This adds the hardening options also to the toolchain build.
With this change the /usr/lib/libstdc++.so.6.0.24 library will have
stack canaries and the /lib/libgcc_s.so.1 library will have Full RELRO.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Both Build/sq201-images and Build/nas4220b-images scripts
are very similar. This patch unifies both methods at the
cost of renaming the produced sysupgrade file names, but
with the benifit of creating better reproducible files.
The patch also fixes a race in parallel builds in which case
the ImageInfo of one device could end up in both sysupgrade
files.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Currently, IMAGE_NAME is expanded at declaration time
and this causes strange filename in the builder's logs:
|cp: cannot stat '[...]/openwrt-gemini-dlink-dns-313-.': No such file or directory
|cp: cannot stat '[...]/openwrt-gemini-nas4220b-.': No such file or directory
|[...]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch replaces the current hack with a better
version of the RFC patch has been accepted upstream.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- remove stray #address-cells / #size-cells
- fix partition unit-addresses in wd-mybooklive.dts
- remove index from MBL's gpio node name
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Initially this patch was introduced as a quick fix following
the removal of 936-ath10k_skip_otp_check.patch which caused
multiple ath10k pcie devices in various ipq806x and ar71xx/ath79
targets to malfunction.
Thankfully, the affected devices have been updated to utilize
the pre-caldata method. And finally with the switch to ath10k-ct,
which never had the patch or any reports of similar issues, I
think it's time to remove this patch since it is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the boot-part feature which enables the brcm2708
target move from the custom boot partition size config option to
the generic CONFIG_TARGET_KERNEL_PARTSIZE.
Note:
For people using custom images: Just like with
CONFIG_TARGET_ROOTFS_PARTSIZE changing the value
can cause sysupgrade to repartition the device!
Make sure to have a backup in this case.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The ABI_VERSION:=1 tag will take care of transforming the binary
library package basename.
Add a virtual PROVIDES:=libelf1 for packages still having libelf1
in their DEPENDS:=... lists.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Filter out potential duplicates with the package name
(e.g. when renaming libfoo1 w/ ABI_VERSION:=1 to libfoo)
- Use the GetABISuffix macro to properly separate the suffix
with a dash in case the basename ends with a number
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When a library package specifies additional provides, e.g. libncurses
which provides libncursesw, we should also append the abi version
suffix to each provide, since there may be more than one package
providing the virtual library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Last incompatible change appeared to be 4924411
("http: add proper error handling to uclient_http_redirect()") which
changed the return value of uclient_http_redirect() from bool to int.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tools: curve25519: handle unaligned loads/stores safely
This should fix sporadic crashes with `wg pubkey` on certain architectures.
* netlink: auth socket changes against namespace of socket
In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:
1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.
This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.
* ratelimiter: build tests with !IPV6
Should reenable building in debug mode for systems without IPv6.
* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS
Linux 5.0 support.
* keygen-html: bring back pure javascript implementation
Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.
* contrib: introduce simple highlighter library
This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165
It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.
* netlink: use __kernel_timespec for handshake time
This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Update to the latest version of iproute2; see https://lwn.net/Articles/776174/
for a full overview of the changes in 4.20.
Remove upstream patch 001-fix-print_0xhex-on-32-bit.patch and 002-tc-fix-xtables-incorrect-usage-of-LDFLAGS.patch
Introduce a patch to include <linux/limits.h> for XATTR_SIZE_MAX in tc
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Current code directly writes the FOE entry to hash_val+1 position
when hash collision occurs. However, it is found that this behavior
will cause the cache and the hardware FOE table to be inconsistent.
For example, there are three flows, and their hashed values are all
equal to 100. The first flow is written to the position of 100. The
second flow is written to the position of 100+1. Then, the logic of
the current code will also write the third flow to 100+1.
At this time, the cache has flow 1 and 2; and the hardware FOE table
has flow 1 and 3, where these two parts store different contents.
So it is necessary to check whether the hash_val+1 is also occupied
before writing. If hash_val+1 is also occupied, we won’t bind th
third flow to the FOE table.
Addition to that, we also cancel the processing of foe_entry removal
because the hardware has auto age-out ability. The hardware will
periodically iterate through the FOE table to find out the time-out
entry and set it as INVALID.
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
On musl based distributions, u-boot 2010.03 fails to build with:
u-boot-2010.03/include/u-boot/crc.h:29:50: error: unknown type name 'uint'
uint32_t crc32 (uint32_t, const unsigned char *, uint);
The issue was fixed in the newer u-boot-2018.03 version, this commit
backports the change to the older version used by ar71xx/ath79.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[add commit message from PR description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of silently downgrading any non-MD5 crypt() request to DES,
cleanly fail with return NULL and errno = ENOSYS. This allows callers
to notice the missing support instead of the unwanted silent fallback
to DES.
Also add a menuconfig toolchain option to optionally disable the crypt
size hack completely. This can be probably made dependant on SMALL_FLASH
or a similar feature indicator in a future commit.
Ref: https://github.com/openwrt/openwrt/pull/1331
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.
In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.
Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since readline/host links ncurses/host now, we need to ensure that the
libncursesw.so host library is built with -fPIC.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.
Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
LAN ports 1 and 4 and 2 and 3 are interchanged. Fix this in 02_network
so the ports show up in the correct order in luci.
The correct ucidef_add_switch line is already present. This commit moves
the blocks around to keep alphabetical order.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The swconfig load operation always triggers 'apply' function which in
this driver currently clears port mirroring flags effectively undoing
port mirroring configuration.
This fix preserves port mirroring flags during apply.
Signed-off-by: Milan Krstic <milan.krstic@gmail.com>
The swconfig load operation always triggers 'apply' function which in
this driver currently clears port mirroring flags effectively undoing
port mirroring configuration.
Signed-off-by: Milan Krstic <milan.krstic@gmail.com>
This adds a wrapper (uci_load_validate) for uci_validate_section() that
allows callers (through a callback function) to access the values set by
uci_validate_section(), without having to manually declare a
(potentially long) list of local variables.
The callback function receives two arguments when called, the config
section name and the return value of uci_validate_section().
If no callback function is given, then the wrapper exits with the value
returned by uci_validate_section().
This also updates several init scripts to use the new wrapper function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
these utilities need to run with uid 0 to be useful. Thus,
install them setuid root like other distros do, too.
Signed-off-by: Carsten Wolff <carsten@wolffcarsten.de>
[use INSTALL_SUID macro]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.
This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.
With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.
Signed-off-by: Matthias Badaire <mbadaire@gmail.com>
[rewrap commit message, fix bashisms, fix non-matching condition,
bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Also fix the libxxxw.so* -> libxxx.so* linking to actually work, the
prevsious code failed to properly symlink the versioned .so files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update (lib)readline to 8.0
Remove autoreconf
Remove blankspace at the end of the lines in description
Remove --enable-shared and --enable-static as they're enabled by default
Remove TARGET_CPPFLAGS
Simplify install sections
Install readline.pc (pkgconfig)
Add patch for linking (lib)ncurses
Source:
https://git.buildroot.net/buildroot/plain/package/readline/0000-curses-link.patch
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
In order to prepare the switch from librpc to libtirpc, we need to relocate
conntrack-tools to the packages feed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Package archives built before commit e6bcf1e4ac
("build: add ABI_VERSION to binary package names") lack the SourceName
control file field which caused ipkg-remove to skip such archives.
Add fallback code that matches the files by their basename followed by
an underscore, similar to how the old cleanup code worked.
Fixes: #2067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>