Update the lua5.3 package to build a shared object just like the old lua
package. Ported / recreated the same patch number as the other lua
package. Built and tested library / interpreter on BCM5301X.
Signed-off-by: Colby Whitney <colby.whitney@luxul.com>
No size increase on busybox binary.
Since busybox mkswap is already enabled by default it seems reasonable
to enable swapon/off too. For ex. this obsoletes installing block-mount
dependency for zram-swap.
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Fix wrong paths in InstallDev which cause Lua 5.3 headers to be staged
in /usr/include/, overwriting Lua 5.1 headers and leading to widespread
build failures in all Lua related packages.
Fixes: FS#2348
Fixes: 6b161bb8d5 ("lua5.3: package Lua 5.3 version")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The plan for packaging Lua is to have "lua5.1" and "lua5.3" packages
with only the first one having "lua" alias (PROVIDES) for backward
compatibility with existing packages.
Putting PROVIDES in lua5.3 was a copy & paste mistake.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It apparently requires passing V variable explicitly.
Fixes: fe59b46ca7 ("lua: include version number in installed files")
Reported-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This package provides an interpreter and compiler for Lua 5.3.5. It has
been decided to use separated package due to a backward incompatibility
of Lua 5.2 and 5.3.
This package/version:
1) Does not include lnum patch as its author didn't decide to port it to
the new version.
2) Does not provide shared library as the old patch doesn't apply
anymore. It can be added later if needed.
3) Does not come with examples package as tests were dropped by upstream
developers.
That said there is definitely a room for improvement and any further
work is highly appreciated. It works however and can be safely pushed as
a basic/early package release.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
cd7eabcd8c9d ugps: Fix compilation under 64-bit
198c06051dd0 Fix build error caused by enabled extra compiler warnings
fc2ab8756b3b Enable extra compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf
parser became more strict as a side effect and started to spew a series of
warnings when evaluating our generated kconfig sources:
tmp/.config-package.in:705:warning: ignoring unsupported character '@'
The root cause of these warnings is a wrong use of the @SYMBOL dependency
syntax in various Makefile. Fix the corresponding Makefiles by turning
`@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Update busybox to version 1.31.0.
New applets: ts, i2ctransfer
New (restored) feature: error/info levels in syslog messages.
Leave new features disabled by default.
* Refresh patches
* Remove patch that was backported from upstream
Config refreshed with commands below, after which the OpenWrt specific
config defaults (ipv6, login session child) were corrected:
make package/busybox/compile (to populate the build_dir)
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-1.31.0
cd package/utils/busybox
./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-1.31.0/.config > Config-defaults.in
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in busybox.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6
The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
ip -4 address flush dev $pi_ifname
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.
On x86_64 host (stock Lua 5.1.5, expected output):
$ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
2147483648
8796093022208
4294967296
On x86_64 host:
$ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
0
0
On x86_64 target:
$ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
0
0
On ath79 target:
$ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
8796093022208
4294967296
It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.
Run tested on:
* Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
* qemu/x86_64
* qemu/armvirt_64
* ath79
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.
Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.
Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
AVM devices based on Qualcomm IPQ40xx do not store sector health
information in the OOB area. Make this check optional to support this
platform.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add missing /usr/sbin install dir fixing :
install: cannot create regular file 'build_dir/target-x86_64_musl/busybox-1.30.1/.pkgdir/busybox/usr/sbin/ntpd-hotplug': No such file or directory
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A tool for reading the TFFS partitions (a name-value storage usually
found in AVM Fritz!Box based devices) on nand flash.
