aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
...
* ucert: update to version 2019-12-19Petr Štetiar2019-12-261-3/+3
| | | | | | | | | | | | | | 14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted 19a7225ac018 fix leaking memory in cert_dump_blob 9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker 4462ff9dedfa add cram based unit tests 5fe64b5606aa cmake: split usign bits into static library 5d7626a2b6d8 cmake: reindent the file e284ed941972 cmake: enable hardening compiler flags and fix the reported issues 7e5390666347 add initial GitLab CI support fa0bf4ef45b1 cmake: add proper include and library dependencies Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: add respawn paramFlorian Eckert2019-12-232-1/+2
| | | | | | | | | | The rpcd service is an important service, but if the service stops working for any reason, no one will ever respawn that service. With this commit, the procd service will monitor if the rpcd service is running. If the rpcd service has crashed, then procd respawns the rpcd service. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* ca-certificates: provide ca-certs by both ca-certificates and ca-bundleMaxim Storchak2019-12-231-2/+4
| | | | | | | | | - both packages provide ca-certs - make ca-bundle the default provider This should allow easy transition between these two forms of CA certificates storage Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* fstools: update to latest git HEADJo-Philipp Wich2019-12-221-3/+3
| | | | | | | b4e25d5 libblkid-tiny: fix symbol collision with full libblkid Fixes: FS#2691, FS#2692 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: update to latest git HEADRafał Miłecki2019-12-201-3/+3
| | | | | | | | | | | | 111a43f libblkid-tiny: vfat: Change parsing label in special cases f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05 157924d libblkid-tiny: add blkid_probe_set_id_label() stub 0c5761f libblkid-tiny: use separated buffer for each block device read b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct 12851d6 blockd: don't flush devices list on "hotplug" call 5ea47fe blockd: fix vlist memory corruption Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uci: update to latest Git HEADPetr Štetiar2019-12-191-4/+5
| | | | | | | | | | | 165b44413145 uci: Fix extra semicolons warnings 66264ed9ec9e cmake: add more hardening compiler flags cca6f105fae2 libuci: refactor uci_get_errorstr 750b046eb77f tests: cram: Lua: add test case for uci_get_errorstr 654d7c33da28 lua: add missing forward declaration 03dfbbe6fef7 cli: fix format string clang-10 warning Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-12-171-3/+3
| | | | | | aaa0836 file: extend exec acl checks to commands with arguments Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucert: update to latest git HEADDaniel Golle2019-11-291-3/+3
| | | | | | | | | | | | e4bd927 cast ucert_argv to proper type when passing to execv Fixes warnings: warning: passing argument 2 of 'execv' from incompatible pointer type [-Wincompatible-pointer-types] 254 | execv(usign_argv[0], usign_argv) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to latest git HEADHans Dedecker2019-11-261-3/+3
| | | | | | 3aa051b system: sysupgrade: close input side of pipe before reading Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fwtool: update to latest Git headPetr Štetiar2019-11-141-3/+3
| | | | | | 8f7fe925ca20 cmake: use extra compiler warnings only on gcc6+ Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uci: update to latest Git headPetr Štetiar2019-11-141-3/+3
| | | | | | | | | | | | | | | | | | | | | | | 8dd50da20de0 lua: fix error handling a2cab3b088a2 ucimap: fix possible use of memory after it is freed 9cf978bc7964 delta: prevent possible null pointer use 7736f497d2d9 cli: remove unused variable assigment 39093f3b040d lua: fix memory leak in set method 19ceff323f1e lua: fix memory leak in changes method 18049a84fe40 tests: add cram based unit tests 2b549cc050de lua: fix copy&paste in error string f5dd5217d627 cli: fix realloc issue spotted by cppcheck af59f86a0db9 iron out all extra compiler warnings 1637d2918692 tests: shunit2: run all tests under Valgrind by default c1af73bfb023 cmake: enable extra compiler checks be69504e3666 cmake: build Lua module only if enabled 38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck 266fc9e94c1e add initial GitLab CI support 17d6144a49c6 tests: shunit2: make it working under CMake a6e8bbefd860 cmake: add unit testing option and shunit2 tests 0ca93fec701a test: move shunit2 tests under standalone subdirectory Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fwtool: update to latest Git headPetr Štetiar2019-11-115-681/+11
