Commit Graph

1165 Commits

Author SHA1 Message Date
Hauke Mehrtens
097dc943f1 openwrt-keyring: Only copy sign key for snapshots
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the master feeds.

If one of the other keys would be compromised this would not affect
users of master snapshot builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-17 19:02:02 +02:00
Daniel Golle
23f98b3eb7
fstools: add missing #define _GNU_SOURCE
asprintf requires _GNU_SOURCE to be defined. Set it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-16 09:55:55 +01:00
Daniel Golle
f8c98ee6c2
fstools: update to git HEAD
c44b40b overlay: fix syncronizing typo
 b5397a1 fstools: block: fix segfault on mount with no target
 bd7cc8d block: use dynamically allocated target string
 6d8450e blockd: use allocated strings instead of fixed buffers
 d47909e libblkid-tiny: fix buffer overflow
 67d2297 block: match device path instead of assuming /dev/%s
 2aeba88 block: allow autofs and umount commands also on MTD/UBI

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-16 00:37:01 +01:00
Leonardo Mörlein
b993b68b6c build: introduce $(MKHASH)
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if

    make TOPDIR="$(pwd)" -C "$pkgdir" compile

was called manually. In most of the cases, I just saw warnings like this:

    make: Entering directory '/home/.../package/gluon-status-page'
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    bash: line 1: mkhash: command not found
    [...]

While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.

After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
2021-05-13 15:13:15 +02:00
Daniel Golle
21b8550598
rpcd: set correct PKG_SOURCE_DATE
The previous commit bumped the source commit level without reflecting
that in PKG_SOURCE_DATA. Bump PKG_SOURCE_DATA as well.

Fixes: 97e820c6d6 ("rpcd: update to latest HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-10 10:57:09 +01:00
David Bauer
97e820c6d6 rpcd: update to latest HEAD
7a560a1 iwinfo: add 802.11ax HE support

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-10 01:20:00 +02:00
Daniel Golle
b607e7df34
procd: update to git HEAD
021ece8 procd: Use /dev/console for serial console if exists

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-05-05 13:18:50 +01:00
Rafał Miłecki
05a4273058 uci: update to the latest master
4b3db11 cli: add option for changing save path

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-04-14 08:33:12 +02:00
Rui Salvaterra
565dfeb128 zram-swap: bail out early if the kernel doesn't support swap
Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need
to check if the current kernel supports swap before trying to configure
zram-swap, as opkg can't check for kernel dependencies.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-04-03 18:57:13 +02:00
Rui Salvaterra
829fa33899 zram-swap: clean up the makefile
Break dependencies into separate lines, to improve the readability. Trim
trailing whitespace.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-04-03 18:57:13 +02:00
Daniel Golle
241ce95d63
procd: update to git HEAD
7ee4563 procd: Adding support to detect Pantavisor Container Platform

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-21 13:36:58 +00:00
Daniel Golle
6801ecd91b
procd: update to git HEAD
Enable seccomp features on Aarch64.

 3e88c6f jail/seccomp: add support for aarch64
 c23d8bf trace: fix build on aarch64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-19 22:33:27 +00:00
Daniel Golle
2b1aebc0b6
fstools: update to git HEAD
964d1e3 partname: allow skipping existing 'rootfs_data' partition

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-19 13:35:55 +00:00
Álvaro Fernández Rojas
b3f4197139 mtd: fix imagetag compilation
Commit b5b0796a13 added an uint32_t to mtd.h without including stdint, which
results in a compilation error for those files not including stdint.h.

In file included from imagetag.c:36:
mtd.h:15:8: error: unknown type name 'uint32_t'
 extern uint32_t opt_trxmagic;
        ^~~~~~~~
imagetag.c: In function 'trx_fixup':
imagetag.c:180:10: warning: unused variable 'res' [-Wunused-variable]
  ssize_t res;
          ^~~
imagetag.c:177:14: warning: unused variable 'scan' [-Wunused-variable]
  void *ptr, *scan;
              ^~~~
imagetag.c: In function 'trx_check':
imagetag.c:246:27: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
     struct bcm_tag *tag = (const struct bcm_tag *) buf;
                           ^
make[3]: *** [<builtin>: imagetag.o] Error 1

Fixes: b5b0796a13 ("mtd: add option for TRX magic to fixtrx")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-17 08:42:05 +01:00
INAGAKI Hiroshi
74f15628dd mediatek: add support for Buffalo WSR-2533DHP2
This adds support for the Buffalo WSR-2533DHP2.

The device uses the Broadcom TRX image format with a special magic. To
be able to boot the images or load them they have to be wrapped with
different headers depending how it is loaded.

There are multiple ways to install OpenWrt on this device.
Boot ramdisk from U-Boot
----------------------------
This will load the image and not write it into the flash.

1. Stop boot menu with "space" key
2. Select "System Load Linux to SDRAM via TFTP."
3. Load this image:
   openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-initramfs-kernel.bin
4. The system boots the image

Write to flash from U-Boot
-----------------------------
This will load the image over tftp and directly write it into the flash.

1. Stop boot menu with "space" key
2. Select "System Load Linux Kernel then write to Flash via TFTP."
3. Load this image:
   openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory-uboot.bin
4. The system writes this image into the flash and boots into it.

Write to flash from Web UI
-----------------------------
This will load the image over over the Web UI and write it into the flash

1. Open the Web UI
2. Go to "管理" -> "ファームウェア更新"
3. Select "ローカルファイル指定" and click "更新実行"
4. Load this image:
   openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory.bin
5. The system writes this image into the flash and boots into it.

Specifications
-------------------
* SoC:       MT7622 (4x4 2.4 GHz Wifi)
* Wifi:      MT7615 (4x4 5 GHz Wifi)
* Flash:     Winbond W29N01HZ 128MB SLC NAND
* RAM        256MB
* Ethernet:  Realtek RTL8367S (5 x 1GBit/s, SoC via 2.5GBit/s)

Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-15 17:02:17 +01:00
INAGAKI Hiroshi
b5b0796a13 mtd: add option for TRX magic to fixtrx
Buffalo uses the TRX header with a different magic and even changes this
magic with different devices. This change allows to specify the header
to use as a command line argument.

This is needed for the Buffalo WSR-2533DHP2 based on mt7622.

Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-15 16:57:34 +01:00
Daniel Golle
988ed00802
opkg: update to git HEAD
5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 00:48:42 +00:00
Daniel Golle
6a7a1f1c64
opkg: update to git HEAD
d3a63b3 libopkg: add option to strip ABI versions from listed names

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-14 22:55:17 +00:00
Dominick Grift
41a8f093fb selinux-policy: update to version v0.8
3d7da7a igmpproxy tidy some loose ends
c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
5a18967 adds igmpproxy skeleton
7e6a218 logread: support resolving dns names
e39ca8b netifd: add support for /etc/udhcpc.user
7952bd0 odhcp6c: support /etc/odhcp6c.user
ba0eb4e swconfig, fwenv, agent
4556b8a pppd cosmetic
9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
417b14a ttydev: add some more ttyUSB
ed739dc example: dont depend on policycoreutils
97613f9 dropbear: using dropbear as scp: dns name resolving
12c193b dropbear tcp connect ssh ports for scp
c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
8c5de35 this is a bug
8d5c463 uhttpd rcboot rcdnsmasq
094266e hostapd and wpa_supplicant
aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
24f0406 dropbear: allow it to read tmp.fs files
2901433 firstboot mkfsf2fs rcboot
2c4afb7 blockmount mmc
465ca98 adds industrial i/o (iio) nodedev
82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
7df78bd ubus: "support" older ubusd versions that run as root
4458bce swconfig: allow using terminal (to print output)
e8d606d sslcert: openssl linked: this shaves off 200 bytes
93afffb jshn ntpdhotplug
0b847f0 wpad: reads /etc/ssl/openssl.cnf
f14ee34 indent fix
a0c7cad mtd, uhttpd, ubus and ntpdhotplug
d74f98f adds a not about checkreqprot requirement in some scenarios
affacce example: add policycoreutils-setfiles for make check
4f944dc kmodloader and fwenv:
efe36a3 netifd: adds a comment/reminder
581b087 more fw_printenv loose ends
30177a4 fw_setenv: needs mtd write access to set and delete env
da28f4c fw_printenv: some minor clean ups
a062053 fw_printenv missing rules
244ba5f blockmount: extroot and /rwm
0745a6a squid: allow squid to run sslcrtd with domain transition
b851df6 squid fix
8c55acd squid: adds certfile and allow connect http but...
b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
5ff39bd squid: forgot about luci
5366c97 squid/rcsquid some basic fill in
8743da6 squid skeleton
687a43b adds squid 3128 port to httpproxy port

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-14 12:56:46 +00:00
Daniel Golle
da339a6d3f
rpcd: update to git HEAD
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
 ccb7517 sys: packagelist: drop ABI version from package name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 00:39:16 +00:00
Daniel Golle
b5f6d20560
opkg: update to git HEAD
d71856a pkg: pass-through ABIVersion to status file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 00:39:09 +00:00
Daniel Golle
ffeb37047e
procd: update to git HEAD
945d0d7 utils: fix C style in header file
 2cfc26f inittab: detect active console from kernel if no console= specified

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-08 00:11:55 +00:00
Daniel Golle
cec580cba8
fstools: fix build with glibc
stropts.h is unavailable under glibc (and unneeded when building
against glibc). Include it only if not building against glibc.

Reported-by: @DazzyWalkman
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-05 02:07:01 +00:00
Daniel Golle
ec76cbc521
fstools: update to git HEAD
19d7d93 libfstools: partname: several fixes

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-02 19:16:15 +00:00
Daniel Golle
1cd4a02c8e
procd: update to git HEAD
64e9f3a procd: fix compilation with newer musl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-02 19:16:10 +00:00
Daniel Golle
3ffc30f05a
selinux-policy: update to version 0.7
a857b45 resolv/locale: eventually this should be more efficient
 11ed281 some more optimization
 764a475 add redundant calls to file.search_conffile_dirs()
 7d4558e fs: treat devtmpfs that same as tmpfs
 81b677e adds irqbalance skeleton
 5506244 irqbalance rules
 cc96cd8 adds usbutil and gtpfdisk skels
 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
 d6d1e7d usbutil: output to terminal
 da576fa fsck, gptfdisk and usbutil rules
 09b39e9 unbound
 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
 af0fe90 adds label for tcsh
 160f79e adds tcpdump
 6d02b96 adds coreutil execfile for busybox alternatives
 ac54884 coreutilexecfile: these are known to require privileges, so exclude
 8cb3b66 adds chrootexecfile
 6d329d3 this saves 9KiB and its a bit more robust
 88e2425 move addpart/delpart/partx to gptfdisk.cil
 261012d ntphotplug: reads ubox data files
 0473ace various
 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
 bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
 b8156cd adds a note about how i forgot to target blockd
 6e82ab8 adds blockd and related
 254ff43 Makefile: exclude blockd from mintesttgt
 4dc6bc2 pppd update related and unbound-odhcp rules

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 18:02:02 +00:00
Daniel Golle
b7d125f455 fstools: update to git HEAD
bad1835 fstools: add partname volume driver

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 00:09:09 +00:00
David Bauer
9a9cf40dd9 download: add mirror alias for Debian
Add an alias for Debian packages and download them from the Debian
mirror redirector.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-26 20:41:00 +01:00
Daniel Golle
5f1bd95278
procd: update to git HEAD
2be57ed cosmetics: provide compatible system info on Aarch64
 37eed13 system: expose if system was booted from initramfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-23 13:16:23 +00:00
Álvaro Fernández Rojas
f107e1668c mtd: fixtrx: support CFE imagetag on bmips target
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-22 18:09:03 +01:00
Petr Štetiar
1bf6d70e60 openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-20 15:59:47 +01:00
Felix Fietkau
d02088762a build: reorder more BuildPackages lines to deal with ABI_VERSION
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 11:29:38 +01:00
Felix Fietkau
8edb1797d5 libubox: update to the latest version, set ABI_VERSION dynamically
2537be018587 cmake: add a possibility to set library version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 19:41:13 +01:00
Daniel Golle
3010f16f44 procd: add hotplug-call dispatcher ubus objects
Add per-subsystem ubus objects exposing hotplug-call.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
381a458d58 selinux-policy: update to version 0.6
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-05 13:17:49 +00:00
Daniel Golle
740af59b9c procd: update to git HEAD
0aee1c3 hotplug.c: set nl_pid to zero
 d6dda31 procd: fix compiler warning
 92c8e8f jail: remove duplicate check for hook file permissions
 0a74c06 jail: only output BPF instr. table header if debugging
 fd18379 jail: cgroups: fix uninitialized variabl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-02 13:29:36 +00:00
Daniel Golle
f4d974d7f8 selinux-policy: update to git tag v0.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-31 14:02:19 +00:00
Paul Menzel
ea1cdd1901 ca-certicficates: Update to version 20210119
Update the ca-certificates and ca-bundle package from version 20200601 to
version 2021019.

This version uses Python 3 for the build, fixing a build issue on systems,
where `/usr/bin/python3` is a wrapper script [1].

