summaryrefslogtreecommitdiff
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* kernel: update 17.01 kernel to 4.4.116Stijn Segers2018-02-201-2/+2
| | | | | | | | | | | | | | | | | | This bumps the 4.4. kernel in LEDE 17.01 to 4.4.116. More Meltdown & Spectre mitigation. * Refresh patches. * Refresh x86/config for RETPOLINE. * Deleted 8049-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch (accepted upstream) * Deleted 8050-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch (accepted upstream) * 650-pppoe_header_pad.patch does not apply anymore (code was replaced). Bumps from 4.4.113 to 4.4.115 were handled by Kevin Darbyshire-Bryant. Compile-tested on: ar71xx, ramips/mt7621, x86/64 Run-tested on: ar71xx, ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* iptables: Fix target TRACE issueMartin Wetterwald2018-01-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | The package kmod-ipt-debug builds the module xt_TRACE, which allows users to use '-j TRACE' as target in the chain PREROUTING of the table raw in iptables. The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so that this feature which is implemented deep inside the linux IP stack (for example in sk_buff) is compiled. But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which fails as this dynamic library is not present on the system. I created the package iptables-mod-trace which takes care of that, and target TRACE now works! https://dev.openwrt.org/ticket/16694 https://dev.openwrt.org/ticket/19661 Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com> [Jo-Philipp Wich: also remove trace extension from builtin extension list and depend on kmod-ipt-raw since its required for rules] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
* kernel: bump 4.4 to 4.4.112 for 17.01Kevin Darbyshire-Bryant2018-01-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.111 for 17.01Kevin Darbyshire-Bryant2018-01-171-2/+2
| | | | | | | | Refresh patches Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* build: fix restoring /etc/opkg with PER_DEVICE_ROOTFSJo-Philipp Wich2018-01-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating per-device rootfs directories, the ./etc/opkg/ directory is moved away prior to calling opkg install, opkg remove and rootfs_prepare. After the opkg invocations and the rootfs_prepare macro call, the saved opkg config directory is supposed to be moved back to its previous ./etc/opkg location. The mv command however can fail to properly restore the directory under certain circumstances, e.g. when the prior opkg or files/ overlay copy operations caused a new ./etc/opkg/ directory to be created. In this case, the backed up directory (named target-dir-$hash.opkg) will be moved into the preexisting ./etc/opkg/ directory instead, causing the opkg configuration to be located in a wrong path on the final rootfs, e.g. in /etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of /etc/opkg/distfeeds.conf. Solve this problem by replacing the naive "mv" command with a recursive "cp -T" invocation which causes the backed up directory tree to get merged with the destination directory in case it already exists. Also perform the rootfs_prepare macro call after restoring the opkg configuration, to allow users to override it again by using the files/ overlay mechanism. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit ab1785b1b2559c9f2d09d4d3ce43e11f4b828616)
* kernel: update kernel 4.4 to version 4.4.110Hauke Mehrtens2018-01-071-2/+2
| | | | | | This fixes: CVE-2017-5754 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.4 to 4.4.108 for 17.01Kevin Darbyshire-Bryant2017-12-301-2/+2
| | | | | | Refresh patches. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.107Etienne Haarsma2017-12-231-2/+2
| | | | | | | | | | | | | Bump 4.4 to 4.4.107 and refreshed all patches. Made the following patch for Mediatek and Oxnas compatible with kernel 4.4.107: 0072-mtd-backport-v4.7-0day-patches-from-Boris.patch Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com> Reviewed-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Rosen Penev <rosenp@gmail.com>
* build: remove @ as it's causing an errorPhilip Prindeville2017-12-131-1/+1
| | | | | | | | | Since $(DownloadMethod/unknown) is being invoked in the expansion of $(call locked ...) anyway, you can't have an @ because the shell doesn't know what to do with it. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> (cherry picked from commit 76ba01a39216b8460846808b2fc10d5ee230a324)
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-12-131-0/+2
| | | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> (cherry picked from commit d8748e537f11ab5f2b5e2ed25d94baa5ce353984)
* build: new fixes for symlinked .config handlingSergey Ryazanov2017-12-131-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running "make {config|defconfig|oldconfig}" with symlinked .config (e.g. to env/.config) it renames symlink to .config.old, creates new .config file, and writes the updated configuration into it. This breaks the desired workflow when changes in the configuration can be checked using "scripts/env diff" and commited using "scripts/env save". Since the env/.config file is not updated. The things become even worse when working with feeds, since feeds script quite often silently invokes "make {oldconfig|defconfig}" and breaks the symlink. Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces mconf to overwrite the .config content, instead of renaming it and creating a new file. This variable is set only if .config is a symlink, otherwise the variable is not exported and the old behaviour is preserved. This change uses the same behaviour as "make menucofig", which has already been fixed in commit 5bf98b1acc3b6b178f8954c5075a58e1e6a99d6a. Also make a tiny cosmetic update to the "make menuconfig" target code layout to make it look like other config handling targets. Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com> (cherry picked from commit e06d8f0f6f041c8ac1acba810eea96c32dc983e4)
