If a non-starttls helper is in use, initial 220 response is processed by us,
not by helper.
Some servers consider us to be a spammer if we don't wait for it.
It is not in protocol, but it is a real-life problem.
The workaround in this patch is a magic envvar, $SMTP_ANTISPAM_DELAY:
...
-H 'PROG ARGS' Run connection helper. Examples:
openssl s_client -quiet -tls1 -starttls smtp -connect smtp.gmail.com:25
openssl s_client -quiet -tls1 -connect smtp.gmail.com:465
$SMTP_ANTISPAM_DELAY: seconds to wait after helper connect
...
By using it, people can tweak sendmail behavior even if sendmail invocation
is buried in some scripts.
function old new delta
packed_usage 30464 30497 +33
sendmail_main 1185 1206 +21
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 54/0) Total: 54 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Lauri Kasanen:
:: Over at TinyCore, we receive a huge number of questions of the type "I
:: got "short write", what does it mean?". Mostly for the rpi port and when
:: using bb wget.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The udhcpc script may be used to setup fallback configuration (E.G. IPv4LL,
fixed IP address, ..) that also needs to be cleaned up on release (E.G.
when SIGUSR2 is called or on shutdown with -R), so unconditionally call
deconfig.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Conditional rewrite can keep NUM_APPLETS.h mtime old,
this causes make to try to regenerate it at every invocation.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
"Total allocated sectors 2021315 greater than the maximum 2020356"
maximum what?
Turns out, that's the CHS size of the disk.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Before:
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 998 255471+ 6 FAT16
What are "blocks"? What is that "+"?
How big is this partition?
Is start/end shown came from LBA fields or CHS fields?
Why are we torturing the user??
After:
Device Boot StartCHS EndCHS StartLBA EndLBA Sectors Size Id Type
/dev/sdb1 * 0,1,1 996,15,32 32 510974 510943 249M 6 FAT16
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The filenames in docs/keep_data_small.txt are a little bit outdated.
It's better to change it to the current name.
decompress_unzip.c -> decompress_gunzip.c
(since commit 774bce8e8b)
libbb/messages.c -> libbb/ptr_to_globals.c
(since commit 574f2f4394)
Signed-off-by: Kang-Che Sung <explorer09@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
We set all opened script fds to CLOEXEC, thus making then go away
after fork+exec.
Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open.
For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd"
in a script from standalone shell shows this:
lrwx------ 1 root root 64 Aug 20 15:17 0 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 1 -> /dev/pts/3
lrwx------ 1 root root 64 Aug 20 15:17 2 -> /dev/pts/3
lr-x------ 1 root root 64 Aug 20 15:17 3 -> /path/to/top/level/script
lr-x------ 1 root root 64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1
...
with as many open fds as there are ". SCRIPTn" nest levels.
Fix it by closing these fds after fork (only for NOEXEC children).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Run this in a "sh SCRIPT":
sha256sum /dev/null
echo END
sha256sum is a NOEXEC applet. It runs in a forked child. Then child exit()s.
By this time, entire script is read, and buffered in a FILE object
from fopen("SCRIPT"). But fgetc() did not consume entire input.
exit() lseeks back by -9 bytes, from <eof> to 'e' in 'echo'.
(this may be libc-specific).
This change of fd position *is shared with the parent*!
Now parent can read more, and it thinks there is another "echo END".
End result: two "echo END"s are run.
Fix this by _exit()ing instead.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Some user managed to hit a race where iface is gone between SIOCGIFFLAGS
and SIOCSIFFLAGS (!). If SIOCSIFFLAGS fails, treat it the same as failed
SIOCGIFFLAGS
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
fix broken logic to get the gzip_level_config value from options -1 to
-9.
This fixes an off-by-one bug that caused gzip -9 output bigger files
than the other compression levels.
It fixes so that compression level 1 to 3 are actually mapped to level 4
as comments say.
It also fixes that levels -4 to -9 is mapped to correct level and avoids
out-of-bounds access.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This is necessary for multi-hosted TLSed web sites.
function old new delta
spawn_https_helper_openssl 334 441 +107
Based on a patch by Jeremy Chadwick <jdc@koitsu.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
On user request.
I thought enabling/disabling them all together is more consistent.
Evidently, some people do want them to be separately selectable.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
* explain which server we contact by default
* explain when auth is done
* -t is not implied! remove that from help text
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>