| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
|
| |
|
|
|
|
|
|
|
|
| |
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Refresh patches.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes CVE-2017-11600.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2017-11600
No patch refresh required
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
| |
Refresh patches
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
| |
Refresh patches
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
| |
Refreshed all patches
Compiled & run-tested on targets: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.
Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[cleanup commit message, add compile/runtime tested]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.
Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* properly format/comment all patches
* merge debloat patches
* merge Kconfig patches
* merge swconfig patches
* merge hotplug patches
* drop 200-fix_localversion.patch - upstream
* drop 222-arm_zimage_none.patch - unused
* drop 252-mv_cesa_depends.patch - no longer required
* drop 410-mtd-move-forward-declaration-of-struct-mtd_info.patch - unused
* drop 661-fq_codel_keep_dropped_stats.patch - outdated
* drop 702-phy_add_aneg_done_function.patch - upstream
* drop 840-rtc7301.patch - unused
* drop 841-rtc_pt7c4338.patch - upstream
* drop 921-use_preinit_as_init.patch - unused
* drop spio-gpio-old and gpio-mmc - unused
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
We will need "mktplinkfw-combined" command also in the "ramips" target
for new MediaTek based TP-Link devices, with "safeloader" image type.
Also, rename the command to "tplink-v1-header", use "VERSION_DIST"
variable instead of "OpenWrt" and allow passing additional parameters.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
install"
This change currently causes some issues with loading out of tree kernel modules
so revert that commit for now.
Reverts commit 34c01e68b5d6b06ce3794ef0e2b06e81ec3ce8ca. Fixes FS#919.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Builtin modules are always present, and trying to load them will cause
modprobe to spew errors when installing the empty kmod packages.
Fix this by never generating any postinst module install instructions
for builtin modules.
Fixes #842.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:
- an already jffs2 padded squashfs rootfs is overwritten
with an unpadded/raw one.
- the squashfs-raw and squashfs-64k rootfs are not replaced by the
ones including the DEVICE_PACKAGES
Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.
Fixes: FS#904
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:
473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed
403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0
180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item
Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
|
| |
|
|
| |
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
|
| |
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)
Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)
To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
| |
|
|
|
|
|
| |
Move it to image-commands.mk so that it can used by other targets with
eva based boards as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054becb21439 ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb73 ("include: Do not alter KERNELRELEASE for
external/git kernels").
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Fixes: 0aed054bec (build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS
variables and move to kernel.mk)
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
| |
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
| |
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
| |
The previous commit f4a4f324cb76ad ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit 86c966a8ae9c4e74b912a16a760aaed17c68eb32 caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
| |
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
| |
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.
Fixes: 36ba6237d6e3a23fbeadcc1812a892faa4b07cbe ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |
|
|
|
|
|
| |
BSD paste requires a filename argument, and it accepts - to use stdin as
intended.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit contains the following changes
- Use local shell var where appliable
- The $(sort $$$$$$$$mods) call will have no expected effect
- Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
- Avoid duplicate arguments for insert_modules() in postinst-pkg
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
They need to be defined before including quilt.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Makes behavor consistent with package builds and regular host builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.
To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 0df2c6563a3537ed21b28a9fb6874bf2718afd05 since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Refresh all patches
- Removed upstreamed
- Adapted 1
Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
| |
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.
Other image types (at least targz and squashfs) already have this.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
|