* build: allow val.% targets to bypass the prepare stepsFelix Fietkau2017-12-131-0/+3
| | | | | | | | Significantly reduces time spent processing those targets and should also silence some log clutter which could confuse buildbot Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit ddbb036bbb8a1030dd8f6fae0004d390b5f2b8a5)
* include/packages-defaults.mk: Remove LARGEFILE optionDaniel Engberg2017-12-131-1/+0
| | | | | | | Remove LARGEFILE option, support was removed back in 2011 (OpenWrt rev 25208). Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit edda8ecd79b181e338e82331ecb45eaeff0f57af)
* kernel: move initramfs's init script out of base-filesRafał Miłecki2017-12-131-1/+1
| | | | | | | | | Keeping it in base-files was resulting in adding it to the base-files package. This file is meant to be included manually for initramfs images only. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f6433eede79db4f6276b68e815bb17a9364292c7)
* target.mk: check that CPU_TYPE has known CPU_CFLAGS mappingPhilip Prindeville2017-12-131-0/+5
| | | | | | | | | If someone creates a target and indicates a CPU_TYPE, but there's no corresponding support for that CPU_TYPE's flags in include/target.mk then that should probably be indicated rather than silently ignored. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> (cherry picked from commit d3bc11857af788e185e8a3ece26ce40757cf3965)
* build: fix STAMP_PREPARED with quiltFelix Fietkau2017-12-132-2/+2
| | | | | | | | quilt.mk needs to be included first, to ensure that STAMP_PREPARED does not include the hash if quilt is used. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 89118da865a34ed9537a088196d81ca9e37cb983)
* build: get rid of FIND_L from host.mkFelix Fietkau2017-12-132-6/+1
| | | | | | | | This was added for Mac OS X many years ago, but recent versions also support find -L Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit be206eba3a57128695a00f490767e5c136e43ab7)
* build: unsilence move commandThomas Reifferscheid2017-12-131-1/+1
| | | | | | | | | | The @ sign in front of the "mv" command was significantly suppressing output to stdout. When reviewing the make/build logs it was tricking me a whole lot and it mad me lose time. Removing the @ sign will get stdout and logs right about what happened when. Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org> (cherry picked from commit 1d49b534f5b74676f30f2ee1ba78d9e02d59f0bc)
* build: skip headers install and config on make target/linux/prepareFelix Fietkau2017-12-131-1/+1
| | | | | | | This simplifies working with quilt on the kernel tree Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit dce6eeccc09339c7101a5b6b3fdba8b4d8f41247)
* build: make Host/Install/Default use Host/Compile/Default with an extra argumentFelix Fietkau2017-12-131-1/+1
| | | | | | | Allows parallelizing compile steps that might be necessary during install Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit fe1e3622a271386ea0413c97d9884e9935e17f11)
* kernel: bump 4.4 to 4.4.103 for 17.01Etienne Haarsma2017-12-121-2/+2
| | | | | | | | | | | | | Refreshed all patches. Removed upstream ramips patches: 0101-MIPS-ralink-Fix-MT7628-pinmux.patch 0102--MIPS-ralink-Fix-typo-in-mt7628-pinmux-function.patch Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
* kernel: bump 4.4 to 4.4.102Etienne Haarsma2017-11-261-2/+2
| | | | | | | | | | | | Refreshed all patches. Removed upstream ramips patch: 0063-set-CM_GCR_BASE_CMDEFTGT_MEM-according-to-datasheet.patch Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com> Tested-by: Stijn Segers <francesco.borromini@inventati.org>
* kernel: bump 4.4 to 4.4.93 for 17.01Kevin Darbyshire-Bryant2017-10-181-2/+2
| | | | | | | | | | | | Refresh patches. Compile-tested for ar71xx - Archer C7 v2 Runtime-tested on ar71xx - Archer C7 v2 Fixes CVE-2017-15265. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [remove 2nd CVE as it was fixed in mac80211 in commit bff16304b0bf] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.4: revert to branch defaultsStijn Tintel2017-10-181-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.4: adjust config defaultsv17.01.4Stijn Tintel2017-10-181-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.4 to 4.4.92Stijn Tintel2017-10-161-2/+2
| | | | | | | | | | | Refresh patches. Fixes the following CVEs: - CVE-2017-1000252 - CVE-2017-12153 - CVE-2017-12154 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errorsFelix Fietkau2017-10-052-0/+7
| | | | | | | Certain functions are available in system headers, but only work on macOS 10.13 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* LEDE v17.01.3: revert to branch defaultsStijn Tintel2017-10-031-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.3: adjust config defaultsv17.01.3Stijn Tintel2017-10-031-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update 4.4 to 4.4.89Hauke Mehrtens2017-09-301-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update 4.4 to 4.4.87Kevin Darbyshire-Bryant2017-09-081-2/+2
