Commit Graph

847 Commits

Author SHA1 Message Date
Christian Lamparter
1f5cbd6be7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit f611b014a7)
2020-06-09 22:46:13 +02:00
Jo-Philipp Wich
f99b1d1d92 rpcd: update to latest openwrt-19.07 Git HEAD
67c8a3f uci: reset uci_ptr flags when merging options during section add
970ce1a session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 17:29:09 +02:00
Jo-Philipp Wich
92bd395b04 Revert "rpcd: update to latest Git HEAD"
This reverts commit adf5d753ef.

Reverting this commit because it relies on a changed libiwinfo API.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 17:23:38 +02:00
Jo-Philipp Wich
adf5d753ef rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled
efe51f4 iwinfo: add current hw and ht mode to info call

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:13:47 +02:00
Matthias Schiffer
ab7e9754df
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:04:48 +02:00
Matthias Schiffer
97b522a1f9
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit e35e40ad82)
2020-05-23 13:40:25 +02:00
Hauke Mehrtens
942262f9c8
usign: update to latest Git HEAD
f34a383 main: fix some resource leaks

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 81e93fff7d)
2020-05-23 13:40:15 +02:00
Daniel Golle
d2ee15ef76 fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
    at fstools-2020-05-06-eec16e2f/block.c:1193
1193:    if (!m->autofs && (mp = find_mount_point(pr->dev))) {

Fixes: 3b9e4d6d4c ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b181294b02)
2020-05-12 13:24:23 +02:00
Jo-Philipp Wich
7e9d84ee4a opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 79da9d78b9)
2020-05-07 22:55:05 +02:00
Rafał Miłecki
3b9e4d6d4c fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c3a43753b9)
2020-05-06 17:51:38 +02:00
Rafał Miłecki
8fa4ed9ef7 fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9295ce7006)
2020-05-05 13:07:40 +02:00
Felix Fietkau
5c6dfb5bc0 fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b7d6e80fee)
2020-05-05 13:07:40 +02:00
Petr Štetiar
bf5ea2a8dc rpcd: fix respawn settings
Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.

So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.

Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 52e6fb1369)
2020-03-29 18:47:26 +02:00
Petr Štetiar
794fd4c6cf procd: turn error into debug message for missing ujail binary
Since commit 557f11b3a20f ("instance: provide error feedback if ujail
binary is missing") worrying log spam of the form "unable to find
/sbin/jail ..." may be encountered.

This corresponds with the changes done in the upstream commit
bcb86554f1b4 ("instance: add 'requirejail' attribute").

Ref: https://forum.openwrt.org/t/openwrt-19-07-2-service-release/57066
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:46:37 +01:00
Florian Eckert
e7f1313bbb rpcd: add respawn param
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 432ec292cc)
2020-03-04 09:16:43 +01:00
Jo-Philipp Wich
f6f0cd54a2 rpcd: update to latest Git HEAD
aaa0836 file: extend exec acl checks to commands with arguments

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 762aac50c0)
2020-03-04 09:16:43 +01:00
Jo-Philipp Wich
c155900f66 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c69c20c667)
2020-01-29 17:05:35 +01:00
Petr Štetiar
8038846b62 procd: update to version 2020-01-24
Get only fix backports from openwr-19.07 procd branch:

 31e4b2dfdbd7 state: fix reboot causing shutdown inside LXC container
 557f11b3a20f instance: provide error feedback if ujail binary is missing
 0a11aa405d3f instance: Fix instance_config_move_strdup() function
 44dd9419812b instance: fix typo in error message
 153820c76471 instance: fix pidfile and seccomp attributes double free

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:42:24 +01:00
Petr Štetiar
eed8f30b98 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3d8edd9bb4)
2020-01-21 20:03:43 +01:00
Petr Štetiar
1636e99e80 urngd: update to latest Git head
* 40f939d57c67 Tag version 1.0.1
 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
 * 193586a25adc Fix wrong types in format strings used in debug build
 * d474977bb611 Add initial GitLab CI support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ed67b137c7)
2020-01-21 20:03:39 +01:00
Petr Štetiar
5ca066a5c2 fstools: backport fix from version 2020-01-18
Contains only the FS#2735 fix:

 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Commit adding new feature wasn't backported (needs patched kernel anyway):

 f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 63000bfaf7)
2020-01-20 21:14:08 +01:00
Petr Štetiar
25e1afb9e1 ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 2544cb1ba3)
2020-01-14 00:21:35 +01:00
Maxim Storchak
abb0665bec ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit dd299805ad)
2020-01-05 20:05:33 +01:00
Jo-Philipp Wich
6395ac4126 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22a178e892)
2020-01-05 18:41:25 +01:00
Petr Štetiar
f3439c4019 procd: update to version 2020-01-04
Contains following changes:

 a5af33ce9a16 instance: strdup string attributes
 d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
 9814807bd71c system: sysupgrade: fix possibly misleading error
 c7a2db3c1eb6 system: sysupgrade: rework firmware validation
 ea45c4a0f07c system: fix failing image validation due to EINTR
 4fde95506243 cmake: fix lookup of external libraries
 5ed190aae1b3 jail: remove accidentally added lines
 52c5c1980ba3 jail: set user and group inside jail
 3aa051b44177 system: sysupgrade: close input side of pipe before reading
 f47622e89c4d instance: Warn about unexpected number of parameters
 564ecdfd9cc4 instance: ujail: Fix allocated size for no_new_privs parameter
 7fb2e1dfa221 procd: simplify code in procd_inittab_run
 4a127c3c60af procd: replace exit(-1) with exit(EXIT_FAILURE)
 bc0a73eaad58 procd: add upgraded binary to .gitignore
 ba4c4dbbbd65 procd: add start-console support
 3e39fe539490 procd: shift arguments for askfirst only once
 5d6282906baf procd: skip respawn in case device disappeared
 d27949f12fd7 procd: guard fork_worker calls
 258aa04328a2 procd: Add cached and available to memory table
 8e9fb51fa66e procd: Switch to nanosleep
 c844ace9729a system: Fix possible integer overflows

