aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* build: cleanup SSP_SUPPORT configure optionJulien Dusser2018-01-271-1/+1
| | | | | | | | | | | | | | | | | | Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh, avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain and depends it means 'build gcc with libssp'. Musl no longer uses libssp (1877bc9d8f), it has internal support, so SSP_SUPPORT was disabled leading some package to not use SSP. No information why Glibc and uClibc use libssp, but they may also provide their own SSP support. uClibc used it own with commit 933b588e25 but it was reverted in f3cacb9e84 without details. Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT if either USE_MUSL or GCC_LIBSSP. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-272-0/+9
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* kernel.mk: update LINUX_VERSION filename for cloned repoAlexandru Ardelean2018-01-271-0/+11
| | | | | | | | | | | | | | | | | In case there is an external git repo specified, it could overwrite the kernel tarball that was downloaded from kernel.org. The only identifier for such a file is the KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols, so if we have to download it we'll use that information [after some sanitization] to create a different filename for the kernel tarball. If KERNEL_GIT_REF symbol is empty, HEAD will be used as mentioned in the description of KERNEL_GIT_REF. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REFAlexandru Ardelean2018-01-271-5/+1
| | | | | | | | | The Download/git rule will do a `git checkout <git-ref>`. So, we can use any ref we want. No need to limit just to branches. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* kernel: bump 4.4 to 4.4.112Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.77Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.14Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | Refresh patches. CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* config: don't define the same symbol twiceKoen Vandeputte2018-01-171-1/+0
| | | | | | | | | | | | | | | | | In commit fce35bce0f6e ("config: support new symbol intro'd in kernel 4.12") I forgot to remove the initial debug test line. This clearly is wrong as the same symbol is defined conditionally in the line below as it should be. I looked over it as I just checked if the symbol was present now upon testing it. Fixes: fce35bce0f6e ("config: support new symbol intro'd in kernel 4.12") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* include/package-dumpinfo.mk: don't duplicate source package information for ↵Matthias Schiffer2018-01-131-6/+14
| | | | | | | | | | | every binary package Eventually the BUILDONLY package flag could be replaced by simply creating a package Makefile without any BuildPackage calls. This will fail for now, as BuildPackage also causes the Makefile's compile target etc. to do something useful at all. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* build: remove obsolete "package feature" featureMatthias Schiffer2018-01-131-25/+0
| | | | | | | | Package "features" seem to be unused for some time. In any case, custom Config.in snippets and package PROVIDES are a much more flexible way to express similar options. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* treewide: fix build depends to refer to source package namesMatthias Schiffer2018-01-132-3/+3
| | | | | | | Build depends must refer to source packages rather than binary package names. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* build: remove package preconfig featureMatthias Schiffer2018-01-131-15/+1
| | | | | | | This feature has been unused for years, and its scope is too limited to be actually useful. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* config: support new symbol intro'd in kernel 4.12Koen Vandeputte2018-01-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the bootloader. By default, all symbols containing INITRAMFS are wiped from the final config and then re-added conditionally. Add support for this symbol, as the build will stop otherwise questioning the user about this option: * Restart config... * * * General setup * Cross-compiler tool prefix (CROSS_COMPILE) [] Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n ... Initial RAM filesystem and RAM disk (initramfs/initrd) support (BLK_DEV_INITRD) [Y/n/?] y Initramfs source file(s) (INITRAMFS_SOURCE) [] Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE) [N/y/?] (NEW) Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: add image command for CE imagesSven Eckelmann2018-01-131-0/+13
| | | | | | | | | Combined Extended Images V1 can be created easily via the new image commands using IMAGE/sysupgrade.bin/squashfs := append-rootfs | pad-rootfs | combined-ext-image Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
* kernel: bump 4.14 to 4.14.13Kevin Darbyshire-Bryant2018-01-111-2/+2
| | | | | | Refresh patches Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.111Kevin Darbyshire-Bryant2018-01-111-2/+2
| | | | | | | | Refresh patches Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.76Kevin Darbyshire-Bryant2018-01-111-2/+2
