4b274055ede3 libubus: fix NULL dereference on OOM in ubus_queue_msg
8b5be570f13e libubus-acl: fix dangling pointers on blob_memdup failure in acl_recv_cb
9105ea2a349a ubusd_acl: fix NULL dereference on OOM in ubusd_acl_alloc_obj
07d7f34ac278 ubusd_acl: handle allocation failures in ubusd_acl_init_client
497321a5ea90 ubusd_acl: fix NULL dereference on OOM in ubusd_acl_init
f66d52ba983f ubusd_event: fix OOM handling in ubusd_send_event_msg
11ea1b3bdbea ubusd_main: fix async-signal-unsafe SIGHUP handler
0c095592ccb7 ubusd_proto: fix resource leaks and ID tree corruption in ubusd_proto_new_client
f61695e6e12a ubusd_proto: fix NULL dereference for user/group in ubusd_handle_add_watch
7ecacfadd9bc ubusd_proto: fix NULL dereference on OOM in ubusd_proto_init_retmsg
3ab9d7759545 lua: fix inverted argument check in ubus_lua_add
43051ca73aec lua: fix unchecked calloc and memory leak in ubus_lua_load_object
4ca0b141e9a7 ubusd_id: use getrandom(2) unconditionally on Linux
7e4356da8abe ubusd_monitor: fix NULL dereference on OOM in ubusd_monitor_message
5849870f2251 libubus-req: fix file descriptor leaks in ubus_process_req_msg
f29767f90af1 libubus: fix file descriptor leaks in ubus_process_msg
b099d050b59d libubus: make ubus_shutdown idempotent
a564b8dcb395 ubusd_main: check strdup return value in mkdir_sockdir
239edcbaaac8 ubusd_id: fix continue in do-while skipping random ID retry
09d2df45bf38 ubusd: fix NULL dereference on OOM in ubus_msg_enqueue
bcc45ca981fd libubus: actually set FD_CLOEXEC on the ubus socket
8188f5ce8564 libubus-io: close recv_fd captured before get_next_msg failure
7a068bac5a9b libubus-io: byte-swap peer in HELLO when storing as local_id
747013f6ea05 libubus-io: reset sock.fd to -1 after close on ubus_reconnect error path
020a64b9b169 ubusd_acl: use size_t for strlen result in ubusd_acl_alloc_obj
f92ffd289dcc ubusd: use size_t for string and blob length variables
795b32bb96b6 ubusd: use fixed-width types for sequence counters
Link: https://github.com/openwrt/openwrt/pull/23487
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7df188543e26 libfstools: enable f2fs overlay compression formatting
16718b6e3c0f libfstools: mount f2fs overlay with zstd compression
Signed-off-by: Robert Marko <robimarko@gmail.com>
1bf2d490484e libfstools: make get_var_from_file() reusable
0b6022439cad mount_root: add kernel parameter to specify the overlay storage name
e600d842ce81 mount_root: add kernel parameter to specify the overlay fileystem type
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Debian changelog:
* Update Mozilla certificate authority bundle to version 2.82
The following certificate authorities were added (+):
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
+ SwissSign RSA TLS Root CA 2022 - 1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
The following certificate authorities were removed (-):
- GlobalSign Root CA
- Entrust.net Premium 2048 Secure Server CA
- Baltimore CyberTrust Root (closes: #1121936)
- Comodo AAA Services root
- XRamp Global CA Root
- Go Daddy Class 2 CA
- Starfield Class 2 CA
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
* Use dh_usrlocal to create /usr/local/share/ca-certificates
(closes: #1127100)
Signed-off-by: Fengyu Wu <saldry@proton.me>
Link: https://github.com/openwrt/openwrt/pull/23155
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changelog:
This release consists mainly of small fixes in the policy.
New Modules:
- ofono
- pd_mapper
- tee_supplicant
- xdsprpcd
- wayland
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Link: https://github.com/openwrt/openwrt/pull/23082
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a help text for the new --force-reinstall option, so that users
will actually find the new option.
