Commit Graph

868 Commits

Author SHA1 Message Date
Adrian Schmutzler
e7bfda2c24 brcm63xx: rename target to bcm63xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
Adrian Schmutzler
8fe5ad5d33 brcm47xx: rename target to bcm47xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
Kevin Darbyshire-Bryant
dba431d8ab procd: seccomp: fix resource leak
Bump to latest commit:

c30b23e seccomp: fix resource leak

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-11 18:54:29 +00:00
Hans Dedecker
7df120b1b0 uci: fix PKG_SOURCE_VERSION value
Fixes PKG_SOURCE_VERSION value which was wrongly set in commit f6e07c8284

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 21:50:59 +01:00
Hans Dedecker
39a49c2d6a procd: update to latest git HEAD
Fixes c0c988e179

bcb8655 instance: add 'requirejail' attribute

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 19:26:00 +01:00
Kevin Darbyshire-Bryant
c0c988e179 procd: support 'requirejail' attribute
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.

bcb8655 instance: add 'requirejail' attribute

An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.

Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-04 21:51:11 +00:00
Hans Dedecker
f6e07c8284 uci: update to version 2020-01-27
e8d8373 file: fix segfault in uci_parse_option
aa5e77a file: fix segfault in uci_parse_config

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-02 18:59:43 +01:00
Jo-Philipp Wich
c69c20c667 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-29 17:00:53 +01:00
Petr Štetiar
76bbe4b960 procd: update to version 2020-01-24
00aafc4f439e procd: show process's exit code
856b5f8be046 state: fix reboot causing shutdown inside LXC container
b44417c20c7f instance: provide error feedback if ujail binary is missing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Petr Štetiar
0f81a0979c fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:25:56 +01:00
Petr Štetiar
3d8edd9bb4 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:16:01 +01:00
Daniel Golle
97a03a4760 procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
 ba69639 jail: create resolv.conf symlink for netns jails
 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/

Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 12:52:12 +02:00
Petr Štetiar
63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Maxim Storchak
5f07b6f367 zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-01-15 20:49:00 +01:00
Petr Štetiar
3d62463755 rpcd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:44 +01:00
Petr Štetiar
9c628cc76c procd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 procd Installed-Size: 44931 -> 47362

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:35 +01:00
Petr Štetiar
d38dd6e1ef ubus: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 ubus  Installed-Size:  5602 ->  5950
 ubusd Installed-Size: 11643 -> 12119

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:03 +01:00
Hauke Mehrtens
2d80f7e836 rpcd: Update to version 2020-01-05
efe51f4 iwinfo: add current hw and ht mode to info call

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:21:48 +01:00
Hauke Mehrtens
5877280463 ubus: Update to version 2020-01-05
d35df8a ubus: make libubus ready for linking into C++

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Jo-Philipp Wich
22a178e892 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-05 18:40:22 +01:00
Petr Štetiar
059505d614 procd: update to version 2020-01-04
a5af33ce9a16 instance: strdup string attributes
d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
9814807bd71c system: sysupgrade: fix possibly misleading error
c7a2db3c1eb6 system: sysupgrade: rework firmware validation
ea45c4a0f07c system: fix failing image validation due to EINTR
4fde95506243 cmake: fix lookup of external libraries

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Hans Dedecker
051b9a144f ubox: update to version 2019-12-31
0e34af1 kmodloader: added -a arg to modprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-31 14:35:35 +01:00
Daniel Golle
37929ddb70 procd: fix running jailed non-root process
Setting user and group for a jailed process caused the jail not to
come up. Fix this by passing user and group to ujail and change
user only once the jail has been setup.
This allows jailing services which refuse to run as root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-30 20:32:10 +02:00
Hans Dedecker
3fe29ffa7b ubox: update to latest git HEAD
b30e0df kmodloader: print an error when no kernel module dir can be found
17689b6 logread: add option to filter for facilities
c9ffeac kmodloader: added -v arg to modeprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-28 21:25:56 +01:00
Petr Štetiar
36bace78b7 ubus: update to version 2019-12-27
Fixes socket descriptor passing and bumps ABI_VERSION to 20191227.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 08:09:50 +01:00
Petr Štetiar
7cb018c591 ubus: update to version 2019-12-19
Contains following changes:

 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks

and bumps ABI_VERSION to 20191219.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:54:42 +01:00
Petr Štetiar
2544cb1ba3 ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:47:18 +01:00
Florian Eckert
432ec292cc rpcd: add respawn param
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-12-23 00:22:07 +01:00
Maxim Storchak
dd299805ad ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2019-12-23 00:22:07 +01:00
Jo-Philipp Wich
5f4244150f fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 21:30:02 +01:00
Rafał Miłecki
4ebc9dc9c4 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-20 08:20:16 +01:00
Petr Štetiar
b70052c6e6 uci: update to latest Git HEAD
165b44413145 uci: Fix extra semicolons warnings
66264ed9ec9e cmake: add more hardening compiler flags
cca6f105fae2 libuci: refactor uci_get_errorstr
750b046eb77f tests: cram: Lua: add test case for uci_get_errorstr
654d7c33da28 lua: add missing forward declaration
03dfbbe6fef7 cli: fix format string clang-10 warning