Debian change-log entry [2]:

>   [ Julien Cristau ]
>   * New maintainer (closes: #976406)
>   * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate
> authority
>     bundle to version 2.46.
>     The following certificate authorities were added (+):
>     + "certSIGN ROOT CA G2"
>     + "e-Szigno Root CA 2017"
>     + "Microsoft ECC Root Certificate Authority 2017"
>     + "Microsoft RSA Root Certificate Authority 2017"
>     + "NAVER Global Root Certification Authority"
>     + "Trustwave Global Certification Authority"
>     + "Trustwave Global ECC P256 Certification Authority"
>     + "Trustwave Global ECC P384 Certification Authority"
>     The following certificate authorities were removed (-):
>     - "EE Certification Centre Root CA"
>     - "GeoTrust Universal CA 2"
>     - "LuxTrust Global Root 2"
>     - "OISTE WISeKey Global Root GA CA"
>     - "Staat der Nederlanden Root CA - G2" (closes: #962079)
>     - "Taiwan GRCA"
>     - "Verisign Class 3 Public Primary Certification Authority - G3"
>
>   [ Michael Shuler ]
>   * mozilla/blacklist:
>     Revert Symantec CA blacklist (#911289). Closes: #962596
>     The following root certificates were added back (+):
>     + "GeoTrust Primary Certification Authority - G2"
>     + "VeriSign Universal Root Certification Authority"
>
>   [ Gianfranco Costamagna ]
>   * debian/{rules,control}:
>     Merge Ubuntu patch from Matthias Klose to use Python3 during build.
>     Closes: #942915

[1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148
[2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog

Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
2021-01-29 21:20:40 +01:00
Adrian Schmutzler
331892f85f treewide: drop shebang from non-executable lib files
This drops the shebang from another bunch of files in various /lib
folders, as these are sourced and the shebang is useless.

Fix execute bit in one case, too.

This should cover almost all trivial cases now, i.e. where /lib is
actually used for library files.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-29 14:29:41 +01:00
Daniel Golle
e02a41f67d rpcd: update to git HEAD
fd017ba iwinfo: add ht and vht operation info to wifi scan
 4c66b31 iwinfo: export center channel for info ubus call
 e28d4a5 iwinfo: add support for 802.11ad and GCMP
 5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
 ea7f471 iwinfo: include ht_operation data only if available

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-07 00:21:23 +00:00
Jo-Philipp Wich
79fe06a7dc Revert "rpcd: update to git HEAD"
This reverts commit 190e793963.

This update introduces a potential null-pointer deref with subsequent rpcd
crash when querying wireless info for non-nl80211 wdevs.

Additionally it wrongly includes ht frequency information for non-ht BSSes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-06 13:45:30 +01:00
Daniel Golle
190e793963 rpcd: update to git HEAD
fd017ba iwinfo: add ht and vht operation info to wifi scan
 4c66b31 iwinfo: export center channel for info ubus call
 e28d4a5 iwinfo: add support for 802.11ad and GCMP
 5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-05 22:57:20 +00:00
Daniel Golle
498fb1b8aa fstools: fix 'firstboot' on unmounted UBIFS overlay
The usual OpenWrt-way of writing the JFFS2-marker in order to have
a filesystem erased at the next boot fails on UBIFS volumes due to
UBI being a different beast when it comes to writing.
As truncating a UBIFS volume only takes a few milliseconds and has the
desired effect of wiping-out all content of that volume, just do that
instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-04 21:07:35 +00:00
Daniel Golle
8348896357 opkg: update to git HEAD
9bbc7ea pkg_hash: pkg_hash_check_unresolved: fix segfault

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-24 11:12:57 +00:00
Rui Salvaterra
116191eddf zram-swap: remove the compression streams settings
Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the
irrelevant configuration (no-op).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-12-13 13:55:03 -10:00
Daniel Golle
54239ccfe7 procd: update to git HEAD
111416d jail: remove unreachable code
 7f12c89 treewide: replace local mkdir_p implementations

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
278b1e95a7 fstools: update to git HEAD
0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz
 4862530 mount: restorecon: guard against execl() errors
 f415323 block: replace local mkdir_p implementation

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 23:34:10 +00:00
Daniel Golle
be6aa93e4d selinux-policy: update to version 0.4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-12 14:45:32 +00:00
Paul Spooren
6ea03ec94c opkg: remove legacy dist and extra_data
efb26a3 libopkg: remove "extra_data" option
1d67ab7 libopkg: remove support for "dist" config

Reduces opkg size by about 400 Bytes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-12-09 23:24:38 -10:00
Sven Roederer
13961da6ce procd: also depend on jshn
fixes "file no found" error on stripped down images, caused by prod.sh:43.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-12-05 22:18:07 -10:00
Daniel Golle
4dc5b64760 procd: output warning if user 'ubus' doesn't exist
6acc48c early: fall-back to run ubus as root if user can't be found

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-04 14:41:26 +00:00
Daniel Golle
533895e05e ubus: make sure ubusd starts in case user 'ubus' doesn't exist
d1d9ddf ubusd: attempt to create socket folder

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-12-04 14:41:26 +00:00
Daniel Golle
c71500fd45 procd: update to git HEAD
f3c3563 jail: improve seccomp BPF generator
 f67a66f jail: always call cgroups_free()
 4625350 jail: seccomp: improve code readability

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:15 +00:00
Daniel Golle
8cf0ac3f1f procd: update to git HEAD
3019f50 jail: leak less memory
 7e01453 jail: fix segfault on missing name and refactor
 5abee8f jail: fix and simplify userns uid/gid maps from OCI
 4ba72ec jail: relax /etc/resolv.conf creation
 db5ef86 jail: don't use NULL arguments for mount syscall
 19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf
 acf36f2 jail: seteuid before clone(CLONE_NEWUSER)
 e40828f jail: fix typo in usage output
 b87984b jail: don't attempt to mount /sys with noatime
 b275b11 jail: enter existing cgroups namespace if given
 31e0a46 jail: properly initialize timens_fd

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-27 01:23:43 +00:00
Paul Spooren
66732c5cd9 opkg: cleanup man pages and md5 fixup
66f458d fix md5sum calculation
02eaf9c man: remove obsolete manual pages

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-25 14:46:46 -10:00
Paul Spooren
7c114f33dd opkg: purge package from cache on hash mismatch
61b3c62 opkg_verify_integrity: better logging and error conditions
f73d42f download: purge cached packages that have incorrect checksum
1c1480e download: factor out the logic for building cache filenames
293b1ce libopkg: factor out checksum and size verification
a786e25 download: remove compatibility with old cache naming scheme