Copyright (c) 2018 Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.DE>
Based on the fritz_tffs_read tool:
Copyright (c) 2015-2016 Martin Blumenstingl <martin.blumenstingl@googlemail.com>
and on the TFFS 2.0 kernel driver from AVM:
Copyright (c) 2004-2007 AVM GmbH <fritzbox_info@avm.de>
and the TFFS 3.0 kernel driver from AVM:
Copyright (C) 2004-2014 AVM GmbH <fritzbox_info@avm.de>
and the OpenWrt TFFS kernel driver:
Copyright (c) 2013 John Crispin <blogic@openwrt.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Signed-off-by: Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.de>
Signed-off-by: Andy Binder <AndyBinder@gmx.de>
The change was made with the following commands
cd package/utils/busybox/config
../convert_menuconfig.pl ~/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/busybox-1.30.1
convert_defaults.pl has no changes other than overwriting defaults for
BUSYBOX_DEFAULT_FEATURE_IPV6
Resolves FS#2146
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is to align with upstream change 72089cf ("config: deindent all
help texts") and to make the follow-up change syncing Config.in files
with current busybox version more reviewable
It was made with the following commands
cd package/utils/busybox/config
find . -name 'Config.in' | xargs sed -ir -e 's/^\t \([^ ]\)/\t\1/'
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Minor bugfix release. Fixes for
* bc/dc
* sed (backslash parsing for 'w' command)
* ip (vlan fixes)
* grep (fixes for -x -v)
* ls (-i compat)
No need to refresh patches or config defaults
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
If a user finds that logd is too barebone for their needs and wishes
to have more control over syslog, the user presently has an option
to enable CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG and configure syslog
with settings in /etc/syslog.conf.
Presently /etc/syslog.conf silently disappears on sysupgrade. This
patch prevents such unwanted behaviour if busybox syslog is enabled
via CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Added e4crypt tool for encrypting files and directories. To work properly
requires kernel and work on keyutils. That will be done in a future commit
Some top-level reorganization for consistency between packages.
Tested on GnuBee PC1 (mt7621).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.
In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.
Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds a wrapper (uci_load_validate) for uci_validate_section() that
allows callers (through a callback function) to access the values set by
uci_validate_section(), without having to manually declare a
(potentially long) list of local variables.
The callback function receives two arguments when called, the config
section name and the return value of uci_validate_section().
If no callback function is given, then the wrapper exits with the value
returned by uci_validate_section().
This also updates several init scripts to use the new wrapper function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Commit 3f0eb71dae added ALTERNATIVES for wget but not in correct
alphabetical order; increase PKG_RELEASE as well.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Busybox wget applet conflicts with the version from uclient.
Fix this by using ALTERNATIVE support for wget in busybox.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Set the LDFLAGS otherwise it will not get the target hardening flags or
any other generic flags provided in the LDFLAGS
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently busybox find and xargs conflict with the versions from
findutils package. Fix this by using ALTERNATIVES in busybox
and the related findutils (from packages feed) commit.
The conflict is due to the binaries being in the the same place
in rootfs and opkg not being happy about that.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Update busybox to 1.30.0.
Refresh patches.
Leave new features disabled by default.
Config refreshed via:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0
make package/busybox/compile
cd package/utils/busybox
./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0/.config > Config-defaults.in
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Added two upstream mailing list patches that fix behavior under big endian
systems. Issue was present since version 1.11.0.
Tested on Turris Omnia.
Original discussion: https://github.com/openwrt/openwrt/pull/1575
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use Gentoo and FreeBSDs distfile caches as mirrors because
main site/domain is abandoned.
Source: https://lwn.net/Articles/762264/
Fixes FS#1913
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes the following build error:
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait'
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit 9f0cb135dd made BUSYBOX_CONFIG_FEATURE_IPV6 dependant on IPV6 but
did not make its default value BUSYBOX_DEFAULT_FEATURE_IPV6 dependant
on IPV6. BUSYBOX_DEFAULT_FEATURE_IPV6 will have as default value y if
IPV6 is enabled otherwise n.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
/etc/config/mdadm is only used by the init script which is ran as root.
There is no need for it to be readable by anything else.
Added PKG_CPE_ID for proper CVE tracking.
