diff options
| -rwxr-xr-x | build | 2 | ||||
| -rw-r--r-- | changelog | 32 | ||||
| -rwxr-xr-x | opkg | 135 | ||||
| -rw-r--r-- | opkg-lede.pkg/files | 1 | ||||
| -rw-r--r-- | opkg-lede.pkg/postinst | 7 | ||||
| -rw-r--r-- | patches/libopkg-fix-md5sum-calculation.patch | 51 | ||||
| -rw-r--r-- | patches/u-a-protect-bracket.patch | 12 | ||||
| -rwxr-xr-x | release | 13 |
8 files changed, 251 insertions, 2 deletions
@@ -24,7 +24,7 @@ build: install: build oh-autoinstall - mv dest/usr/bin/opkg-cl dest/usr/bin/opkg + install -m 0755 ../opkg dest/usr/bin/opkg install -m 0755 ../opkg-cert dest/usr/bin/opkg-cert install -m 0755 -d dest/usr/sbin/ ln -sf /usr/bin/opkg-cert dest/usr/sbin/opkg-key @@ -1,3 +1,31 @@ +opkg-lede (0+git20190131.d4ba162-8) trunk + + * opkg-lede: Fix exit status when "/usr/bin/opkg-cl" fails. + + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Mon, 25 Sep 2023 06:49:51 -0400 + +opkg-lede (0+git20190131.d4ba162-8) trunk + + * opkg-lede: Fix a "cat: not found" error when "/usr/bin/opkg" is run + during a system installation. + + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Wed, 09 Dec 2020 09:06:07 -0500 + +opkg-lede (0+git20190131.d4ba162-7) trunk + + * opkg-lede: Add a wrapper script as "/usr/bin/opkg" and move the real + opkg binary back to its default location at "/usr/bin/opkg-cl". + This wrapper script: + - Enables the busybox package to be safely upgraded (opkg-lede + attempts to execute gzip after removing busybox, whereas opkg + didn't) and + - Accepts an -a/--host-architecture option for multiarch support. + * Add patch from upstream to fix "file_md5sum_alloc: Could't compute + md5sum" errors. + * Add patch to allow update-alternatives to manage "/usr/bin/[". + + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Mon, 07 Dec 2020 11:50:54 -0500 + opkg-lede (0+git20190131.d4ba162-6) trunk * opkg-lede: Replace opkg-key with opkg-cert, and provide a @@ -5,8 +33,10 @@ opkg-lede (0+git20190131.d4ba162-6) trunk * opkg-lede: Drop "Replaces" field and simplify "Conflicts" field. * Drop patch to change default configuration file path, and just use "/etc/opkg.conf". + * opkg-lede: Move main configuration file from "/etc/opkg/opkg.conf" to + "/etc/opkg.conf" in postinst. - -- Patrick McDermott <patrick.mcdermott@libiquity.com> Wed, 17 Apr 2019 19:01:24 -0400 + -- Patrick McDermott <patrick.mcdermott@libiquity.com> Sat, 27 Apr 2019 14:33:35 -0400 opkg-lede (0+git20190131.d4ba162-5) trunk @@ -0,0 +1,135 @@ +#!/bin/busybox sh +# +# opkg - Multiarch support wrapper for opkg +# +# Copyright (C) 2020 Patrick McDermott +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -eu + +BB='/bin/busybox' +BIN='/var/lib/opkg/bin' + +save_bb() +{ + local file= + local link= + local name= + local prio= + + "${BB}" mkdir "${BIN}" 2>/dev/null || : + "${BB}" cp -p "${BB}" "${BIN}/busybox" + + while read file; do + case "${file}" in + /bin/busybox) ;; + /bin/?* | /sbin/?* | /usr/bin/?* | /usr/sbin/?*) + "${BB}" ln -sf 'busybox' "${BIN}/${file##*/}" + ;; + esac + done 0<<-EOF + $(/usr/bin/opkg-cl files busybox) + EOF + + while read link name prio; do + "${BB}" ln -sf 'busybox' "${BIN}/${link##*/}" + done 0</usr/share/busybox/alternatives + + export PATH="${PATH}:${BIN}" + export OPKG_BUSYBOX_SAVED='1' + + return 0 +} + +unsave_bb() +{ + rm -f "${BIN}/"* +} + +main() +{ + local first_arg= + local arch_arg= + local arg= + local es= + + first_arg=true + arch_arg='' + for arg in "${@}"; do + if ${first_arg}; then + set -- + if [ -e '/etc/opkg/opkg.conf' ]; then + set -- "${@}" --conf '/etc/opkg/opkg.conf' + fi + set -- "${@}" \ + --add-arch all:100 \ + --add-arch "$("${BB}" cat \ + /etc/proteanos_arch):50" \ + --add-arch src:100 + first_arg=false + elif [ -n "${arch_arg}" ]; then + case "${arg}" in -* | '') + printf '%s: Option "%s" requires an argument\n'\ + "${0}" "${arch_arg}" 1>&2 + return 1 + esac + set -- "${@}" --add-arch "${arg}:100" + arch_arg='' + continue + fi + case "${arg}" in + -a | --host-architecture) + arch_arg="${arg}" + continue + ;; + -a*) + arg="${arg#-a}" + set -- "${@}" --add-arch "${arg}:100" + continue + ;; + --host-architecture=*) + arch_arg="${arg%=*}" + arg="${arg#--host-architecture=}" + if [ -z "${arg}" ]; then + printf '%s: Option "%s" requires '$(: \ + )'an argument\n' \ + "${0}" "${arch_arg}" 1>&2 + return 1 + fi + set -- "${@}" --add-arch "${arg}:100" + arch_arg='' + continue + ;; + esac + set -- "${@}" "${arg}" + done + if [ -n "${arch_arg}" ]; then + printf '%s: Option "%s" requires an argument\n' \ + "${0}" "${arch_arg}" 1>&2 + return 1 + fi + + save_bb + if /usr/bin/opkg-cl "${@}"; then + unsave_bb + return 0 + else + es=${?