| | | | | | | | | | | | | | | | | | Includes following changes: 9d9d4c284786 fix possible garbage in unitialized char* struct members dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header 76d53deef8bb crc32: add missing stdint.h dependency e5666ed3b47c add cram based unit tests abe0cf7de053 add initial GitLab CI support e43042507b4f iron out extra compiler warnings 5df0cd6e1523 convert into CMake project a7dc0526f819 refactor into separate Git project adds missing PKG_LICENSE field and converts the package build to utilize CMake. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-11-101-3/+3
| | | | | | 77ad0de plugin: avoid truncating numeric values Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: start additional consoles during hotpluggingMichael Heimpold2019-11-092-1/+5
| | | | | | | | Now that 'start-console' procd command has reached the main repo, we can add a rule to start consoles on serial devices which are created when USB gadget driver reports creation with hotplugging. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* usign: Activate LTO compile optionHauke Mehrtens2019-11-081-0/+3
| | | | | | | | | | | | This decreases the size of the usign application by 16% on MIPS BE. old: 24,597 /usr/bin/usign new: 20,501 /usr/bin/usign Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mtd: Activate LTO compile optionHauke Mehrtens2019-11-081-1/+2
| | | | | | | | | | | | This decreases the size of the mtd application by 25% on MIPS BE. old: 20,597 /sbin/mtd new: 16,421 /sbin/mtd Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uci: update to latest to version 2019-11-08Hauke Mehrtens2019-11-081-3/+3
| | | | | | | fc417e8 build: Add -Wclobbered to detect problems with longjmp 2c8e4a3 util: Fix error path Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: Update to version 2019-11-02Hauke Mehrtens2019-11-031-3/+3
| | | | | | | | | | | | | | f47622e instance: Warn about unexpected number of parameters 564ecdf instance: ujail: Fix allocated size for no_new_privs parameter 7fb2e1d procd: simplify code in procd_inittab_run 4a127c3 procd: replace exit(-1) with exit(EXIT_FAILURE) bc0a73e procd: add upgraded binary to .gitignore ba4c4db procd: add start-console support 3e39fe5 procd: shift arguments for askfirst only once 5d62829 procd: skip respawn in case device disappeared d27949f procd: guard fork_worker calls Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: bump to version 2019-11-03Yousong Zhou2019-11-031-3/+3
| | | | | | | | | | | | 2f2a09a block: mount_device: err log only when mp deviates from spec da4edc1 block: mount_device: skip extroot earlier 32c3126 block: mount_action: handle mount/umount deps fb0700f block: support hierarchical mount/umount 1212b5b block: umount: skip / unless -a is given eda8b3f block: use fsck.fat instead of dosfsck d05276d libblkid-tiny: ntfs: fix use-after-free Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-11-011-3/+3
| | | | | | | | | | | | | | | d442d62 plugin: fix double free in finish callback ee26d83 main: exec_self: make clang analyzer happy 90e40bd file: exec: properly free memory on error 9ecfada uci: free configs list memory on return 32fba36 exec: always call finish_cb to allow plugin to free up memory ca3e2d5 plugin: do not free method name separately 02c6e1d exec: properly free memory on rpc_exec() error cc50263 plugin: exec: properly free memory on parse error bd0ed25 uci: reset uci_ptr flags when merging set operations 37aa919 plugin: fix leaking invoked method name for exec plugins Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to latest git HEADHans Dedecker2019-10-221-3/+3
| | | | | | 258aa04 procd: Add cached and available to memory table Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* urngd: update to latest Git headPetr Štetiar2019-10-211-4/+4
| | | | | | | | | * 40f939d57c67 Tag version 1.0.1 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix * 193586a25adc Fix wrong types in format strings used in debug build * d474977bb611 Add initial GitLab CI support Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: allow usage of * as procd_running() instance parameterAlin Nastac2019-10-182-4/+4
| | | | | | | | | | | service_running() implementation in /etc/rc.common use it. It is preferable to use wildcard than assuming the instance name is the default one. jsonfilter returns all matches when wildcards are used, hence the -l 1 argument used to limit output to only one value. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* fwtool: do not omit final 16 byte when image does not contain signatureJo-Philipp Wich2019-10-172-2/+4