Small reorganization for consistency between Makefiles.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy
Signed-off-by: Bruno Randolf <br1@einfach.org>
Update util-linux to 2.32.1
For release notes see https://lwn.net/Articles/759922/
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The WD My Net Range Extender stores the MAC addresses inside the
nvram partition. This utility can extract it, but it's currently
not avilable on the ath79 target. Hence, this patch adds the
necessary target declaration, so it can be built.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The BZIP2_SMALL option was not being exposed via Config.in which
caused the build to fail as 'yes' is piped to the config during
build. As it's expecting a number, it gets stuck in a loop.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
Update mbed TLS to 2.11.0
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Some of the ubi-tools in the upstream mtd-utils have been
broken by a bad patch upstream. It causes major breakage
during sysupgrade when the kernel, rootfs, ... volumes
are deleted in the wrong order.
This patch therefore reverts the faulty upstream commit which
fixes the bug.
linux-mtd mailing-list thread:
<http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html>
Cc: John Crispin <john@phrozen.org>
Reported-by: L. Wayne Leach <LLeachii@aol.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This reverts a change made in Sep 2017 [1] which introduced
MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a
different subnet. That change violates RFC2131 by forcing fully
configured clients, who got their configurations through an offer
relayed by a DHCP relay, from renewing through a unicast request
directly to the DHCP server, resulting in the client resorting to
boradcasting lease extension requests instead of unicasting them,
further breaking RFC2131.
The problem with MSG_DONTROUTE appears when talking to a properly
configured DHCP server that rejects non-compliant requests. Such server
will reject lease extension attempts sent via broadcast rather than
unicast, as is the case with Finnish ISPs Telia and DNA as well as
Estonian ISP Starman. Once the lease expires without renewal, udhcpc
enters init mode, taking down the interfaces with it, and thus causing
interruption on every lease expiry. On some ISPs (such as the ones
mentioned above) that can be once every 10-20 minutes. The interruptions
appear in the logs as such:
----
udhcpc: sending renew to x.x.x.x
udhcpc: send: Network unreachable
udhcpc: sending renew to 0.0.0.0
udhcpc: sending renew to 0.0.0.0
...
udhcpc: lease lost, entering init state
Interface 'wan' has lost the connection
Interface 'wan' is now down
Network alias 'eth0' link is down
udhcpc: sending select for y.y.y.y
udhcpc: lease of y.y.y.y obtained, lease time 1200
Network alias 'eth0' link is up
Interface 'wan' is now up
----
During lease extension, a fully configured client should be able to
reach out to the server from which it recieved the lease for extension,
regardless in which network it is; that's up to the gateway to find. [2]
This patch ensures that.
[1]
http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html
[2]
https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/
understanding-dhcp-relay-agents
Signed-off-by: Adi Shammout <adi.shammout@outlook.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
010-fix-rpmatch.patch is upstream, removed from our patchset
The file structure is changed, modify patch accordingly
use CONFIGURE_ARGS to disable tests, xattr and lzo
Compile and run tested on mvebu and x86_64
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Bug fix release. 1.28.3 has fixes for
* ash and hush (do not leave stray open file destriptors in children),
* cpio (fix for symlink extraction),
* grep ("grep -Fw a" was matching "aa").
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
flash_erase utility allows to erase MTD partitions on NAND flash.
Useful when you want to clean or write an MTD partition from scratch.
e.g., before using kobs-ng to flashing SPL images it's recommended
to erase the MTD partition to ensure it's empty.
Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
Update busybox to 1.28.2, refresh patches and default config.
* modify 230-add_nslookup_lede.patch as opt_complementary was removed
Also move nslookup_longopts variable declaration to be inside
the same conditional as the function itself.
