Skip to content
Snippets Groups Projects
Select Git revision
  • devel default protected
  • pam
  • release-7.3 protected
  • release-7.4.2 protected
  • genxos-12
  • support-radius-ssh
  • roman-7.4.0a2-shsw-perl-noparallel
  • release-6.5 protected
  • iptv
  • nss
  • snmp
  • firewallmngr_uci
  • nw_firewallmngr
  • rt_fail2ban
  • agnau-nginx-lto
  • sshd_maxretries
  • release-7.4.0alpha2-shsw protected
  • rtsp_puse_res_timeout
  • rtsp_70_fix
  • platform-openwrt-23.05.1
  • v14.07
21 results
Search by author
  • Any Author
  • Amin Ben Romdhane Amin Ben Romdhane amin.benromdhane
  • Andreas Gnau Andreas Gnau AGnau
  • Anjan Chanda Anjan Chanda anjancx
  • Balalakshmi Arunachalam Rajendran Balalakshmi Arunachalam Rajendran arbala
  • Benjamin Larsson Benjamin Larsson benjamin
  • Dariusz Iwanoczko Dariusz Iwanoczko dariusz.iwanoczko
  • Divya Chandrasekaran Divya Chandrasekaran divya.c
  • Elena Vengerova Elena Vengerova helen
  • Erik Karlsson Erik Karlsson erik.karlsson
  • Filip Matusiak Filip Matusiak filmat
  • Fredrik Östling Fredrik Östling fredrik.ostling
  • George Yang George Yang gyang
  • Gouri Natarajan Gouri Natarajan gouri.natarajan
  • Grzegorz Sluja Grzegorz Sluja slujagrz
  • Hope Błaszkowska Hope Błaszkowska jakub.blaszk
  • IOPSYS DevOps Bot IOPSYS DevOps Bot devops_robot
  • Jakob Olsson Jakob Olsson jakob
  • Janusz Dziedzic Janusz Dziedzic janusz
  • Jenkins Inteno Jenkins Inteno jenkins
  • Jerome Rogon Jerome Rogon jerome.rogon
20 authors
  1. Dec 06, 2023
  3. Nov 10, 2023
  5. Nov 01, 2023
  7. Oct 25, 2023
    • Daniel Golle's avatar
      cryptsetup: update to version 2.6.1 · f4406635
      Daniel Golle authored 
      
Cryptsetup 2.6.1 Release Notes
==============================
Stable bug-fix release with minor extensions.

All users of cryptsetup 2.6.0 should upgrade to this version.

Changes since version 2.6.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* bitlk: Fixes for BitLocker-compatible on-disk metadata parser
  (found by new cryptsetup OSS-Fuzz fuzzers).
  - Fix a possible memory leak if the metadata contains more than
    one description field.
  - Harden parsing of metadata entries for key and description entries.
  - Fix broken metadata parsing that can cause a crash or out of memory.

* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend.
  OpenSSL2 uses a signed integer for PBKDF2 iteration count.
  As cryptsetup uses an unsigned value, this can lead to overflow and
  a decrease in the actual iteration count.
  This situation can happen only if the user specifies
  --pbkdf-force-iterations option.
  OpenSSL3 (and other supported crypto backends) are not affected.

* Fix compilation for new ISO C standards (gcc with -std=c11 and higher).

* fvault2: Fix compilation with very old uuid.h.

* verity: Fix possible hash offset setting overflow.

* bitlk: Fix use of startup BEK key on big-endian platforms.

* Fix compilation with latest musl library.
  Recent musl no longer implements lseek64() in some configurations.
  Use lseek() as 64-bit offset is mandatory for cryptsetup.

* Do not initiate encryption (reencryption command) when the header and
  data devices are the same.
  If data device reduction is not requsted, this leads to data corruption
  since LUKS metadata was written over the data device.

* Fix possible memory leak if crypt_load() fails.

* Always use passphrases with a minimal 8 chars length for benchmarking.
  Some enterprise distributions decided to set an unconditional check
  for PBKDF2 password length when running in FIPS mode.
  This questionable change led to unexpected failures during LUKS format
  and keyslot operations, where short passwords were used for
  benchmarking PBKDF2 speed.
  PBKDF2 benchmark calculations should not be affected by this change.

Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
(cherry picked from commit 5c21b26a939470a44c25fec7a54416d052def1a9)
      f4406635
    • Daniel Golle's avatar
      lvm2: update LVM2 to 2.03.22 and DM to 1.02.196 · a5aa83ea
      Daniel Golle authored 
      
Remove downstream patch 004-missing-includes.patch which was merged
upstream in version 2.03.19

LVM2 changelog since version 2.03.17
version 2.03.22 - 02nd August 2023
==================================
  Fix pv_major/pv_minor report field types so they are integers, not strings.
  Add lvmdevices --delnotfound to delete entries for missing devices.
  Always use cachepool name for metadata backup LV for lvconvert --repair.
  Make metadata backup LVs read-only after pool's lvconvert --repair.
  Improve VDO and Thin support with lvmlockd.
  Handle 'lvextend --usepolicies' for pools for all activation variants.
  Fix memleak in vgchange autoactivation setup.
  Update py-compile building script.
  Support conversion from thick to fully provisioned thin LV.
  Cache/Thin-pool can use error and zero volumes for testing.
  Individual thin volume can be cached, but cannot take snapshot.
  Better internal support for handling error and zero target (for testing).
  Resize COW above trimmed maximal size is does not return error.
  Support parsing of vdo geometry format version 4.
  Add lvm.conf thin_restore and cache_restore settings.
  Handle multiple mounts while resizing volume with a FS.
  Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
  Enhance lvm_import_vdo and use snapshot when converting VDO volume.
  Fix parsing of VDO metadata.
  Fix failing -S|--select for non-reporting cmds if using LV info/status fields.
  Allow snapshots of raid+integrity LV.
  Fix multisegment RAID1 allocator to prevent using single disk for more legs.

version 2.03.21 - 21st April 2023
=================================
  Fix activation of vdo-pool for with 0 length headers (converted pools).
  Avoid printing internal init messages when creation integration devices.
  Allow (write)cache over raid+integrity LV.

version 2.03.20 - 21st March 2023
=================================
  Fix segfault if using -S|--select with log/report_command_log=1 setting.
  Configure now fails when requested lvmlockd dependencies are missing.
  Add some configure Gentoo enhancements for static builds.

version 2.03.19 - 21st February 2023
====================================
  Configure supports --with-systemd-run executed from udev rules.
  Enhancement for build with MuslC systemd and non-bash system shells (dash).
  Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
  Ensure udev is processing origin LV before its thick snapshots LVs.
  Fix and improve runtime memory size detection for VDO volumes.

version 2.03.18 - 22nd December 2022
====================================
  Fix issues reported by coverity scan.
  Fix warning for thin pool overprovisioning on lvextend (2.03.17).
  Add support for writecache metadata_only and pause_writeback settings.
  Fix missing error messages in lvmdbusd.

DM changelog since version 1.02.187:

Version 1.02.196 - 02nd August 2023
===================================

Version 1.02.195 - 21st April 2023
==================================

Version 1.02.193 - 21st March 2023
==================================

Version 1.02.191 - 21st February 2023
=====================================
  Improve parallel creation of /dev/mapper/control device node.
  Import previous ID_FS_* udev records in 13-dm-disk.rules for suspended DM dev.
  Remove NAME="mapper/control" rule from 10-dm.rules to avoid udev warnings.

Version 1.02.189 - 22nd December 2022
=====================================
  Improve 'dmsetup create' without given table line with new kernels.

(Version 1.02.188 is missing)

Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4db53132ba66359e25fa6fd29aba87541551adf2)
      a5aa83ea
  9. Oct 23, 2023
  11. Oct 18, 2023
  13. Oct 16, 2023
    • Oskari Rauta's avatar
      zsh: use autoreconf PKG_FIXUP to configure · c42f1261
      Oskari Rauta authored 
      
In preparation to PCRE2 fixup, use autoreconf PKG_FIXUP as a better
configure system instead of configure script. This is needed to reduce
upcoming patch to migrate to PCRE2 library.

To correctly use autoreconf it's needed to declare empty
PKG_REMOVE_FILES.

zsh include custom macro in the default aclocal.m4
When autoreconf PKG_FIXUP is used, if PKG_REMOVE_FILES is not defined,
it's set to remove the file aclocal.m4 by default resulting in problem
with the custom macro AC_PROG_LN.

