Make version compatible with the apk package manager.
Add short explanation about rtklib purpose to the menu item.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
xdg-dbus-proxy is a filtering proxy for D-Bus connections. It is used to
allow partial access to D-Bus form sandboxed processes, eg. when using
bubblewrap.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If users choose to build OpenWrt with btrfs included
and want to use a btrfs RAID for overlay/extroot,
then devices need to be scanned *before* mounting overlay/extroot.
If not, btrfs won't find all RAID drives and fail to mount.
This commit:
- creates a duplicate (symlink) of the btrfs scan script so that it runs
both before and after overlay/extroot mount,
- changes the scan command to not depend on blkid (-d),
- outputs the scan results to kernel log to show what's being detected,
as the system logger is not yet running.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
Make sure hwdata can be used by other packages during build by
adding InstallDev section which includes pkgconfig as well as
all types of IDs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move post-install script to /etc/uci-defaults so it always runs on the
target and doesn't require the host to provide 'update-mime-database'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Maintainer: Tom Stöveken <tom@naaa.de>
Compile tested: SDK for OpenWrt 23.05.5
Run tested: x86/64 @ Intel(R) Celeron(R) CPU N3160 @ 1.60GHz, OpenWrt 23.05.5
Description:
Updated to version 0.17.3
Signed-off-by: Tom Stöveken <tom@naaa.de>
This commit updates the mstflint package to the latest
4.30.0 release. It also drops the zlib dependency because
libsqlite3 and libxml2 already depend on it.
Signed-off-by: Til Kaiser <mail@tk154.de>
Bump fwupd to 2.0.1 and make libdrm support configurable.
Set libdrm support disabled by default.
This is needed to fix a problem with buildbot where libdrm dependency is
silently included as buildbot compile every package and library is found
in the system.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bug fix:
efahl/owut@8c7e42f owut: force top-level when adding a package
Enhancement:
efahl/owut@e26df83 argparse: add an exclusive store mechanism
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Move uci-defaults file to run level 51, so it is executed immediately
after the attendedsysupgrade-common package's uci-defaults script.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Move the init script to '50-attendedsysupgrade', so it is run in the
middle of the init sequence, rather than after all the explicitly
ordered ones. This allows later scripts, specifically the 99-level
ones, to modify the contents of the attendedsysupgrade configuration.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Enhancements:
efahl/owut@cdfbc24 owut: rework build status monitor to use HEAD requests
efahl/owut@6704884 owut: rework download statistics
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
mtools: update to 4.0.45
no change log
https://www.gnu.org/software/mtools/manual/mtools.html
Compile tested: Model ASUS RT-AC88U
Architecture ARMv7 Processor rev 0 (v7l)
BCM53xx / arm_cortex-a9.
Kernel Version 6.6.53
main branch
Run tested: Using GCC 14.2.0 and binutils 2.43.1
Signed-off-by: Jen Wolf <jenwolf@protonmail.com>
Remove GPL-2.0+ and GPL-3.0+ from PKG_LICENSE as GNU GPLv2+ and GPLv3+
are only used for the build system as stated in [1]:
The build system contains public domain files, and files that
are under GNU GPLv2+ or GNU GPLv3+. None of these files end up
in the binaries being built.
Moreover, add 0BSD which is used since version 5.6.0 [2]
[1]: 02ddf09bc3
[2]: 689e0228ba
Fixes: b9e87eeb7d (xz: import from old packages feed)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
Add support for Go 1.23.
Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION.
rootfs: consolidate mountpoint creation logic.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Bug fixes:
efahl/owut@e791bd2 owut: more robust handling of build errors
Enhancements:
efahl/owut@853f5ab owut: don't use "extra" versions
efahl/owut@4629b0f owut: minor cleanups
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
- Cleanup Makefile
- Refresh patches
- Simplify go tags
- Separate go tags with space due to upstream change
- Remove vars which are indentical to upstream or empty
- Invoke built-in go vars instead of duplicating one by one
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tested-by: Dirk Buchwalder <buchwalder@posteo.de>
No patches needed to be rebased, simple version bump.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
add config options to set http porxy for dockerd, refer to
https://docs.docker.com/engine/daemon/proxy/ for details
use the *_proxy environment variable as the default value, so in most
cases, dockerd can use the system proxy settings just like opkg.