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-24 22:06:37 -10:00
Daniel Golle
2eb0d711a4 procd: update to git HEAD
d4d78db uxc: also delete procd runtime state on 'delete'
 e935c0c jail: add 'debug' extern variable to preload_seccomp

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-23 00:32:48 +00:00
Daniel Golle
6e9b707ee2 Revert "refpolicy: add variant that builds modular policy"
This reverts commit 9eb9943f82.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 15:20:35 +00:00
Daniel Golle
8262c99fc3 procd: update to git HEAD
04a2edd uxc: make force-delete kill container process
 be6da62 seccomp: silence 'unknown syscall' warnings
 b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2
 df7fa7b uxc: fix incomplete commit

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 03:24:33 +00:00
Daniel Golle
62a3430f9b procd: drop legacy seccomp support, switch to OCI parsers
d8f36f5 seccomp: specifying architectures is optional
 d352e6e seccomp: switch to new OCI compliant parser
 c110405 trace: switch to OCI seccomp JSON output

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Huangbin Zhan
86917e4979 rpcd: remove file when applied
Make sure exit value of this script is zero. Or the file won't be deleted.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-11-12 18:19:44 +01:00
Jianhui Zhao
8d7a6d48eb ca-certificates: canonical the build dir
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2020-11-12 18:19:44 +01:00
W. Michael Petullo
9eb9943f82 refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-11-09 13:06:19 +00:00
Daniel Golle
9867d08e07 procd: bump to git HEAD
b0de894 jail: fix capabilities

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-07 06:03:49 +00:00
Daniel Golle
c8a81ada58 procd: bump to git HEAD
2f381fe jail: guard boolean blobmsg attributes
 602b8fa jail: add option for pidfile
 bba6de7 jail: handle mount propagation flags
 6963d50 jail: relax seccomp unknown syscall handling
 e1fcfdc jail: add support for absolute root path in OCI spec
 257f29b jail: don't fail if maskedPath cannot be found
 75f2374 uxc: mimic runc cmdline by using getopt_long

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 02:17:25 +00:00
Daniel Golle
08d90a75f9 opkg: clean up and fix performance regression
da9746a libopkg: clean up handling of unresolved dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-03 04:43:19 +00:00
Daniel Golle
f5c5a8abd2 opkg: fix yet another dependency resolution bug
The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.

Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 23:31:50 +00:00
Daniel Golle
4a2b1ff7fb opkg: fix dependency resolution
The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.

Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 20:51:30 +00:00
Florian Eckert
0232bf601d zram-swap: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Daniel Golle
1445d333aa opkg: bump to git HEAD
8769c75 pkg_hash: don't suggest incompatible packages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
Petr Štetiar
43fe0bd18d uci: fix package mirror hash
I've forget to update PKG_MIRROR_HASH in my previous package version
bump.

Fixes: 095cc2b745 ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:58:27 +01:00
Petr Štetiar
095cc2b745 uci: update to version 2020-10-06
52bbc99f69ea Replace malloc() + memset() with calloc()
3fbd6c923434 ucimap: Check return of malloc()
eae126f66663 file: Check buffer size after strtok()
7f574273180a file: use size_t for position and pointer
19770b6949b9 file: use dynamic memory allocation for tempfile name
aa46546794ac file: uci_file_commit: fix memory leak
671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler
ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus
31f78bfbf75f cmake: add uci-san cli built with clang sanitizers
a3e650911f5e file: uci_parse_package: fix heap use after free
9bd361ca3236 tests: add libFuzzer based fuzzing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Daniel Golle
2a0d08d827 ubus: bump to git HEAD
ad0cd11 ubusd_acl: add support for wildcard in methods

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 18:23:45 +00:00
Daniel Golle
ccb283c71c procd: ujail fixes
ec461ff jail: mount more stuff read-only
33b799b ujail: elf: work around GCC bug on MIPS64

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 12:41:44 +00:00
Daniel Golle
bd8c3314fb ubox: run logd non-root as user logd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-25 12:36:22 +00:00
Daniel Golle
0b31713c85 rpcd: adapt defaults for changed ubus.sock path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-22 15:13:38 +01:00
Daniel Golle
a2def3663a procd: jail: clean up capability handling and non-root ubusd
Unify capability handling to only use OCI spec parsers even for ujail
slim containers which previously supposedly used their own format.

 80c9516 cgroups: restrict allowed keys in 'unified' section
 5ade567 cgroups: memory controller fixes
 3121467 early: run ubusd non-root as user ubus, group ubus
 12a5b97 jail: adapt to new ubus socket path
 788d144 instance: actually wire up capabilities filename
 ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code
 6c5233a jail: capabilities: apply in two phases

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 15:22:30 +01:00
Daniel Golle
2dffadece9 ubus: prepare to run ubusd as non-root user
Move /var/run/ubus.sock to /var/run/ubus/ubus.sock in preparation for
having ubusd run as non-root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-21 15:20:10 +01:00
Daniel Golle
00c28c51fb
selinux-policy: update to git tag v0.3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 13:49:38 +01:00
Daniel Golle
21a7c4d97a fstools: update to git HEAD
8e0f29a mount: remove support for legacy overlayfs before v2.3
 0f8a443 mount: fix log format string and indentation
 46a56d3 overlay: use precompiler macros for reoccuring path names
 f25ab8a mount: apply SELinux labels before overlayfs mount

Total ipk size change (ipq40xx): +120b

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-16 01:53:00 +01:00
Dominick Grift
bf12f05bbf selinux-policy: adds new package
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-10-09 02:10:05 +01:00
Paul Spooren
359a4b46bb refpolicy: fix path to setfiles and checkpolicy
Directly set path via MAKE vars instead of defning TESTTOOLS. This way
setfiles, which is required by the ImageBuilder, ends up in /host/bin
while checkpolicy can stay in hostpkg/bin.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-09-30 03:26:12 +01:00
Daniel Golle
3fab4ace57 refpolicy: mark as architecture independent
Use PKGARCH:=all to declare this package to be free of any
architecture dependent code.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-29 04:04:00 +01:00
Rui Salvaterra
90853439a1 zram-swap: explicitly use mkswap/swapon/swapoff from /sbin
The required BusyBox applets are enabled by default, so we can rely on them
being present in the system. This way, we make sure there are no conflicts
with less featured variants of these same applets which might also be
present in the system.