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Jo-Philipp Wich
762aac50c0 rpcd: update to latest Git HEAD
aaa0836 file: extend exec acl checks to commands with arguments

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-17 08:33:33 +01:00
Daniel Golle
9c272dd3e4 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-29 00:09:48 +01:00
Hans Dedecker
9057708b3d procd: update to latest git HEAD
3aa051b system: sysupgrade: close input side of pipe before reading

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-26 22:16:43 +01:00
Petr Štetiar
8f0a540648 fwtool: update to latest Git head
8f7fe925ca20 cmake: use extra compiler warnings only on gcc6+

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
240d590ca4 uci: update to latest Git head
8dd50da20de0 lua: fix error handling
 a2cab3b088a2 ucimap: fix possible use of memory after it is freed
 9cf978bc7964 delta: prevent possible null pointer use
 7736f497d2d9 cli: remove unused variable assigment
 39093f3b040d lua: fix memory leak in set method
 19ceff323f1e lua: fix memory leak in changes method
 18049a84fe40 tests: add cram based unit tests
 2b549cc050de lua: fix copy&paste in error string
 f5dd5217d627 cli: fix realloc issue spotted by cppcheck
 af59f86a0db9 iron out all extra compiler warnings
 1637d2918692 tests: shunit2: run all tests under Valgrind by default
 c1af73bfb023 cmake: enable extra compiler checks
 be69504e3666 cmake: build Lua module only if enabled
 38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck
 266fc9e94c1e add initial GitLab CI support
 17d6144a49c6 tests: shunit2: make it working under CMake
 a6e8bbefd860 cmake: add unit testing option and shunit2 tests
 0ca93fec701a test: move shunit2 tests under standalone subdirectory

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
4ba8f7b1ef fwtool: update to latest Git head
Includes following changes:

 9d9d4c284786 fix possible garbage in unitialized char* struct members
 dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header
 76d53deef8bb crc32: add missing stdint.h dependency
 e5666ed3b47c add cram based unit tests
 abe0cf7de053 add initial GitLab CI support
 e43042507b4f iron out extra compiler warnings
 5df0cd6e1523 convert into CMake project
 a7dc0526f819 refactor into separate Git project

adds missing PKG_LICENSE field and converts the package build to utilize
CMake.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-11 16:37:13 +01:00
Jo-Philipp Wich
aa89bdcd04 rpcd: update to latest Git HEAD
77ad0de plugin: avoid truncating numeric values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-10 21:35:00 +01:00
Michael Heimpold
2249780fb7 procd: start additional consoles during hotplugging
Now that 'start-console' procd command has reached the main repo,
we can add a rule to start consoles on serial devices which are
created when USB gadget driver reports creation with hotplugging.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-11-09 12:56:30 +01:00
Hauke Mehrtens
6ffd8a8f92 usign: Activate LTO compile option
This decreases the size of the usign application by 16% on MIPS BE.

old:
24,597 /usr/bin/usign

new:
20,501 /usr/bin/usign

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:54 +01:00
Hauke Mehrtens
1eb34b7287 mtd: Activate LTO compile option
This decreases the size of the mtd application by 25% on MIPS BE.

old:
20,597 /sbin/mtd

new:
16,421 /sbin/mtd

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:52 +01:00
Hauke Mehrtens
a43a40c49e uci: update to latest to version 2019-11-08
fc417e8 build: Add -Wclobbered to detect problems with longjmp
2c8e4a3 util: Fix error path

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:56:43 +01:00
Hauke Mehrtens
6f3a293532 procd: Update to version 2019-11-02
f47622e instance: Warn about unexpected number of parameters
564ecdf instance: ujail: Fix allocated size for no_new_privs parameter
7fb2e1d procd: simplify code in procd_inittab_run
4a127c3 procd: replace exit(-1) with exit(EXIT_FAILURE)
bc0a73e procd: add upgraded binary to .gitignore
ba4c4db procd: add start-console support
3e39fe5 procd: shift arguments for askfirst only once
5d62829 procd: skip respawn in case device disappeared
d27949f procd: guard fork_worker calls

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-03 20:25:07 +01:00
Yousong Zhou
e4af39d563 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-03 04:25:37 +00:00
Jo-Philipp Wich
c2675bb0ce rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01 13:26:59 +01:00
Hans Dedecker
bf4ffa3cbe procd: update to latest git HEAD
258aa04 procd: Add cached and available to memory table

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-22 21:47:34 +02:00
Petr Štetiar
ed67b137c7 urngd: update to latest Git head
* 40f939d57c67 Tag version 1.0.1
 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
 * 193586a25adc Fix wrong types in format strings used in debug build
 * d474977bb611 Add initial GitLab CI support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-21 22:04:20 +02:00
Alin Nastac
ddf6ec29b4 procd: allow usage of * as procd_running() instance parameter
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.

jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2019-10-18 19:28:11 +02:00
Jo-Philipp Wich
889b841048 fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-17 17:07:12 +02:00