aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
* procd: fix jail when running on glibcDaniel Golle2020-04-191-3/+3
| | | | | | d200b70 jail: include /etc/nsswitch.conf in jail for glibc. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: jail fixes and improvementsDaniel Golle2020-04-141-3/+3
| | | | | | | | | | | 32c717e jail: only mess with rootfs if CLONE_NEWNS was set b275a62 instance: harmonize instance API 511fd97 jail: make /proc more secure 4953b7c jail: mount /sys read-only a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay a4cc165 jail: always mount /dev as additional tmpfs Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: bump to latest HEADDaniel Golle2020-04-092-4/+7
| | | | | | | | | | | | 2188d81 jail: add support for launching extroot containers 6f3dbd2 jail: add support for userns and cgroupsns 28a06e5 jail: add support for (ram-)overlayfs Add handling for extroot, overlaydir and tmpoverlaysize as well as jail flags for userns and cgroupsns to OpenWrt's shell script to allow their use in init scripts. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: fix respawn settingsPetr Štetiar2020-03-161-1/+1
| | | | | | | | | | | | | | | | | | | Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced infinite restarting of the service which could be reached over network. This is not recommended security practice as it might give potential adversary infinite number of tries in case there might be some issue in the rpcd or its surrounding stack. So lets remove the currently bogus `respawn_retry` variable (it wasn't possible to override it anyway), reverting to the previous default max. of 5 service restarts which could be now overriden via system's UCI settings if desired. Cc: Jo-Philip Wich <jow@mein.io> Cc: Florian Eckert <fe@dev.tdt.de> Cc: Hauke Mehrtens <hauke@hauke-m.de> Fixes: 432ec292ccc8 ("rpcd: add respawn param") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADDaniel Golle2020-03-131-4/+4
| | | | | | 77a6782 jail: mount-bind /etc/resolv.conf for non-netns jails Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: actually wire-up netns supportDaniel Golle2020-03-122-1/+2
| | | | | | | | When support for network namespaces was added to procd, adding the corresponding jail flag in procd.sh was ommitted. Add it now. Fixes: 97a03a4760 ("procd: update to latest git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* urngd: avoid PKG_NAME in define linesSungbo Eo2020-02-231-4/+4
| | | | | | | | | > Avoid reuse of PKG_NAME in call, define and eval lines for consistency and > readability. Write the full name instead. Ref: https://openwrt.org/docs/guide-developer/packages Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* urandom-seed: avoid PKG_NAME in define linesSungbo Eo2020-02-231-2/+2
| | | | | | | | | > Avoid reuse of PKG_NAME in call, define and eval lines for consistency and > readability. Write the full name instead. Ref: https://openwrt.org/docs/guide-developer/packages Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* brcm63xx: rename target to bcm63xxAdrian Schmutzler2020-02-141-1/+1
| | | | | | | | | | This change makes the names of Broadcom targets consistent by using the common notation based on SoC/CPU ID (which is used internally anyway), bcmXXXX instead of brcmXXXX. This is even used for target TITLE in make menuconfig already, only the short target name used brcm so far. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* brcm47xx: rename target to bcm47xxAdrian Schmutzler2020-02-142-2/+2
| | | | | | | | | | This change makes the names of Broadcom targets consistent by using the common notation based on SoC/CPU ID (which is used internally anyway), bcmXXXX instead of brcmXXXX. This is even used for target TITLE in make menuconfig already, only the short target name used brcm so far. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: seccomp: fix resource leakKevin Darbyshire-Bryant2020-02-111-3/+3
| | | | | | | | Bump to latest commit: c30b23e seccomp: fix resource leak Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uci: fix PKG_SOURCE_VERSION valueHans Dedecker2020-02-091-1/+1
| | | | | | Fixes PKG_SOURCE_VERSION value which was wrongly set in commit f6e07c8284 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADHans Dedecker2020-02-091-2/+2
| | | | | | | | Fixes c0c988e179a75d33c82ed0621d954fc0ac2c0c14 bcb8655 instance: add 'requirejail' attribute Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: support 'requirejail' attributeKevin Darbyshire-Bryant2020-02-042-2/+3
| | | | | | | | | | | | | | | | Bump procd package to reduce log spam related to missing jail binaries in a non-jail capable system. bcb8655 instance: add 'requirejail' attribute An additional jail attribute 'requirejail' can now be used to indicate mandatory use of a jailed environment and hence prevent process startup in the event that the jail subsystem is unavailable. Procd will now only log errors if jail is unavailable and 1) is a mandatory requirement or 2) a procd debug level of at least 2 is in use. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uci: update to version 2020-01-27Hans Dedecker2020-02-021-5/+4
| | | | | | | e8d8373 file: fix segfault in uci_parse_option aa5e77a file: fix segfault in uci_parse_config Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* opkg: update to latest Git HEADJo-Philipp Wich2020-01-291-3/+3
| | | | | | | | 80d161e opkg: Fix -Wformat-overflow warning c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums Fixes: CVE-2020-7982 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to version 2020-01-24Petr Štetiar2020-01-241-3/+3