Fixes: 0bd7dfa3ed ("zram-swap: enable swap discard")

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[wrap commit description]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-09-20 17:52:25 +02:00
Rafał Miłecki
14247c82c0 rpcd: update to the latest master
3fea655 rc: support init.d scripts with START=0

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-18 08:19:04 +02:00
Rui Salvaterra
419f149e48 zram-swap: default to lzo instead of lzo-rle compression
On devices with small amounts of RAM, zram-swap fails to initialise due to the
default compression algorithm (lzo-rle). Startup example on an AirGrid M2, with
32 MiB of RAM:

root@airgrid:/etc/config# /etc/init.d/zram start
zram_start: activating '/dev/zram0' for swapping (13 MegaBytes)
zram_reset: enforcing defaults via /sys/block/zram0/reset
sh: write error: Out of memory
mkswap: image is too small
swapon: /dev/zram0: Invalid argument
root@airgrid:/etc/config#

Fix this by defaulting to traditional lzo, which works fine and is always
available.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-09-17 10:29:40 +02:00
Rafał Miłecki
8b8015031b rpcd: update to the latest master
rc: new ubus object for handling /etc/init.d/ scripts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-09-10 13:35:05 +02:00
Daniel Golle
76368a5c0a refpolicy: skip building docs
Building docs requires xmllint and other bulky things being present on
the host. Skip that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-09-01 14:35:00 +01:00
Hauke Mehrtens
db8e09f1c2 fstools: update to the latest version
5345343 fstoools: add define for GLOB_ONLYDIR

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-01 13:01:15 +02:00
Paul Spooren
395ac4d018 build: opkg-key variable key folder
The key folder is used by `opkg` and `usign` to store and retrieve
trusted public keys. Using `opkg-key` outside a running device is
unfeasible as the key folder is hard coded to `/etc/opkg/keys`.

This commit adds a variable OPKG_KEYS which defaults to `/etc/opkg/keys`
if unset, however allows set arbitrary key folder locations.

Arbitrary key folder locations are useful to add signature verification
to the ImageBuilders.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 22:44:26 +01:00
Daniel Golle
2bd55d0a2b opkg: update to git HEAD
4318ab1 opkg: allow to configure the path to the signature verification script
 cf44c2f libopkg: fix compiler warning

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-31 11:03:24 +01:00
Thomas Petazzoni
e5e54e52f7 refpolicy: new package
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[update to 2.20200229, adjust Makefile, and move to openwrt.git]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-08-31 01:15:41 +01:00
Adrian Schmutzler
4e4ee46495 ar71xx: drop target
This target has been mostly replaced by ath79 and won't be included
in the upcoming release anymore. Finally put it to rest.

This also removes all references in packages, tools, etc. as well as
the uboot-ar71xx and vsc73x5-ucode packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-30 22:18:35 +02:00
Daniel Golle
74dfe25d41 procd: remove duplicate confguration menu
Fixes: 962e73c1a4 ("procd: add selinux variant")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 14:07:18 +01:00
Paul Spooren
962e73c1a4 procd: add selinux variant
This commit adds a `selinux` variant to `procd` allowing to load an
SELinux policy at boot.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-13 09:53:50 +01:00
Adrian Schmutzler
7de3daa997 treewide: bump PKG_RELEASE after replacing which
Bump PKG_RELEASE for the affected packages as replacing "which" by
"command -v" represents a content change.

Fixes: 1fdf6b745c ("treewide: replace `which` with `command -v`")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:17:22 +02:00
Paul Spooren
1fdf6b745c treewide: replace which with command -v
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.

Using `command -v` is POSIX compliant while `which` is not.  Also to
mention, `command -v` is a shell builtin whereas `which` is a separate
busybox applet.

Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.

Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Paul Spooren <mail@aparcar.org>
[also replace cases in zram-swap]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-12 11:08:05 +02:00
Thomas Petazzoni
12178be465 procd: add SELinux support
This commit adds a patch to procd to support loading the SELinux
policy early at boot time, and adjusts the procd package to use this
SELinux support when libselinux is enabled.

The procd patch has been submitted separately [1]: obviously the
intent is to have it merged in the procd Git repository rather than
have it in OpenWrt itself.

[1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[rebase, add commit message]
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[split commit into openwrt.git and procd.git]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-10 09:54:50 +01:00
Daniel Golle
48f2596e78 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources
 282ff0c jail: only free cgroups if they were allocated
 ab55357 jail: fix freeing cgroups avl

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Daniel Golle
728a0c68d1 Revert "procd: update to git HEAD"
This reverts commit e0e607f0d0.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 16:17:37 +01:00
Daniel Golle
e0e607f0d0 procd: update to git HEAD
47a9f0d service: add method to query available container features
 afbaba9 initd: attempt to mount cgroup2
 ead60fe jail: use pidns semantics also for timens
 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits
 83053b6 instance: add instances into unified cgroup hierarchy
 16159bb jail: parse OCI cgroups resources

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-08-06 15:27:51 +01:00
Daniel Golle
d15b6e4895 procd: update to git HEAD
28be011 instance: make sure values are not inherited from previous runs
 2ae5cbc uxc: remove debugging left-over

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-30 17:16:53 +01:00
Daniel Golle
a15ed964cf procd: update to git HEAD
c3ca99f jail: serialize hook execution
 8ff8970 jail: add some remaining OCI features
 9d5fa0a uxc: behave more like a compliant OCI run-time
 1274033 uxc: fix create operation
 2d811a4 jail: add 'kill' method to container.%s object
 08133b8 uxc: use new container.%s kill ubus API

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-29 10:33:19 +01:00
Daniel Golle
98b60b3efa procd: jail: fix build on glibc and uclibc
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-25 16:54:40 +01:00
Daniel Golle
114e5255c4 procd: update to git HEAD
48777de rcS: cast format string to int64_t
 a4df90f jail: fix wrong format for 32-bit
 c482c5d jail: add support for referencing existing namespaces

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-25 16:07:59 +01:00
Daniel Golle
5aedd5a110 procd: bump to git HEAD once again
Further complete OCI container support in ujail:
 f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
 6f078ae jail: add support for defining devices
 686cf7a jail: actually apply filesystem-specific mount options
 f91009a jail: refactor default mounts into new structure
 66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-20 04:39:11 +01:00
Daniel Golle
211548c523 procd: update to git HEAD
9eddf0f jail: fix hooks
 1b1286b jail: parse and apply OCI sysctl values
 c049047 jail: implement OCI user additionalGIDs
 0e1920c jail: read and apply umask from OCI if defined
 1c46cc3 jail: parse and apply POSIX rlimits
 76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-19 19:35:47 +01:00
Daniel Golle
bae4204e34 procd: bump to git HEAD
8d5208f jail: fix false return in case of nofail mount
 b41f76b procd: fix compile if procd-ujail is not selected
 86a5105 jail: fs: fix build on uClibc-ng
 bfce7d1 jail: fix some more mount options
 268126a jail: add support for maskedPaths and readonlyPaths

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-17 12:00:00 +01:00
Adrian Schmutzler
9c170cb92f package: drop PKG_VERSION for purely local packages
In the package guidelines, PKG_VERSION is supposed to be used as
"The upstream version number that we're downloading", while
PKG_RELEASE is referred to as "The version of this package Makefile".
Thus, the variables in a strict interpretation provide a clear
distinction between "their" (upstream) version in PKG_VERSION and
"our" (local OpenWrt trunk) version in PKG_RELEASE.