* modify 250-date-k-flag.patch to match upstream (opt_complementary)
* remove 600-cve-2017-16544.patch that is upstreamed
Notes about config changes:
* Some applet-specific LONG_OPTIONS config options were removed
* Config help text indentation changed, caused lots of
text formatting changes for convert_menuconfig.pl
* convert_defaults.pl moved lots of defaults around, summary of
actual changes below
New applets/features:
---------------------
ARCH
HEXEDIT
MINIPS
NETCAT
NUKE
RESUME
RUN_INIT
SETFATTR
New options:
------------
FEATURE_CATN
FEATURE_CROND_SPECIAL_TIMES
FEATURE_LIBBUSYBOX_STATIC
FEATURE_SETPRIV_CAPABILITIES
FEATURE_SETPRIV_CAPABILITY_NAMES
FEATURE_SETPRIV_DUMP
FEATURE_SH_READ_FRAC
FEATURE_SWAPONOFF_LABEL
FEATURE_VOLUMEID_MINIX
FEATURE_XARGS_SUPPORT_ARGS_FILE
FEATURE_XARGS_SUPPORT_PARALLEL
HUSH_GETOPTS
HUSH_READONLY
HUSH_TIMES
Removed:
--------
FEATURE_HAVE_RPC
MSH
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Drop providing the virtual package ip by busybox which was added in commit
1cec4d4ef0.
Letting busybox provide the virtual package ip is not optimal for the
following reasons :
- Applications depending on ip expect either the ip-full or
ip-tiny package to be enabled.
- Busybox ip applet cannot be added or removed at runtime
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This callback should have one parameter less, this parameter is not used
so this was not a so big problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
libext2fs breaks krb5 by always installing its own copies of libcom_err.so
and libss.so.
Move the libraries into separate libcomerr and libss packages respectively
and add a host build recipe to stage the required compile_et and mk_cmds
utilities for use by other packages.
This allows the krb5 package to be fixed to use the system wide libcomerr
and libss libraries.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[rename libcom_err to libcomerr, make compile_et and mk_cmds relocatable,
cleanup makefile, add dependency on host build, reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
busybox tries to be smart and passes a number of additional flags to the
compiler. Unfortunately, the i386-specific flags break ABI compatiblity
with libc.
Fixes busybox crashes observed on x86-generic with GCC 7.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.
Fixes: FS#1181 - CVE-2017-16544:
Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8https://nvd.nist.gov/vuln/detail/CVE-2017-16544
Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.
The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems
Signed-off-by: John Crispin <john@phrozen.org>
Usually this function is called for appending some small files only
(like fs marks) but let's just make it more generic and capable of
handling bigger files easily. Increasing buffer to 1 KiB shouldn't hurt.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It was there in case of adding some "create" command options that should
be parsed before actually creating the output image. It seems we don't
need any at this point so let's drop this function for now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
There is no need to allocate buffer as big as the whole image in order
to calculate CRC32. It's enough to use small buffer and just read file
content block by block.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This requires changing this helper to accept initial/current CRC32
value as argument but it allows dropping duplicated (complex?) code
calculating the CRC32.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.
Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.
Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
getrandom blocks until the random pool is being initialized.
Unfortunately, this code is being called early during init to create the
overlay filesystem, on some devices leaving little chance for a
successful random pool init.
True randomness is not that important here, so fix this issue by
sticking to using /dev/urandom, like in older versions of this code.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Refresh patches, delete patches backported from upstream.
This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
busybox currently installs passwd into /usr/bin which prevents its
'full' shadow-utils variant from being installed.
Move the passwd applet to /bin to avoid that collision.
shadow also provides /usr/bin/login which doesn't collide with busybox
as the busybox login applet is installed at /bin/login.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
busybox currently installs traceroute and traceroute6 into /usr/bin
which prevents their 'full' iputils variants from being installed.
Move those applets to /bin so they can coexist with their iputils
siblings using the same PATH convention already applied for coreutils
and other drop-in 'full' versions.
Refresh existing patch while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Override the failing check in configure with CONFIGURE_VARS instead of
carrying a patch that's unlikely to be accepted by upstream.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
Commit e505f59bd9 "utils/util-linux: Update to 2.30.1" bumped util-linux
without properly adjusting the dependencies of all applets.
Add missing ncursesw dependencies to sfdisk and dmesg applets to fix
packaging issues.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Revert this commit as it introduces a patchfile at a wrong location.
Since the patch was never effective, we can assume that this particular
commit was not properly tested.
This reverts commit dde9da46c1.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix memory leak on nvram_open() and nvram_open_rdonly().
For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.
For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>