Commit Graph

409 Commits (9306bdf31c0b536389f79d66cee3dcc2d97735c1)

Author SHA1 Message Date
Toni Uhlig 57468c7142 util-linux: added unshare and nsenter executables
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2018-03-09 22:15:01 +01:00
Tomasz Moń 9a0cc49089 util-linux: add lscpu package
lscpu is used by lxc-debian template.

Signed-off-by: Tomasz Moń <desowin@gmail.com>
2018-02-24 11:24:20 +01:00
Julien Dusser df0bd42fde build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
Dirk Brenken ef8cd6be1e util-linux: add fstrim support
This PR adds optional fstrim support

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-01-18 08:04:18 +01:00
Jo-Philipp Wich fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Kevin Darbyshire-Bryant 4e800716ac lua: clean up patch fuzz
Refresh patches to tidy up fuzz.  No functional changes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-05 10:42:34 +01:00
Kevin Darbyshire-Bryant b61a648e4a busybox: clean up patch fuzz
Refresh patches to tidy up fuzz.  No functional changes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-05 10:35:51 +01:00
Roman Yeryomin 2277cd1249 busybox: enable flock by default
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-01-02 07:51:39 +01:00
John Crispin 7c0a2bc930 busybox: backport cve-2017-16544 fix
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
Matthias Schiffer 20c349f68c
busybox: add missing TARGET_CPPFLAGS and TARGET_LDFLAGS
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.

The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:26:23 +01:00
Matthias Schiffer a10fae1133
busybox: streamline Makefile
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:24:25 +01:00
John Crispin 5bbd493e66 usbmode: update to latest git HEAD
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems

Signed-off-by: John Crispin <john@phrozen.org>
2017-12-24 09:03:01 +01:00
Lucian Cristian 1044723ec9 busybox: enable find -newer needed for shorewall firewall, no size increase on binary
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-12-14 09:29:30 +01:00
Rosen Penev 06f8b4ddbd e2fsprogs: Update to 1.43.7
Compiled and tested on ramips with no noticeable problems.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-14 09:29:30 +01:00
Jo-Philipp Wich f4c68e1cc6 busybox: fix glibc libresolv dependency for LEDE nslook applet
Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config.
Fixes FS#1212.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-10 14:26:19 +01:00
Zoltan HERPAI d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI 23f774f727 merge: packages: update branding in core packages
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Rosen Penev fc4e7bdca7 usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:07 +01:00
Rafał Miłecki 36a92274a8 otrx: fix memory leak in otrx_create_append_zeros
A "free" call was missing after allocating a buffer.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:32:51 +01:00
Rafał Miłecki 70837168ef otrx: bump buffer size in otrx_create_append_file
Usually this function is called for appending some small files only
(like fs marks) but let's just make it more generic and capable of
handling bigger files easily. Increasing buffer to 1 KiB shouldn't hurt.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:30:31 +01:00
Rafał Miłecki ab8f20c18d otrx: drop unused otrx_create_parse_options function
It was there in case of adding some "create" command options that should
be parsed before actually creating the output image. It seems we don't
need any at this point so let's drop this function for now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:30:31 +01:00
Alexander Couzens c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Rafał Miłecki b15c563929 otrx: always align image to 0x1000
This seems to match what the original trx tool and mjn3's replacement
do.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-16 09:33:56 +01:00
Zhai Zhaoxuan c382237ac3 packages: nvram: fix memory leak in _nvram_free
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.

Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
2017-11-15 21:11:23 +01:00
Rafał Miłecki 3f96e57aed otrx: add support for -A (append) and -a (align) options
They are inspired and compatible with the original and mjn3's trx tool.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-14 22:33:19 +01:00
Rafał Miłecki 6d283b8029 otrx: optimize memory usage when creating TRX image
There is no need to allocate buffer as big as the whole image in order
to calculate CRC32. It's enough to use small buffer and just read file
content block by block.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-14 22:33:19 +01:00
Rafał Miłecki c6761e7c8e otrx: use helper function when checking image's CRC32
This requires changing this helper to accept initial/current CRC32
value as argument but it allows dropping duplicated (complex?) code
calculating the CRC32.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-14 22:33:19 +01:00
Matt Mets 851644bf5b adb: fix package description
Signed-off-by: Matt Mets <matt@blinkinlabs.com>
2017-10-29 16:16:35 +01:00
Jo-Philipp Wich d4e7af5278 mdadm: fix parameter quoting
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 03:26:37 +02:00
Rosen Penev 8eadec40bd mdadm: Fix config generation
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.

Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.

Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 02:32:32 +02:00
Hans Dedecker 1cec4d4ef0 busybox: provide "ip"
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-14 20:23:55 +02:00
Daniel Engberg c4562a9069 package/utils/f2fs-tools: Update to 1.9.0
Update f2fs-tools to 1.9.0
Remove patch as its been committed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-30 22:43:17 +02:00
Ryan Mounce 6a5a58ed27 util-linux: update to 2.30.2
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-09-30 22:41:43 +02:00
Felix Fietkau e64463ebde util-linux: avoid using the getrandom syscall
getrandom blocks until the random pool is being initialized.
Unfortunately, this code is being called early during init to create the
overlay filesystem, on some devices leaving little chance for a
successful random pool init.
True randomness is not that important here, so fix this issue by
sticking to using /dev/urandom, like in older versions of this code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-29 12:32:44 +02:00
Philip Prindeville 3008fc9a7b usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-20 02:08:09 +02:00
Daniel Engberg 5b1660a538 utils/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-17 00:26:52 +02:00
Magnus Kroken 89f8a01dab busybox: update to 1.27.2
Refresh patches, delete patches backported from upstream.

This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-30 22:34:41 +02:00
Daniel Golle a3c0d5f70a busybox: move passwd applet to /bin
busybox currently installs passwd into /usr/bin which prevents its
'full' shadow-utils variant from being installed.
Move the passwd applet to /bin to avoid that collision.
shadow also provides /usr/bin/login which doesn't collide with busybox
as the busybox login applet is installed at /bin/login.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-30 18:12:48 +02:00
Daniel Golle a63eb74bce busybox: move traceroute applets to /bin
busybox currently installs traceroute and traceroute6 into /usr/bin
which prevents their 'full' iputils variants from being installed.
Move those applets to /bin so they can coexist with their iputils
siblings using the same PATH convention already applied for coreutils
and other drop-in 'full' versions.
Refresh existing patch while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-30 18:12:48 +02:00
Stijn Tintel cdb494fdc2 f2fs-tools: fix mkfs.f2fs on big-endian systems
Fixes: FS#749

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-25 10:19:06 +03:00
Stijn Tintel 252c8ddf14 f2fs-tools: drop musl compat patch
It is no longer needed since version 1.4.1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-25 10:19:06 +03:00
Stijn Tintel d87f27af54 f2fs-tools: drop patch in favour of CONFIGURE_VARS
Override the failing check in configure with CONFIGURE_VARS instead of
carrying a patch that's unlikely to be accepted by upstream.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2017-08-25 10:19:06 +03:00
Philip Prindeville 5c2c0f8a32 util-linux: don't need to build NLS support
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 18:36:22 +02:00
Jo-Philipp Wich 4fce22e88f util-linux: add missing dependencies
Commit e505f59bd9 "utils/util-linux: Update to 2.30.1" bumped util-linux
without properly adjusting the dependencies of all applets.

Add missing ncursesw dependencies to sfdisk and dmesg applets to fix
packaging issues.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-23 11:34:25 +02:00
Jo-Philipp Wich 0168ba2e07 Revert "busybox: ash/hush fix for read-builtin command"
Revert this commit as it introduces a patchfile at a wrong location.
Since the patch was never effective, we can assume that this particular
commit was not properly tested.

This reverts commit dde9da46c1.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-23 10:58:10 +02:00
BangLang Huang 69da83d9f1 nvram: add help message for nvram magic not found
The program would failed if nvram magic not found
in specific partition.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
BangLang Huang c7e2a6fe92 nvram: improve argument check when program start
print help message when argument count is less
than 2.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
BangLang Huang 2a253e7cdb nvram: add usage() function
Merge the help message into a single function,
so that we can use it somewhere else.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
BangLang Huang 1948d8e08c nvram: fix memory leak
Fix memory leak on nvram_open() and nvram_open_rdonly().

For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.

For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
Daniel Engberg e505f59bd9 utils/util-linux: Update to 2.30.1
Refresh patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-08-21 21:29:45 +02:00