| | | | | | | | | | | | | | | | | | The fwutil command will interpret the final 16 byte of a given firmware image files as "struct fwimage_trailer". In case these bytes do look like a valid trailer, we must ensure that we print them out along with the remainder of the image to not accidentally truncate non-trailer-images by 16 bytes when they're piped through fwtool, e.g. as part of an image verification command sequence. Some command sequences pipe images through fwtool in order to strip any possible metadata, certificate or signature trailers and do not expect bare images without any of that metadata to get truncated as other non- fwtool specific metadata is expected at the end of the file, e.g. an information block with an md5sum in case of the combined image format. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-211-3/+3
| | | | | | 95f0973 file: increase minimum read buffer size to 4096 bytes Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* usign: update to latest Git HEADHauke Mehrtens2019-09-211-3/+3
| | | | | | f34a383 main: fix some resource leaks Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: update to latest Git HEADHauke Mehrtens2019-09-211-3/+3
| | | | | | | | 4327ed4 mkdev: Avoid out of bounds read 9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to the latest git HEADHauke Mehrtens2019-09-211-3/+3
| | | | | | | 8e9fb51 procd: Switch to nanosleep c844ace system: Fix possible integer overflows Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: fix invalid JSON filter expression in procd_running()Jo-Philipp Wich2019-09-192-2/+2
| | | | | | | | | Since service and instance names may contain characters which are not allowed in JSON path labels, such as dashes or spaces, change the filter expression to array square bracket notation to properly match these cases as well. Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to the latest git HEADRafał Miłecki2019-09-181-3/+3
| | | | | | | 62dc8c0 system: sysupgrade: send reply on error 2710c65 system: refuse sysupgrade with backup if it's unsupported Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* netifd,lldpd,rpcd,log: use generic service_runningPetr Štetiar2019-09-152-8/+0
| | | | | | | | | | | | | | | | | | commit eb204d14f75c ("base-files: implement generic service_running") introduced generic service_running so it's not needed to copy&paste same 3 lines over and over again. I've removed service_running from netifd/network init script as well, because it was not working properly, looked quite strange and I didn't understand the intention: $ /etc/init.d/network stop $ service network running && echo "yes" || echo "nope" ( have to wait for 30s ) Command failed: Request timed out yes Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files,procd: add generic service statusLuiz Angelo Daros de Luca2019-09-151-0/+25
| | | | | | | | | | | | | | Adds a default status action for init.d scripts. procd "service status" will return: 0) for loaded services (even if disabled by conf or dead) 3) for inactive services 4) when filtering a non-existing instance Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> [rebased, cleaned up] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to the latest git HEADRafał Miłecki2019-09-111-3/+3
| | | | | | | | | b8238df sysupgrade: support "backup" attribute This update requires "sysupgrade" method callers to pass "backup" attribute if $UPGRADE_BACKUP is used in the project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-101-3/+3
| | | | | | e2a7bc4 iwinfo: add WPA3 support Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-081-4/+4
| | | | | | | | | | | 69eeb1b file: refactor message parsing and permission checking f65527a iwinfo: expose all rate info fields in assoclist reply 7fec636 sys: fix symbol redeclaration 27c24c7 rpcd: sys: actually move timespec declaration 345363b file: add remove operation 604db20 rpcd: Switch to nanosleep Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to the latest git HEADRafał Miłecki2019-09-051-3/+3
| | | | | | | | | | 0f3c136 sysupgrade: set UPGRADE_BACKUP env variable 0bcbbbf system: fix uninitialized variables in firmware validation code This update includes a fix for uninitialized variable usage. Fixes: 7290963d0992 ("procd: update to the latest git HEAD") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to the latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | | | | | | 34ac88c system: reject sysupgrade of invalid firmware images by default f55c235 system: reject sysupgrade of broken firmware images e990e21 system: add "validate_firmware_image" ubus method This update changes "sysupgrade" ubus method API. It's now required to pass "force" attribute whenever invalid firmware is meant to be installed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uci: update to latest Git HEADHauke Mehrtens2019-09-011-3/+3