Signed-off-by: Joe Zheng <joe.zheng@intel.com>
- libblkid is now a hard dependency
- Don't set configure options matching the default
- Enable LTO
- Disable debug asserts at configure stage, drop the patch
- Compile with target optimizations instead of -O2
- Update package URL
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Bug fixes:
efahl/owut@6564aa2 owut: handle non-JSON responses
Enhancements:
efahl/owut@e0a0c49 owut: add age to build time output
efahl/owut@d811a24 examples: compress the manifest
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
This adds an additional OpenWrt specific backend to use lpac with the
uqmi tooling used by OpenWrt to manage QMI based modems.
This allows lpac to manage eUICC chips without the need for other,
potentially bigger, software using the installed modem.
Also set this backend as the new default, as users probably expect being
able to download profiles using their cellular modem.
Profile-Switching
-----------------
With some eUICC modem combinations you might require to powercycle the
UIM slot using uqmi after changing the active profile. To do this,
simply execute
$ uqmi -d /dev/cdc-wdm0 --uim-power-off --uim-slot=1
$ uqmi -d /dev/cdc-wdm0 --uim-power-on --uim-slot=1
Note
----
SM-DP+ might use encryption parameters which are incompatible with
mbedtls which cURL is by default compiled for.
This was observed when attempting to download a profile from
Vodafone DE.
If you encounter issues in that regard, try to install a version of
libcurl which is compiled with OpenSSL support.
Signed-off-by: David Bauer <david.bauer@uniberg.com>
This commit updates the mstflint package to the latest 4.29.0
release, including the new binaries mstfwctrl, mstlink, mstreg,
and libexpat as a new dependency.
Signed-off-by: Til Kaiser <mail@tk154.de>
This reverts commit df1cd5792a as the
current licensing terms prevents use in FOSS projects:
Under no circumstances may customers modify, demonstrate, use, deliver
or disclose any portion of the Software in source code form.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
- Switch to GNU package URLs
- Switch license to GNU-3.0
- Manually rebase one patch
- Add 3 more patches from Buildroot project
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
- Use proper tarball instead of codeload
- Remove autoreconf - provided configure works all right
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Bug fixes:
efahl/owut@e329cb9 owut: allow user to specify 'version_code' for build
efahl/owut@fbafbf1 owut: improve image selection
efahl/owut@6352b2c config: fix wrong directory in example
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Cryptsetup 2.7.4 Release Notes
==============================
Stable bug-fix release.
All users of cryptsetup 2.7 should upgrade to this version.
Changes since version 2.7.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Detect device busy failure for device-mapper table-referenced devices.
Some device-mapper ioctl failures can disappear in libdevmapper,
causing the libcryptsetup wrapper to return an invalid error (EINVAL)
instead of EEXIST or EBUSY. One such case is when there is a device
creation race, and the device-mapper device name is created, but
the following mapping table load fails. This can happen because some
block devices used in table mapping have already been claimed by
another process (the kernel needs exclusive access).
The kernel ioctl properly returns EBUSY; this errno is lost in
libdevmapper (dm_task_get_errno returns 0). It should be fixed by
libdevmapper in the future.
Such behavior was seen in the systemd way of handling dm-verity
devices. With these changes, the code should react for EEXIST and
EBUSY, as another process has already activated the device.
Code calling libcryptsetup also must not check the underlying device
with an exclusive open flag (O_EXCL). Otherwise, it could cause a race
in the kernel device-mapper, resulting in no process succeeding device
activation (see also CRYPT_ACTIVATE_SHARED flag below).
* Fix shared activation for dm-verity devices.
The CRYPT_ACTIVATE_SHARED flag was silently ignored when activating
dm-verity devices. Dm-verity shared activation is generally safe
since all verity devices are read-only.
The shared flag is a way to skip the exclusive access check for the
device, allowing it to create multiple mappings with the same device or
properly handle a racy concurrent activation of devices with the same
name from different processes.
