aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-07-111-0/+2
| | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* build: move mktplinkfw2 related commands to image-commands.mkPiotr Dymacz2017-06-291-0/+14
| | | | | | | | | There are already two targets (lantiq, ramips) which use mktplinkfw2 tool for creating images. This de-duplicates code, introduces two new build commands: tplink-v2-header, tplink-v2-image and makes use of them in place of old, (sub)target specific ones. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* build: rename TPLINK_BOARD_NAME to TPLINK_BOARD_IDPiotr Dymacz2017-06-291-1/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* kernel: update kernel 4.4 to 4.4.74Stijn Tintel2017-06-271-2/+2
| | | | | | | | Refresh patches. Compile-tested on ar71xx. Runtime-tested on ar71xx. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: update kernel 4.9 to 4.9.34Koen Vandeputte2017-06-271-2/+2
| | | | | | | | | | | | - Refreshed all patches - Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch) Compile tested on: brcm2708, cns3xxx, imx6 Run tested on: brcm2708, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [Compile and run tested on brcm2708] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ar71xx: add AVM FRITZ!WLAN Repeater 300E supportMathias Kresin2017-06-241-0/+10
| | | | | | | | | | | | | | | | | | | | | | Specifications: * SoC: AR7242 (Virian 400MHz) * RAM: 64 MB DDR (W9751G6JB-25) * Flash: 16MB SPI flash (S25FL129PIF) * WiFi: AR9382 (2.4/5GHz) + 2x SE2595L * LAN: 1x1000M (PEF7071V) To install LEDE via EVA bootloader, a FTP connection need to be established to 192.168.178.1 within the first seconds after power on: ftp> quote USER adam2 ftp> quote PASS adam2 ftp> binary ftp> debug ftp> passive ftp> quote MEDIA FLSH ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1 Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: move lzma2eva build step to image-commands.mkMathias Kresin2017-06-241-0/+5
| | | | | | | Move it to image-commands.mk so that it can used by other targets with eva based boards as well. Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: Fix not altering KERNELRELEASE for external kernelHauke Mehrtens2017-06-191-2/+1
| | | | | | | | | | | | When an external kernel tree is used the version should not get modified by the LEDE build scripts. This was added by Florian some time ago. The commit 0aed054becb21439 ("build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature introduced in b6746a6ffb73 ("include: Do not alter KERNELRELEASE for external/git kernels"). Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: move definition of KBUILD_BUILD_TIMESTAMP to include/kernel.mkAlexander Couzens2017-06-172-6/+6
| | | | | | | Fixes: 0aed054bec (build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk) Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* include/toplevel: set env GIT_ASKPASS=/bin/trueAlexander Couzens2017-06-081-0/+1
| | | | | | | | When git-https request a service (e.g. github) which ask for credentials git will pass this request to the user resulting download.pl to wait for user input. Set GIT_ASKPASS to stop asking. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* build: ensure that flock is available for make downloadFelix Fietkau2017-06-081-1/+1
| | | | | | | It ensures that make download can parallelize downloads, even when some packages download the same files (e.g. gcc/initial, gcc/final) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update kernel 4.9 to 4.9.31Jo-Philipp Wich2017-06-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: really select kernel 4.4.71Hauke Mehrtens2017-06-071-1/+1
| | | | | | | The previous commit f4a4f324cb76ad ("kernel: update kernel 4.4 to 4.4.71") missed the line which changes the kernel version, add it now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.4 to 4.4.71Jo-Philipp Wich2017-06-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE-2017-9074 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: fix segmentation fault in mconf on linuxFelix Fietkau2017-06-071-1/+3
| | | | | | | | | | | Commit 86c966a8ae9c4e74b912a16a760aaed17c68eb32 caused HOST_LOADLIBES to include -lncurses. This was added for fixing build issues on macOS. This introduces issues on Linux when wide-character ncurses is being used for compiling, but the non-wide-character version is linked in. Fix this by adding the extra override for HOST_LOADLIBES only on macOS. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mkFelix Fietkau2017-06-073-31/+35
| | | | | | | | This allows packages to use kernel make options without the forced -C $(LINUX_DIR). It also makes it more clear that it to be called from kernel module packages directly. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix kernel refresh failure on first runJonas Gorski2017-06-041-5/+5
| | | | | | | | Override {HOST_}QUILT before making decisions based on it, else it will cause target/linux/refresh to fail on first run. Fixes: 36ba6237d6e3a23fbeadcc1812a892faa4b07cbe ("build: fix quilt for mixed package/host builds") Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* build: fix kmod package build on non-GNU systemsFelix Fietkau2017-05-291-1/+1
