aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
...
* mtd: enable wrgg support for ath79Stijn Tintel2020-06-111-1/+1
| | | | | | This is required for the D-Link DAP-2695-A1. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ca-certificates: update to version 20200601Christian Lamparter2020-06-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* procd: update to git HEADDaniel Golle2020-05-281-3/+3
| | | | | | | b84a329 jail: use sane termios settings for console pts b9b39e2 jail: handle containers seperately Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: update to latest Git HEADJo-Philipp Wich2020-05-261-4/+4
| | | | | | | 078bb57 uci: reset uci_ptr flags when merging options during section add 3df62bc session: deny access if password login is disabled Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucert: update to latest git HEADMatthias Schiffer2020-05-241-3/+3
| | | | | | | | | | | | | | | | | | | | 00b921d80ac0 Do not print line number in debug messages 96c42c5ed320 Fix length checks in cert_load() fe06b4b836b3 usign-exec: improve usign -F output handling 19f9e1917e1b usign-exec: return code fixes 077feb5b5824 usign-exec: close writing end of pipe early in parent process 7ec4bb764e1e usign-exec: remove redundant return statements 5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17] 112488bbbccc usign-exec: do not close stdin and stderr before exec 38dcb1a6f121 usign-exec: fix exec error handling a9be4fb17df2 usign-exec: simplify usign execv calls 854d93e2326a Introduce read_file() helper, improve error reporting afc86f352bf7 Fix return code of write_file() fdff10852326 stdout/stderr improvements dddb2aa8124d ci: fix unit test failures by enabling full ucert build 5f206bcfe5c2 ci: enable unit testing Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* usign: update to latest git HEADMatthias Schiffer2020-05-231-3/+3
| | | | | | f1f65026a941 Always pad fingerprints to 16 characters Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* mtd: add linksys_bootcount for ramipsDavide Fioravanti2020-05-171-1/+1
| | | | | | | | | | | | | Reset bc is needed for Linksys EA7500 v2's dual boot. Size impact (tested with Linksys EA7500 v2 @ mt7621): mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes) initramfs: 3660350 -> 3660688 (338 bytes) Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> [add size impact information] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: jail: fix segfault and add console featureDaniel Golle2020-05-152-3/+17
| | | | | | | | 2e73848 jail: SIGSEGV must not be forwarded to the child process 7e150f6 jail: unnamed jails can not have netns (fix segfault) 1ab539b jail: add option to provide /dev/console to containers Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: replace backticks by $(...)Adrian Schmutzler2020-05-132-3/+3
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* fstools: blockd: fix segfault triggered by non-autofs mountsDaniel Golle2020-05-121-3/+3
| | | | | | | | | | Program received signal SIGSEGV, Segmentation fault. main_autofs (argv=<optimized out>, argc=<optimized out>) at fstools-2020-05-06-eec16e2f/block.c:1193 1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) { Fixes: c3a43753b9 ("fstools: update to the latest version") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to latest Git HEADJo-Philipp Wich2020-05-071-3/+3
| | | | | | | | | | | f2166a8 libopkg: implement lightweight package listing logic cf4554d libopkg: support passing callbacks to feed parsing functions 2a0210f opkg-cl: don't read feeds on opkg update b6f1967 libopkg: use xsystem() to spawn opkg-key 60b9af2 file_util.c: refactor and fix checksum_hex2bin() 206ebae file_util.c: fix possible bad memory access in file_read_line_alloc() Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: update to the latest versionRafał Miłecki2020-05-061-3/+3
| | | | | | | | | eec16e2 blockd: add optional "device" parameter to "info" ubus method 9ab936d block(d): always call hotplug.d "mount" scripts from blockd 4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20) Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* fstools: update to the latest versionRafał Miłecki2020-05-051-3/+3
| | | | | | | | | | 8b9e601 block: always use st_dev (device ID) of / when looking for root 37c9148 block: simplify check_extroot() a bit d70774d block: add some basic extroot documentation 32db27d Revert "block: support hierarchical mount/umount" 0b93429 Revert "block: mount_action: handle mount/umount deps" Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uci: update to latest git HEADHans Dedecker2020-04-301-3/+3
| | | | | | ec8d323 file: preserve original file mode after commit Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: extend requirejail attribute handlingDaniel Golle2020-04-251-3/+3
| | | | | | | | e2ed964 jail: don't fail unless requirejail is set 17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist Fixes openwrt/packages#11913 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to the latest versionFelix Fietkau2020-04-221-3/+3
