Added e4crypt tool for encrypting files and directories. To work properly
requires kernel and work on keyutils. That will be done in a future commit
Some top-level reorganization for consistency between packages.
Tested on GnuBee PC1 (mt7621).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.
In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.
Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds a wrapper (uci_load_validate) for uci_validate_section() that
allows callers (through a callback function) to access the values set by
uci_validate_section(), without having to manually declare a
(potentially long) list of local variables.
The callback function receives two arguments when called, the config
section name and the return value of uci_validate_section().
If no callback function is given, then the wrapper exits with the value
returned by uci_validate_section().
This also updates several init scripts to use the new wrapper function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Commit 3f0eb71dae added ALTERNATIVES for wget but not in correct
alphabetical order; increase PKG_RELEASE as well.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Busybox wget applet conflicts with the version from uclient.
Fix this by using ALTERNATIVE support for wget in busybox.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Set the LDFLAGS otherwise it will not get the target hardening flags or
any other generic flags provided in the LDFLAGS
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently busybox find and xargs conflict with the versions from
findutils package. Fix this by using ALTERNATIVES in busybox
and the related findutils (from packages feed) commit.
The conflict is due to the binaries being in the the same place
in rootfs and opkg not being happy about that.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Update busybox to 1.30.0.
Refresh patches.
Leave new features disabled by default.
Config refreshed via:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0
make package/busybox/compile
cd package/utils/busybox
./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0/.config > Config-defaults.in
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Added two upstream mailing list patches that fix behavior under big endian
systems. Issue was present since version 1.11.0.
Tested on Turris Omnia.
Original discussion: https://github.com/openwrt/openwrt/pull/1575
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use Gentoo and FreeBSDs distfile caches as mirrors because
main site/domain is abandoned.
Source: https://lwn.net/Articles/762264/
Fixes FS#1913
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes the following build error:
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait'
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit 9f0cb135dd made BUSYBOX_CONFIG_FEATURE_IPV6 dependant on IPV6 but
did not make its default value BUSYBOX_DEFAULT_FEATURE_IPV6 dependant
on IPV6. BUSYBOX_DEFAULT_FEATURE_IPV6 will have as default value y if
IPV6 is enabled otherwise n.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
/etc/config/mdadm is only used by the init script which is ran as root.
There is no need for it to be readable by anything else.
Added PKG_CPE_ID for proper CVE tracking.
Small reorganization for consistency between Makefiles.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy
Signed-off-by: Bruno Randolf <br1@einfach.org>
Update util-linux to 2.32.1
For release notes see https://lwn.net/Articles/759922/
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The WD My Net Range Extender stores the MAC addresses inside the
nvram partition. This utility can extract it, but it's currently
not avilable on the ath79 target. Hence, this patch adds the
necessary target declaration, so it can be built.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The BZIP2_SMALL option was not being exposed via Config.in which
caused the build to fail as 'yes' is piped to the config during
build. As it's expecting a number, it gets stuck in a loop.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
Update mbed TLS to 2.11.0
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Some of the ubi-tools in the upstream mtd-utils have been
broken by a bad patch upstream. It causes major breakage
during sysupgrade when the kernel, rootfs, ... volumes
are deleted in the wrong order.
This patch therefore reverts the faulty upstream commit which
fixes the bug.
linux-mtd mailing-list thread:
<http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html>
Cc: John Crispin <john@phrozen.org>
Reported-by: L. Wayne Leach <LLeachii@aol.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This reverts a change made in Sep 2017 [1] which introduced
MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a
different subnet. That change violates RFC2131 by forcing fully
configured clients, who got their configurations through an offer
relayed by a DHCP relay, from renewing through a unicast request
directly to the DHCP server, resulting in the client resorting to
boradcasting lease extension requests instead of unicasting them,
further breaking RFC2131.
The problem with MSG_DONTROUTE appears when talking to a properly
configured DHCP server that rejects non-compliant requests. Such server
will reject lease extension attempts sent via broadcast rather than
unicast, as is the case with Finnish ISPs Telia and DNA as well as
Estonian ISP Starman. Once the lease expires without renewal, udhcpc
enters init mode, taking down the interfaces with it, and thus causing
interruption on every lease expiry. On some ISPs (such as the ones
mentioned above) that can be once every 10-20 minutes. The interruptions
appear in the logs as such:
----
udhcpc: sending renew to x.x.x.x
udhcpc: send: Network unreachable
udhcpc: sending renew to 0.0.0.0
udhcpc: sending renew to 0.0.0.0
...
udhcpc: lease lost, entering init state
Interface 'wan' has lost the connection
Interface 'wan' is now down
Network alias 'eth0' link is down
udhcpc: sending select for y.y.y.y
udhcpc: lease of y.y.y.y obtained, lease time 1200
Network alias 'eth0' link is up
Interface 'wan' is now up
----
During lease extension, a fully configured client should be able to
reach out to the server from which it recieved the lease for extension,
regardless in which network it is; that's up to the gateway to find. [2]
This patch ensures that.
[1]
http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html
[2]
https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/
understanding-dhcp-relay-agents
Signed-off-by: Adi Shammout <adi.shammout@outlook.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>