Commit Graph

710 Commits

Author SHA1 Message Date
Hauke Mehrtens
1a0f2c3a3e e2fsprogs: Fix CVE-2022-1304
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 60e335b76e)
2022-12-06 23:29:14 +01:00
Jo-Philipp Wich
eb639e54fc ucode: update to latest Git HEAD
46d93c9 tests: fixup testcases
4c654df types: adjust double printing format
eac2add compiler: fix bytecode for logical assignments of properties
3903b18 fs: add `realpath()` function
8366102 math: add isnan() function
eef83d3 tests: relax sleep() test
394e901 lib: uc_json(): accept trailing whitespace when parsing strings
1867c8b uloop: terminate parent uloop in task child processes
d2cc003 uci: auto-load package in `ctx.foreach()` and `ctx.get_first()`
6c5ee53 compiler: ensure that arrow functions with block bodies return no value
fdc9b6a compiler: fix `??=`, `||=` and `&&=` logical assignment semantics
88dcca7 add cmake to install requires for debian

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a4d67066e39bd93c7011c8e07b740a326e4e9803)
2022-12-06 11:45:12 +01:00
Hauke Mehrtens
13bd217821 busybox: awk: fix use after free (CVE-2022-30065)
This backports a commit which fixes a use after free bug in awk.

CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8b383ee2a0)
2022-11-05 22:43:45 +01:00
Hauke Mehrtens
fe5cd3c9d9 util-linux: Update to version 2.37.4
This update contains only a security fix for an issue in chsh and chfn,
but OpenWrt is not packaging these applications so OpenWrt is not
affected. In OpenWrt master this was already fixed by the update to
util-linux 2.38.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:42:08 +01:00
Jo-Philipp Wich
f59dcb92cf ucode: update to latest Git HEAD
00af065 fs: expose `getdelim()` functionality through `fd.read()`
21ace5e lexer: fixes for regex literal parsing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1b90c7441b)
2022-10-18 11:26:21 +02:00
Jo-Philipp Wich
30de1b5031 ucode: update to latest Git HEAD
4ae7072 fs: use `getline()` for line wise read operations
21ace5e lexer: fixes for regex literal parsing
00965fa lib: implement slice() function
76d396d main: implement print mode
7bbba78 compiler: optimize function return opcode generation
a45f2a3 lexer: improve regex literal handling
d64d5d6 vm: maintain export symbol tables per program
f4b4ded uloop: task: gracefully handle absent output callback
a58fe47 ubus: hold reference to underlying connection until deferred is concluded
e23b58a lib: uc_system(): retry waitpid() on EINTR
cc4eb79 ubus: support obtaining numeric error code
01c412c ubus: add toplevel constants for ubus status codes
8e240fa ubus: allow object method call handlers to return a numeric status code
5cdddd3 lib: add limit support to split() and replace()
0ba9c3e fs: add optional third permission argument to fs.open()
c1f7b3b lib: remove fixed capture group limit in match() and regex replace()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 639754e36d
 and 5110dcb1fa)
2022-10-15 00:43:22 +02:00
David Bauer
2050bc4f64 ramips: add support for ZyXEL NWA50AX / NWA55AXE
Hardware
--------
CPU:    Mediatek MT7621
RAM:    256M DDR3
FLASH:  128M NAND
ETH:    1x Gigabit Ethernet
WiFi:   Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN:    1x Reset (NWA50AX only)
LED:    1x Multi-Color (NWA50AX only)

UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.

Settings: 115200 8N1

Layout:

<12V> <LAN> GND-RX-TX-VCC

Logic-Level is 3V3. Don't connect VCC to your UART adapter!

Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.

As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.

If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.

If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.

Installation TFTP
-----------------
This installation routine is especially useful in case
 * unknown device password (NWA55AXE lacks reset button)
 * bricked device

Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.

The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.

Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin

 $ atnf owrt.bin
 $ atna 192.168.1.88
 $ atns "192.168.1.66; tftpboot; bootm"

Upon booting, set the booted image to the correct slot:

 $ zyxel-bootconfig /dev/mtd10 get-status
 $ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
 $ zyxel-bootconfig /dev/mtd10 set-active-image 0

Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.

