aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* include: extend SetupHostCommand macro to accept more argumentsJo-Philipp Wich2018-04-051-1/+2
| | | | | | | | | | | | | Commit d6d3db0543 added more gcc version probes, exceeding the argument limit of the SetupHostCommand macro, leading to failing GCC/LLVM tests on OS X. Extend the handled number of arguments to restore proper functionality. Fixes FS#1470 Fixes d6d3db0543 ("build: Improve GCC version detection") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: update kernel 4.14 to 4.14.32Hauke Mehrtens2018-04-031-2/+2
| | | | | | | | | | | | | The following patches are now included upstream: * 0052-MIPS-lantiq-fix-usb-clocks.patch * 0053-MIPS-lantiq-enable-AHB-Bus-for-USB.patch * 0060-lantiq-ase-enable-MFD-SYSCON.patch Closes: FS#1466 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: Improve GCC version detectionHauke Mehrtens2018-04-031-4/+8
| | | | | | | | | | This now makes sure that the beginning of the version number gets checked and "4.4.5" will not match was a supported version. GCC 8 and GCC 9 are now marked as supported, but we probably have to fix some problems for them. Closes: FS#1433 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: update kernel 4.9 to version 4.9.91Hauke Mehrtens2018-03-311-2/+2
| | | | | | | | | | * Refreshed patches. * Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream) * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream) Compile and run tested on lantiq Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mvebu: add support for MACCHIATObin (cortex-a72)Damir Samardzic2018-03-311-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add initial support for Marvell MACCHIATObin, cortex-a72 based Marvell ARMADA 8040 Community board. Comes in two forms: Single Shot and Double Shot. Specifications: - Quad core Cortex-A72 (up to 2GHz) - DDR4 DIMM slot with optional ECC and single/dual chip select support - Dual 10GbE (1/2.5/10GbE) via copper or SFP 2.5GbE (1/2.5GbE) via SFP 1GbE via copper - SPI Flash - 3 X SATA 3.0 connectors - MicroSD connector - eMMC - PCI x4 3.0 slot - USB 2.0 Headers (Internal) - USB 3.0 connector - Console port (UART) over microUSB connector - 20-pin Connector for CPU JTAG debugger - 2 X UART Headers - 12V input via DC Jack - ATX type power connector - Form Factor: Mini-ITX (170 mm x 170 mm) More details at http://macchiatobin.net Booting from micro SD card: 1. reset U-Boot environment: env default -a saveenv 2. prepare U-Boot with boot script: setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000" saveenv or manually: setenv fdt_name armada-8040-mcbin.dtb setenv image_name Image setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti $kernel_addr - $fdt_addr' saveenv Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
* build: filter out kmod-ipt-offload from the default selection on targets ↵Felix Fietkau2018-03-301-0/+4
| | | | | | that do not support it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: include kmod-ipt-offload in default imagesFelix Fietkau2018-03-271-1/+1
| | | | | | | | | Netfilter flow offload has now started to become useful and suitable for a wider testing audience. Configuring it via UCI is also integrated in firewall3 by adding 'option flow_offloading 1' to the 'defaults' section in /etc/config/firewall Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Kernel: bump 4.14 to 4.14.29Stijn Segers2018-03-231-2/+2
| | | | | | | | | | | | Right patch version this time, sorry! * Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code. * Refreshed patches. Compile-tested: ramips/mt7621, x86/64 Run-tested: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: bump 4.14 to 4.14.27Stijn Segers2018-03-171-2/+2
| | | | | | | | | | * Refreshed patches. * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream) Compile-tested: ramips/mt7621, x86/64 Run-tested: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* kernel: bump 4.4 to 4.4.121Koen Vandeputte2018-03-171-2/+2
| | | | | | | | | - Refreshed all patches - Only compile-tested Compile tested on: Gemini Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.87Koen Vandeputte2018-03-171-2/+2
| | | | | | | | | - Refreshed all patches Compile tested on: ar71xx Runtime tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: Allow to change the FIT config section nameSven Eckelmann2018-03-172-2/+5
| | | | | | | | Some devices only boot when a special config is found in the image and completely ignore the default entry during the selection. These devices can now use the variable DEVICE_DTS_CONFIG in their device image definition. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* build: revert "make image target wait for initramfs"Christian Lamparter2018-03-151-1/+1
| | | | | | | | | | | This reverts commit 43be5087a915727e7dcb3459e2221f094c70811b. The change is incompatible with the image builder code. Luckily the RT-AC58U is no longer depending on the initramfs being available for the target's image generation rules. Reported-by: Venitex Aveon <aveon@aenote.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* build: make image target wait for initramfsChristian Lamparter2018-03-141-1/+1
| | | | | | | | | | | | The image production rules does not have the initramfs-image as a dependency. So, from make’s perspective initramfs creation can run independently/in parallel with the image generation code in the target's Makefile. This is a problem for devices that have to use the initramfs for the image creation and can lead to broken images. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: bump 4.9 to 4.9.86Koen Vandeputte2018-03-091-2/+2
| | | | | | | | | | - Refreshed all patches - Removed 1 patch which got upstreamed Compile tested on: ar71xx (Rocket M5, Mikrotik RB2011) Runtime tested on: ar71xx (Rocket M5, Mikrotik RB2011) Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump to version 4.14.25Kabuli Chana2018-03-091-2/+2
| | | | | | compile/test target mvebu/rango Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* inclue/image.mk: fix package installation for per-device rootfsMatthias Schiffer2018-03-091-0/+1