| | | | | | | | | | Fixes CVE-2017-11600 No patch refresh required Compile & run tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: update 4.4 to 4.4.86Kevin Darbyshire-Bryant2017-09-041-2/+2
| | | | | | Refresh patches Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: update 4.4 to 4.4.83Kevin Darbyshire-Bryant2017-08-171-2/+2
| | | | | | | | | | | | | | | Refresh patches. Minor update 704-phy-no-genphy-soft-reset.patch which was partially accepted upstream. Compile-tested on ar71xx. Runtime-tested on ar71xx. Fixes the following vulnerabilities: - CVE-2017-7533 (4.4.80) - CVE-2017-1000111 (4.4.82) - CVE-2017-1000112 (4.4.82) Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* kernel: update kernel 4.4 to version 4.4.79Hauke Mehrtens2017-07-281-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* image: fix ar71xx legacy imagesMathias Kresin2017-07-141-0/+1
| | | | | | | | | | | | | | | | | | If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx legacy images: - an already jffs2 padded squashfs rootfs is overwritten with an unpadded/raw one. - the squashfs-raw and squashfs-64k rootfs are not replaced by the ones including the DEVICE_PACKAGES Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the base squashfs rootfs to fix the issues. Fixes: FS#904 Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: fix kmod package build on non-GNU systemsFelix Fietkau2017-07-051-1/+1
| | | | | | | BSD paste requires a filename argument, and it accepts - to use stdin as intended. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update kernel 4.4 to 4.4.74Stijn Tintel2017-06-271-2/+2
| | | | | | | | Refresh patches. Compile-tested on ar71xx, octeon. Runtime-tested on ar71xx, octeon. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.2: revert to branch defaultsAlexander Couzens2017-06-101-3/+3
| | | | Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* LEDE v17.01.2: adjust config defaultsv17.01.2Alexander Couzens2017-06-101-3/+3
| | | | Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* build: ensure that flock is available for make downloadFelix Fietkau2017-06-081-1/+1
| | | | | | | It ensures that make download can parallelize downloads, even when some packages download the same files (e.g. gcc/initial, gcc/final) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* include/toplevel: set env GIT_ASKPASS=/bin/trueAlexander Couzens2017-06-081-0/+1
| | | | | | | | When git-https request a service (e.g. github) which ask for credentials git will pass this request to the user resulting download.pl to wait for user input. Set GIT_ASKPASS to stop asking. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* kernel: update kernel 4.4 to 4.4.71Jo-Philipp Wich2017-06-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: fix possible issue with kmod package having multiple AutoLoad'sYousong Zhou2017-05-271-9/+12
| | | | | | | | | | | This commit contains the following changes - Use local shell var where appliable - The $(sort $$$$$$$$mods) call will have no expected effect - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/ - Avoid duplicate arguments for insert_modules() in postinst-pkg Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: update kernel 4.4 to 4.4.70Hauke Mehrtens2017-05-271-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.4 to 4.4.69Stijn Segers2017-05-241-2/+2
| | | | | | | | | | | | | | | | | | | | | Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this through with jow, he was okay with a clean diff against 17.01 and not a backported trunk patch. The following patches were applied upstream: * 062-[1-6]-MIPS-* series * 042-0004-mtd-bcm47xxpart-fix-parsing-first-block Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as it was incorrectly included upstream thus dropped from LEDE, but subsequently reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it. Compile-tested on: ar71xx, ramips/mt7621, x86/64. Run-tested on: ar71xx, ramips/mt7621, x86/64. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
* image.mk: Generate cpiogz with root-owned filesMichal Sojka2017-05-161-1/+1
| | | | | | | | | Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio option to ensure that. Other image types (at least targz and squashfs) already have this. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
* build: fix symlinked .config handlingSergey Ryazanov2017-05-021-1/+1
| | | | | | | | | | | | | | | | | | When running "make menuconfig" with symlinked .config (e.g. to env/.config) it renames symlink to .config.old, creates new .config file and writes updated configuration here. This breaks the desired workflow when changes in the configuration could be checked using "scripts/env diff" and commited with "scripts/env save". Since the env/.config file is not updated. Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces mconf to overwrite the .config content, instead of renaming it and creating a new file. This variable is set only if .config is a symlink, otherwise the variable is not exported and the old behaviour is preserved. Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
* kernel: update kernel 4.4 to 4.4.61Jo-Philipp Wich2017-04-151-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* image.mk: force kernel rebuild on every runFelix Fietkau2017-04-051-2/+2
| | | | | | | DTS dependencies are not processed correctly so makes it safer against poentially stale builds Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update kernel 4.4 to 4.4.59Hauke Mehrtens2017-04-021-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>