aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* kernel: update 4.4 to 4.4.90Kevin Darbyshire-Bryant2017-10-071-2/+2
| | | | | | | | | | | | | | | No patch refresh required. Compile & run tested: ar71xx Archer C7 v2 Fixes the following CVEs: - CVE-2017-1000252 - CVE-2017-12153 - CVE-2017-12154 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [reference fixed CVEs] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: add mktplinkfw2 hardcoded values to makefileThibaut VARÈNE2017-10-061-3/+8
| | | | | | | | | | | This patch adds all the board-specific values currently hardcoded in mktplinkfw2.c back to the respective device declarations in the makefiles. The rationale is to avoid modifying the source code every time a new board or board variant is added. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errorsFelix Fietkau2017-10-052-0/+7
| | | | | | | Certain functions are available in system headers, but only work on macOS 10.13 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update 4.4 to 4.4.89Kevin Darbyshire-Bryant2017-09-291-2/+2
| | | | | | | Refresh patches. Compile & run tested on ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: update 4.9 to 4.9.52Stijn Tintel2017-09-281-2/+2
| | | | | | | | Refresh patches. Compile-tested on x86/64. Runtime-tested on x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update 4.9 to 4.9.51Stijn Tintel2017-09-201-2/+2
| | | | | | | | | | | | Refresh patches. Compile-tested on octeon and x86/64. Runtime-tested on octeon and x86/64. Fixes the following CVEs: - CVE-2017-14106 - CVE-2017-14497 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: add image command for installing zImage file.Sandeep Sheriker Mallikarjun2017-09-201-0/+5
| | | | Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
* build: remove @ as it's causing an errorPhilip Prindeville2017-09-201-1/+1
| | | | | | | | Since $(DownloadMethod/unknown) is being invoked in the expansion of $(call locked ...) anyway, you can't have an @ because the shell doesn't know what to do with it. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* kernel: update 4.9 to 4.9.50Stijn Tintel2017-09-181-2/+2
| | | | | | | | | | | | Refresh patches. Compile-tested on ipq8065/nbg6817 and x86/64. Runtime-tested on ipq8065/nbg6817 and x86/64. Fixes CVE-2017-1000251. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> [adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817] Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* kernel: update to 3.18.71Florian Fainelli2017-09-181-2/+2
| | | | | | | | | | Delete a bunch of fixes that are already included. Refresh patches. Compile-tested on malta/mipsel Runtime-tested on malta/mipsel Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update 4.4 to 4.4.88Kevin Darbyshire-Bryant2017-09-161-2/+2
| | | | | | | Refresh patches. Compile & run tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: update 4.9 to 4.9.49Stijn Tintel2017-09-111-2/+2
| | | | | | | | | | Refresh patches. Compile-tested on octeon and x86/64. Runtime-tested on octeon and x86/64. Fixes CVE-2017-11600. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update 4.4 to 4.4.87Kevin Darbyshire-Bryant2017-09-091-2/+2
| | | | | | | | | | Fixes CVE-2017-11600 No patch refresh required Compile & run tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: update 4.4 to 4.4.86Kevin Darbyshire-Bryant2017-09-051-2/+2
| | | | | | | | Refresh patches Compile & run tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: update 4.9 to 4.9.47Stijn Tintel2017-09-031-2/+2
| | | | | | | | Refresh patches. Compile-tested on ramips/mt7621 and x86/64. Runtime-tested on ramips/mt7621 and x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update 4.4 to 4.4.85Kevin Darbyshire-Bryant2017-08-311-2/+2
| | | | | | | | Refresh patches Compile & run tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* kernel: update 4.9 to 4.9.45Koen Vandeputte2017-08-301-2/+2
| | | | | | | | Refreshed all patches Compiled & run-tested on targets: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: update 4.4 to 4.4.83Kevin Darbyshire-Bryant2017-08-171-2/+2
| | | | | | | | | | | | | | | | | Refresh patches. Minor update 704-phy-no-genphy-soft-reset.patch which was partially accepted upstream. Compile-tested on ar71xx. Runtime-tested on ar71xx. Fixes the following vulnerabilities: - CVE-2017-7533 (4.4.80) - CVE-2017-1000111 (4.4.82) - CVE-2017-1000112 (4.4.82) Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> [cleanup commit message, add compile/runtime tested] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update 4.9 to 4.9.44Stijn Tintel2017-08-171-2/+2
| | | | | | | | | | | | | | | Refresh patches. Adapt 704-phy-no-genphy-soft-reset.patch. Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch. Compile-tested on brcm2708/bcm2708 and x86/64. Runtime-tested on brcm2708/bcm2708 and x86/64. Fixes the following vulnerabilities: - CVE-2017-7533 - CVE-2017-1000111 - CVE-2017-1000112 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: split patches folder up into backport, pending and hack foldersJohn Crispin2017-08-053-2/+12
