| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Add procd file listeners to check files in `/etc/crontabs/`.
Also unified a bit the function style.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit cbf69fb2adced6096addbe6aeb54c1971c63dbe4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the ubi-tools in the upstream mtd-utils have been
broken by a bad patch upstream. It causes major breakage
during sysupgrade when the kernel, rootfs, ... volumes
are deleted in the wrong order.
This patch therefore reverts the faulty upstream commit which
fixes the bug.
linux-mtd mailing-list thread:
<http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html>
Cc: John Crispin <john@phrozen.org>
Reported-by: L. Wayne Leach <LLeachii@aol.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit daf19649dbf101ce7ae17abf84eeed7a30b41275)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts a change made in Sep 2017 [1] which introduced
MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a
different subnet. That change violates RFC2131 by forcing fully
configured clients, who got their configurations through an offer
relayed by a DHCP relay, from renewing through a unicast request
directly to the DHCP server, resulting in the client resorting to
boradcasting lease extension requests instead of unicasting them,
further breaking RFC2131.
The problem with MSG_DONTROUTE appears when talking to a properly
configured DHCP server that rejects non-compliant requests. Such server
will reject lease extension attempts sent via broadcast rather than
unicast, as is the case with Finnish ISPs Telia and DNA as well as
Estonian ISP Starman. Once the lease expires without renewal, udhcpc
enters init mode, taking down the interfaces with it, and thus causing
interruption on every lease expiry. On some ISPs (such as the ones
mentioned above) that can be once every 10-20 minutes. The interruptions
appear in the logs as such:
----
udhcpc: sending renew to x.x.x.x
udhcpc: send: Network unreachable
udhcpc: sending renew to 0.0.0.0
udhcpc: sending renew to 0.0.0.0
...
udhcpc: lease lost, entering init state
Interface 'wan' has lost the connection
Interface 'wan' is now down
Network alias 'eth0' link is down
udhcpc: sending select for y.y.y.y
udhcpc: lease of y.y.y.y obtained, lease time 1200
Network alias 'eth0' link is up
Interface 'wan' is now up
----
During lease extension, a fully configured client should be able to
reach out to the server from which it recieved the lease for extension,
regardless in which network it is; that's up to the gateway to find. [2]
This patch ensures that.
[1]
http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html
[2]
https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/
understanding-dhcp-relay-agents
Signed-off-by: Adi Shammout <adi.shammout@outlook.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
|
|
|
|
|
|
| |
Fixes FS#1510
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces the size of the binary a bit:
old:
37556 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
81697 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk
new:
27450 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
71796 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
010-fix-rpmatch.patch is upstream, removed from our patchset
The file structure is changed, modify patch accordingly
use CONFIGURE_ARGS to disable tests, xattr and lzo
Compile and run tested on mvebu and x86_64
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
| |
Remove inactive mirrors from the sources list.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
|
|
|
|
|
|
|
|
|
|
|
|
| |
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
Bug fix release. 1.28.3 has fixes for
* ash and hush (do not leave stray open file destriptors in children),
* cpio (fix for symlink extraction),
* grep ("grep -Fw a" was matching "aa").
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
|
|
|
|
|
| |
Update f2fs-tools to 1.10.0
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
flash_erase utility allows to erase MTD partitions on NAND flash.
Useful when you want to clean or write an MTD partition from scratch.
e.g., before using kobs-ng to flashing SPL images it's recommended
to erase the MTD partition to ensure it's empty.
Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update busybox to 1.28.2, refresh patches and default config.
* modify 230-add_nslookup_lede.patch as opt_complementary was removed
Also move nslookup_longopts variable declaration to be inside
the same conditional as the function itself.
