c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3d8edd9bb4)
* 40f939d57c67 Tag version 1.0.1
* 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
* 193586a25adc Fix wrong types in format strings used in debug build
* d474977bb611 Add initial GitLab CI support
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ed67b137c7)
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 2544cb1ba3)
- both packages provide ca-certs
- make ca-bundle the default provider
This should allow easy transition between these two forms of CA certificates storage
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit dd299805ad)
Contains following changes:
041c9d1c052b ubusd/libubus-io: fix socket descriptor passing
8f2292478c57 ci: enable unit testing
a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
a995b1e68129 lua: workaround false positive dereference of null pointer
08f17c87a000 add fuzzer and cram based unit tests
c413be9b376c refactor ubusd.c into reusable ubusd_library
afd47189e864 examples: remove dead increments
b2e544238672 add initial GitLab CI support
058f4e9526ed libubus: fix incompatible pointer types assigment
d2e026a33df8 iron out all extra compiler warnings
5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
d61282db5640 ubusd: fix comparison of integers of different signs
90fb16234c22 cmake: enable extra compiler checks
2e051f628996 ubus: Support static builds
588baa3cd784 ubusd: retry sending messages on EINTR
76ea27a62774 libubus: attempt to receive data before calling poll
4daab27d004f libubus: do not abort recv_retry before completing a message
and bumps ABI_VERSION to 20191227.
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid
Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5f4244150f)
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 541a321070)
e4bd927 cast ucert_argv to proper type when passing to execv
Fixes warnings:
warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
254 | execv(usign_argv[0], usign_argv)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9c272dd3e4)
This decreases the size of the usign application by 16% on MIPS BE.
old:
24,597 /usr/bin/usign
new:
20,501 /usr/bin/usign
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6ffd8a8f92)
This decreases the size of the mtd application by 25% on MIPS BE.
old:
20,597 /sbin/mtd
new:
16,421 /sbin/mtd
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1eb34b7287)
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".
In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.
Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 889b841048)
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.
Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c933b6d224)
b8238df sysupgrade: support "backup" attribute
This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9785a9121d)
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes: db5164d3d0 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e8dcbbc865)
9558031 system: support passing "options" to the "sysupgrade" ubus method
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2b1a6d263c)
8323690 state: fix shutdown when running in a container (FS#2425)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d9364c1cbc)
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.
This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e545fac8d9)
This patch adds two new commands:
zram status - shows memory stats for all zram swaps
zram compaction - trigger compaction for all zram swaps
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit a9deed62af)
Executing '/etc/init.d/zram start' during runtime (with a swap being already
mounted) triggers zram device compaction and prints out nice stats info about
zram memory usage
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [use IEC's MiB unit]
(cherry picked from commit b062c90f47)
- fix dependency on BUSYBOX_CONFIG_SWAPONOFF (removed in 84da2a6)
- add busybox defaults checking (fix zram-swap always installs swap-utils
and libblkid as dependency, even if busybox includes mkswap by default)
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(cherry picked from commit c0d93432f2)
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by rpcd
as direct dependencies to the corresponding binary package definition.
This ensures that rpcd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit eaad2211db)
After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf
parser became more strict as a side effect and started to spew a series of
warnings when evaluating our generated kconfig sources:
tmp/.config-package.in:705:warning: ignoring unsupported character '@'
The root cause of these warnings is a wrong use of the @SYMBOL dependency
syntax in various Makefile. Fix the corresponding Makefiles by turning
`@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 74739c4228)
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by procd
as direct dependencies to the corresponding binary package definition.
This ensures that procd is automatically rebuilt and relinked
if any of these libraries has its ABI_VERSION updated in the
future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 66838cd851)
Also the other type is worng and causes compile problems on ARM64
platforms.
Fixes: 9b53201d9c ("urngd: Fix wrong type in format string")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1ae1276eab)
GCC 9.1 complains about this wrong type used in the format string, fix
this to make the compiler happy.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9b53201d9c)
4df34a4 kmodloader: Increase path array size to make it always fit
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 22d3d91c77)
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist
Also remove deprecation notices from init script while we're at it.
Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 517cb0b70b)
Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1
git log --pretty=oneline --abbrev-commit ff1ded63..1539b535
1539b53 libblkid-tiny: increment label size to 256
d563f3c libblkid-tiny: fix wrong btrfs label length
3957dd3 block: prevent mount point confusion
9b36dc2 libfstools: avoid false positives when matching devices and volumes
Created with the help of the make-package-update-commit.sh script.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8036345225)
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2)