| | | | | | | BSD paste requires a filename argument, and it accepts - to use stdin as intended. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix possible issue with kmod package having multiple AutoLoad'sYousong Zhou2017-05-271-9/+12
| | | | | | | | | | | This commit contains the following changes - Use local shell var where appliable - The $(sort $$$$$$$$mods) call will have no expected effect - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/ - Avoid duplicate arguments for insert_modules() in postinst-pkg Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: update kernel 4.4 to 4.4.70Hauke Mehrtens2017-05-271-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.9 to 4.9.30Hauke Mehrtens2017-05-271-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: fix QUILT related overridesFelix Fietkau2017-05-251-10/+12
| | | | | | They need to be defined before including quilt.mk Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix quilt for mixed package/host buildsFelix Fietkau2017-05-251-23/+24
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: set QUILT=1 automatically when calling package host build refreshFelix Fietkau2017-05-251-1/+1
| | | | | | Makes behavor consistent with package builds and regular host builds Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: stop overriding STAGING_DIR_HOST for toolchain buildFelix Fietkau2017-05-252-3/+2
| | | | | | | | | This causes various issues in other places that assume that host binaries are staged in STAGING_DIR_HOST. Since all the right places use HOST_BUILD_PREFIX, override that instead. This fixes some issues with quilt on toolchain dirs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* include: Determine MODULES_DIR correctly for external/git kernelsFlorian Fainelli2017-05-251-3/+5
| | | | | | | | | | | | | | When using external or git cloned kernels, any kind of modifications will alter KERNELRELEASE. LEDE still tries to stage modules in lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on KERNEL_PATCHVER (indirectly) so this does not work, and we lose all kinds of automatic modules loading. To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release which is late enough the kernel has prepared this file, and is correctly tracking changes done throughout the kernel. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* include: Do not alter KERNELRELEASE for external/git kernelsFlorian Fainelli2017-05-251-1/+6
| | | | | | | | | In case we use external and/or git cloned kernels, let the kernel determine the appropriate KERNELRELEASE. We cannot used LINUX_UNAME_VERSION because that one gets determined at a later time, when the kernel is already built proper. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* Revert "kernel: prevent addition of scm marker to localversion"Florian Fainelli2017-05-251-4/+0
| | | | | | | | | | This reverts commit 0df2c6563a3537ed21b28a9fb6874bf2718afd05 since it gets in the way of identifying properly which kernel we are running. This is particularly important if LEDE is using external kernels/git cloned kernels. We want to make sure we only load modules from that specific kernel. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* kernel: update kernel 4.9 to 4.9.29Koen Vandeputte2017-05-211-2/+2
| | | | | | | | | | | | | - Refresh all patches - Removed upstreamed - Adapted 1 Compile tested on: bcm53xx, cns3xxx, imx6, lantiq Run tested on: cns3xxx & imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [update from 4.9.28 to 4.9.29] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.4 to version 4.4.69Kevin Darbyshire-Bryant2017-05-211-2/+2
| | | | | | | | | | | | | | | | | | | Refresh patches. A number of patches have landed upstream & hence are no longer required locally: 062-[1-6]-MIPS-* series 042-0004-mtd-bcm47xxpart-fix-parsing-first-block Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup as it was incorrectly included upstream thus dropped from LEDE. As it has now been reverted upstream it needs to be included again for LEDE. Run tested ar71xx Archer C7 v2 and lantiq. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> [update from 4.4.68 to 4.4.69] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* image.mk: Generate cpiogz with root-owned filesMichal Sojka2017-05-141-1/+1
| | | | | | | | | Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio option to ensure that. Other image types (at least targz and squashfs) already have this. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
* build: new fixes for symlinked .config handlingSergey Ryazanov2017-05-111-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When running "make {config|defconfig|oldconfig}" with symlinked .config (e.g. to env/.config) it renames symlink to .config.old, creates new .config file, and writes the updated configuration into it. This breaks the desired workflow when changes in the configuration can be checked using "scripts/env diff" and commited using "scripts/env save". Since the env/.config file is not updated. The things become even worse when working with feeds, since feeds script quite often silently invokes "make {oldconfig|defconfig}" and breaks the symlink. Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces mconf to overwrite the .config content, instead of renaming it and creating a new file. This variable is set only if .config is a symlink, otherwise the variable is not exported and the old behaviour is preserved. This change uses the same behaviour as "make menucofig", which has already been fixed in commit 5bf98b1acc3b6b178f8954c5075a58e1e6a99d6a. Also make a tiny cosmetic update to the "make menuconfig" target code layout to make it look like other config handling targets. Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
