| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need
to check if the current kernel supports swap before trying to configure
zram-swap, as opkg can't check for kernel dependencies.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 565dfeb1280343fb3f838581169e5d7a1c947862)
|
| |
|
|
|
|
|
|
| |
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
ccb7517 sys: packagelist: drop ABI version from package name
(cherry picked from commit da339a6d3f78f86bb653f29dd1d1aea8351bfdad)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
d71856a pkg: pass-through ABIVersion to status file
d3a63b3 libopkg: add option to strip ABI versions from listed names
5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies
(cherry squashed from commit 6a7a1f1c64cb307aef561b66956d32867b119a24,
commit 988ed0080284903d1fe4851c5ae8f1238bc61da2 and
commit b5f6d20560b71025d376cb3052f1d1c2e92b409d)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a857b45 resolv/locale: eventually this should be more efficient
11ed281 some more optimization
764a475 add redundant calls to file.search_conffile_dirs()
7d4558e fs: treat devtmpfs that same as tmpfs
81b677e adds irqbalance skeleton
5506244 irqbalance rules
cc96cd8 adds usbutil and gtpfdisk skels
01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
d6d1e7d usbutil: output to terminal
da576fa fsck, gptfdisk and usbutil rules
09b39e9 unbound
241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
af0fe90 adds label for tcsh
160f79e adds tcpdump
6d02b96 adds coreutil execfile for busybox alternatives
ac54884 coreutilexecfile: these are known to require privileges, so exclude
8cb3b66 adds chrootexecfile
6d329d3 this saves 9KiB and its a bit more robust
88e2425 move addpart/delpart/partx to gptfdisk.cil
261012d ntphotplug: reads ubox data files
0473ace various
740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
b8156cd adds a note about how i forgot to target blockd
6e82ab8 adds blockd and related
254ff43 Makefile: exclude blockd from mintesttgt
4dc6bc2 pppd update related and unbound-odhcp rules
3d7da7a igmpproxy tidy some loose ends
c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
5a18967 adds igmpproxy skeleton
7e6a218 logread: support resolving dns names
e39ca8b netifd: add support for /etc/udhcpc.user
7952bd0 odhcp6c: support /etc/odhcp6c.user
ba0eb4e swconfig, fwenv, agent
4556b8a pppd cosmetic
9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
417b14a ttydev: add some more ttyUSB
ed739dc example: dont depend on policycoreutils
97613f9 dropbear: using dropbear as scp: dns name resolving
12c193b dropbear tcp connect ssh ports for scp
c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
8c5de35 this is a bug
8d5c463 uhttpd rcboot rcdnsmasq
094266e hostapd and wpa_supplicant
aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
24f0406 dropbear: allow it to read tmp.fs files
2901433 firstboot mkfsf2fs rcboot
2c4afb7 blockmount mmc
465ca98 adds industrial i/o (iio) nodedev
82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
7df78bd ubus: "support" older ubusd versions that run as root
4458bce swconfig: allow using terminal (to print output)
e8d606d sslcert: openssl linked: this shaves off 200 bytes
93afffb jshn ntpdhotplug
0b847f0 wpad: reads /etc/ssl/openssl.cnf
f14ee34 indent fix
a0c7cad mtd, uhttpd, ubus and ntpdhotplug
d74f98f adds a not about checkreqprot requirement in some scenarios
affacce example: add policycoreutils-setfiles for make check
4f944dc kmodloader and fwenv:
efe36a3 netifd: adds a comment/reminder
581b087 more fw_printenv loose ends
30177a4 fw_setenv: needs mtd write access to set and delete env
da28f4c fw_printenv: some minor clean ups
a062053 fw_printenv missing rules
244ba5f blockmount: extroot and /rwm
0745a6a squid: allow squid to run sslcrtd with domain transition
b851df6 squid fix
8c55acd squid: adds certfile and allow connect http but...