* Add --shared option for veritysetup open action.
The option allows the data device to be used in multiple device-mapper
table mappings (skip exclusive access check) or to allow concurrent
dm-verity device activation of the same device (only one process
succeeds in this case; the other will return EEXIST or EBUSY).
* Do not use exclusive flag for the allocated backing loop files.
Using this flag is an undefined operation for opening an existing file.
The flag should be used only for allocated loop (block) devices.
* Fixes for problems found by static analyzers and Valgrind.
These include fixes for non-default libgcrypt, NSS, and Nettle
cryptographic backends, buffer operations to avoid partial read/write,
and several other workarounds for mostly false positive warnings.
* Fixes to tests and CI scripts.
Cryptsetup 2.7.3 Release Notes
==============================
Stable bug-fix release with security fixes.
All users of cryptsetup 2.7 must upgrade to this version.
Changes since version 2.7.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Do not allow formatting LUKS2 with Opal SED (hardware encryption)
if the reported logical sector size for the block device and Opal
encryption logical block differs.
Such a configuration can lead to a partially encrypted Opal locking
range or data destruction following the expected locking range.
Some NVMe drives support multiple LBAF profiles (typically supporting
512-byte and 4096-byte sector size). Some broken Opal NVMe firmware can
report bogus encryption size that disagrees with real used sector size.
This usually happens after low-level NVMe reformatting (LBAF profile
change with nvme utility) to different sector size.
Moreover, some firmware versions do not properly reset this even after
explicit PSID revert.
Cryptsetup calculates the Opal locking range using the reported block
size in Opal geometry ioctl. Unfortunately, the broken firmware drive
internally uses the logical block size of the block device, which can
differ. This can lead to two possible situations:
- Opal reports a smaller block size (512-byte) while the drive uses
a 4096-byte sector. The configured locking range is then much larger,
destroying data following the expected locking range setting.
- Opal reports a larger block size (4096-byte) while the drive uses
a 512-byte sector. The configured locking range is then much smaller,
leaving the remaining space in the locking range unencrypted (violating
the confidentiality of data).
Cryptsetup now detects this discrepancy and disallows LUKS2 format with
Opal hardware encryption in such a case.
For already formatted devices, you will see this warning:
"Bogus OPAL logical block size differs from device block size."
If you also used software encryption (dm-crypt over Opal), data will
still be fully encrypted with software dm-crypt.
With hw-only encryption, your configuration is probably already broken
(insecure or accessing data beyond the assigned area).
Note that this is caused by bad firmware (seen with multiple vendors),
and the problem was reported, at least for drives we have access to.
* Fixes to wiping LUKS2 headers after Opal locking area erase.
As the hardware locking range is destroyed (cryptsetup erase command),
the LUKS2 header is no longer usable and was partially wiped.
Now the code fully wipes also the secondary header, as the previous
code wiped only the primary LUKS area.
Note that this is an exception, as the normal erase command wipes only
the keyslots, keeping the LUKS2 header in place. With Opal encryption,
the data segment is no longer valid, so the whole LUKS2 header is no
longer usable.
* Mention the need for possible PSID revert before Opal format for some
drives (man page).
* Fix Bitlocker-compatible code to ignore newly seen metadata entries.
Recent Windows OS versions started to include new (undocumented)
metadata entries in Bitlocker. These entries are now quietly ignored,
allowing Bitlocker images to open with cryptsetup again.
* Fix interactive query retry if LUKS2 unbound keyslot is present.
If an unbound keyslot is present, the password query retry count is
now properly applied.
* Detect unsupported zoned devices for LUKS header devices.
Zoned devices cannot be written with direct-io and used for LUKS header
logic in general. Code now rejects placing the LUKS header on a zoned
device, while you can still create a detached header and use a zoned
device for encrypted data.
* Allow "capi" cipher format for benchmark command and fix parsing
of plain IV in "capi" format.
Some ciphers can be specified only in Linux kernel crypto notation
(in short, "capi"). Code now allows this format also for benchmark,
for example, "benchmark -c capi:xts\(aes\)-plain64"
(that is equivalent to -c aes-xts-plain64).