| | | | | | | | | Refresh patches Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: fix restoring /etc/opkg with PER_DEVICE_ROOTFSJo-Philipp Wich2018-01-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating per-device rootfs directories, the ./etc/opkg/ directory is moved away prior to calling opkg install, opkg remove and rootfs_prepare. After the opkg invocations and the rootfs_prepare macro call, the saved opkg config directory is supposed to be moved back to its previous ./etc/opkg location. The mv command however can fail to properly restore the directory under certain circumstances, e.g. when the prior opkg or files/ overlay copy operations caused a new ./etc/opkg/ directory to be created. In this case, the backed up directory (named target-dir-$hash.opkg) will be moved into the preexisting ./etc/opkg/ directory instead, causing the opkg configuration to be located in a wrong path on the final rootfs, e.g. in /etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of /etc/opkg/distfeeds.conf. Solve this problem by replacing the naive "mv" command with a recursive "cp -T" invocation which causes the backed up directory tree to get merged with the destination directory in case it already exists. Also perform the rootfs_prepare macro call after restoring the opkg configuration, to allow users to override it again by using the files/ overlay mechanism. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* downloads.mk: introduce name-agnostic PROJECT_GIT variableJo-Philipp Wich2018-01-101-2/+4
| | | | | | | | | | Introduce a name-agnostic PROJECT_GIT variable poiting to https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT as aliases to it. After some transition time we can drop this alias variables. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: bump 4.4 to 4.4.110Kevin Darbyshire-Bryant2018-01-101-2/+2
| | | | | | | | | | Refresh patches Fixes: CVE-2017-5754 aka Meltdown Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [fix typo in commit msg, conflict after 4.14 bump] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.9 to 4.9.75Kevin Darbyshire-Bryant2018-01-101-2/+2
| | | | | | | | | | | | | Refresh patches Fixes: CVE-2017-5754 aka Meltdown Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [fix conflict after 4.14 bump] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.12Stijn Tintel2018-01-081-2/+2
| | | | | | | | | No patch refresh required. Compile-tested on: octeon, x86/64. Runtime-tested on: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.11Stijn Tintel2018-01-031-2/+2
| | | | | | | | | | | | | | | Rename unwinder config symbols to match upstream changes. Refresh patches. Update patch that no longer applies: 202-reduce_module_size.patch Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported from 4.15 to the 4.14 stable series. It is enabled by default, so enable it in OpenWrt as well. Compile-tested on x86/64. Runtime-tested on x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.9 to 4.9.73Kevin Darbyshire-Bryant2018-01-021-2/+2
| | | | | | | | Refresh patches. Runtime tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* include/package.mk: remove old configured stamps before attempting configurationMatthias Schiffer2017-12-281-1/+1
| | | | | | | | | | Some packages, e.g. busybox, explicitly remove old .configured stamps before attempting configuration, rather than after the actual configuration step. This seems like a good idea, as there will be no stamp left if configuration fails. Change generic rules to work like this, so package- specific rules can be dropped. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: bump 4.4 to 4.4.108Kevin Darbyshire-Bryant2017-12-261-2/+2
| | | | | | Refresh patches. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.72Kevin Darbyshire-Bryant2017-12-261-2/+2
| | | | | | | | Refresh patches. Runtime tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.107Kevin Darbyshire-Bryant2017-12-231-2/+2
| | | | | | | | | | Refresh patches. Update patch that no longer applied: oxnas/0072-mtd-backport-v4.7-0day-patches-from-Boris.patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: Update kernel 4.9 to 4.9.70Hauke Mehrtens2017-12-191-2/+2
| | | | | | Runtime tested on lantiq. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: include: remove last .0 from kernel versions againHauke Mehrtens2017-12-161-1/+1
| | | | | | | | Kernel 4.14 has the version number 4.14 and not 4.14.0. This was different in some older Linux kernel versions, This change makes it possible to use kernel 4.14 without any minor version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: generic: Add kernel 4.14 supportHauke Mehrtens2017-12-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds initial support for kernel 4.14 based on the patches for kernel 4.9. In the configuration I deactivated some of the new possible security features like: CONFIG_REFCOUNT_FULL CONFIG_SLAB_FREELIST_HARDENED CONFIG_SOFTLOCKUP_DETECTOR CONFIG_WARN_ALL_UNSEEDED_RANDOM And these overlay FS options are also deactivated: CONFIG_OVERLAY_FS_INDEX CONFIG_OVERLAY_FS_REDIRECT_DIR I activated this: CONFIG_FORTIFY_SOURCE CONFIG_POSIX_TIMERS CONFIG_SLAB_MERGE_DEFAULT CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED I am not sure if I did the porting correct for the following patches: target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch target/linux/generic/hack-4.14/220-gc_sections.patch target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch target/linux/generic/pending-4.14/305-mips_module_reloc.patch target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after ↵Felix Fietkau2017-12-122-3/+6
| | | | | | | | | including package.mk Reverts commit a9c96ef0ac7ac99e4928f5312f3d0d1252c98328 and replaces it with a different approach Signed-off-by: Felix Fietkau <nbd@nbd.name>
* merge: properly remove %n / %N referencesJo-Philipp Wich2017-12-091-3/+3