 $ mtd write ramboot-factory.bin firmware
 $ reboot

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a0b7fef0ff)
2022-10-14 23:14:50 +02:00
Uwe Kleine-König
bc8e24c654
busybox: nslookup: ensure unique transaction IDs for the DNS queries
On machines with a coarse monotonic clock (here: TP-Link RE200 powered
by a MediaTek MT7620A) it can happen that the two DNS requests (for A
and AAAA) share the same transaction ID. If this happens the second
reply is wrongly dropped and nslookup reports "No answer".

Fix this by ensuring that the transaction IDs are unique.

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
(cherry picked from commit 63e5ba8e69)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-10-14 21:10:54 +02:00
Petr Štetiar
562894b39d treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e1434f)
2022-10-04 10:11:08 +02:00
Jo-Philipp Wich
26b436e2a2 ucode: update to latest Git HEAD
344fa9e lib: extend render() to support function values
89452b2 lib: improve getenv() and split() implementations

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[fix commit subject]
(cherry picked from commit c6d6306827)
2022-08-31 23:06:01 +02:00
Jo-Philipp Wich
d4f20964ff ucode: update to latest Git HEAD
bcdd2cb examples: add module search path initialization and freeing
ee1946f ubus: fix GCC strncpy() truncation warning
131d99c lib: introduce three new functions call(), loadstring() and loadfile()
8e8dae0 lib: introduce helper function for indenting error messages
476f02b lib: simplify include_path()
d84b53a source: avoid null pointer access in uc_source_runpath_set()
c43a54f types: gracefully handle unpatched upvalues in ucv_free()
e2fb11a README.md: document gc() function
b41cb2d main: introduce -g flag to allow enabling periodic gc from cli
85d7885 lib: implement gc()
47528f0 vm: support automatic periodic GC runs
381cc75 types: treat vm->exports as GC roots
fcc49e6 compiler: add import statement support for dynamic extensions
c9442f1 vm: introduce new I_DYNLOAD opcode
b6fd8a2 lib: internally expose new uc_require_library() helper
a486adc vm: don't treat offset 0 special for exceptions
41ccd19 compiler: don't treat offset 0 special at syntax errors
b4a3f68 compiler: improve formatting of nested syntax error messages
5d5dadc program: remove now unused uc_program_export_lookup()
304995b compiler: rework export index allocation
506cc37 compiler: fix deriving module path from source runpath
54b7fac compiler: enforce stricter module compilation rules
d62e372 vm: don't initialize upvalues for module functions
b856602 program: add serialization and deserialization for module function flag
d7d1bde compiler: add a flag denoting module functions
156d584 treewide: unexport libucode internal functions
10e056d compiler: add support for import/export statements
862e49d compiler: resolve predeclared upvalues
78dfb08 compiler: require a name in function declarations
afd78c1 compiler: fix reported source position in inc/dec operator error
e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output
3c168b5 vm, cli: move search path into global configuration structure
d85bc71 vm: introduce import and export opcodes
365782e vm: honor constant flag of objects and arrays
6becc64 vm: transparently resolve upvalue references
3418967 vm: gracefully handle unresolved upvalues
50cf572 program: add function to globally lookup exported name
c441f65 program: add infrastructure to handle multiple sources per program
2322468 program: fix reporting source position of first instruction
9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode
41114a0 source: add tracking of exported symbols
70ae304 lib: honor constant flag of arrays
3c104f5 types: resolve upvalue references on stringification
3a6f9cb types: add ability to mark array and object values as constant
b738f3a lexer: recognize module related keywords
03c8e4b lexer: rewrite token scanner
fd433aa lexer: fix parsing with disabled block left stripping
557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family
35c6b73 compiler: fix stack mismatch on continue statements nested in switches
f673096 uloop: end uloop on exceptions in managed code
2e5426c ubus: end uloop on exceptions in managed code
c024270 rtnl: expose IFLA_STATS64 contents
d3c58c0 rtnl: expose ifinfomsg.ifi_change member
c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request
7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype
9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals
03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs
a1ed566 struct: add optional offset argument to `unpack()`
230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data
523566d rtnl: zero request message headers
56be30d rtnl: fix premature netlink reply receive abort
1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes."
44b0a3b struct: fix packing `*` format after other repeated formats

Also package uloop binding module which has been introduced by a previous
ucode update and introduce a host build with the basic set of modules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 3446d32616)
2022-08-25 10:31:56 +02:00
Eneas U de Queiroz
d94a28f7d2
uencrypt: add package to decrypt WG4хх223 config
This adds a simple AES-128-CBC encryption/decryption program using
either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223
configuration partitions.  The ipk size is 3,355 bytes.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit bc43ad88ed)
2022-08-19 14:44:07 +02:00
Christian Lamparter
bddfd3f7ed sdk: add spidev-test to the bundle of userspace sources
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.

this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.

Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit b479db9062)
2022-07-22 22:26:26 +02:00
Arınç ÜNAL
638220bfee packages: nvram: add NVRAM quirks for bcm53xx target
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the
bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys
EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.

Use boot() instead of start() as nvram commands are meant to be executed
only once, at boot.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit f4e219fd5e)
2022-06-07 16:18:20 +02:00
Jo-Philipp Wich
dad1533030 ucode: update to latest Git HEAD
d996047 syntax: adjust number literal parsing and string to number conversion
9efbe18 lib: refactor `uc_int()`
da3f089 lib: rework uc_index() implementation
559029e ci: make jobs faster during pull request testing

Fixes: #9923
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 251e70c887 and
 7f998088f0)
2022-06-01 13:49:53 +02:00
Jo-Philipp Wich
4575498276 ucode: update to latest Git HEAD
081871e compiler: fix segmentation fault on compiling unexpected unary expressions
090b426 fs: avoid input buffering with small limits in fs.readfile()
8da140f lib: introduce hexenc() and hexdec()
9a72423 Update README.md

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e2ce2a8d3c)
2022-05-20 20:08:19 +02:00
Kerma Gérald
fa8e050c4b f2fs-tools: fix resize.f2fs (#9800)
resolve issue
- https://github.com/openwrt/openwrt/issues/9800
add the upstream patch:
- f2fs-tools.git/patch/?id=f056fbeff08d30a6d9acdb9e06704461ceee3500

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 1aac1b36d3)
2022-05-01 13:23:12 +02:00
Jo-Philipp Wich
5a11704244 ucode: reorder BuildPackage calls
Ensure that the libucode recipe is processed before the ucode one in
order to reliably encode the ABI version into ucode's libucode dependency.

Fixes: #9788
Ref: https://forum.openwrt.org/t/fw4-wont-start-after-upgrade/126308
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 573ce80ca6)
2022-04-28 10:46:49 +02:00
Jo-Philipp Wich
23170c6f4e ucode: update to latest Git HEAD
e14b099 syntax: implement support for ES6 template literals
111cf06 vm: stop executing bytecode on return of nested calls
33f1e0b treewide: move json-c compat shims into internal header file
e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()`
2b59140 vm: fix callframe double free on unhanded exceptions
7d7e950 main: abort when failing to load a preload library
1032a67 lib: let `json()` accept input objects implementing `read()` method
5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()`
df6b861 ci: debian: change path before attempting to invoke Git operations
dfaf05a ci: debian: automatically update changelog from Git tag
34f3c45 ci: fix YAML syntax of Debian workflow
e956bcf fs: fix off-by-one in fs.dirname() function
6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv
7c2e082 build: remove legacy json-c check
77942af build: add polyfills for older libjson-c versions
0b4aaa3 CI: build Debian package
f404285 debian: Add package definition
a37f654 types: fix escape sequence encoding of high byte values in JSON strings
aae5312 Update README.md
8134e25 build: fix symlink install target
87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore
7d27ad5 build: only stage ucc symlink if compile support is enabled
171402f lib: add date and time related functions
8b5dc60 lib: provide API function to obtain stdlib function implementations
eb0d2f1 main: turn ucode into multicall executable
28ee7e1 uloop: add support for tasks
753dea9 CI: build on macOS
668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()`
ab46fdf treewide: remove legacy json-c include directives
b8f49b1 tests: 21_regex_literals: generalize syntax error test case
fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X
2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag
55c4a90 lib: disallow zero padding for %s formats
0d05cb5 tests: run_tests.sh: use greadlink if available
271e520 resolv: make OS X compatible
d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X
33397a3 uloop: use execvp() on OS X
bafdc8f lib: add naive sigtimedwait() stub for OS X
ada1585 build: consolidate CMakeLists.txt and cover OS X deviations
befbb69 include: add OS X compatible endian.h header
49838a8 include: rename include guards to avoid clashes with system headers
91f65de nl80211: add missing attributes and correct some attribute flags
b4a1fd5 lib: adjust require(), render() and include() raw mode semantics
4618807 main: rework CLI frontend
73dcd78 lib: fix potential integer underflow on empty render output
c402551 vm: fix crash on object literals with non-string computed properties
efe8a02 syntax: support add new operators
078d686 ubus: add event support
6c66c83 ubus: refactor error and argument handling
1cb04f9 ubus: add object publishing, notify and subscribe support
0e85974 uloop: clear errno before integer conversion attempts
05bd7ed types: treat resource type prototypes as GC roots
a2a26ca lib: introduce uloop binding
6b6d01f vm: release this context on exception in managed method call
1af23a9 tests: fix proto() testcase
4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits cef3e6a69c,
 0400774a10 and
 c59704334c)
2022-04-25 09:52:14 +02:00
Hauke Mehrtens
d18e365b17 busybox: Fix snprintf arguments in lock
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.

