.0-1_i386.deb
udhcpd_1.20.0-1_i386.deb
  to main/b/busybox/udhcpd_1.20.0-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 626820@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated busybox package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 May 2012 13:47:42 +0400
Source: busybox
Binary: busybox busybox-static busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source all i386
Version: 1:1.20.0-1
Distribution: experimental
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 busybox    - Tiny utilities for small and embedded systems
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 548999 571743 626820 670993 671832
Changes: 
 busybox (1:1.20.0-1) experimental; urgency=low
 .
   * new upstream (mostly bugfix) release
   * got rid of the long-standing debian-specific applets-fallback.patch, once
     upstream added commit 83f103b30e41ab038e "ash: in standalone mode, search
     in $PATH if /proc/self/exe doesn't exist".  I still carry the patch itself,
     but it isn't referenced in the series file anymore.
   * removed patches which were applied upstream, and added a few patches
     from upstream 1.20 stable branch
   * refreshed swaponoff-FreeBSD-support.patch and u-mount-FreeBSD-support.patch
   * refreshed configs for 1.20
   * enabled many httpd options (AUTH_MD5, RANGES, SETUID, CGI, GZIP, ENCODE)
     for static and regular build, which results in ~5Kb binary size difference
     on x86 but enables features users are asking
     (Closes: #548999, #626820, #571743)
   * enabled dpkg-buildflags usage (filtering out -Werror=format-security from
     CFLAGS) (Closes: #670993)
   * ship some docs and examples in static and regular builds (Closes: #671832)
   * enable expand/unexpand and ar-long-options in deb build, - small changes
     to reduce difference from static config.
   * added reenable-ps-options-for-DESKTOP-case.patch
   * DEP-3 headers for init-console.patch
 .
   * releasing to experimental due to applets-fallback.patch removal
Checksums-Sha1: 
 79b07bd528242f6c8bcd72f95a57a077b41af770 1610 busybox_1.20.0-1.dsc
 b8f5721557d437d2539dd3f7db91683ec50bdade 2190652 busybox_1.20.0.orig.tar.bz2
 0c055f3e7d7fa37f8be6cf084accc0e71b83402f 47880 busybox_1.20.0-1.debian.tar.gz
 bdf86d468ce55f4e3cce4ffaa632433fcaf361e6 18982 busybox-syslogd_1.20.0-1_all.deb
 8f15255cf07ba310f5d75c3d67491624f5a4cfcf 876464 busybox-static_1.20.0-1_i386.deb
 4042de1bc2703db64ede0b9e296af5839975deea 439274 busybox_1.20.0-1_i386.deb
 24b0aed03058e76b48ec1253769dc7a2447007ff 16638 udhcpc_1.20.0-1_i386.deb
 9f0fa6218de67f69050c6062b1bb20db6b147945 19934 udhcpd_1.20.0-1_i386.deb
 987068b77bf95fb081173380120029c8490219a5 202440 busybox-udeb_1.20.0-1_i386.udeb
Checksums-Sha256: 
 a46578ded8fd9ac06be445447e15a12fd671292925e51497ef3816404e0ab86a 1610 busybox_1.20.0-1.dsc
 3c56508d984db1178664241ad548d118fb0aa71cdd2f8a9a93038e50b3b2bf16 2190652 busybox_1.20.0.orig.tar.bz2
 9888f4e1a88d865f888c98bc1e51475ef19f66e1d5e8cc2b2eec50331c9d4d85 47880 busybox_1.20.0-1.debian.tar.gz
 2f4df08efbd69767685a63a2a27197e54112ffe70536912735b856c96f2c7da9 18982 busybox-syslogd_1.20.0-1_all.deb
 51fbd10f22791b9d8daeadc84b2223ae5980fb5f7aa2f59d8ac8e878317fddfe 876464 busybox-static_1.20.0-1_i386.deb
 dafc3443624cdad5bceb9dd369dc868f0aae20aa91bd0956714d342f111369e8 439274 busybox_1.20.0-1_i386.deb
 aaf9a6ca500f0f8404c7f0d1d90c726187b2211e8caa8eb41789186e7874f2d0 16638 udhcpc_1.20.0-1_i386.deb
 0249e222d85cdd4a2b5398b7f20811306e572d40a0ebd0fb8bb119c18b9365c2 19934 udhcpd_1.20.0-1_i386.deb
 3d0f9b907ba6154f7dfb5b4f9543ed3e8c103290d48dac9e7ad79c02c6c3ee07 202440 busybox-udeb_1.20.0-1_i386.udeb
Files: 
 c10bbad4badefe43e0367a1dc9a99131 1610 utils optional busybox_1.20.0-1.dsc
 4334b34fa1cdae54e9d2dc174f35c9ae 2190652 utils optional busybox_1.20.0.orig.tar.bz2
 8a638e8cb622de7b876fcc79b740ae6b 47880 utils optional busybox_1.20.0-1.debian.tar.gz
 65119180ecb3bb331f04086ceb5ceea8 18982 utils optional busybox-syslogd_1.20.0-1_all.deb
 46df2651d4c23dd203c38e82c4cd8118 876464 shells extra busybox-static_1.20.0-1_i386.deb
 f42049e0b15fc0efd8661f1b59137487 439274 utils optional busybox_1.20.0-1_i386.deb
 ab6555956290f71155380f30b8a4cfbd 16638 net optional udhcpc_1.20.0-1_i386.deb
 52b1d7d58b325ddab1af6206c517b819 19934 net optional udhcpd_1.20.0-1_i386.deb
 a2b72b36eb982d35fb8a07b550b2f5dc 202440 debian-installer extra busybox-udeb_1.20.0-1_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAk+zgrsACgkQUlPFrXTwyDhD0AQA2URr1U/UP2J9o+Ednx4WCw1K
fC+e96TOscABac9OQTJNpkkaFVX2WAj73zWvYofskC1rscizHwuTzPsvoH++irS7
K1XW0X6kRu+vjDqOg4QSrQBxbtYS8l72U+or4+TJYWkxo+S2d+1qMgbowx6A+VVH
1GPRhAR4XS7gMp1TNnY=
=tL+h
-----END PGP SIGNATURE-----





Removed tag(s) squeeze. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Fri, 01 Nov 2013 22:32:09 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 30 Nov 2013 07:36:13 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 06:45:27 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.