} + unsave_bb + return ${es} + fi +} + +main "${@}" diff --git a/opkg-lede.pkg/files b/opkg-lede.pkg/files index 7030e26..55e6832 100644 --- a/opkg-lede.pkg/files +++ b/opkg-lede.pkg/files @@ -1,4 +1,5 @@ /usr/bin/opkg /usr/bin/opkg-cert +/usr/bin/opkg-cl /usr/bin/update-alternatives /usr/sbin/opkg-key diff --git a/opkg-lede.pkg/postinst b/opkg-lede.pkg/postinst new file mode 100644 index 0000000..6e2d526 --- /dev/null +++ b/opkg-lede.pkg/postinst @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ x"${1}" = x'configure' ]; then + if [ -f /etc/opkg/opkg.conf ] && ! [ -f /etc/opkg.conf ]; then + mv /etc/opkg/opkg.conf /etc/opkg.conf + fi +fi diff --git a/patches/libopkg-fix-md5sum-calculation.patch b/patches/libopkg-fix-md5sum-calculation.patch new file mode 100644 index 0000000..71107c5 --- /dev/null +++ b/patches/libopkg-fix-md5sum-calculation.patch @@ -0,0 +1,51 @@ +From 66f458decf9fd2839d77bf420e93d9c78025488a Mon Sep 17 00:00:00 2001 +From: Alexander Ryzhov <github@ryzhov-al.ru> +Date: Sun, 13 Sep 2020 14:42:56 +0200 +Subject: [PATCH] libopkg: fix md5sum calculation + +This regression prevents MD5 checksums from being checked. Packages are +still installed, but this raises several issues: + +- if only MD5 checksums are provided in the package list, it is trivial + for an attacker to modify the content of a package, since checksum + verification is bypassed. If both MD5 and SHA256 checksums are + provided, then SHA256 is correctly verified and the attack is not + possible. + +- future efforts to harden checksum verification would prevent package + installation. + +Note that OpenWrt has switched to SHA256 for all its packages several +years ago. As a result, this bug does not affect OpenWrt packages from the +official package feeds. + +However, custom package repositories that only use MD5 are affected. + +Initially submitted at https://github.com/openwrt/openwrt/pull/3087 + +Fixes: 33f7b80aa325 ("libopkg: drop custom md5 implementation, +unconditionally enable sha256 support") + +Signed-off-by: Alexander Ryzhov <github@ryzhov-al.ru> +[Add commit description] +Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> +--- + libopkg/file_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libopkg/file_util.c b/libopkg/file_util.c +index 3a1761e..8e698cc 100644 +--- a/libopkg/file_util.c ++++ b/libopkg/file_util.c +@@ -153,7 +153,7 @@ char *file_md5sum_alloc(const char *file_name) + + len = md5sum(file_name, md5sum_bin); + +- if (len) { ++ if (len < 0) { + opkg_msg(ERROR, "Could't compute md5sum for %s.\n", file_name); + return NULL; + } +-- +2.20.1 + diff --git a/patches/u-a-protect-bracket.patch b/patches/u-a-protect-bracket.patch new file mode 100644 index 0000000..de74f0d --- /dev/null +++ b/patches/u-a-protect-bracket.patch @@ -0,0 +1,12 @@ +diff -Naur src.orig/utils/update-alternatives.in src/utils/update-alternatives.in +--- src.orig/utils/update-alternatives.in 2019-01-31 04:17:16.000000000 -0500 ++++ src/utils/update-alternatives.in 2020-12-07 11:41:18.011162598 -0500 +@@ -65,7 +65,7 @@ + } + + protect_slashes() { +- sed -e 's/\//\\\//g' ++ sed -e 's/\//\\\//g; s/\[/\\[/g' + } + + remove_alt() { @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eu + +read src ver <<-EOF + $(sed '1s/^\(.*\) (\(.*\)) .*$/\1 \2/; q;' changelog) + EOF + +sed '/^ -- .* /{ s/^\( -- .* \).*$/\1'"$(LC_ALL='POSIX' date \ + '+%a, %d %b %Y %H:%M:%S %z')"'/; :l; n; b l; };' changelog >changelog~ +mv changelog~ changelog +git commit -m "changelog: Release ${src} ${ver}" -- changelog +git tag "${src}/${ver}" HEAD |