Signed-off-by: default avatarOskari Rauta <oskari.rauta@gmail.com>
[ split to 2 commit, add PKG_REMOVE_FILES, reword commit description ]
Signed-off-by: default avatarChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a7f837c98b0ab3fde1b19283e13a21fdaf1b1ee2)
      c42f1261
    • Christian Marangi's avatar
      zsh: backport PCRE2 patches and move to it · 45498f4b
      Christian Marangi authored 
      
Backport PCRE2 patches from upstream and move package to PCRE2 library
as PCRE is EOL and won't receive any security update anymore.

Patch are backported with minimal change, only the Changelog change is
commented out as it would conflict and makes no sense to adapt for the
purpose of backport patches.

Signed-off-by: default avatarChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5b929fde5f9b8bc2b6e85999c9eb08b5a4295c7f)
      45498f4b
  15. Oct 14, 2023
    • Nick Hainke's avatar
      kmod: update to 31 · 58ade934
      Nick Hainke authored 
      Release Notes:
https://github.com/kmod-project/kmod/blob/aff617ea871d0568cc491bd116c0be1e857463bb/NEWS#L1



Signed-off-by: default avatarNick Hainke <vincent@systemli.org>
(cherry picked from commit ca057f3e4e997aa8cd27ab03f97429309b18cbc1)
      58ade934
    • Oskari Rauta's avatar
      podman: update to 4.7.1 · 7fe0677d
      Oskari Rauta authored 
      Bugfixes

 - Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209).
 - Fixed a regression in --env-file handling (#19565).
 - Fixed a bug where podman inspect would fail when stat'ing a device failed.

API
 - The network list compat API endpoint is now much faster (#20035).

Openwrt updates: added patch to allow building with musl-1.2.4
Patch source is from gentoo https://github.com/vimproved/gentoo/blob/c4c349f11a4352be1965726eadfe3a8bd8a6fa9c/app-containers/podman/files/podman-4.5.0-fix-build-with-musl-1.2.4.patch



Issue was discussed by @jefferyto at mattn/go-sqlite3#1177

remarks:
removed musl-1.2.4 patch from commit, since that version of musl
is not available with openwrt-23.05

Signed-off-by: default avatarOskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit e25d417f1a3162bb2ecaad06a6b79ab6afb74659)
      7fe0677d
    • Oskari Rauta's avatar
      slirp4netns: update to 1.2.2 · a38348e6
      Oskari Rauta authored 
      
v1.2.2 changes:
 - Enabled reproducible builds

v1.2.1 changes:
 - sandbox: Add support for escaping resolv.conf symlinks. This fixes usage in WSL environments which symlinks /etc/resolv.conf under a shared location under /mnt.

Signed-off-by: default avatarOskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 8b3bf5bb88ce00a78312ed2da7dea7efa54de197)
      a38348e6
    • Oskari Rauta's avatar
      crun: update to 1.9.2 · 35f99480
      Oskari Rauta authored 
      
changelog 1.9.2:
 - cgroup: reset the inherited cpu affinity after moving to cgroup. Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move, so we need to reset it in order to honor the cpuset configuration.

changelog 1.9.1:
 - utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink.
 - build: fix build on CentOS 7
 - linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed.
 - utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory.

Signed-off-by: default avatarOskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit bb3af8acb92e396f181d3f435dd2ca8ac1c9ec30)
      35f99480
    • Oskari Rauta's avatar
      conmon: update to 2.1.8 · 3fd6e9e0
      Oskari Rauta authored 
      
Bug fixes:
 - stdio: ignore EIO for terminals
 - ensure console socket buffers are properly sized
 - conmon: drop return after pexit()
 - ctrl: make accept4 failures fatal
 - logging: avoid opening /dev/null for each write
 - oom: restore old OOM score
 - Use default umask 0022

Misc changes:
 - cli: log parsing errors to stderr
 - Changes to build conmon for riscv64
 - Changes to build conmon for ppc64le
 - Fix close_other_fds on FreeBSD

Signed-off-by: default avatarOskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 3d88d18ee2918840b9b05fb27e50587fc9f62b64)
      3fd6e9e0
  17. Oct 12, 2023
  19. Oct 06, 2023
  21. Oct 03, 2023
    • Josef Schlehofer's avatar
      prometheus-node-exporter-lua: drop bmx6 package · 4c79fdda
      Josef Schlehofer authored 
      
In the OpenWrt routing feed, package bmx6 and luci-app-bmx6 were removed because the LuCI app was vulnerable to several CVEs, as found by dependabot. It has been reporting it for a few months and has even created an issue. These two packages are not maintained in OpenWrt as well in upstream.

