Create default /etc/sub{uid,gid} files to use for unprivileged
containers.
Appearently these file are not generated/owned by any other OpenWRT
package or buildroot configuration setting.
If such a setting or package exists this commit should probably be
reverted an modified in an extra dependency for that setting/package.
In these default the range 100000-165535 is assigned to root
sub{uid,gid}.
Fix an issue that cause unprivileged containers to not boot if /proc and
/sys are mounted with the `noatime` option.
At boot time /proc and /sys are remounted with the `relatime` option
using a dedicated init.d script.
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
This reverts commit 0ddec62e69 as it was
backport too soon, we need to first wait for fixed libwolfssl being
available.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
8988247 Makefile: Enable warnings as errors (-Werror)
aea39ca Makefile: Respect the CFLAGS and LDFLAGS that have been passed in
189594f poemgr: Fix compiler warnings in poemgr.c
0e1a8cf pd69104: Avoid self-induced pointer casts
2d53298 uswflex: Remove unused variables and declarations
d345441 poemgr: Reorganize poemgr.h to remove forward declarations
df1a7bc contrib: remove unneccessary functions.sh loading
056a6a9 poemgr: Fix name based profile selection
b8f8f23 poemgr: prolong the power budget detection delay
9e8344a poemgr: configure power_budget to override detected limit
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 255c4e6c80ae1f5c00e443eb0b77438ecf78c54c)
Bump to latest and update Makefile to use meson which is upstream's standard.
Deleted unneeded 010-Remove-distro-check.patch (reference to configure).
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit d957a2293b)
Consider only integer part of free space in megabytes when
deciding the boundaries of the to be created partition.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f50a289e51)
This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.
Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468a)
Fixes: https://github.com/openwrt/packages/issues/19210
If libjpeg isn't selected by another package, all is fine.
But if it is selected, the stress-ng build will see it and try to build the
jpeg stressor. This would usually fail sometime and link-time.
In any case, it's better to just pick-up libjpeg as a dependency of
stress-ng. If people want to stress their system with this tool, they can
probably expect libjpeg as well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit fc6f44b13a)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit e4555e03ee)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit a5e96189c3)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
When PAM is available, the build system will detect and use it, but the
package dependency was missing.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 626be11593)
Fix for issue #19010
Signed-off-by: John Kohl <jtk.git@bostonpog.org>
Signed-off-by: Michal Kowalski <18610805+kofec@users.noreply.github.com>
(cherry picked from commit 406adc5363)
Use PKG_FIXUP:=autoreconf when building cryptsetup to prevent
accidental linkage against host libraries.
Fixes: #19011
Reported-by: @dreirund
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ad0ac5198d)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 281d156a35)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 591f8cad33)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 9b1cdb7b52)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>