Fixes: 9d2b26d5a7 ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d80336e1a9)
2022-04-05 23:33:16 +02:00
Qichao Zhang
9d2b26d5a7 busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.

Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
(cherry picked from commit 34567750db)
2022-04-05 00:20:24 +02:00
Oskari Rauta
ef4bf8b403 util-linux: add lsns
lsns lists system namespaces

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2022-03-05 21:05:45 +01:00
Petr Štetiar
104e912c27 usbmode: update to version 2022-02-24
* usbmode: add config #0 and delay before actual config

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-26 13:36:30 +01:00
Vladislav Grigoryev
abd18bd033 jsonfilter: update makefile url
Specify URL as PKG_SOURCE_URL in the jsonfilter Makefile.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
2022-02-26 13:36:30 +01:00
Jo-Philipp Wich
4aea6d231b ucode: update to latest Git HEAD
a29bad9 compiler: fix patchlist corruption on switch statement syntax errors
86f0662 lib: change `ord()` to always return single byte value
116a8ce vallist: fix storing/retrieving short strings with 8bit byte value

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-12 20:51:22 +01:00
Jo-Philipp Wich
1847382456 ucode: update to latest Git HEAD
a317c17 compiler: fix incorrect loop break targets

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-08 23:46:21 +01:00
Jo-Philipp Wich
134c88c689 ucode: update to latest Git HEAD
11adf0c source: convert source objects into proper uc_value_t type
3a49192 treewide: rework function memory model
7edad5c tests: add functional tests for builtin functions
d5003fd lib: fix leaking tokener in uc_json() on parse exception
5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace()
3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match()
32d596d lib: fix infinite loop on empty regexp matches in uc_split()
3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode
3600ded vm: fix leaking function value on call exception
3059295 vm: NULL-initialize pointer to make cppcheck happy
98e59bf source: zero-initialize conversion union to make cppcheck happy
7a65c14 run_tests.sh: change workdir to testcase directory during execution
afec8d7 run_tests.sh: support placing supplemental testcase files
3ada6e0 run_tests.sh: always treat outputs as text data
2cb627f program: rename bytecode load/write functions, track path of executed file
1094ffa lib: fix memory leak in uc_require_ucode()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-07 11:44:36 +01:00
Stijn Tintel
2c929f8105 util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-05 17:48:56 +02:00
Hauke Mehrtens
8c2445a0e4 e2fsprogs: Update to version 1.46.5
The sizes of the ipk changed on MIPS 24Kc like this:
  8788 badblocks_1.45.6-2_mips_24kc.ipk
  8861 badblocks_1.46.5-1_mips_24kc.ipk

  3652 chattr_1.45.6-2_mips_24kc.ipk
  3657 chattr_1.46.5-1_mips_24kc.ipk

 58128 debugfs_1.45.6-2_mips_24kc.ipk
 60279 debugfs_1.46.5-1_mips_24kc.ipk

  8551 dumpe2fs_1.45.6-2_mips_24kc.ipk
  8567 dumpe2fs_1.46.5-1_mips_24kc.ipk

  4797 e2freefrag_1.45.6-2_mips_24kc.ipk
  4791 e2freefrag_1.46.5-1_mips_24kc.ipk

159790 e2fsprogs_1.45.6-2_mips_24kc.ipk
168212 e2fsprogs_1.46.5-1_mips_24kc.ipk

  7083 e4crypt_1.45.6-2_mips_24kc.ipk
  7134 e4crypt_1.46.5-1_mips_24kc.ipk

  5749 filefrag_1.45.6-2_mips_24kc.ipk
  6233 filefrag_1.46.5-1_mips_24kc.ipk

  4361 libcomerr0_1.45.6-2_mips_24kc.ipk
  4355 libcomerr0_1.46.5-1_mips_24kc.ipk

168040 libext2fs2_1.45.6-2_mips_24kc.ipk
174209 libext2fs2_1.46.5-1_mips_24kc.ipk