b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
5ff39bd squid: forgot about luci
5366c97 squid/rcsquid some basic fill in
8743da6 squid skeleton
687a43b adds squid 3128 port to httpproxy port
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry squashed from commit 3ffc30f05aef1a72bc16af8665032164b152fc15
and commit 41a8f093fb26f372fc94e0016cf544ac65718b0b)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1bf6d70e60fdb45d81a8f10b90904cef38c73f70)
|
| |
|
|
|
|
|
|
| |
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 75455b75a7ee)
|
| |
|
|
|
|
| |
2537be018587 cmake: add a possibility to set library version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Add per-subsystem ubus objects exposing hotplug-call.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
0aee1c3 hotplug.c: set nl_pid to zero
d6dda31 procd: fix compiler warning
92c8e8f jail: remove duplicate check for hook file permissions
0a74c06 jail: only output BPF instr. table header if debugging
fd18379 jail: cgroups: fix uninitialized variabl
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the ca-certificates and ca-bundle package from version 20200601 to
version 2021019.
This version uses Python 3 for the build, fixing a build issue on systems,
where `/usr/bin/python3` is a wrapper script [1].
Debian change-log entry [2]:
> [ Julien Cristau ]
> * New maintainer (closes: #976406)
> * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate
> authority
> bundle to version 2.46.
> The following certificate authorities were added (+):
> + "certSIGN ROOT CA G2"
> + "e-Szigno Root CA 2017"
> + "Microsoft ECC Root Certificate Authority 2017"
> + "Microsoft RSA Root Certificate Authority 2017"
> + "NAVER Global Root Certification Authority"
> + "Trustwave Global Certification Authority"
> + "Trustwave Global ECC P256 Certification Authority"
> + "Trustwave Global ECC P384 Certification Authority"
> The following certificate authorities were removed (-):
> - "EE Certification Centre Root CA"
> - "GeoTrust Universal CA 2"
> - "LuxTrust Global Root 2"
> - "OISTE WISeKey Global Root GA CA"
> - "Staat der Nederlanden Root CA - G2" (closes: #962079)
> - "Taiwan GRCA"
> - "Verisign Class 3 Public Primary Certification Authority - G3"
>
> [ Michael Shuler ]
> * mozilla/blacklist:
> Revert Symantec CA blacklist (#911289). Closes: #962596
> The following root certificates were added back (+):
> + "GeoTrust Primary Certification Authority - G2"
> + "VeriSign Universal Root Certification Authority"
>
> [ Gianfranco Costamagna ]
> * debian/{rules,control}:
> Merge Ubuntu patch from Matthias Klose to use Python3 during build.
> Closes: #942915
[1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148
[2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This drops the shebang from another bunch of files in various /lib
folders, as these are sourced and the shebang is useless.
Fix execute bit in one case, too.
This should cover almost all trivial cases now, i.e. where /lib is
actually used for library files.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
| |
fd017ba iwinfo: add ht and vht operation info to wifi scan
4c66b31 iwinfo: export center channel for info ubus call
e28d4a5 iwinfo: add support for 802.11ad and GCMP
5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
ea7f471 iwinfo: include ht_operation data only if available
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 190e7939639846b86ab487c50169963382720e2b.
This update introduces a potential null-pointer deref with subsequent rpcd
crash when querying wireless info for non-nl80211 wdevs.
Additionally it wrongly includes ht frequency information for non-ht BSSes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
| |
fd017ba iwinfo: add ht and vht operation info to wifi scan
4c66b31 iwinfo: export center channel for info ubus call
e28d4a5 iwinfo: add support for 802.11ad and GCMP
5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The usual OpenWrt-way of writing the JFFS2-marker in order to have
a filesystem erased at the next boot fails on UBIFS volumes due to
UBI being a different beast when it comes to writing.
