aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload supportFelix Fietkau2018-02-211-0/+3
| | | | | | | | | | This makes it possible to add an iptables rule that offloads routing/NAT packet processing to a software fast path. This fast path is much quicker than running packets through the regular tables/chains. Requires Linux 4.14 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add --force option to gzip in Build/gzipStijn Tintel2018-02-191-1/+1
| | | | | | | | | | When using pigz, a parallel gzip implementation, the gzip step in the image build for some targets fails, because the image filename already has the .gz extension. This results in an emtpy image file. Fix this by adding the --force option to gzip in the Build/gzip macro. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Martin Schleier <drahemmaps@gmx.net>
* kernel: bump 4.9 to 4.9.82Stijn Tintel2018-02-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch - backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch, it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd. Remove pending/650-pppoe_header_pad.patch, it is superseded by upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480. Update patches that no longer apply: - ar71xx/004-register_gpio_driver_earlier.patch - hack/204-module_strip.patch - pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch Fixes CVE-2017-8824. Compile-tested: ar71xx. Runtime-tested: ar71xx. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.20Stijn Tintel2018-02-181-2/+2
| | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - backport/080-v4.15-0001-arch-define-weak-abort.patch - backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch Update patch that no longer applies: pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch Fixes CVE-2017-8824. Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* at91: fix image building with CONFIG_TARGET_MULTI_PROFILEJo-Philipp Wich2018-02-141-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current image build code has a number of race conditions and interface contract violations in the custom image build steps: - Build/install-zImage, solely used by at91, relies on $(PROFILE_SANITIZED) which is not available when building with CONFIG_TARGET_MULTI_PROFILE - Build/at91-sdcard, which may run concurrently, creates scratch files at fixed locations and manipulates target files directly which can lead to file corruption and other unexpected failures Rename the install-zImage macro to at91-install-zImage and move it to the at91 image Makefile since this target is the sole user. Also utilize "$@" as output file name and switch the usage of $(PROFILE_SANITIZED) to $(DEVICE_NAME) in order to fix naming under multi profile builds. Fix the at91-sdcard macro to construct scratch file paths relative to "$@", which is guaranteed to be unique and store the final artifact output in "$@" as well, instead of inside $(BIN_DIR). The generic image build code takes care of moving a build steps "$@" output to the final destination in a concurrency-safe manner. Finally remove the broken install-zImage from the generic image-commands Makefile. Fixes: d7a679a036 ("at91: Install zImage.") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* target.mk: let profile remove from DEFAULT_PACKAGESPhilip Prindeville2018-02-131-0/+2
| | | | | | | In a profile, specifying -pkg in the list of PACKAGES will suppress it even if it appears in the target's DEFAULT_PACKAGES list. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* target: Remove nomips16 option.Rosen Penev2018-02-131-3/+1
| | | | | | There is no target with a CPU subtype of nomips16. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iptables: Support building connlabel moduleKristian Evensen2018-02-131-0/+4
| | | | | | | | | | It is currently possible to enable connlabel-support in iptables. However, in order for connlabel to work properly, the kernel module must also be present. This patch adds support for building the connlabel-module, and selects it by default when connlabel-support is enabled. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
* u-boot.mk: add HOST_LDFLAGS to UBOOT_MAKE_FLAGSAlexandru Ardelean2018-02-101-1/+1
| | | | | | | | This will make sure that the build system's paths for linking are available. This is needed mostly for linking with tools/libressl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variableAlexandru Ardelean2018-02-101-1/+1
| | | | | | | | | | | | | | | | | This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS. ``` make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin ``` And then it would complain with: ``` /bin/sh: 1: HOSTCPPFLAGS: not found ``` Also, HOSTCPPFLAGS does not exist. The correct var is HOST_CPPFLAGS. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* kernel: bump 4.14 to 4.14.18Stijn Tintel2018-02-081-2/+2
| | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch - backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by upstream commit d32e5740001972c1bb193dd60af02721d047a17e. Update patch that no longer applies: hack/204-module_strip.patch Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: replace uses of OpenWrt with $(VERSION_DIST)Felix Fietkau2018-02-052-4/+4
| | | | | | This makes the distribution name more configurable. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: combine VERSION_SED and VERSION_SED_SCRIPTPhilip Prindeville2018-02-021-2/+1
| | | | | | | | | We don't need two versions of this. The escaping quotes is so that the sed commands aren't misinterpreted by shell; it has nothing to do with the contents of the file, thus one version is adequate. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* version.mk: escape values used in VERSION_SED macroPhilip Prindeville2018-02-021-33/+36
| | | | | | | | | | In addition to backslash and ampersand needing to be escaped for simple sed RHS strings, we also need to escape comma since we're using that as our s/// delimiter. Pass everything through a macro filter to sanitize it. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netfilter: add packages for arp and bridge tables of nftablesMatthias Schiffer2018-01-311-2/+10