| | | | | | | | | | | | | | | | | | | | * properly format/comment all patches * merge debloat patches * merge Kconfig patches * merge swconfig patches * merge hotplug patches * drop 200-fix_localversion.patch - upstream * drop 222-arm_zimage_none.patch - unused * drop 252-mv_cesa_depends.patch - no longer required * drop 410-mtd-move-forward-declaration-of-struct-mtd_info.patch - unused * drop 661-fq_codel_keep_dropped_stats.patch - outdated * drop 702-phy_add_aneg_done_function.patch - upstream * drop 840-rtc7301.patch - unused * drop 841-rtc_pt7c4338.patch - upstream * drop 921-use_preinit_as_init.patch - unused * drop spio-gpio-old and gpio-mmc - unused Signed-off-by: John Crispin <john@phrozen.org>
* kernel: update kernel 4.4 to version 4.4.79Hauke Mehrtens2017-07-281-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.9 to version 4.9.40Hauke Mehrtens2017-07-281-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: move mktplinkfw-combined command to image-commands.mkPiotr Dymacz2017-07-221-0/+9
| | | | | | | | | | We will need "mktplinkfw-combined" command also in the "ramips" target for new MediaTek based TP-Link devices, with "safeloader" image type. Also, rename the command to "tplink-v1-header", use "VERSION_DIST" variable instead of "OpenWrt" and allow passing additional parameters. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* Revert "kernel: do not try to probe builtin modules on empty kmod package ↵Jo-Philipp Wich2017-07-211-2/+0
| | | | | | | | | | | install" This change currently causes some issues with loading out of tree kernel modules so revert that commit for now. Reverts commit 34c01e68b5d6b06ce3794ef0e2b06e81ec3ce8ca. Fixes FS#919. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: do not try to probe builtin modules on empty kmod package installJonas Gorski2017-07-201-0/+2
| | | | | | | | | | | | Builtin modules are always present, and trying to load them will cause modprobe to spew errors when installing the empty kmod packages. Fix this by never generating any postinst module install instructions for builtin modules. Fixes #842. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* image: fix ar71xx legacy imagesMathias Kresin2017-07-151-0/+1
| | | | | | | | | | | | | | | | | | If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx legacy images: - an already jffs2 padded squashfs rootfs is overwritten with an unpadded/raw one. - the squashfs-raw and squashfs-64k rootfs are not replaced by the ones including the DEVICE_PACKAGES Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the base squashfs rootfs to fix the issues. Fixes: FS#904 Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: update kernel 4.9 to 4.9.37Koen Vandeputte2017-07-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Refreshed all patches - Removed upstreamed - Adapted 4 patches: 473-fix-marvell-phy-initialization-issues.patch ----------------------------------------------- Removed hunk 5 which got upstreamed 403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch 404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch -------------------------------------------------------------- Adapted these 2 RFC patches, merging the delta's from an upstream commit (see below) which made it before these 2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux- stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0 180-usb-xhci-add-support-for-performing-fake-doorbell.patch ----------------------------------------------------------- - Moved fake_doorbell bitmask due to new item Compile tested on: cns3xxx, imx6 Run tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-07-111-0/+2
| | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* build: move mktplinkfw2 related commands to image-commands.mkPiotr Dymacz2017-06-291-0/+14
| | | | | | | | | There are already two targets (lantiq, ramips) which use mktplinkfw2 tool for creating images. This de-duplicates code, introduces two new build commands: tplink-v2-header, tplink-v2-image and makes use of them in place of old, (sub)target specific ones. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* build: rename TPLINK_BOARD_NAME to TPLINK_BOARD_IDPiotr Dymacz2017-06-291-1/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* kernel: update kernel 4.4 to 4.4.74Stijn Tintel2017-06-271-2/+2
| | | | | | | | Refresh patches. Compile-tested on ar71xx. Runtime-tested on ar71xx. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update kernel 4.9 to 4.9.34Koen Vandeputte2017-06-271-2/+2
| | | | | | | | | | | | - Refreshed all patches - Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch) Compile tested on: brcm2708, cns3xxx, imx6 Run tested on: brcm2708, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [Compile and run tested on brcm2708] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ar71xx: add AVM FRITZ!WLAN Repeater 300E supportMathias Kresin2017-06-241-0/+10