| | | | | | | | | | 84965b92f635 blockd: print symlink error code and string message 62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts d1f1f2b38fa1 block: remove mount target file if it's a link 830441d790d6 blockd: remove symlink linkpath file if it's a dir or link c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ubus: update to latest git HEADHans Dedecker2020-04-201-3/+3
| | | | | | 171469e lua: avoid truncation of large numeric values Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: fix jail when running on glibcDaniel Golle2020-04-191-3/+3
| | | | | | d200b70 jail: include /etc/nsswitch.conf in jail for glibc. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: jail fixes and improvementsDaniel Golle2020-04-141-3/+3
| | | | | | | | | | | 32c717e jail: only mess with rootfs if CLONE_NEWNS was set b275a62 instance: harmonize instance API 511fd97 jail: make /proc more secure 4953b7c jail: mount /sys read-only a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay a4cc165 jail: always mount /dev as additional tmpfs Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: bump to latest HEADDaniel Golle2020-04-092-4/+7
| | | | | | | | | | | | 2188d81 jail: add support for launching extroot containers 6f3dbd2 jail: add support for userns and cgroupsns 28a06e5 jail: add support for (ram-)overlayfs Add handling for extroot, overlaydir and tmpoverlaysize as well as jail flags for userns and cgroupsns to OpenWrt's shell script to allow their use in init scripts. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: fix respawn settingsPetr Štetiar2020-03-161-1/+1
| | | | | | | | | | | | | | | | | | | Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced infinite restarting of the service which could be reached over network. This is not recommended security practice as it might give potential adversary infinite number of tries in case there might be some issue in the rpcd or its surrounding stack. So lets remove the currently bogus `respawn_retry` variable (it wasn't possible to override it anyway), reverting to the previous default max. of 5 service restarts which could be now overriden via system's UCI settings if desired. Cc: Jo-Philip Wich <jow@mein.io> Cc: Florian Eckert <fe@dev.tdt.de> Cc: Hauke Mehrtens <hauke@hauke-m.de> Fixes: 432ec292ccc8 ("rpcd: add respawn param") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADDaniel Golle2020-03-131-4/+4
| | | | | | 77a6782 jail: mount-bind /etc/resolv.conf for non-netns jails Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: actually wire-up netns supportDaniel Golle2020-03-122-1/+2
| | | | | | | | When support for network namespaces was added to procd, adding the corresponding jail flag in procd.sh was ommitted. Add it now. Fixes: 97a03a4760 ("procd: update to latest git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* urngd: avoid PKG_NAME in define linesSungbo Eo2020-02-231-4/+4
| | | | | | | | | > Avoid reuse of PKG_NAME in call, define and eval lines for consistency and > readability. Write the full name instead. Ref: https://openwrt.org/docs/guide-developer/packages Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* urandom-seed: avoid PKG_NAME in define linesSungbo Eo2020-02-231-2/+2
| | | | | | | | | > Avoid reuse of PKG_NAME in call, define and eval lines for consistency and > readability. Write the full name instead. Ref: https://openwrt.org/docs/guide-developer/packages Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* brcm63xx: rename target to bcm63xxAdrian Schmutzler2020-02-141-1/+1
| | | | | | | | | | This change makes the names of Broadcom targets consistent by using the common notation based on SoC/CPU ID (which is used internally anyway), bcmXXXX instead of brcmXXXX. This is even used for target TITLE in make menuconfig already, only the short target name used brcm so far. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* brcm47xx: rename target to bcm47xxAdrian Schmutzler2020-02-142-2/+2
| | | | | | | | | | This change makes the names of Broadcom targets consistent by using the common notation based on SoC/CPU ID (which is used internally anyway), bcmXXXX instead of brcmXXXX. This is even used for target TITLE in make menuconfig already, only the short target name used brcm so far. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: seccomp: fix resource leakKevin Darbyshire-Bryant2020-02-111-3/+3
| | | | | | | | Bump to latest commit: c30b23e seccomp: fix resource leak Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uci: fix PKG_SOURCE_VERSION valueHans Dedecker2020-02-091-1/+1
| | | | | | Fixes PKG_SOURCE_VERSION value which was wrongly set in commit f6e07c8284 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADHans Dedecker2020-02-091-2/+2
| | | | | | | | Fixes c0c988e179a75d33c82ed0621d954fc0ac2c0c14 bcb8655 instance: add 'requirejail' attribute Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: support 'requirejail' attributeKevin Darbyshire-Bryant2020-02-042-2/+3