For local (OpenWrt-only) packages, this implies that those will only
need PKG_RELEASE defined, while PKG_VERSION does not apply following
a strict interpretation. While the majority of "our" packages actually
follow that scheme, there are also some that mix both variables or
have one of them defined but keep them at "1".

This is misleading and confusing, which can be observed by the fact
that there typically either one of the variables is never bumped or
the choice of the variable to increase depends on the person doing the
change.

Consequently, this patch aims at clarifying the situation by
consistently using only PKG_RELEASE for "our" packages. To achieve
that, PKG_VERSION is removed there, bumping PKG_RELEASE where
necessary to ensure the resulting package version string is bigger
than before.

During adjustment, one has to make sure that the new resulting composite
package version will not be considered "older" than the previous one.

A useful tool for evaluating that is 'opkg compare-versions'. In
principle, there are the following cases:

1. Sole PKG_VERSION replaced by sole PKG_RELEASE:
   In this case, the resulting version string does not change, it's
   just the value of the variable put in the file. Consequently, we
   do not bump the number in these cases so nobody is tempted to
   install the same package again.

2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE:
   In this case, the resulting version string has been "version-release",
   e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just
   need to be higher than the previous PKG_VERSION.
   For the cases where PKG_VERSION has always sticked to "1", and
   PKG_RELEASE has been incremented, we take the most recent value of
   PKG_RELEASE.

Apart from that, a few packages appear to have developed their own
complex versioning scheme, e.g. using x.y.z number for PKG_VERSION
_and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION
(adb-enablemodem, wwan). I didn't touch these few in this patch.

Cc: Hans Dedecker <dedeckeh@gmail.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Andre Valentin <avalentin@marcant.net>
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Steven Barth <steven@midlink.org>
Cc: Daniel Golle <dgolle@allnet.de>
Cc: John Crispin <john@phrozen.org>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
Daniel Bailey
5792f6a104 procd: allow optional watchdog instance parameter
Optional instance watchdog timeout and watchdog mode can be set by
adding: procd_set_param $mode $timeout

$mode is an integer [0-1] representing instance watchdog mode of
operation:
0 = disabled
1 = passive mode, client must periodically poke watchdog via ubus

$timeout is an integer representing how often, in seconds, the watchdog must be poked.

Signed-off-by: Daniel Bailey <danielb@meshplusplus.com>
2020-07-14 00:25:02 +01:00
Daniel Golle
732b70c5bd procd: update to git HEAD
639df57 uxc: fix build with uClibc-ng
 b2230e4 procd: add service instance watchdog

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-14 00:25:02 +01:00
Daniel Golle
79fd87ef9d procd: update to git HEAD
aed7fb3 procd: fix compilation with uClibc-ng
 9d0f831 jail: fix segfault with len(uidmap/gidmap) > 1
 42a6217 jail: consider PATH for argv in OCI container
 83f4b72 jail: actually chdir into OCI defined CWD
 fc9f614 jail: parse and run OCI hooks
 02eec92 jail: memory allocation fixes
 71e75f4 jail: refactor mount support to cover OCI spec
 b586e7d jail: don't make mount source read-only
 dacab12 uxc: fix 'stop' command

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-13 12:20:28 +01:00
Rui Salvaterra
0b6155de0b zram-swap: correctly express the required dependencies
The block-mount swapon implementation doesn't support discard, so make zram-swap
depend only on the default BusyBox implementation or, when unavailable, on the
one present in the swap-utils package.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
0bd7dfa3ed zram-swap: enable swap discard
Zram block devices have supported trim/discard for over six years, let's
enable it. This allows the zram device to actually free up allocated memory
when it's marked as unused in the filesystem metadata, as explained in more
detail in the original commit message [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/block/zram/zram_drv.c?h=linux-4.14.y&id=f4659d8e620d08bd1a84a8aec5d2f5294a242764

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Daniel Golle
5115cb0501 procd: fix yet another build issue, this time with capabilities
3034eaf jail: use linux/capability.h instead of sys/capability.h

Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 11:28:48 +01:00
Daniel Golle
560093222c procd: fix another seccomp-related build issue
3473671 ujail: add dependency on syscall-names-h

Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 10:54:43 +01:00
Daniel Golle
a6160de3f7 procd: jail: fix build on platforms without seccomp support
Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 00:09:18 +01:00
Daniel Golle
b6e440a0f5 procd: update to git HEAD
ea7a790 jail: add support for running OCI bundle
 bb4a446 uxc: add container management CLI tool

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-10 18:57:05 +01:00
David Woodhouse
7d9fb6aed9 fstools: update to the latest version
d34ea8e Use autoclear for overlay loopback device

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
Rui Salvaterra
835c932ccb zram-swap: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:03:15 +02:00
Huangbin Zhan
3d6ac4d20f ubox: add ALTERNATIVES
This avoids a conflict with the kmod util from the package feed.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 23:48:51 +02:00
Sungbo Eo
d4dea7efcd urandom-seed: update Makefile
- update SPDX license identifier
- use https in URL
- use default PKG_BUILD_DIR

Suggested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-24 16:05:55 +02:00
Stijn Tintel
4f02496c50 mtd: enable wrgg support for ath79
This is required for the D-Link DAP-2695-A1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-06-11 19:44:36 +03:00
Christian Lamparter
f611b014a7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Daniel Golle
f47aeac9b9 procd: update to git HEAD
b84a329 jail: use sane termios settings for console pts
 b9b39e2 jail: handle containers seperately

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-28 14:29:08 +01:00
Jo-Philipp Wich
e8a2c21069 rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:08:54 +02:00
Matthias Schiffer
42de3c89c7
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:01:36 +02:00
Matthias Schiffer
e35e40ad82
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-23 13:38:12 +02:00
Davide Fioravanti
c33ad81373 mtd: add linksys_bootcount for ramips
Reset bc is needed for Linksys EA7500 v2's dual boot.