As truncating a UBIFS volume only takes a few milliseconds and has the
desired effect of wiping-out all content of that volume, just do that
instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
9bbc7ea pkg_hash: pkg_hash_check_unresolved: fix segfault
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Zram switched to per-cpu compression streams since Linux 4.7 [1]. Drop the
irrelevant configuration (no-op).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/zram?h=v4.7&id=43209ea2d17aae1540d4e28274e36404f72702f2
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| |
|
|
|
|
|
| |
111416d jail: remove unreachable code
7f12c89 treewide: replace local mkdir_p implementations
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz
4862530 mount: restorecon: guard against execl() errors
f415323 block: replace local mkdir_p implementation
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
efb26a3 libopkg: remove "extra_data" option
1d67ab7 libopkg: remove support for "dist" config
Reduces opkg size by about 400 Bytes.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
| |
fixes "file no found" error on stripped down images, caused by prod.sh:43.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
| |
|
|
|
|
| |
6acc48c early: fall-back to run ubus as root if user can't be found
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
d1d9ddf ubusd: attempt to create socket folder
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
f3c3563 jail: improve seccomp BPF generator
f67a66f jail: always call cgroups_free()
4625350 jail: seccomp: improve code readability
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
3019f50 jail: leak less memory
7e01453 jail: fix segfault on missing name and refactor
5abee8f jail: fix and simplify userns uid/gid maps from OCI
4ba72ec jail: relax /etc/resolv.conf creation
db5ef86 jail: don't use NULL arguments for mount syscall
19ac9df jail: don't fail if can't mount-bind /etc/resolv.conf
acf36f2 jail: seteuid before clone(CLONE_NEWUSER)
e40828f jail: fix typo in usage output
b87984b jail: don't attempt to mount /sys with noatime
b275b11 jail: enter existing cgroups namespace if given
31e0a46 jail: properly initialize timens_fd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
66f458d fix md5sum calculation
02eaf9c man: remove obsolete manual pages
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
|
|
|
| |
61b3c62 opkg_verify_integrity: better logging and error conditions
f73d42f download: purge cached packages that have incorrect checksum
1c1480e download: factor out the logic for building cache filenames
293b1ce libopkg: factor out checksum and size verification
a786e25 download: remove compatibility with old cache naming scheme
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
| |
d4d78db uxc: also delete procd runtime state on 'delete'
e935c0c jail: add 'debug' extern variable to preload_seccomp
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 9eb9943f82e0b2d5e32ffe1c63f5a82caca5094d.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
04a2edd uxc: make force-delete kill container process
be6da62 seccomp: silence 'unknown syscall' warnings
b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2
df7fa7b uxc: fix incomplete commit
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
d8f36f5 seccomp: specifying architectures is optional
d352e6e seccomp: switch to new OCI compliant parser
c110405 trace: switch to OCI seccomp JSON output
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Make sure exit value of this script is zero. Or the file won't be deleted.
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |
|
|
|
|
|
| |
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |
|
|
|
|
| |
b0de894 jail: fix capabilities
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
2f381fe jail: guard boolean blobmsg attributes
602b8fa jail: add option for pidfile
bba6de7 jail: handle mount propagation flags
6963d50 jail: relax seccomp unknown syscall handling
e1fcfdc jail: add support for absolute root path in OCI spec
257f29b jail: don't fail if maskedPath cannot be found
75f2374 uxc: mimic runc cmdline by using getopt_long
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
da9746a libopkg: clean up handling of unresolved dependencies
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |
|
|
|
|
|
|
|
|
| |
The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.
Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.
Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Use new `extra_command` wrapper to fix the alignement.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
8769c75 pkg_hash: don't suggest incompatible packages
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
I've forget to update PKG_MIRROR_HASH in my previous package version
bump.
Fixes: 095cc2b7454a ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
52bbc99f69ea Replace malloc() + memset() with calloc()
3fbd6c923434 ucimap: Check return of malloc()
eae126f66663 file: Check buffer size after strtok()
7f574273180a file: use size_t for position and pointer
19770b6949b9 file: use dynamic memory allocation for tempfile name
aa46546794ac file: uci_file_commit: fix memory leak
671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler
ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus
31f78bfbf75f cmake: add uci-san cli built with clang sanitizers
a3e650911f5e file: uci_parse_package: fix heap use after free
9bd361ca3236 tests: add libFuzzer based fuzzing
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
| |
ad0cd11 ubusd_acl: add support for wildcard in methods
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
ec461ff jail: mount more stuff read-only
33b799b ujail: elf: work around GCC bug on MIPS64
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