* modify 250-date-k-flag.patch to match upstream (opt_complementary)
* remove 600-cve-2017-16544.patch that is upstreamed
Notes about config changes:
* Some applet-specific LONG_OPTIONS config options were removed
* Config help text indentation changed, caused lots of
text formatting changes for convert_menuconfig.pl
* convert_defaults.pl moved lots of defaults around, summary of
actual changes below
New applets/features:
---------------------
ARCH
HEXEDIT
MINIPS
NETCAT
NUKE
RESUME
RUN_INIT
SETFATTR
New options:
------------
FEATURE_CATN
FEATURE_CROND_SPECIAL_TIMES
FEATURE_LIBBUSYBOX_STATIC
FEATURE_SETPRIV_CAPABILITIES
FEATURE_SETPRIV_CAPABILITY_NAMES
FEATURE_SETPRIV_DUMP
FEATURE_SH_READ_FRAC
FEATURE_SWAPONOFF_LABEL
FEATURE_VOLUMEID_MINIX
FEATURE_XARGS_SUPPORT_ARGS_FILE
FEATURE_XARGS_SUPPORT_PARALLEL
HUSH_GETOPTS
HUSH_READONLY
HUSH_TIMES
Removed:
--------
FEATURE_HAVE_RPC
MSH
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
|
|
|
|
|
|
| |
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
|
|
|
|
|
| |
Update e2fsprogs to upstream 1.44.1 (feature and bugfix release)
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
|
|
|
|
|
|
|
|
|
|
| |
- Update to upstream 2.32
- License file 'getopt/COPYING' not present (any more)
- Disable 'chown root:root'-commands during 'make install'
- Add new dependency to wipefs
- Refresh patch 003
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop providing the virtual package ip by busybox which was added in commit
1cec4d4ef0.
Letting busybox provide the virtual package ip is not optimal for the
following reasons :
- Applications depending on ip expect either the ip-full or
ip-tiny package to be enabled.
- Busybox ip applet cannot be added or removed at runtime
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
Adds tool to extract MAC and pre-calibration data required for JBOOT
based D-Link routers.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
|
|
|
|
|
|
| |
Create the correct bin directory before staging the host utilities.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
This callback should have one parameter less, this parameter is not used
so this was not a so big problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libext2fs breaks krb5 by always installing its own copies of libcom_err.so
and libss.so.
Move the libraries into separate libcomerr and libss packages respectively
and add a host build recipe to stage the required compile_et and mk_cmds
utilities for use by other packages.
This allows the krb5 package to be fixed to use the system wide libcomerr
and libss libraries.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[rename libcom_err to libcomerr, make compile_et and mk_cmds relocatable,
cleanup makefile, add dependency on host build, reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
c7e938d implement POSIX regexp support
cd6629f lexer: fix encoding 7 bit escape sequences
8614470 main: implement array mode
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
busybox tries to be smart and passes a number of additional flags to the
compiler. Unfortunately, the i386-specific flags break ABI compatiblity
with libc.
Fixes busybox crashes observed on x86-generic with GCC 7.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
|
|
|
|
|
| |
lscpu is used by lxc-debian template.
Signed-off-by: Tomasz Moń <desowin@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
|
|
|
|
|
|
| |
This PR adds optional fstrim support
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
|
|
|
|
|
| |
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
Refresh patches to tidy up fuzz. No functional changes
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
| |
Refresh patches to tidy up fuzz. No functional changes
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
| |
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.
Fixes: FS#1181 - CVE-2017-16544:
Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544
Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.
The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
| |
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
| |
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
| |
on binary
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
|
|
|
|
|
| |
Compiled and tested on ramips with no noticeable problems.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
| |
Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config.
Fixes FS#1212.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
| |
A "free" call was missing after allocating a buffer.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
Usually this function is called for appending some small files only
(like fs marks) but let's just make it more generic and capable of
handling bigger files easily. Increasing buffer to 1 KiB shouldn't hurt.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
It was there in case of adding some "create" command options that should
be parsed before actually creating the output image. It seems we don't
need any at this point so let's drop this function for now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
| |
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/
Thanks to swalker for CPE to package mapping and
keep tracking CVEs.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
| |
This seems to match what the original trx tool and mjn3's replacement
do.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.
Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
|
|
|
|
|
|
| |
They are inspired and compatible with the original and mjn3's trx tool.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|