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netfilter: clean up dependencies of kernel modulesMatthias Schiffer2018-01-311-3/+5
| | | | | | | | | The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate packages, as they are a common dependency of ip(6)tables and nftables. This avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables modules depend on nf-conntrack(6) now. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* procd: fix procd_lock() when prepare_roofsYousong Zhou2018-01-281-0/+2
| | | | | | | | | | | | This fixes the following errors when doing "make package/install" /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory flock: 1000: Bad file descriptor Fixes FS#1260 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: cleanup SSP_SUPPORT configure optionJulien Dusser2018-01-271-1/+1
| | | | | | | | | | | | | | | | | | Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh, avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain and depends it means 'build gcc with libssp'. Musl no longer uses libssp (1877bc9d8f), it has internal support, so SSP_SUPPORT was disabled leading some package to not use SSP. No information why Glibc and uClibc use libssp, but they may also provide their own SSP support. uClibc used it own with commit 933b588e25 but it was reverted in f3cacb9e84 without details. Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT if either USE_MUSL or GCC_LIBSSP. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-272-0/+9
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* kernel.mk: update LINUX_VERSION filename for cloned repoAlexandru Ardelean2018-01-271-0/+11
| | | | | | | | | | | | | | | | | In case there is an external git repo specified, it could overwrite the kernel tarball that was downloaded from kernel.org. The only identifier for such a file is the KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols, so if we have to download it we'll use that information [after some sanitization] to create a different filename for the kernel tarball. If KERNEL_GIT_REF symbol is empty, HEAD will be used as mentioned in the description of KERNEL_GIT_REF. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REFAlexandru Ardelean2018-01-271-5/+1
| | | | | | | | | The Download/git rule will do a `git checkout <git-ref>`. So, we can use any ref we want. No need to limit just to branches. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* kernel: bump 4.4 to 4.4.112Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.77Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.14Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | Refresh patches. CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* config: don't define the same symbol twiceKoen Vandeputte2018-01-171-1/+0
| | | | | | | | | | | | | | | | | In commit fce35bce0f6e ("config: support new symbol intro'd in kernel 4.12") I forgot to remove the initial debug test line. This clearly is wrong as the same symbol is defined conditionally in the line below as it should be. I looked over it as I just checked if the symbol was present now upon testing it. Fixes: fce35bce0f6e ("config: support new symbol intro'd in kernel 4.12") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* include/package-dumpinfo.mk: don't duplicate source package information for ↵Matthias Schiffer2018-01-131-6/+14
| | | | | | | | | | | every binary package Eventually the BUILDONLY package flag could be replaced by simply creating a package Makefile without any BuildPackage calls. This will fail for now, as BuildPackage also causes the Makefile's compile target etc. to do something useful at all. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* build: remove obsolete "package feature" featureMatthias Schiffer2018-01-131-25/+0
| | | | | | | | Package "features" seem to be unused for some time. In any case, custom Config.in snippets and package PROVIDES are a much more flexible way to express similar options. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* treewide: fix build depends to refer to source package namesMatthias Schiffer2018-01-132-3/+3
| | | | | | | Build depends must refer to source packages rather than binary package names. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* build: remove package preconfig featureMatthias Schiffer2018-01-131-15/+1
| | | | | | | This feature has been unused for years, and its scope is too limited to be actually useful. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* config: support new symbol intro'd in kernel 4.12Koen Vandeputte2018-01-131-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the bootloader. By default, all symbols containing INITRAMFS are wiped from the final config and then re-added conditionally. Add support for this symbol, as the build will stop otherwise questioning the user about this option: * Restart config... * * * General setup * Cross-compiler tool prefix (CROSS_COMPILE) [] Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n ... Initial RAM filesystem and RAM disk (initramfs/initrd) support (BLK_DEV_INITRD) [Y/n/?] y Initramfs source file(s) (INITRAMFS_SOURCE) [] Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE) [N/y/?] (NEW) Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: add image command for CE imagesSven Eckelmann2018-01-131-0/+13
| | | | | | | | | Combined Extended Images V1 can be created easily via the new image commands using IMAGE/sysupgrade.bin/squashfs := append-rootfs | pad-rootfs | combined-ext-image Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
* kernel: bump 4.14 to 4.14.13Kevin Darbyshire-Bryant2018-01-111-2/+2
| | | | | | Refresh patches Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.111Kevin Darbyshire-Bryant2018-01-111-2/+2
| | | | | | | | Refresh patches Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.76Kevin Darbyshire-Bryant2018-01-111-2/+2