| | | | | | | | | | | | | | | | Bump procd package to reduce log spam related to missing jail binaries in a non-jail capable system. bcb8655 instance: add 'requirejail' attribute An additional jail attribute 'requirejail' can now be used to indicate mandatory use of a jailed environment and hence prevent process startup in the event that the jail subsystem is unavailable. Procd will now only log errors if jail is unavailable and 1) is a mandatory requirement or 2) a procd debug level of at least 2 is in use. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uci: update to version 2020-01-27Hans Dedecker2020-02-021-5/+4
| | | | | | | e8d8373 file: fix segfault in uci_parse_option aa5e77a file: fix segfault in uci_parse_config Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* opkg: update to latest Git HEADJo-Philipp Wich2020-01-291-3/+3
| | | | | | | | 80d161e opkg: Fix -Wformat-overflow warning c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums Fixes: CVE-2020-7982 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to version 2020-01-24Petr Štetiar2020-01-241-3/+3
| | | | | | | | 00aafc4f439e procd: show process's exit code 856b5f8be046 state: fix reboot causing shutdown inside LXC container b44417c20c7f instance: provide error feedback if ujail binary is missing Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fstools: update to version 2020-01-21Petr Štetiar2020-01-211-3/+3
| | | | | | deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)" Signed-off-by: Petr Štetiar <ynezz@true.cz>
* urngd: update to version 2020-01-21Petr Štetiar2020-01-211-3/+3
| | | | | | | c7f7b6b65b82 Tag version 1.0.2 236b7a0aef21 Fix blocked entropy generation Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADDaniel Golle2020-01-211-4/+4
| | | | | | | | | | | | | 58c12f7 jail: add basic support for network namespaces ba69639 jail: create resolv.conf symlink for netns jails 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/ Add new 'netns' flag for procd_add_jail to make ujail setup a new network namespace for the jailed service. See previous netifd commit for example configuration for netns jailed service. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to version 2020-01-18Petr Štetiar2020-01-201-3/+3
| | | | | | | f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images) 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zram-swap: support swap priorityMaxim Storchak2020-01-152-2/+4
| | | | | | | | If zram-backed swap is added after an existing swap, it gets a lower priority. Assiming that usually all other swaps are slower, there should be a way to assign a higher priority to zram swap. Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* rpcd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | This activates PIE ASLR support by default when the regular option is selected. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: procd Installed-Size: 44931 -> 47362 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: activate PIE ASLR by defaultPetr Štetiar2020-01-141-1/+2
| | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: ubus Installed-Size: 5602 -> 5950 ubusd Installed-Size: 11643 -> 12119 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | efe51f4 iwinfo: add current hw and ht mode to info call Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ubus: Update to version 2020-01-05Hauke Mehrtens2020-01-051-3/+3
| | | | | | d35df8a ubus: make libubus ready for linking into C++ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: update to latest Git HEADJo-Philipp Wich2020-01-051-3/+3
| | | | | | 823faa0 block: re-discover mtd devices on extroot mount retry Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to version 2020-01-04Petr Štetiar2020-01-051-3/+3
| | | | | | | | | | | a5af33ce9a16 instance: strdup string attributes d2e8bf6ef7cf system: watchdog_set: fix misleading indentation 9814807bd71c system: sysupgrade: fix possibly misleading error c7a2db3c1eb6 system: sysupgrade: rework firmware validation ea45c4a0f07c system: fix failing image validation due to EINTR 4fde95506243 cmake: fix lookup of external libraries Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubox: update to version 2019-12-31Hans Dedecker2019-12-311-3/+3
| | | | | | 0e34af1 kmodloader: added -a arg to modprobe Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: fix running jailed non-root processDaniel Golle2019-12-301-4/+4
| | | | | | | | | Setting user and group for a jailed process caused the jail not to come up. Fix this by passing user and group to ujail and change user only once the jail has been setup. This allows jailing services which refuse to run as root user. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubox: update to latest git HEADHans Dedecker2019-12-281-3/+3
| | | | | | | | b30e0df kmodloader: print an error when no kernel module dir can be found 17689b6 logread: add option to filter for facilities c9ffeac kmodloader: added -v arg to modeprobe Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ubus: update to version 2019-12-27Petr Štetiar2019-12-281-4/+4
| | | | | | | Fixes socket descriptor passing and bumps ABI_VERSION to 20191227. Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html Signed-off-by: Petr Štetiar <ynezz@true.cz>