| | | | | | | Fixes FS#1421. Fixes: 2fbf669730bf ("imagebuilder: reuse rootfs preparation from rootfs.mk") Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* include/package-defaults.mk: fix default Build/Prepare with empty ./srcMatthias Schiffer2018-03-071-1/+1
| | | | | | | Copying ./src/* would fail when src exists, but is empty or only contains hidden files. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* include/image.mk: base package-list manifest on unprepared rootfsMatthias Schiffer2018-03-071-8/+2
| | | | | | | With CONFIG_CLEAN_IPKG, the prepared rootfs does not have a full opkg status file. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* imagebuilder: reuse rootfs preparation from rootfs.mkMatthias Schiffer2018-03-072-4/+0
| | | | | | | | | | | | In addition to removing redundant code, this fixes various issues in IB-generated images that have been fixed in prepare_rootfs before, including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts from FILES. We also reuse the opkg macro and remove --force-... flags that have been removed from rootfs.mk as well. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* include/rootfs.mk: pass additional files dir to prepare_rootfs as an argumentMatthias Schiffer2018-03-072-4/+4
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* include/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKGMatthias Schiffer2018-03-071-1/+8
| | | | | | | | /usr/lib/opkg/status must not be removed completely, otherwise the packages' conffile lists will be missing. Replace it with a reduced version only containing the conffile entries. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* include/rootfs.mk: do not remove opkg prerm scripts during rootfs preparationMatthias Schiffer2018-03-071-1/+0
| | | | | | | When a user removes a preinstalled opkg package, the package's prerm script (and in particular our default_prerm) should run. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: bump 4.4 to 4.4.119Stijn Segers2018-03-031-2/+2
| | | | | | | | | | | | | | | | | | This bumps the 4.4. kernel in master to 4.4.119. Includes more Meltdown & Spectre mitigation. * Refresh patches. * Refresh x86/config for RETPOLINE. * Deleted 8049-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch (accepted upstream) * Deleted 8050-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch (accepted upstream) * Deleted 650-pppoe_header_pad.patch (does not apply anymore (code was replaced)). Bumps from 4.4.112 to 4.4.115 were handled by Kevin Darbyshire-Bryant. Compile-tested on: ar71xx & oxnas. Signed-off-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: bump 4.9 to 4.9.85Magnus Kroken2018-03-031-2/+2
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* kernel: bump 4.14 to 4.14.23Stijn Segers2018-03-021-2/+2
| | | | | | | | | | | | | This patch bumps the 4.14 kernel to .23. - Refreshed patches. - Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream. - Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed, the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes. Compile-tested on: ramips/mt7621, x86/64 Run-tested on: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload supportFelix Fietkau2018-02-211-0/+3
| | | | | | | | | | This makes it possible to add an iptables rule that offloads routing/NAT packet processing to a software fast path. This fast path is much quicker than running packets through the regular tables/chains. Requires Linux 4.14 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add --force option to gzip in Build/gzipStijn Tintel2018-02-191-1/+1
| | | | | | | | | | When using pigz, a parallel gzip implementation, the gzip step in the image build for some targets fails, because the image filename already has the .gz extension. This results in an emtpy image file. Fix this by adding the --force option to gzip in the Build/gzip macro. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Martin Schleier <drahemmaps@gmx.net>
* kernel: bump 4.9 to 4.9.82Stijn Tintel2018-02-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch - backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch, it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd. Remove pending/650-pppoe_header_pad.patch, it is superseded by upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480. Update patches that no longer apply: - ar71xx/004-register_gpio_driver_earlier.patch - hack/204-module_strip.patch - pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch Fixes CVE-2017-8824. Compile-tested: ar71xx. Runtime-tested: ar71xx. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.20Stijn Tintel2018-02-181-2/+2
| | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - backport/080-v4.15-0001-arch-define-weak-abort.patch - backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch Update patch that no longer applies: pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch Fixes CVE-2017-8824. Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* at91: fix image building with CONFIG_TARGET_MULTI_PROFILEJo-Philipp Wich2018-02-141-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current image build code has a number of race conditions and interface contract violations in the custom image build steps: - Build/install-zImage, solely used by at91, relies on $(PROFILE_SANITIZED) which is not available when building with CONFIG_TARGET_MULTI_PROFILE - Build/at91-sdcard, which may run concurrently, creates scratch files at fixed locations and manipulates target files directly which can lead to file corruption and other unexpected failures Rename the install-zImage macro to at91-install-zImage and move it to the at91 image Makefile since this target is the sole user. Also utilize "$@" as output file name and switch the usage of $(PROFILE_SANITIZED) to $(DEVICE_NAME) in order to fix naming under multi profile builds. Fix the at91-sdcard macro to construct scratch file paths relative to "$@", which is guaranteed to be unique and store the final artifact output in "$@" as well, instead of inside $(BIN_DIR). The generic image build code takes care of moving a build steps "$@" output to the final destination in a concurrency-safe manner. Finally remove the broken install-zImage from the generic image-commands Makefile. Fixes: d7a679a036 ("at91: Install zImage.") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* target.mk: let profile remove from DEFAULT_PACKAGESPhilip Prindeville2018-02-131-0/+2