Size impact (tested with Linksys EA7500 v2 @ mt7621):

mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes)
initramfs: 3660350 -> 3660688 (338 bytes)

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[add size impact information]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:43:19 +02:00
Daniel Golle
8097fd4d5f procd: jail: fix segfault and add console feature
2e73848 jail: SIGSEGV must not be forwarded to the child process
 7e150f6 jail: unnamed jails can not have netns (fix segfault)
 1ab539b jail: add option to provide /dev/console to containers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-15 19:19:32 +01:00
Adrian Schmutzler
f079db3844 procd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Daniel Golle
b181294b02 fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
    at fstools-2020-05-06-eec16e2f/block.c:1193
1193:    if (!m->autofs && (mp = find_mount_point(pr->dev))) {

Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-12 10:51:24 +01:00
Jo-Philipp Wich
79da9d78b9 opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-07 22:49:58 +02:00
Rafał Miłecki
c3a43753b9 fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-06 17:50:31 +02:00
Rafał Miłecki
9295ce7006 fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-05 09:14:40 +02:00
Hans Dedecker
2855be3151 uci: update to latest git HEAD
ec8d323 file: preserve original file mode after commit

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-30 21:51:02 +02:00
Daniel Golle
471b8bf8c1 procd: extend requirejail attribute handling
e2ed964 jail: don't fail unless requirejail is set
 17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist

Fixes openwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-25 10:31:33 +01:00
Felix Fietkau
b7d6e80fee fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-22 10:50:15 +02:00
Hans Dedecker
4298f0878f ubus: update to latest git HEAD
171469e lua: avoid truncation of large numeric values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-20 21:26:58 +02:00
Daniel Golle
7e9b56fde2 procd: fix jail when running on glibc
d200b70 jail: include /etc/nsswitch.conf in jail for glibc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-19 23:19:40 +01:00
Daniel Golle
7c2e0fa586 procd: jail fixes and improvements
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
 b275a62 instance: harmonize instance API
 511fd97 jail: make /proc more secure
 4953b7c jail: mount /sys read-only
 a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
 a4cc165 jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 16:16:06 +01:00
Daniel Golle
02a1914585 procd: bump to latest HEAD
2188d81 jail: add support for launching extroot containers
 6f3dbd2 jail: add support for userns and cgroupsns
 28a06e5 jail: add support for (ram-)overlayfs

Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 13:07:22 +01:00
Petr Štetiar
52e6fb1369 rpcd: fix respawn settings
Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.

So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.

Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-16 22:21:45 +01:00
Daniel Golle
0933d1363b procd: update to latest git HEAD
77a6782 jail: mount-bind /etc/resolv.conf for non-netns jails

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-13 20:06:55 +01:00
Daniel Golle
40e578992b procd: actually wire-up netns support
When support for network namespaces was added to procd, adding the
corresponding jail flag in procd.sh was ommitted. Add it now.

Fixes: 97a03a4760 ("procd: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-12 20:55:50 +01:00
Sungbo Eo
3124c9afe3 urngd: avoid PKG_NAME in define lines
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.

Ref: https://openwrt.org/docs/guide-developer/packages

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 22:42:51 +01:00
Sungbo Eo
33ecc694d5 urandom-seed: avoid PKG_NAME in define lines
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.

Ref: https://openwrt.org/docs/guide-developer/packages

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 22:42:36 +01:00
Adrian Schmutzler
e7bfda2c24 brcm63xx: rename target to bcm63xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
Adrian Schmutzler
8fe5ad5d33 brcm47xx: rename target to bcm47xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
Kevin Darbyshire-Bryant
dba431d8ab procd: seccomp: fix resource leak
Bump to latest commit:

c30b23e seccomp: fix resource leak

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-11 18:54:29 +00:00
Hans Dedecker
7df120b1b0 uci: fix PKG_SOURCE_VERSION value
Fixes PKG_SOURCE_VERSION value which was wrongly set in commit f6e07c8284

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 21:50:59 +01:00
Hans Dedecker
39a49c2d6a procd: update to latest git HEAD
Fixes c0c988e179

bcb8655 instance: add 'requirejail' attribute

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 19:26:00 +01:00
Kevin Darbyshire-Bryant
c0c988e179 procd: support 'requirejail' attribute
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.

bcb8655 instance: add 'requirejail' attribute

An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.

Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-04 21:51:11 +00:00
Hans Dedecker
f6e07c8284 uci: update to version 2020-01-27
e8d8373 file: fix segfault in uci_parse_option
aa5e77a file: fix segfault in uci_parse_config

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-02 18:59:43 +01:00
Jo-Philipp Wich
c69c20c667 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-29 17:00:53 +01:00
Petr Štetiar
76bbe4b960 procd: update to version 2020-01-24
00aafc4f439e procd: show process's exit code
856b5f8be046 state: fix reboot causing shutdown inside LXC container
b44417c20c7f instance: provide error feedback if ujail binary is missing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Petr Štetiar
0f81a0979c fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:25:56 +01:00
Petr Štetiar
3d8edd9bb4 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:16:01 +01:00
Daniel Golle
97a03a4760 procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
 ba69639 jail: create resolv.conf symlink for netns jails
 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/

Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 12:52:12 +02:00
Petr Štetiar
63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Maxim Storchak
5f07b6f367 zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-01-15 20:49:00 +01:00
Petr Štetiar
3d62463755 rpcd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:44 +01:00
Petr Štetiar
9c628cc76c procd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 procd Installed-Size: 44931 -> 47362

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:35 +01:00
Petr Štetiar
d38dd6e1ef ubus: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 ubus  Installed-Size:  5602 ->  5950
 ubusd Installed-Size: 11643 -> 12119

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:03 +01:00
Hauke Mehrtens
2d80f7e836 rpcd: Update to version 2020-01-05
efe51f4 iwinfo: add current hw and ht mode to info call

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:21:48 +01:00
Hauke Mehrtens
5877280463 ubus: Update to version 2020-01-05
d35df8a ubus: make libubus ready for linking into C++

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Jo-Philipp Wich
22a178e892 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-05 18:40:22 +01:00
Petr Štetiar
059505d614 procd: update to version 2020-01-04
a5af33ce9a16 instance: strdup string attributes
d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
9814807bd71c system: sysupgrade: fix possibly misleading error
c7a2db3c1eb6 system: sysupgrade: rework firmware validation
ea45c4a0f07c system: fix failing image validation due to EINTR
4fde95506243 cmake: fix lookup of external libraries

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Hans Dedecker
051b9a144f ubox: update to version 2019-12-31
0e34af1 kmodloader: added -a arg to modprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-31 14:35:35 +01:00
Daniel Golle
37929ddb70 procd: fix running jailed non-root process
Setting user and group for a jailed process caused the jail not to
come up. Fix this by passing user and group to ujail and change
user only once the jail has been setup.
This allows jailing services which refuse to run as root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-30 20:32:10 +02:00
Hans Dedecker
3fe29ffa7b ubox: update to latest git HEAD
b30e0df kmodloader: print an error when no kernel module dir can be found
17689b6 logread: add option to filter for facilities
c9ffeac kmodloader: added -v arg to modeprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-28 21:25:56 +01:00
Petr Štetiar
36bace78b7 ubus: update to version 2019-12-27
Fixes socket descriptor passing and bumps ABI_VERSION to 20191227.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 08:09:50 +01:00
Petr Štetiar
7cb018c591 ubus: update to version 2019-12-19
Contains following changes:

 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks

and bumps ABI_VERSION to 20191219.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:54:42 +01:00
Petr Štetiar
2544cb1ba3 ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:47:18 +01:00
Florian Eckert
432ec292cc rpcd: add respawn param
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-12-23 00:22:07 +01:00
Maxim Storchak
dd299805ad ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2019-12-23 00:22:07 +01:00
Jo-Philipp Wich
5f4244150f fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 21:30:02 +01:00
Rafał Miłecki
4ebc9dc9c4 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-20 08:20:16 +01:00
Petr Štetiar
b70052c6e6 uci: update to latest Git HEAD
165b44413145 uci: Fix extra semicolons warnings
66264ed9ec9e cmake: add more hardening compiler flags
cca6f105fae2 libuci: refactor uci_get_errorstr
750b046eb77f tests: cram: Lua: add test case for uci_get_errorstr
654d7c33da28 lua: add missing forward declaration
03dfbbe6fef7 cli: fix format string clang-10 warning

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Jo-Philipp Wich
762aac50c0 rpcd: update to latest Git HEAD
aaa0836 file: extend exec acl checks to commands with arguments

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-17 08:33:33 +01:00
Daniel Golle
9c272dd3e4 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-29 00:09:48 +01:00
Hans Dedecker
9057708b3d procd: update to latest git HEAD
3aa051b system: sysupgrade: close input side of pipe before reading

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-26 22:16:43 +01:00
Petr Štetiar
8f0a540648 fwtool: update to latest Git head
8f7fe925ca20 cmake: use extra compiler warnings only on gcc6+

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
240d590ca4 uci: update to latest Git head
8dd50da20de0 lua: fix error handling
 a2cab3b088a2 ucimap: fix possible use of memory after it is freed
 9cf978bc7964 delta: prevent possible null pointer use
 7736f497d2d9 cli: remove unused variable assigment
 39093f3b040d lua: fix memory leak in set method
 19ceff323f1e lua: fix memory leak in changes method
 18049a84fe40 tests: add cram based unit tests
 2b549cc050de lua: fix copy&paste in error string
 f5dd5217d627 cli: fix realloc issue spotted by cppcheck
 af59f86a0db9 iron out all extra compiler warnings
 1637d2918692 tests: shunit2: run all tests under Valgrind by default
 c1af73bfb023 cmake: enable extra compiler checks
 be69504e3666 cmake: build Lua module only if enabled
 38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck
 266fc9e94c1e add initial GitLab CI support
 17d6144a49c6 tests: shunit2: make it working under CMake
 a6e8bbefd860 cmake: add unit testing option and shunit2 tests
 0ca93fec701a test: move shunit2 tests under standalone subdirectory

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
4ba8f7b1ef fwtool: update to latest Git head
Includes following changes:

 9d9d4c284786 fix possible garbage in unitialized char* struct members
 dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header
 76d53deef8bb crc32: add missing stdint.h dependency
 e5666ed3b47c add cram based unit tests
 abe0cf7de053 add initial GitLab CI support
 e43042507b4f iron out extra compiler warnings
 5df0cd6e1523 convert into CMake project
 a7dc0526f819 refactor into separate Git project

adds missing PKG_LICENSE field and converts the package build to utilize
CMake.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-11 16:37:13 +01:00
Jo-Philipp Wich
aa89bdcd04 rpcd: update to latest Git HEAD
77ad0de plugin: avoid truncating numeric values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-10 21:35:00 +01:00
Michael Heimpold
2249780fb7 procd: start additional consoles during hotplugging
Now that 'start-console' procd command has reached the main repo,
we can add a rule to start consoles on serial devices which are
created when USB gadget driver reports creation with hotplugging.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-11-09 12:56:30 +01:00
Hauke Mehrtens
6ffd8a8f92 usign: Activate LTO compile option
This decreases the size of the usign application by 16% on MIPS BE.

old:
24,597 /usr/bin/usign

new:
20,501 /usr/bin/usign

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:54 +01:00
Hauke Mehrtens
1eb34b7287 mtd: Activate LTO compile option
This decreases the size of the mtd application by 25% on MIPS BE.

old:
20,597 /sbin/mtd

new:
16,421 /sbin/mtd

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:52 +01:00
Hauke Mehrtens
a43a40c49e uci: update to latest to version 2019-11-08
fc417e8 build: Add -Wclobbered to detect problems with longjmp
2c8e4a3 util: Fix error path

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:56:43 +01:00
Hauke Mehrtens
6f3a293532 procd: Update to version 2019-11-02
f47622e instance: Warn about unexpected number of parameters
564ecdf instance: ujail: Fix allocated size for no_new_privs parameter
7fb2e1d procd: simplify code in procd_inittab_run
4a127c3 procd: replace exit(-1) with exit(EXIT_FAILURE)
bc0a73e procd: add upgraded binary to .gitignore
ba4c4db procd: add start-console support
3e39fe5 procd: shift arguments for askfirst only once
5d62829 procd: skip respawn in case device disappeared
d27949f procd: guard fork_worker calls

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-03 20:25:07 +01:00
Yousong Zhou
e4af39d563 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-03 04:25:37 +00:00
Jo-Philipp Wich
c2675bb0ce rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01 13:26:59 +01:00
Hans Dedecker
bf4ffa3cbe procd: update to latest git HEAD
258aa04 procd: Add cached and available to memory table

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-22 21:47:34 +02:00
Petr Štetiar
ed67b137c7 urngd: update to latest Git head
* 40f939d57c67 Tag version 1.0.1
 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
 * 193586a25adc Fix wrong types in format strings used in debug build
 * d474977bb611 Add initial GitLab CI support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-21 22:04:20 +02:00
Alin Nastac
ddf6ec29b4 procd: allow usage of * as procd_running() instance parameter
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.

jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2019-10-18 19:28:11 +02:00
Jo-Philipp Wich
889b841048 fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-17 17:07:12 +02:00
Jo-Philipp Wich
2a603cfcfc rpcd: update to latest Git HEAD
95f0973 file: increase minimum read buffer size to 4096 bytes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-21 15:04:18 +02:00
Hauke Mehrtens
81e93fff7d usign: update to latest Git HEAD
f34a383 main: fix some resource leaks

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens
541a321070 fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00