* Add support for HCTR2 encryption mode.
The HCTR2 encryption mode was added to the Linux kernel for fscrypt,
but as it is a length-preserving mode (with sector tweak), it can be
easily used for disk encryption, too.
The mode has the same property as wide modes (any change is propagated
to the whole sector instead of only one block as in XTS mode).
As it needs a larger initialization vector (32 bytes), we need to add
an exception in the userspace format code.
You can now use --cipher aes-hctr2-plain64 for the format operation.
* Source code now uses SPDX license identifiers instead of full
license preambles.
* Fix missing includes for cryptographic backend that could cause
compilation errors for some systems.
* Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2.
* Fix various (mostly false positive) issues detected by Coverity.
Cryptsetup 2.7.2 Release Notes
==============================
Stable bug-fix release.
All users of cryptsetup 2.7 should upgrade to this version.
Changes since version 2.7.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix activation of OPAL-only encrypted LUKS device with tokens.
The issue was caused by an invalid volume key check (assert)
that is impossible without software encryption.
* Fix formatting of OPAL devices with 4096-byte sector size.
* Fix incorrect OPAL locking range alignment calculation if used
over an unaligned device partition.
* Add --hw-opal-factory-reset option description to the manual page.
* Do not check the passphrase quality for OPAL Admin PIN,
as this passphrase already exists.
* Update license for FAQ document to CC BY-SA 4.0.
NOTE: Please note that with OPAL-only (--hw-opal-only) encryption,
the configured OPAL administrator PIN (passphrase) allows unlocking
all configured locking ranges without LUKS keyslot decryption
(without knowledge of LUKS passphrase).
Because of many observed problems with compatibility, cryptsetup
currently DOES NOT use OPAL single-user mode, which would allow such
decoupling of OPAL admin PIN access.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Version 2.03.25 - 12nd July 2024
================================
Utilize more radix_tree instead of dm_hash and btree.
Refactor DM uuid caching from device_mapper directory.
Enhance checking for DM uuid device.
Fix lvm shell command completion on tab key (2.03.24).
Avoid lockd_vg call to lvmlockd for local VGs.
Allow forced change of locktype from none.
Handle OPTIONS defined in /etc/sysconfig/lvmlockd.
Version 2.03.24 - 16th May 2024
===============================
Lvconvert supports VDO options for thin-pool with vdo conversion.
Improve placement to .data.rel.ro and .rodata sections.
Fix support for -y and -W when creating thinpool with vdo.
Bettter support for runtime valgrind detection.
Allow command interruption when communicating with dmeventd.
Fix resize of VDO volume used for thin pool data volume.
Use -Wl,-z,now and -Wl,--as-needed for compilation by default.
Require 3.7 as minimal version for sanlock.
Share code for closing opened desriptors on program startup.
Fix memleak in lvmcache.
Add configure --with-default-event-activation=ON setting.
Fix return value from reporter function when hitting internal error.
Skip checking of pools for lvremove and vgremove commands.
VDO modprobes dm-vdo for 6.9 kernel and kvdo for older kernel version.
Fix lvs reporting for VDO volumes with new upstream kernel driver.
Don't import DM_UDEV_DISABLE_OTHER_RULES_FLAG in LVM rules, DM rules cover it.
Fix table line generation for cache snapshots using cachevol.
Enhance lvconvert support for external origins stacking.
When swapping LV names also swap properties like hostname, time and data.
Fix removal of stacked external origins.
Lock filesystem when converting volume to read-only external origin.
Support external origin between different thin-pool.
Improve validation of acceptable volumes for external origins.
Reduce amount of preloaded devices for complex device trees.
Avoid logging problems from monitoring snapshots with inactive origins.
Check for cache policy module presence in kernel's builtin modules file.
Add configure --with-modulesdir to select kernel modules directory.
Support creation of thin-pool with VDO use for its data volume.
libdm:
Version 1.02.199 - 12nd July 2024
=================================
Version 1.02.198 - 16th May 2024
================================
Fix static only compilation of libdevmapper.a and dmsetup tool.