  8514 libss2_1.45.6-2_mips_24kc.ipk
  8613 libss2_1.46.5-1_mips_24kc.ipk

  3148 lsattr_1.45.6-2_mips_24kc.ipk
  3227 lsattr_1.46.5-1_mips_24kc.ipk

 22530 resize2fs_1.45.6-2_mips_24kc.ipk
 22909 resize2fs_1.46.5-1_mips_24kc.ipk

 33315 tune2fs_1.45.6-2_mips_24kc.ipk
 34511 tune2fs_1.46.5-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
18c6b99666 util-linux: Update to version 2.37.3
This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Hauke Mehrtens
693d7c12e8 util-linux: Do not build raw any more.
The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.

We do not package the raw tool, so this is not a problem.

This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-02-01 21:25:02 +01:00
Roman Azarenko
5bd926efa9 util-linux: add lslocks
This change adds the "lslocks" utility from util-linux.

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
2022-01-28 22:12:18 +01:00
Jo-Philipp Wich
0a29133b1f ucode: update to latest Git HEAD
c6dae42 LICENSE: add ISC license file
402f603 lib: introduce struct library
dcb6ffd struct: fix PowerPC specific compiler pragma name
a0512ea treewide: fix typo in exported function names and types
eaaaf88 nl80211: fix wiphy dump reply merge logic
e6efadb fs: add utility functions
54ef6c0 nl80211: fix premature netlink reply receive abort
07802f3 syntax: disallow keywords in object property shorthand notation
3489b75 vm: support object property access on resource value types
dc8027c types: consider resource prototypes when marking reachable objects
5680fab treewide: fix upvalue reference type name
0d29b25 treewide: fix "resource" misspellings
99fdafd vm: introduce value registry
66f7c00 ubus: add support for async requests
5c77dd5 fs: implement fdopen(), file.fileno() and proc.fileno()
b605dbf treewide: rework numeric value handling
599d233 vallist: store double values in a platform neutral manner
5bb9ab7 struct: reuse double packing routines from core
2fd7ab5 vm: optimize string concatenation
eafa321 lib: implement uniq() function
6b2e79a types: add initial infrastructure for function serialization
725bb75 compiler, vm: use a program wide constant list
6c2caf9 source: refactor source file handling
371ba45 program: implement support for precompiling source files
3578afe build: support building without compile capabilities
61d0a34 lib: replace usages of vasprintf() with xvasprintf()
03b6a8e syntax: drop legacy syntax support
01132db lib: fix %J string formats with precision specifier
3f44c42 lib: rework format string handling
a1b3c5d struct: implement `*` format, fix invalid memory accesses
34a04a2 run_tests.sh: fix exitcode evaluation
abe38e7 run_tests.sh: add ability to define environment variables for testcases
04fa2ba tests: reorganize testcase files
6a55d10 lib: fix exists() error return value
aa860a3 vm: fix `null` loose equality/inequality checks
3f6d199 vallist: uc_number_parse(): parse empty strings as `0`, not `NaN`
ddc5aa7 vm: fix NaN strict equality tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Jo-Philipp Wich
3d3d03479d ucode: add temporary fix for integer formatting on 32bit systems
The ucode VM always passes 64bit integer values to sprintf implementation
while the `%d` format expects 32bit integers on 32bit platforms, leading
to incorrect formatting results.

Temporarily solve the issue by casting the numeric argument to int until
a more thorough fix arrives with the next update.

Fixes: FS#4234
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-23 00:57:58 +01:00
Hauke Mehrtens
6ae657e459 util-linux: Add taskset
This adds the taskset application from util Linux.
It is already built, but not packaged yet.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2022-01-21 23:53:00 +01:00
Nick Hainke
607f06f81c mtd-utils: update to 2.1.4
Changes from 2.1.3 to 2.1.4:

Features:
      - ubiscan debugging and statistics utility

Fixes:
      - Some mtd-tests erroneously using sub-pages instead of the full page size
      - Buffer overrun in fectest
      - Missing jffs2 kernel header in the last release, leading to build
        failures on some systems.