| | | | | | | | | | | | | | | | | | | | | | Specifications: * SoC: AR7242 (Virian 400MHz) * RAM: 64 MB DDR (W9751G6JB-25) * Flash: 16MB SPI flash (S25FL129PIF) * WiFi: AR9382 (2.4/5GHz) + 2x SE2595L * LAN: 1x1000M (PEF7071V) To install LEDE via EVA bootloader, a FTP connection need to be established to 192.168.178.1 within the first seconds after power on: ftp> quote USER adam2 ftp> quote PASS adam2 ftp> binary ftp> debug ftp> passive ftp> quote MEDIA FLSH ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1 Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: move lzma2eva build step to image-commands.mkMathias Kresin2017-06-241-0/+5
| | | | | | | Move it to image-commands.mk so that it can used by other targets with eva based boards as well. Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: Fix not altering KERNELRELEASE for external kernelHauke Mehrtens2017-06-191-2/+1
| | | | | | | | | | | | When an external kernel tree is used the version should not get modified by the LEDE build scripts. This was added by Florian some time ago. The commit 0aed054becb21439 ("build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature introduced in b6746a6ffb73 ("include: Do not alter KERNELRELEASE for external/git kernels"). Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: move definition of KBUILD_BUILD_TIMESTAMP to include/kernel.mkAlexander Couzens2017-06-172-6/+6
| | | | | | | Fixes: 0aed054bec (build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk) Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* include/toplevel: set env GIT_ASKPASS=/bin/trueAlexander Couzens2017-06-081-0/+1
| | | | | | | | When git-https request a service (e.g. github) which ask for credentials git will pass this request to the user resulting download.pl to wait for user input. Set GIT_ASKPASS to stop asking. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* build: ensure that flock is available for make downloadFelix Fietkau2017-06-081-1/+1
| | | | | | | It ensures that make download can parallelize downloads, even when some packages download the same files (e.g. gcc/initial, gcc/final) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update kernel 4.9 to 4.9.31Jo-Philipp Wich2017-06-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: really select kernel 4.4.71Hauke Mehrtens2017-06-071-1/+1
| | | | | | | The previous commit f4a4f324cb76ad ("kernel: update kernel 4.4 to 4.4.71") missed the line which changes the kernel version, add it now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.4 to 4.4.71Jo-Philipp Wich2017-06-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: fix segmentation fault in mconf on linuxFelix Fietkau2017-06-071-1/+3
| | | | | | | | | | | Commit 86c966a8ae9c4e74b912a16a760aaed17c68eb32 caused HOST_LOADLIBES to include -lncurses. This was added for fixing build issues on macOS. This introduces issues on Linux when wide-character ncurses is being used for compiling, but the non-wide-character version is linked in. Fix this by adding the extra override for HOST_LOADLIBES only on macOS. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mkFelix Fietkau2017-06-073-31/+35
| | | | | | | | This allows packages to use kernel make options without the forced -C $(LINUX_DIR). It also makes it more clear that it to be called from kernel module packages directly. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix kernel refresh failure on first runJonas Gorski2017-06-041-5/+5
| | | | | | | | Override {HOST_}QUILT before making decisions based on it, else it will cause target/linux/refresh to fail on first run. Fixes: 36ba6237d6e3a23fbeadcc1812a892faa4b07cbe ("build: fix quilt for mixed package/host builds") Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* build: fix kmod package build on non-GNU systemsFelix Fietkau2017-05-291-1/+1
| | | | | | | BSD paste requires a filename argument, and it accepts - to use stdin as intended. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix possible issue with kmod package having multiple AutoLoad'sYousong Zhou2017-05-271-9/+12
| | | | | | | | | | | This commit contains the following changes - Use local shell var where appliable - The $(sort $$$$$$$$mods) call will have no expected effect - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/ - Avoid duplicate arguments for insert_modules() in postinst-pkg Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: update kernel 4.4 to 4.4.70Hauke Mehrtens2017-05-271-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.9 to 4.9.30Hauke Mehrtens2017-05-271-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: fix QUILT related overridesFelix Fietkau2017-05-251-10/+12
| | | | | | They need to be defined before including quilt.mk Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix quilt for mixed package/host buildsFelix Fietkau2017-05-251-23/+24
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>