Use better code for closing opened descriptors when starting dmeventd.
Correct dmeventd -R for systemd environment.
Restart of dmeventd -R checks pid file to detect running dmeventd first.
Query with dmeventd -i quickly ends when there is no running dmeventd.
Enhance dm_get_status_raid to handle mismatching status or reported legs.
Create /dev/disk/by-label symlinks for DM devs that have crypto as next layer.
Persist udev db for DM devs on cleanup used in initrd to rootfs transition.
Process synthetic udev events other than 'add/change' as 'change' events.
Increase DM_UDEV_RULES_VSN to 3 to indicate changed udev rules.
Rename DM_NOSCAN to .DM_NOSCAN so it's not stored in udev db.
Rename DM_SUSPENDED to .DM_SUSPENDED so it's not stored in udev db.
Do not import DM_UDEV_DISABLE_OTHER_RULES_FLAG from db in 10-dm-disk.rules.
Test DISK_RO after importing properties from db in 10-dm.rules.
Also import ID_FS_TYPE in 13-dm-disk.rules from db if needed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The internal package list order fix depends on openwrt/asu@b7c8a426
Bug fixes:
efahl/owut@d8af324 maintain internal package list in installation order
efahl/owut@5bc21c6 armsr platform not detected properly
efahl/owut@b0570d4 documentation link fixes for ASU server changes
Enhancements:
efahl/owut@3a213f3 better download rate calculation
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Changelogs: https://github.com/containers/crun/releases
Bump libocispec to latest commit (required due to rename of class to
_class)
Fixes a crun 1.14.1 bug which prevented Podman running containers due
to version parsing bug.
root@OpenWrt:~# podman run hello-world
Error: OCI runtime error: crun: unknown version specified
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
- bugs
980156399e properly handle 'package_changes' entries with build breakages
119c7194b7 deal with stdout being chopped off when output is piped
75faac2167 fix ordering of '-rcN' version numbers
- issues
0aefe77e47 warn and stop on package downgrades
- enhancements
a23ea2c1ef report file download rates in verbose output
112afd07a5 report broken packages when using 'list' or 'blob'
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Changelog: version 2.1.3 (07/09/2024)
- Mostly a brown-paper bag release to fix the below regression and add a
feature I forgot to add.
- Fix regression in search() function that broke --fromfile (Florian Ernst)
(caused by removing too much code while fixing premature sort for
--fromfile)
- Allow the -L option to accept its parameter immediately (with no space)
instead of requiring it be the next option word. (Trevor Gross)
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
No changelog, but only a single commit since last version, fixing uncoloured stderr
interleaved with coloured stdout.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
74ee2fa489 failed to notice that libpcsclite now supports redirection, as of
1faab672aa
(first present in upstream release 2.1.0). It's important to include the real
implementation, even if redirection permits loading others.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
Turns out that having a comment for QMI over QRTR in the CMAKE_OPTIONS will
drop anything after it, so lets move the comment above CMAKE_OPTIONS.
Fixes: 34f9d96b4c ("lpac: make APDU backends configurable")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Currently, lpac will be built with the PCSC and AT APDU backends by default
and its not configurable in OpenWrt.
Since smart card reads are not really common on OpenWrt devices lets
disable PCSC backend by default so we dont have to include PCSC lib and
daemon by default.
AT backend is left enabled by default since it has no external dependecies
and all modems have it.
QMI over QRTR backend is not selectable even though it is part of the 2.0.2
relase since it requires unstable libqmi 1.35.4 or newer and we are still
using 1.34 stable branch.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Changelog: https://discuss.linuxcontainers.org/t/lxc-6-0-lts-has-been-released/19567
Required libdbus as a depends for liblxc. I verified that both
lxc-create and lxc-checkconfig work with the rebases to the
following patches but do please review:
020-lxc-checkconfig.patch
025-remove-unsupported-option.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
This is the thirteenth patch release in the 1.1.z release branch of runc.
Itbrings in Go 1.22.x compatibility and fixes a few issues,
including anoccasional wrong nofile rlimit in runc exec,
and a race between runc list and runc delete.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Tianling Shen