| | | | | | | | | | - use %d instead of %n for opkg feed identifiers - remove %n / %N references from version files Fixes bf5cef47b3 merge: release/banner: drop release name and update banner. Fixes FS#1213. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* merge: etc: update remaining filesZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: targets: update image generation and targetsZoltan HERPAI2017-12-082-4/+4
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: release/banner: drop release name and update bannerZoltan HERPAI2017-12-081-10/+2
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* kernel: bump 4.9 to 4.9.67Stijn Tintel2017-12-071-2/+2
| | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch - generic/190-3-5-e1000e-Fix-return-value-test.patch - generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch - generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch - ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch - ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function Update patches that no longer apply: - layerscape/815-spi-support-layerscape.patch - ramips/0099-pci-mt7620.patch Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64. Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: avoid failing in append-metadata if image could not be generatedFelix Fietkau2017-12-041-1/+1
| | | | | | The image build might have failed due to a size check Signed-off-by: Felix Fietkau <nbd@nbd.name>
* target: replace odhcpd by odhcpd-ipv6onlyHans Dedecker2017-11-291-1/+1
| | | | | | | Replace in router DEFAULT_PACKAGES odhcpd by odhcpd-ipv6only as such there's no DHCPv4 server functionality overlap with dnsmasq Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* build: accept gcc/g++ without minor versionJustin Kilpatrick2017-11-261-4/+4
| | | | | | | | | | | | | | | | | | | | | Build dependency: Please install the GNU C Compiler (gcc) 4.8 or later cc -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])' Build dependency: Please install the GNU C++ Compiler (g++) 4.8 or later g++ -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])' Prerequisite check failed. Use FORCE=1 to override. On my Fedora 26 machine gcc and g++ -dumpversion returns a whole number '7' failing the regex introduced in commit: b78de6207f6fc1a9db857942cb89f9fcf730a240 This change makes minor versions optional in the build dependency regex for gcc and g++ whenever any minor version would be accepted and the whole number version is sufficient as a dependency check. For versions 4.* a minor version is still required. Signed-off-by: Justin Kilpatrick <jkilpatr@redhat.com>
* toolchain: Test for supported versions of GCCDaniel Engberg2017-11-251-14/+18
| | | | | | | | Only test for supported versions of GCC The version bump requirement for GCC is because gdb doesn't build with older versions. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* build: allow defining license information per binary packageMichael Heimpold2017-11-253-4/+6
| | | | | | | | | | | At the moment, license information can only be specified on a "per source package" level while other metadata fields (e.g. maintainer) can be given for each binary package. Apply the same logic for license fields as well. This can be used e.g. in cases where a library is distributed under some license while related tools are distributed under a different one. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* kernel: Update kernel 4.4 to 4.4.100Rosen Penev2017-11-251-2/+2
| | | | | | Run-tested on ramips Signed-off-by: Rosen Penev <rosenp@gmail.com>
* kernel: bump 4.9 to 4.9.65Stijn Tintel2017-11-241-2/+2
| | | | | | | | Refresh patches. Compile-tested: ar71xx, octeon, x86/64. Runtime-tested: ar71xx, octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.9 to 4.9.63Koen Vandeputte2017-11-221-2/+2
| | | | | | | | | | | Refreshed all patches. Removed upstreamed parts. Compile-tested: cns3xxx, imx6, mvebu, layerscape Run-tested: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: fix generating dtb with / in DEVICE_DTSFelix Fietkau2017-11-091-3/+4
| | | | | | Fixes layerscape build error Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: fix module symbol collection if build_dir is a symlinkJonas Gorski2017-11-071-1/+1
| | | | | | | | | | | | If PKG_BUILD_DIR contains symlinks, the generated Module.symvers will contain the resolved paths, not the virtual path with the symlink name. This breaks the filter for the module's own symbols, so to fix this ensure we also grep for the resolved path. Reported-by: Roman Yeryomin <roman@advem.lv> Tested-by: Roman Yeryomin <roman@advem.lv> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* include: kernel.mk: simplify module autoloadingJo-Philipp Wich2017-11-071-51/+21
| | | | | | | | | | | | | | | | | | Let the generic postinstall script invoke "kmodloader" when the just installed package contains any /etc/module.d/ entries. This allows us to skip the explicit "insert_module()" calls in the package postinstall. Due to the removed insert_module calls we do not need to assemble a complete list of modules per package anymore, which allows for vast simplification of the package generation code. While we're at it, also support specifying default parameters for modules using either the MODPARAM or MODPARAM.modulename variables in KernelPackage. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netfilter, iptables: add optional CHECKSUM moduleDenis Osvald2017-11-061-0/+4
| | | | Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
* build: fix another regression in append-dtb fixFelix Fietkau2017-11-031-0/+4
| | | | | | Filter out duplicate generated code for the same dts files Signed-off-by: Felix Fietkau <nbd@nbd.name>