Changes from 2.1.2 to 2.1.3:

Features:
       flashcp: Add new function that copy only different blocks
       flash_erase: Add flash erase chip
       Add flash_otp_erase
       Add an ubifs mount helper
       Add nandflipbits tool

Fixes:
       mkfs.ubifs: Fix runtime assertions when running without crypto
       mtd-utils: Use AC_SYS_LARGEFILE
       Fix test binary installation
       libmtd: avoid divide by zero
       ubihealthd: fix UBIFS build dependency
       mkfs.ubifs: remove OPENSSL_no_config()
       misc-utils: Add fectest to build system
       mkfs.ubifs: Fix build with SELinux
       Fix typos found by Debian's lintian tool
       Fix jffs2 build if zlib or lzo headers are not in default paths

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-16 20:51:14 +01:00
Hannu Nyman
a54b406ccb busybox: update to 1.35.0
Update busybox to 1.35.0

* refresh patches

Config refresh:

Refresh commands, run after busybox is first built once:

cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in

Manual edits needed after config refresh:

* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6

* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)

* Config-defaults.in: OpenWrt logic applied to
  BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)

* config/editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)

* config/shell/Config.in : change at "Options common to all shells" the symbol
  SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
  (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
  Apparently our script does not see the hidden option while
  prepending config options with "BUSYBOX_CONFIG_" which leads to a
  missed dependency when the options are later evaluated.)

* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2022-01-08 00:49:59 +01:00
Sergey V. Lobanov
04e6434c62 utils/mdadm: fix build on hosts without /run dir
CHECK_RUN_DIR=0 must be a part of MAKE_FLAGS, not MAKE_VARS, otherwise
it is not possible to compile mdadm on host without /run dir.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-08 00:49:59 +01:00
Paul Spooren
6ba8d510b8 lua: add HOST_FPIC for host builds
Compiling without fPIC causes linking issues for packages using liblua.

Add $(HOST_FPIC) to host builds for both lua and lua5.3.

Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-03 10:34:31 +01:00
Sergey V. Lobanov
6bfc8bb4a3 utils/px5g-wolfssl: make selfsigned certicates compatible with chromium
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication

SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00
Rafał Miłecki
942facd14f otrx: update to the latest master
56e8e19 otrx: support TRX from stdin when extracting
a37ccaf otrx: support unsorted partitions offsets
1fa145e otrx: extract shared code opening & parsing TRX format
4ecefda otrx: allow validating TRX from stdin
cf01e69 otrx: avoid unneeded fseek() when calculating CRC32

Fixes: 80041dea70 ("bcm53xx: sysupgrade: refactor handling different firmware formats")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 13:48:08 +01:00
Rafał Miłecki
a2cf659ad8 dtc: support printing binary data with fdtget
It's needed for extracting binary images.

Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 08:51:09 +01:00
Rafał Miłecki
80fe8d027c dtc: import package for dtc & fdt from packages feed
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.

fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.

sysupgrade is core functionality so it needs dtc as part of base code
base.

Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 08:36:26 +01:00
Eneas U de Queiroz
93a42cf16e f2fstools: set each library package VARIANT
Set the different libf2fs packages's VARIANT, so that the right settings
will be used by each different variant, if they are both being built.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-11-01 20:18:55 +01:00
Dominick Grift
61a36cefd6 secilc: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/secilc/docs: Update the CIL documentation
secilc: fix memory leaks in secilc2conf
secilc: fix memory leaks in secilc
libsepol/cil: Add support for using qualified names to secil2conf
libsepol/cil: Add support for using qualified names to secil2tree
secilc: Add support for using qualified names to secilc
secilc/test: Add test for anonymous args
secilc/docs: Relocate and reword macro call name resolution order
secilc/docs: Document the order that inherited rules are resolved in
secilc: Create the new program called secil2tree to write out CIL AST
secilc/docs: Update the CIL documentation for various blocks
secilc.c: Don't fail if input file is empty
cil_conditional_statements.md: fix expr definition
secilc/docs: Lists are now allowed in constraint expressions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[re-apply now that libsepol is up-to-date as well]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-31 13:02:49 +00:00
Daniel Golle
19c5277206
Revert "secilc: update to version 3.3"
This reverts commit 2da891e735.
secilc 3.3 requires libsepol to be version 3.3 as well and doesn't
build otherwise. Revert for now.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-29 14:16:35 +01:00
Dominick Grift
2da891e735 secilc: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/secilc/docs: Update the CIL documentation
secilc: fix memory leaks in secilc2conf
secilc: fix memory leaks in secilc
libsepol/cil: Add support for using qualified names to secil2conf
libsepol/cil: Add support for using qualified names to secil2tree
secilc: Add support for using qualified names to secilc
secilc/test: Add test for anonymous args
secilc/docs: Relocate and reword macro call name resolution order
secilc/docs: Document the order that inherited rules are resolved in
secilc: Create the new program called secil2tree to write out CIL AST
secilc/docs: Update the CIL documentation for various blocks
secilc.c: Don't fail if input file is empty
cil_conditional_statements.md: fix expr definition
secilc/docs: Lists are now allowed in constraint expressions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
a8c293ce8d policycoreutils: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
libselinux/semodule: Improve extracting message
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
policycoreutils: free memory of allocated context in newrole
policycoreutils: free memory of allocated context in run_init
policycoreutils: free memory on lstat failure in sestatus
policycoreutils: silence -Wextra-semi-stmt warning
fixfiles: do not exclude /dev and /run in -C mode
policycoreutils/setfiles: do not create useless setfiles.8.man file