| | | | | | | | 00aafc4f439e procd: show process's exit code 856b5f8be046 state: fix reboot causing shutdown inside LXC container b44417c20c7f instance: provide error feedback if ujail binary is missing Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fstools: update to version 2020-01-21Petr Štetiar2020-01-211-3/+3
| | | | | | deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)" Signed-off-by: Petr Štetiar <ynezz@true.cz>
* urngd: update to version 2020-01-21Petr Štetiar2020-01-211-3/+3
| | | | | | | c7f7b6b65b82 Tag version 1.0.2 236b7a0aef21 Fix blocked entropy generation Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADDaniel Golle2020-01-211-4/+4
| | | | | | | | | | | | | 58c12f7 jail: add basic support for network namespaces ba69639 jail: create resolv.conf symlink for netns jails 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/ Add new 'netns' flag for procd_add_jail to make ujail setup a new network namespace for the jailed service. See previous netifd commit for example configuration for netns jailed service. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to version 2020-01-18Petr Štetiar2020-01-201-3/+3
| | | | | | | f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images) 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zram-swap: support swap priorityMaxim Storchak2020-01-152-2/+4
| | | | | | | | If zram-backed swap is added after an existing swap, it gets a lower priority. Assiming that usually all other swaps are slower, there should be a way to assign a higher priority to zram swap. Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* rpcd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | This activates PIE ASLR support by default when the regular option is selected. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: procd Installed-Size: 44931 -> 47362 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: activate PIE ASLR by defaultPetr Štetiar2020-01-141-1/+2
| | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: ubus Installed-Size: 5602 -> 5950 ubusd Installed-Size: 11643 -> 12119 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | efe51f4 iwinfo: add current hw and ht mode to info call Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ubus: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | d35df8a ubus: make libubus ready for linking into C++ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: update to latest Git HEADJo-Philipp Wich2020-01-051-3/+3
| | | | | | 823faa0 block: re-discover mtd devices on extroot mount retry Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to version 2020-01-04Petr Štetiar2020-01-051-3/+3
| | | | | | | | | | | a5af33ce9a16 instance: strdup string attributes d2e8bf6ef7cf system: watchdog_set: fix misleading indentation 9814807bd71c system: sysupgrade: fix possibly misleading error c7a2db3c1eb6 system: sysupgrade: rework firmware validation ea45c4a0f07c system: fix failing image validation due to EINTR 4fde95506243 cmake: fix lookup of external libraries Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubox: update to version 2019-12-31Hans Dedecker2019-12-311-3/+3
| | | | | | 0e34af1 kmodloader: added -a arg to modprobe Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: fix running jailed non-root processDaniel Golle2019-12-301-4/+4
| | | | | | | | | Setting user and group for a jailed process caused the jail not to come up. Fix this by passing user and group to ujail and change user only once the jail has been setup. This allows jailing services which refuse to run as root user. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubox: update to latest git HEADHans Dedecker2019-12-281-3/+3
| | | | | | | | b30e0df kmodloader: print an error when no kernel module dir can be found 17689b6 logread: add option to filter for facilities c9ffeac kmodloader: added -v arg to modeprobe Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ubus: update to version 2019-12-27Petr Štetiar2019-12-281-4/+4
| | | | | | | Fixes socket descriptor passing and bumps ABI_VERSION to 20191227. Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: update to version 2019-12-19Petr Štetiar2019-12-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Contains following changes: a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed dac6c7c575ac ubusd_monitor: fix possible null pointer dereference 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include c5f2053dfcfd workaround possibly false positive uses of memory after it is freed 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error a995b1e68129 lua: workaround false positive dereference of null pointer 08f17c87a000 add fuzzer and cram based unit tests c413be9b376c refactor ubusd.c into reusable ubusd_library afd47189e864 examples: remove dead increments b2e544238672 add initial GitLab CI support 058f4e9526ed libubus: fix incompatible pointer types assigment d2e026a33df8 iron out all extra compiler warnings 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning d61282db5640 ubusd: fix comparison of integers of different signs 90fb16234c22 cmake: enable extra compiler checks and bumps ABI_VERSION to 20191219. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ucert: update to version 2019-12-19Petr Štetiar2019-12-261-3/+3
| | | | | | | | | | | | | | 14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted 19a7225ac018 fix leaking memory in cert_dump_blob 9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker 4462ff9dedfa add cram based unit tests 5fe64b5606aa cmake: split usign bits into static library 5d7626a2b6d8 cmake: reindent the file e284ed941972 cmake: enable hardening compiler flags and fix the reported issues 7e5390666347 add initial GitLab CI support fa0bf4ef45b1 cmake: add proper include and library dependencies Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: add respawn paramFlorian Eckert2019-12-232-1/+2