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 17:50:10 +01:00
Petr Štetiar
64c45d95d6 ubus: update to version 2019-12-27
Contains following changes:

 041c9d1c052b ubusd/libubus-io: fix socket descriptor passing
 8f2292478c57 ci: enable unit testing
 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks
 2e051f628996 ubus: Support static builds
 588baa3cd784 ubusd: retry sending messages on EINTR
 76ea27a62774 libubus: attempt to receive data before calling poll
 4daab27d004f libubus: do not abort recv_retry before completing a message

and bumps ABI_VERSION to 20191227.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 17:50:10 +01:00
Jo-Philipp Wich
e50d44d985 fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5f4244150f)
2019-12-23 07:33:55 +01:00
Rafał Miłecki
6a151d6558 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4ebc9dc9c4)
2019-12-23 07:33:55 +01:00
Yousong Zhou
43c5927312 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit e4af39d563)
2019-12-23 07:33:55 +01:00
Hauke Mehrtens
f7779d64ba fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 541a321070)
2019-12-23 07:33:55 +01:00
Daniel Golle
06bf1a9b67 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9c272dd3e4)
2019-11-30 20:20:54 +01:00
Hauke Mehrtens
a4d798e8dd usign: Activate LTO compile option
This decreases the size of the usign application by 16% on MIPS BE.

old:
24,597 /usr/bin/usign

new:
20,501 /usr/bin/usign

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6ffd8a8f92)
2019-11-30 00:18:50 +01:00
Hauke Mehrtens
5cb845ebfe mtd: Activate LTO compile option
This decreases the size of the mtd application by 25% on MIPS BE.

old:
20,597 /sbin/mtd

new:
16,421 /sbin/mtd

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1eb34b7287)
2019-11-30 00:18:40 +01:00
Jo-Philipp Wich
42aa51a898 rpcd: update to latest Git HEAD
77ad0de plugin: avoid truncating numeric values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit aa89bdcd04)
2019-11-10 21:36:48 +01:00
Jo-Philipp Wich
466d499d03 rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c2675bb0ce)
2019-11-01 13:27:50 +01:00
Jo-Philipp Wich
c987955f82 rpcd: update to latest Git HEAD
95f0973 file: increase minimum read buffer size to 4096 bytes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2a603cfcfc)
2019-10-18 12:19:34 +02:00
Jo-Philipp Wich
d04c07003d rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d6a405280f)
2019-10-18 12:19:23 +02:00
Jo-Philipp Wich
5bd83825ad rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2f9f8769e3)
2019-10-18 12:19:08 +02:00
Jo-Philipp Wich
07dcbfa6e8 fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 889b841048)
2019-10-17 17:08:09 +02:00
Jo-Philipp Wich
9cae5a8289 procd: fix invalid JSON filter expression in procd_running()
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c933b6d224)
2019-09-19 07:21:47 +02:00
Rafał Miłecki
ad8b11213a procd: update to the latest git HEAD
62dc8c0 system: sysupgrade: send reply on error
2710c65 system: refuse sysupgrade with backup if it's unsupported

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 04e912d217)
2019-09-18 07:35:04 +02:00
Rafał Miłecki
f69b855a75 procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9785a9121d)
2019-09-16 05:56:25 +02:00
Rafał Miłecki
af7c186ead procd: update to the latest git HEAD
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code

This update includes a fix for uninitialized variable usage.

Fixes: db5164d3d0 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e8dcbbc865)
2019-09-06 08:11:13 +02:00
Rafał Miłecki
db5164d3d0 procd: update to the latest git HEAD
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method

This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7290963d09)
2019-09-04 13:47:36 +02:00
Hauke Mehrtens
0d4ab1559a uci: update to latest Git HEAD
415f9e4 uci/file: replace mktemp() with mkstemp()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aa962a622)
2019-09-04 13:46:30 +02:00
Jo-Philipp Wich
fe34c2538b rpcd: update to latest Git HEAD
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 02169bd3f8)
2019-09-04 13:45:49 +02:00
Hans Dedecker
5f472afa2b procd: fix compile issue with glibc (FS#2469)
0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 6e45ba4699)
2019-09-04 13:43:44 +02:00
Rafał Miłecki
4e85dc95b0 procd: update to latest git HEAD
9558031 system: support passing "options" to the "sysupgrade" ubus method

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2b1a6d263c)
2019-09-04 13:42:22 +02:00
Hans Dedecker
f7b53dfb2a procd: update to latest git HEAD (FS#2425)
8323690 state: fix shutdown when running in a container (FS#2425)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d9364c1cbc)
2019-09-04 13:36:24 +02:00
Jeffery To
cc7560eb22 build: include BUILD_VARIANT in PKG_BUILD_DIR
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.

This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e545fac8d9)
2019-09-04 13:35:17 +02:00