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
b97890d75e checkpolicy: update to version 3.3
Update VERSIONs to 3.3 for release.
checkpolicy: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
checkpolicy: delay down-cast to avoid align warning
checkpolicy: drop incorrect cast
checkpolicy: update documentation
checkpolicy: print reason of fopen failure
checkpolicy: policy_define: cleanup declarations
Update VERSIONs to 3.3-rc2 for release.
checkpolicy: free extended permission memory
checkpolicy: print warning on source line overflow
checkpolicy: error out on parsing too big integers
checkpolicy: avoid implicit conversion
checkpolicy: resolve dismod memory leaks
checkpolicy: add missing function declarations
checkpolicy: mark file local functions in policy_define static
checkpolicy: mark read-only parameters in module compiler const
checkpolicy: misc checkpolicy tweaks
checkpolicy: misc checkmodule tweaks
checkpolicy: enclose macro argument in parentheses
Update VERSIONs and Python bindings version to 3.3-rc1 for release
checkpolicy: mark read-only parameters in policy define const
checkpolicy/test: mark file local functions static
checkpolicy: parse_util drop unused declaration
checkpolicy: drop redundant cast to the same type
checkpolicy: avoid potential use of uninitialized variable
checkpolicy: check before potential NULL dereference
checkpolicy: remove dead assignments
checkpolicy: follow declaration-after-statement
checkpolicy: use correct format specifier for unsigned
checkpolicy: drop dead condition
checkpolicy: simplify assignment
checkpolicy: drop -pipe compile option
checkpolicy: pass CFLAGS at link stage
checkpolicy: silence -Wextra-semi-stmt warning
checkpolicy: Do not automatically upgrade when using "-b" flag
libsepol/checkpolicy: Set user roles using role value instead of dominance

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Jo-Philipp Wich
269bdf6eef ucode: update to latest Git HEAD
0f022aa lib: increase refcount when returning cached module instance
c9e68bb lib: introduce resolver library
9041e24 lib: fix uninitialized memory access on handling %J string formats
4ee06d8 syntax: introduce optional chaining operators
ce4a7d9 vm: reset callframes before invoking unhandled exception handler
218e822 vm: clear exception information before calling managed code functions
5b908bd ubus: properly handle signed 64bit values too
e43b751 ubus: fix handling signed 16bit and 32bit integers
137428f nl80211: fix issues spotted by static code analyzer
b9d4f61 nl80211: treat signal attr values as signed integers
9a7c355 nl80211: expose sta_info attributes
bb358d9 lib: introduce Linux 802.11 netlink binding
914f54c types: fix invalid memory access on setting non-contiguous array indexes
631f00d main: fix leaking module name when processing -m flag
e55188b compiler: properly handle jumps to offset 0
98c4147 tests: support specifying cmdline args in testcase files
64e4f68 types: fix formatting escape sequences for 8 bit chars
dd86e1d rtnl: automatically derive message family from certain address attrs
74fdb97 rtnl: expose IPv4 and IPv6 devconfig information
7fa1008 rtnl: allow reply nla payloads to be smaller than headsize
cbae3cb lib: introduce Linux route netlink binding
e6dd389 ci: adjust build prereqs for GitHub as well
07ae165 ci: add libnl-tiny to prereqs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-10-25 23:08:42 +02:00