Users should switch to the bmx7 package.

Fixes: 9fb9d9343ea27d6dbb5008ece10c0c843dd2c781 ("bmx6: drop package") in the routing feed

Signed-off-by: default avatarJosef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9c2bf859005ada11c17835f74826b356cdb0fb7b)
      4c79fdda
  23. Sep 28, 2023
  25. Sep 27, 2023
  27. Sep 22, 2023
  29. Sep 21, 2023
  31. Sep 18, 2023
    • Hannu Nyman's avatar
      collectd: remove target dependency from cpufreq plugin · b507c937
      Hannu Nyman authored 
      
We currently have more package architectures supporting
CPU frequency scaling than earlier, and the package architecture
vs. CPU target SDK matching does not fully reflect that.
(E.g. aarch64_cortex-a53 is currently using bcm27xx/bcm2710)

Simplify things by removing the target dependency and let the plugin
be built for all architectures.

Signed-off-by: default avatarHannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 87a9305ddd5a61602c5f283996352e1122afaf1e)
      b507c937
  33. Sep 16, 2023
  35. Sep 03, 2023
    • Mathew McBride's avatar
      qemu: enable host support for armsr/armv8 · ae8a9805
      Mathew McBride authored 
      
As of OpenWrt main branch commit e505873e65f72 ("armsr: armv8:
enable KVM host") [merged 2023-08-15], armsr/armv8 has
KVM host support. We can now enable QEMU host for this
target.

For example, you can run OpenWrt armsr/armv8 as a guest
like so:
qemu-system-aarch64 -nographic -M virt -cpu host --enable-kvm \
	-bios u-boot.bin -smp 1 -m 1024 \
	-drive file=openwrt-armsr-armv8-generic-ext4-combined.img,format=raw,index=0,media=disk

A compatible u-boot.bin can be obtained from u-boot-qemu_armv8/u-boot.bin
that is built with the armsr target and available from
downloads.openwrt.org.

Signed-off-by: default avatarMathew McBride <matt@traverse.com.au>
(cherry picked from commit 821bbcdf8bea7a864a038751908434578ec16339)
      ae8a9805
    • Luca Barbato's avatar
      nvme-cli: Fix categorization · f99d7289
      Luca Barbato authored 
      
Signed-off-by: default avatarLuca Barbato <lu_zero@gentoo.org>
(cherry picked from commit b5463d16f1b962c36784ff92252db49b5b3791b9)
      Unverified
      f99d7289
    • Robert Marko's avatar
      mhz: respect CC and CFLAGS passed by buildsystem · a412d357
      Robert Marko authored 
      
It seems that the Makefile has both CC and CFLAGS hardcoded and does not
allow overriding them by ones being passed by the buildsystem.

This works fine until CONFIG_PKG_ASLR_PIE_ALL is selected, then building
will fail with:
arm-openwrt-linux-muslgnueabi/bin/ld.bfd: mhz.o: relocation R_ARM_MOVW_ABS_NC against `a local symbol' can not be used when making a shared object; recompile with -fPIC
arm-openwrt-linux-muslgnueabi/bin/ld.bfd: mhz.o(.text+0x75c): unresolvable R_ARM_CALL relocation against symbol `__aeabi_l2d@@GCC_3.5

So, lets add a patch pending upstream that allows both CC and CFLAGS to be
overriden so that ones passed by the buildsystem are actually respected.

Fixes: 89123b308f98 ("mhz: add new package")
Signed-off-by: default avatarRobert Marko <robimarko@gmail.com>
(cherry picked from commit 6c28f46f37d35dce06c320d9ac7f256c113aea22)
      a412d357
  37. Sep 02, 2023
  39. Aug 31, 2023