(Also refresh patches)
Improves: 91cff1a "apk: add --force-reinstall option"
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/22426
Signed-off-by: Robert Marko <robimarko@gmail.com>
58eb263 instance: don't print error in case cgroups are disabled
9baf019 instance: use positive error numbers for strerror()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of directing users to the useless 'man 8 apk', we direct
them to the wiki help page.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22271
Signed-off-by: Robert Marko <robimarko@gmail.com>
Allow reinstalling already-installed packages without a version change.
Only the named packages are reinstalled, not their dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Several OpenWrt-related fixes are included in this release.
Drop upstreamed patches and refresh the rest.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Link: https://github.com/openwrt/openwrt/pull/22240
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
180ffcc instance: use mkdir_p helper
9493a3d signal: handle SIGUSR1 as halt
4dd22d0 cgroups: fix syntax error
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This was a regression introduced in the recent alignment changes and led
to failures when reading (i.e. 'mkndx') certain packages like follows:
ERROR: python3-botocore-1.31.7-r1.apk: unexpected end of file
It affected packages with a header size greater than the read buffer
size of 128KB but less than 160KB (128KB + (128KB / 4)).
In those cases, we'd attempt a 0 byte read, leading to APKE_EOF.
Based on some tests of files across multiple archs and feeds, it seems
the only packages meeting those criteria were python3-botocore and
golang-github-jedisct1-dnscrypt-proxy2-dev.
Fixes: 64ec08eee1 ("apk: backport upstream fixes for unaligned access")
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21992
Signed-off-by: Robert Marko <robimarko@gmail.com>
7e5b324 instance: check length of names when creating cgroups
014f94c procd: jail/cgroups: fix OOB write in cgroups_apply()
e08cdc8 hotplug-dispatch: fix filter disallowing setting PATH
afa4391 service instance: Improve handling of watchdog config changes
52c64d2 service instance: Fix overwriting of watchdog linked list members
96c827f coldplug: fix missing header include
6b10c71 hotplug-dispatch: fix missing header include
58d7aaa initd/coldplug: create /dev/null before running udevtrigger
64f97ff hotplug-dispatch: redirect output to /dev/null
c4e9859 hotplug-dispatch: use stat if d_type is DT_UNKNOWN
bafdfff system: fix arguments validation in ubus handler
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Check /var/run/uci/ before /etc/config/ so that overlay configs
also trigger service reload events.
The overlay directory takes precedence, and uci show already handles
merging overlay + base configuration correctly.
Signed-off-by: John Crispin <john@phrozen.org>
Uninitialized memory led to bogus, huge timestamps being set on files
downloaded with the wget backend. This caused odd issues like 'ls -l'
crashing busybox when attempting to list the .apk file afterwards.
Link: 42f159e67b
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/21874
Signed-off-by: Robert Marko <robimarko@gmail.com>
Packages shouldn't provide a package that another package, in this case
wget from packages provides. Explicitly provide a virtual @wget-any
instead to match the implicit wget provide and switch the only consumer
to use the new provider.
Set uclient-fetch as the default variant for wget-any.
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21369
Signed-off-by: Robert Marko <robimarko@gmail.com>
It seems old website has been retired.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Link: https://github.com/openwrt/openwrt/pull/21279
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some packages with variants did not specify the default among the
alternatives, so were left without any apk 'provider_priority'
for that package. This caused the apk solver to select the wrong
variant, silently changing the requested package list.
Notable among these were busybox, procd and the hostapd/wpad suite.
This behavior presented in the imagebuilders when creating the
image as follows, silently replacing packages even when explicitly
requested:
$ make image PACKAGES=busybox
...
( 14/148) Installing busybox-selinux (1.37.0-r6)
...
We add 'DEFAULT_VARIANT:=1' to the packages that were missing one,
providing apk with sufficient information to choose the correct
package.
See link below for further examples and discussion.
Link: https://github.com/openwrt/openwrt/pull/21288#issuecomment-3704101422
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21358
Signed-off-by: Robert Marko <robimarko@gmail.com>
Switch ca-certs provides to use the new virtual provides semantic that
enables ca-bundle and ca-certificates to be installed side-by-side.
Provide the new format virtual ca-certificates-any in ca-bundle.