| | | | | | | In a profile, specifying -pkg in the list of PACKAGES will suppress it even if it appears in the target's DEFAULT_PACKAGES list. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* target: Remove nomips16 option.Rosen Penev2018-02-131-3/+1
| | | | | | There is no target with a CPU subtype of nomips16. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iptables: Support building connlabel moduleKristian Evensen2018-02-131-0/+4
| | | | | | | | | | It is currently possible to enable connlabel-support in iptables. However, in order for connlabel to work properly, the kernel module must also be present. This patch adds support for building the connlabel-module, and selects it by default when connlabel-support is enabled. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
* u-boot.mk: add HOST_LDFLAGS to UBOOT_MAKE_FLAGSAlexandru Ardelean2018-02-101-1/+1
| | | | | | | | This will make sure that the build system's paths for linking are available. This is needed mostly for linking with tools/libressl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variableAlexandru Ardelean2018-02-101-1/+1
| | | | | | | | | | | | | | | | | This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS. ``` make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin ``` And then it would complain with: ``` /bin/sh: 1: HOSTCPPFLAGS: not found ``` Also, HOSTCPPFLAGS does not exist. The correct var is HOST_CPPFLAGS. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* kernel: bump 4.14 to 4.14.18Stijn Tintel2018-02-081-2/+2
| | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch - backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by upstream commit d32e5740001972c1bb193dd60af02721d047a17e. Update patch that no longer applies: hack/204-module_strip.patch Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: replace uses of OpenWrt with $(VERSION_DIST)Felix Fietkau2018-02-052-4/+4
| | | | | | This makes the distribution name more configurable. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: combine VERSION_SED and VERSION_SED_SCRIPTPhilip Prindeville2018-02-021-2/+1
| | | | | | | | | We don't need two versions of this. The escaping quotes is so that the sed commands aren't misinterpreted by shell; it has nothing to do with the contents of the file, thus one version is adequate. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* version.mk: escape values used in VERSION_SED macroPhilip Prindeville2018-02-021-33/+36
| | | | | | | | | | In addition to backslash and ampersand needing to be escaped for simple sed RHS strings, we also need to escape comma since we're using that as our s/// delimiter. Pass everything through a macro filter to sanitize it. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netfilter: add packages for arp and bridge tables of nftablesMatthias Schiffer2018-01-311-2/+10
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netfilter: clean up dependencies of kernel modulesMatthias Schiffer2018-01-311-3/+5
| | | | | | | | | The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate packages, as they are a common dependency of ip(6)tables and nftables. This avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables modules depend on nf-conntrack(6) now. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* procd: fix procd_lock() when prepare_roofsYousong Zhou2018-01-281-0/+2
| | | | | | | | | | | | This fixes the following errors when doing "make package/install" /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory flock: 1000: Bad file descriptor Fixes FS#1260 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* build: cleanup SSP_SUPPORT configure optionJulien Dusser2018-01-271-1/+1
| | | | | | | | | | | | | | | | | | Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh, avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain and depends it means 'build gcc with libssp'. Musl no longer uses libssp (1877bc9d8f), it has internal support, so SSP_SUPPORT was disabled leading some package to not use SSP. No information why Glibc and uClibc use libssp, but they may also provide their own SSP support. uClibc used it own with commit 933b588e25 but it was reverted in f3cacb9e84 without details. Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT if either USE_MUSL or GCC_LIBSSP. Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* build: add hardened builds with PIE (ASLR) supportJulien Dusser2018-01-272-0/+9
| | | | | | | | | | | | | | | | | | Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
* kernel.mk: update LINUX_VERSION filename for cloned repoAlexandru Ardelean2018-01-271-0/+11
| | | | | | | | | | | | | | | | | In case there is an external git repo specified, it could overwrite the kernel tarball that was downloaded from kernel.org. The only identifier for such a file is the KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols, so if we have to download it we'll use that information [after some sanitization] to create a different filename for the kernel tarball. If KERNEL_GIT_REF symbol is empty, HEAD will be used as mentioned in the description of KERNEL_GIT_REF. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REFAlexandru Ardelean2018-01-271-5/+1
| | | | | | | | | The Download/git rule will do a `git checkout <git-ref>`. So, we can use any ref we want. No need to limit just to branches. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* kernel: bump 4.4 to 4.4.112Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.9 to 4.9.77Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Compile-tested: ar71xx Archer C7 v2 Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.14Kevin Darbyshire-Bryant2018-01-201-2/+2
| | | | | | | | | | | | | | Refresh patches. CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>