| | | | | | | | | | The rpcd service is an important service, but if the service stops working for any reason, no one will ever respawn that service. With this commit, the procd service will monitor if the rpcd service is running. If the rpcd service has crashed, then procd respawns the rpcd service. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* ca-certificates: provide ca-certs by both ca-certificates and ca-bundleMaxim Storchak2019-12-231-2/+4
| | | | | | | | | - both packages provide ca-certs - make ca-bundle the default provider This should allow easy transition between these two forms of CA certificates storage Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* fstools: update to latest git HEADJo-Philipp Wich2019-12-221-3/+3
| | | | | | | b4e25d5 libblkid-tiny: fix symbol collision with full libblkid Fixes: FS#2691, FS#2692 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: update to latest git HEADRafał Miłecki2019-12-201-3/+3
| | | | | | | | | | | | 111a43f libblkid-tiny: vfat: Change parsing label in special cases f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05 157924d libblkid-tiny: add blkid_probe_set_id_label() stub 0c5761f libblkid-tiny: use separated buffer for each block device read b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct 12851d6 blockd: don't flush devices list on "hotplug" call 5ea47fe blockd: fix vlist memory corruption Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uci: update to latest Git HEADPetr Štetiar2019-12-191-4/+5
| | | | | | | | | | | 165b44413145 uci: Fix extra semicolons warnings 66264ed9ec9e cmake: add more hardening compiler flags cca6f105fae2 libuci: refactor uci_get_errorstr 750b046eb77f tests: cram: Lua: add test case for uci_get_errorstr 654d7c33da28 lua: add missing forward declaration 03dfbbe6fef7 cli: fix format string clang-10 warning Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-12-171-3/+3
| | | | | | aaa0836 file: extend exec acl checks to commands with arguments Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucert: update to latest git HEADDaniel Golle2019-11-291-3/+3
| | | | | | | | | | | | e4bd927 cast ucert_argv to proper type when passing to execv Fixes warnings: warning: passing argument 2 of 'execv' from incompatible pointer type [-Wincompatible-pointer-types] 254 | execv(usign_argv[0], usign_argv) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to latest git HEADHans Dedecker2019-11-261-3/+3
| | | | | | 3aa051b system: sysupgrade: close input side of pipe before reading Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fwtool: update to latest Git headPetr Štetiar2019-11-141-3/+3
| | | | | | 8f7fe925ca20 cmake: use extra compiler warnings only on gcc6+ Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uci: update to latest Git headPetr Štetiar2019-11-141-3/+3
| | | | | | | | | | | | | | | | | | | | | | | 8dd50da20de0 lua: fix error handling a2cab3b088a2 ucimap: fix possible use of memory after it is freed 9cf978bc7964 delta: prevent possible null pointer use 7736f497d2d9 cli: remove unused variable assigment 39093f3b040d lua: fix memory leak in set method 19ceff323f1e lua: fix memory leak in changes method 18049a84fe40 tests: add cram based unit tests 2b549cc050de lua: fix copy&paste in error string f5dd5217d627 cli: fix realloc issue spotted by cppcheck af59f86a0db9 iron out all extra compiler warnings 1637d2918692 tests: shunit2: run all tests under Valgrind by default c1af73bfb023 cmake: enable extra compiler checks be69504e3666 cmake: build Lua module only if enabled 38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck 266fc9e94c1e add initial GitLab CI support 17d6144a49c6 tests: shunit2: make it working under CMake a6e8bbefd860 cmake: add unit testing option and shunit2 tests 0ca93fec701a test: move shunit2 tests under standalone subdirectory Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fwtool: update to latest Git headPetr Štetiar2019-11-115-681/+11
| | | | | | | | | | | | | | | | | | Includes following changes: 9d9d4c284786 fix possible garbage in unitialized char* struct members dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header 76d53deef8bb crc32: add missing stdint.h dependency e5666ed3b47c add cram based unit tests abe0cf7de053 add initial GitLab CI support e43042507b4f iron out extra compiler warnings 5df0cd6e1523 convert into CMake project a7dc0526f819 refactor into separate Git project adds missing PKG_LICENSE field and converts the package build to utilize CMake. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-11-101-3/+3
| | | | | | 77ad0de plugin: avoid truncating numeric values Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: start additional consoles during hotpluggingMichael Heimpold2019-11-092-1/+5
| | | | | | | | Now that 'start-console' procd command has reached the main repo, we can add a rule to start consoles on serial devices which are created when USB gadget driver reports creation with hotplugging. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* usign: Activate LTO compile optionHauke Mehrtens2019-11-081-0/+3
| | | | | | | | | | | | This decreases the size of the usign application by 16% on MIPS BE. old: 24,597 /usr/bin/usign new: 20,501 /usr/bin/usign Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mtd: Activate LTO compile optionHauke Mehrtens2019-11-081-1/+2
| | | | | | | | | | | | This decreases the size of the mtd application by 25% on MIPS BE. old: 20,597 /sbin/mtd new: 16,421 /sbin/mtd Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 11:24:56 +0000