| | | | | | | | | Refresh patches Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: fix restoring /etc/opkg with PER_DEVICE_ROOTFSJo-Philipp Wich2018-01-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating per-device rootfs directories, the ./etc/opkg/ directory is moved away prior to calling opkg install, opkg remove and rootfs_prepare. After the opkg invocations and the rootfs_prepare macro call, the saved opkg config directory is supposed to be moved back to its previous ./etc/opkg location. The mv command however can fail to properly restore the directory under certain circumstances, e.g. when the prior opkg or files/ overlay copy operations caused a new ./etc/opkg/ directory to be created. In this case, the backed up directory (named target-dir-$hash.opkg) will be moved into the preexisting ./etc/opkg/ directory instead, causing the opkg configuration to be located in a wrong path on the final rootfs, e.g. in /etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of /etc/opkg/distfeeds.conf. Solve this problem by replacing the naive "mv" command with a recursive "cp -T" invocation which causes the backed up directory tree to get merged with the destination directory in case it already exists. Also perform the rootfs_prepare macro call after restoring the opkg configuration, to allow users to override it again by using the files/ overlay mechanism. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* downloads.mk: introduce name-agnostic PROJECT_GIT variableJo-Philipp Wich2018-01-101-2/+4
| | | | | | | | | | Introduce a name-agnostic PROJECT_GIT variable poiting to https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT as aliases to it. After some transition time we can drop this alias variables. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: bump 4.4 to 4.4.110Kevin Darbyshire-Bryant2018-01-101-2/+2
| | | | | | | | | | Refresh patches Fixes: CVE-2017-5754 aka Meltdown Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [fix typo in commit msg, conflict after 4.14 bump] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.9 to 4.9.75Kevin Darbyshire-Bryant2018-01-101-2/+2
| | | | | | | | | | | | | Refresh patches Fixes: CVE-2017-5754 aka Meltdown Tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [fix conflict after 4.14 bump] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.12Stijn Tintel2018-01-081-2/+2
| | | | | | | | | No patch refresh required. Compile-tested on: octeon, x86/64. Runtime-tested on: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.11Stijn Tintel2018-01-031-2/+2
| | | | | | | | | | | | | | | Rename unwinder config symbols to match upstream changes. Refresh patches. Update patch that no longer applies: 202-reduce_module_size.patch Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported from 4.15 to the 4.14 stable series. It is enabled by default, so enable it in OpenWrt as well. Compile-tested on x86/64. Runtime-tested on x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.9 to 4.9.73Kevin Darbyshire-Bryant2018-01-021-2/+2
| | | | | | | | Refresh patches. Runtime tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* include/package.mk: remove old configured stamps before attempting configurationMatthias Schiffer2017-12-281-1/+1
| | | | | | | | | | Some packages, e.g. busybox, explicitly remove old .configured stamps before attempting configuration, rather than after the actual configuration step. This seems like a good idea, as there will be no stamp left if configuration fails. Change generic rules to work like this, so package- specific rules can be dropped. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: bump 4.4 to 4.4.108Kevin Darbyshire-Bryant2017-12-261-2/+2
| | | | | | Refresh patches. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.72Kevin Darbyshire-Bryant2017-12-261-2/+2
| | | | | | | | Refresh patches. Runtime tested: ar71xx - Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.107Kevin Darbyshire-Bryant2017-12-231-2/+2
| | | | | | | | | | Refresh patches. Update patch that no longer applied: oxnas/0072-mtd-backport-v4.7-0day-patches-from-Boris.patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: Update kernel 4.9 to 4.9.70Hauke Mehrtens2017-12-191-2/+2
| | | | | | Runtime tested on lantiq. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: include: remove last .0 from kernel versions againHauke Mehrtens2017-12-161-1/+1
| | | | | | | | Kernel 4.14 has the version number 4.14 and not 4.14.0. This was different in some older Linux kernel versions, This change makes it possible to use kernel 4.14 without any minor version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: generic: Add kernel 4.14 supportHauke Mehrtens2017-12-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds initial support for kernel 4.14 based on the patches for kernel 4.9. In the configuration I deactivated some of the new possible security features like: CONFIG_REFCOUNT_FULL CONFIG_SLAB_FREELIST_HARDENED CONFIG_SOFTLOCKUP_DETECTOR CONFIG_WARN_ALL_UNSEEDED_RANDOM And these overlay FS options are also deactivated: CONFIG_OVERLAY_FS_INDEX CONFIG_OVERLAY_FS_REDIRECT_DIR I activated this: CONFIG_FORTIFY_SOURCE CONFIG_POSIX_TIMERS CONFIG_SLAB_MERGE_DEFAULT CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED I am not sure if I did the porting correct for the following patches: target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch target/linux/generic/hack-4.14/220-gc_sections.patch target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch target/linux/generic/pending-4.14/305-mips_module_reloc.patch target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after ↵Felix Fietkau2017-12-122-3/+6
| | | | | | | | | including package.mk Reverts commit a9c96ef0ac7ac99e4928f5312f3d0d1252c98328 and replaces it with a different approach Signed-off-by: Felix Fietkau <nbd@nbd.name>
* merge: properly remove %n / %N referencesJo-Philipp Wich2017-12-091-3/+3
| | | | | | | | | | - use %d instead of %n for opkg feed identifiers - remove %n / %N references from version files Fixes bf5cef47b3 merge: release/banner: drop release name and update banner. Fixes FS#1213. Signed-off-by: Jo-Philipp Wich <jo@mein.io>