| | | | | | 415f9e4 uci/file: replace mktemp() with mkstemp() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-011-3/+3
| | | | | | | 821045f file: add path based read/write/exec ACL checks fb337e5 file: add stat() information to directory listings Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: fix compile issue with glibc (FS#2469)Hans Dedecker2019-08-281-3/+3
| | | | | | 0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fstools: update to latest Git HEADJo-Philipp Wich2019-08-282-5/+5
| | | | | | | | | 6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist Also remove deprecation notices from init script while we're at it. Fixes: FS#2274 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: update to HEAD of 2019-07-01 - 1539b5Christian Lamparter2019-08-241-4/+4
| | | | | | | | | | | | | | | Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1 git log --pretty=oneline --abbrev-commit ff1ded63..1539b535 1539b53 libblkid-tiny: increment label size to 256 d563f3c libblkid-tiny: fix wrong btrfs label length 3957dd3 block: prevent mount point confusion 9b36dc2 libfstools: avoid false positives when matching devices and volumes Created with the help of the make-package-update-commit.sh script. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* procd: update to latest git HEADRafał Miłecki2019-08-221-3/+3
| | | | | | 9558031 system: support passing "options" to the "sysupgrade" ubus method Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to latest git HEAD (FS#2425)Hans Dedecker2019-08-071-3/+3
| | | | | | 8323690 state: fix shutdown when running in a container (FS#2425) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* config: introduce separate CONFIG_SIGNATURE_CHECK optionJo-Philipp Wich2019-08-061-2/+2
| | | | | | | | | | | | | | | | | | | Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value of CONFIG_SIGNED_PACKAGES and thus is enabled by default. This option is needed to support building target opkg with enabled signature verification while having the signed package lists disabled. Our buildbots currently disable package signing globally in the buildroot and SDK to avoid the need to ship private signing keys to the build workers and to prevent the triggering of random key generation on the worker nodes since package signing happens off-line on the master nodes. As unintended side-effect, updated opkg packages will get built with disabled signature verification, hence the need for a new override option. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* usign: update to latest Git HEADJo-Philipp Wich2019-08-061-3/+3
| | | | | | | | | | | | | | This update fixes usign signature verification on files with certain file sizes triggering a bug in the shipped SHA-512 implementation. 5a52b37 sha512: fix bad hardcoded constant in sha512_final() 3e6648b README: replace unicode character 716c3f2 README: add reference to OpenBSD signify 86d3668 README: provide reference for ed25519 algorithm 939ec35 usign: main.c: describe necessary arguments for -G Ref: https://forum.openwrt.org/t/signature-check-failed/41945 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-051-2/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* openwrt-keyring: update to Git HEADJo-Philipp Wich2019-07-251-3/+3
| | | | | | | | | | | | | | 8080ef3 usign: add 19.07 release build pubkey e24fe0d usign: use distro agnostic comments 251ded7 usign: fix filename of Stijn's usign key 14f0efc gpg: update snapshots public signing key 14f845b gpg: replace my public GPG key 4f735b8 gpg: add OpenWrt 19.07 signing key 228f8da gpg: add OpenWrt 18.06 v2 signing key 36057d9 gpg: update LEDE 17.01 public signing key f2989ab Add my public GPG and usign key Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mtd: cleanup unused code and variables in fis.cPetr Štetiar2019-07-171-20/+0
| | | | | | | | | | | | | | | While compile checking mtd changes in PR#1359 I've noticed following compiler warnings and cleaned them up: fis.c: In function 'fis_remap': fis.c:143:25: warning: variable 'redboot' set but not used [-Wunused-but-set-variable] struct fis_image_desc *redboot = NULL; ^~~~~~~ fis.c:142:25: warning: variable 'fisdir' set but not used [-Wunused-but-set-variable] struct fis_image_desc *fisdir = NULL; ^~~~~~ Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mtd: add CRC signature to RedBoot partition mapDaniel Gimpelevich2019-07-173-3/+26
| | | | | | | | | | The code for calculating the CRC32 signatures for RedBoot FIS partitions was already included, but for unknown reasons, it was never invoked. Some bootloaders enforce checking these for loaded kernels, so they should be written. This patch does so. Tested-by: Brian Gonyer <bgonyer@gmail.com> Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>