* build: allow val.% targets to bypass the prepare stepsFelix Fietkau2017-05-051-0/+3
| | | | | | | Significantly reduces time spent processing those targets and should also silence some log clutter which could confuse buildbot Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: reset ALTERNATIVES field in Package/DefaultYousong Zhou2017-05-031-0/+1
| | | | | | | | | Otherwise ipkg packages may wrongly take on alternatives specs of another package sharing the same package Makefile Fixes FS#753 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: ipkg: new field AlternativesYousong Zhou2017-05-021-0/+1
| | | | | | | | | | | It's a list of specs of the following form seprated by commas to describe alternatives provided by this package <prio>:<path>:<altpath> <path> will be a symbolic link to <altpath> of the highest <prio> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: cleanup tmp/ dir of target rootfsYousong Zhou2017-05-021-0/+1
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* include/packages-defaults.mk: Remove LARGEFILE optionDaniel Engberg2017-04-261-1/+0
| | | | | Remove LARGEFILE option, support was removed back in 2011 (OpenWrt rev 25208). Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* build: fix symlinked .config handlingSergey Ryazanov2017-04-261-1/+1
| | | | | | | | | | | | | | | | | | When running "make menuconfig" with symlinked .config (e.g. to env/.config) it renames symlink to .config.old, creates new .config file and writes updated configuration here. This breaks the desired workflow when changes in the configuration could be checked using "scripts/env diff" and commited with "scripts/env save". Since the env/.config file is not updated. Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces mconf to overwrite the .config content, instead of renaming it and creating a new file. This variable is set only if .config is a symlink, otherwise the variable is not exported and the old behaviour is preserved. Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
* include/image.mk: allow passing a compat string to the NAND image templateJohn Crispin2017-04-241-5/+6
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* build: fix aarch64 default cpu selectionYousong Zhou2017-04-231-2/+2
| | | | | | | | | | | | | | | | Not sure since when the issue emerged, but according to the current doc of gcc and as, armv8-a is intended as argument of -march The change will affect at the moment arm64 and layerscape/64b Below is the relevant error messages when building toolchain Assembler messages: Error: unknown cpu `armv8-a' Error: unrecognized option -mcpu=armv8-a /home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: update kernel 4.4 to 4.4.61Jo-Philipp Wich2017-04-151-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: remove package makefile overlay functionalityFelix Fietkau2017-04-122-8/+1
| | | | | | | | Recent attempts to use it have shown that it does not work properly except for a few undocumented cases. It's better to remove this now to avoid having more people fall into the same trap Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: move initramfs's init script out of base-filesRafał Miłecki2017-04-041-1/+1
| | | | | | | | Keeping it in base-files was resulting in adding it to the base-files package. This file is meant to be included manually for initramfs images only. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* u-boot.mk: pass HOSTCC and HOST_CFLAGS into the buildFelix Fietkau2017-04-041-0/+5
| | | | | | | Cuts build time on Mac OS X in half by avoiding repeated $(shell) calls from the build system Signed-off-by: Felix Fietkau <nbd@nbd.name>
* target.mk: check that CPU_TYPE has known CPU_CFLAGS mappingPhilip Prindeville2017-04-041-0/+5
| | | | | | | | If someone creates a target and indicates a CPU_TYPE, but there's no corresponding support for that CPU_TYPE's flags in include/target.mk then that should probably be indicated rather than silently ignored. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* build: move PKG_CONFIG_DEPENDS from feeds.mk to opkgFelix Fietkau2017-04-031-6/+0
| | | | | | | Normal packages don't rely on the feed configuration variables for the build step Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update kernel 4.4 to 4.4.59Hauke Mehrtens2017-04-021-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.9 to 4.9.20Hauke Mehrtens2017-04-021-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.9 to 4.9.17Hauke Mehrtens2017-03-261-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.4 to 4.4.56Hauke Mehrtens2017-03-261-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>