Fixes: https://github.com/openwrt/openwrt/issues/21257
Signed-off-by: George Sapkin <george@sapk.in>
Link: https://github.com/openwrt/openwrt/pull/21288
Signed-off-by: Robert Marko <robimarko@gmail.com>
We drop patch 0020-apk-fix-compile: integrated at source.
Compressed help now functions normally.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21127
Signed-off-by: Robert Marko <robimarko@gmail.com>
This fixes the following build error:
```
../src/apk.c: In function 'parse_options':
../src/apk.c:584:4: error: a label can only be part of a statement and a declaration is not a statement
584 | char *arg = opt_parse_arg(&st);
| ^~~~
```
Upstream MR: https://gitlab.alpinelinux.org/alpine/apk-tools/-/merge_requests/376
Fixes: b91ebdabbb ("apk: bump to 3.0.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Recently finalized 3 branch bumped to 3.0.1
dropped patches
-010-libressl4.patch; integrated at source
-999-small-scripts-tar.patch; integrated at source
refreshed remaining patches
DEPRECATION: Option 'compressed-help' is deprecated - removed.
DEPRECATION: Option 'zstd' value 'false' is replaced by 'disabled'
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21093
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Choose the minimal release build which excludes a number of
unused applets, not used on user devices.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21093
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
a284e7751fa7 file: bump sz_size to 64 bits
ffb9961c1f8b file: provide user name and group name lookups for stat listings
Signed-off-by: Robert Marko <robimarko@gmail.com>
Dump and verify commands can be used on read-only devices.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20725
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changelog:
Notable Changes
- Several updates and fixes for systemd
- Add new permissions and policy capabilities
- Drop reiserfs support (it was removed in kernel 6.13)
New Modules
- bubblewrap
- incus
- kanidm
- seatd
- opensnitch
Refresh patch:
- 100-no-docs.patch
Link: https://github.com/openwrt/openwrt/pull/20861
Signed-off-by: Nick Hainke <vincent@systemli.org>
Default behavior for apk was to create an uncompressed scripts.tar
file. Due to the structure of tar files, with fixed block
size and null padding, this file becomes very large on OpenWrt
installations where there are typically two scripts per package.
This could cause the raw tar file to easily grow to over 500KB,
whereas the compressed file is generally around 20-30KB.
When stored in the /rom partition of a squashfs device, the file
is compressed and this is not an issue. But, as soon as you add
or delete a package, the scripts.tar file is fully expanded into
the /overlay partition and can cause issues on small-flash devices.
This issue was addressed in an upstream commit by detecting
whether the scripts.tar file is compressed (its name must be
exactly 'scripts.tar.gz'), and then retaining that compression by
reading/writing the file using a compressed stream.
This commit applies a cherrypicked patch for the upstream commit, and
compresses the scripts.tar during construction of the device rootfs.
Fixes: https://github.com/openwrt/openwrt/issues/17108
Link: 012cdcfdf9
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20795
Signed-off-by: Robert Marko <robimarko@gmail.com>
11e0bee504c6 file: use lstat for file list (instead of stat) to reveal links
917000075eb4 iwinfo: add he and eht operation info to wifi scan
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/20692
Signed-off-by: Robert Marko <robimarko@gmail.com>
ba73bc4672ec CMakeLists: update cmake minimum required version to 3.10
988399770af1 libbb: CMakeLists: update cmake minimum required version to 3.10
ce546f3ebff5 opkg: CMakeLists: update cmake minimum required version to 3.10
80503d94e356 libopkg: CMakeLists: update cmake minimum required version to 3.10
Fixes: #20659
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
b462895d3157 lua: CMakeLists: drop redundant cmake_minimum_required
f247c18f8a55 examples: CMakeLists: drop redundant cmake_minimum_required
83a70399030d github: add CI build
d31effb4277b ubusd: Fix out of bounds access in event register message
d95837b1b143 ubusd: acl: compare uid/gid instead of user/group strings
b81257bb20dd ubusd: load extra group IDs for a client process
7d7b45fea05b add debian/ directory
aa4a7ee1d341 ubusd: fix more instances of missing length checks for patterns
60e04048a0e2 ubusd: fix ACL check for receiving events
Signed-off-by: Felix Fietkau <nbd@nbd.name>
