| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
| |
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
The previous commit f4a4f324cb76ad ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 86c966a8ae9c4e74b912a16a760aaed17c68eb32 caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.
Fixes: 36ba6237d6e3a23fbeadcc1812a892faa4b07cbe ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
|
|
|
|
|
|
| |
BSD paste requires a filename argument, and it accepts - to use stdin as
intended.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
| |
This commit contains the following changes
- Use local shell var where appliable
- The $(sort $$$$$$$$mods) call will have no expected effect
- Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
- Avoid duplicate arguments for insert_modules() in postinst-pkg
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
They need to be defined before including quilt.mk
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
Makes behavor consistent with package builds and regular host builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.
To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
|
| |
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0df2c6563a3537ed21b28a9fb6874bf2718afd05 since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Refresh all patches
- Removed upstreamed
- Adapted 1
Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.
Other image types (at least targz and squashfs) already have this.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.
This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.
The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc3b6b178f8954c5075a58e1e6a99d6a.
Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
| |
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
Otherwise ipkg packages may wrongly take on alternatives specs of
another package sharing the same package Makefile
Fixes FS#753
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
It's a list of specs of the following form seprated by commas to
describe alternatives provided by this package
<prio>:<path>:<altpath>
<path> will be a symbolic link to <altpath> of the highest <prio>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
| |
Remove LARGEFILE option, support was removed back in 2011 (OpenWrt rev 25208).
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.
This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not sure since when the issue emerged, but according to the current doc of gcc
and as, armv8-a is intended as argument of -march
The change will affect at the moment arm64 and layerscape/64b
Below is the relevant error messages when building toolchain
Assembler messages:
Error: unknown cpu `armv8-a'
Error: unrecognized option -mcpu=armv8-a
/home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
Recent attempts to use it have shown that it does not work properly
except for a few undocumented cases. It's better to remove this now to
avoid having more people fall into the same trap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Keeping it in base-files was resulting in adding it to the base-files
package. This file is meant to be included manually for initramfs
images only.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
Cuts build time on Mac OS X in half by avoiding repeated $(shell) calls
from the build system
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
If someone creates a target and indicates a CPU_TYPE, but there's
no corresponding support for that CPU_TYPE's flags in include/target.mk
then that should probably be indicated rather than silently ignored.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
|
|
|
|
|
|
| |
Normal packages don't rely on the feed configuration variables for the
build step
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
quilt.mk needs to be included first, to ensure that STAMP_PREPARED does
not include the hash if quilt is used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
This will allow us to override the variable from within a Device template.
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
|
|
| |
This can be used to indicate that a target does not support the optional mips16
extension even when it is a mips32r2 or later CPU.
This will generate a separate toolchain and a separate package folder,
e.g. mips_24kc_nomips16
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
|
|
|
|
|
|
| |
host-build.mk should not be included for prereq
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
KERNELRELEASE contains a $(shell) call which is evaluated over and over
again.
The call to checksyscalls.sh is unnecessary for LEDE and also takes a
few seconds to complete.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Avoids lots of redundant calls to mkhash on things like
package/kernel/linux
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
DTS dependencies are not processed correctly so makes it safer against
poentially stale builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|