| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes CVE:
- CVE-2018-14625
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 950-0149-Update-vfpmodule.c.patch
- 201-extra_optimization.patch
New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR
Compile-tested on: ar71xx, ar7, arc770, at91, brcm2708, brcm63xx, ixp4xx, lantiq, layerscape, mpc85xx, orion, rb532, uml
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed upstreamed hunks:
- 703-phy-support-layerscape.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
| |
this is now part of generic
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5f5d8128815c0624a01e48de25bd5cf1b6ab23ef)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches.
* Removed patches:
- target/linux/ar71xx/patches-4.9/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch superseded by upstream
- target/linux/ar71xx/patches-4.9/403-mtd_fix_cfi_cmdset_0002_status_check.patch superseded by upstream
- target/linux/brcm63xx/patches-4.9/001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch accepted upstream
- target/linux/brcm63xx/patches-4.9/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch accepted upstream
- target/linux/brcm63xx/patches-4.9/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch accepted upstream
- target/linux/generic/pending-4.9/900-gen_stats-fix-netlink-stats-padding.patch
* New backported patch to address ext4 breakage, introduced in 4.9.112:
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9
Thanks to Koen Vandeputte for pointing out the need to add the ARM64_SSBD symbol, and the ext4 patch.
Compile-tested on: ar71xx
Run-tested on: ar71xx
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
@vahid-dan reported a issue with extracting the rpi images with
Gnome's Archive Manager:
"Ubuntu Archive Manager cannot extract the file and it just
throws a general error message: "An error occurred while
extracting files".
<https://forum.lede-project.org/t/corrupted-pre-built-v18-06-0-rc2-image-for-rpi>
@blogic told me to split the single sdcard.img.gz for the RPi
into a sysupgrade and a factory image for all brcm2708 targets.
The factory images will have no metadata attached, this way
these utilities that can't deal with the attached metadata will
not fail for no reason.
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7516a960113d512cb2909f40bd07caf2a6c547b1)
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed patches. The following patches were upstreamed and have been deleted:
* target/linux/ar71xx/patches-4.9/106-01-MIPS-ath79-fix-AR724X_PLL_REG_PCIE_CONFIG-offset.patch
* target/linux/generic/pending-4.9/180-net-phy-at803x-add-support-for-AT8032.patch
* target/linux/generic/pending-4.9/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
* target/linux/generic/pending-4.9/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a image with squashfs as the root filesystem.
A rootfs_data partition will be generated on the first boot
and placed inside the rootfs partition (just after the squashfs
image).
advantages:
- it is possible to migrate from an existing -ext4
installation and back via sysupgrade.
- existing partition layout will not be lost.
- slightly smaller image size.
- support for attendedsysupgrade
disadvantages:
- needs f2fs + tools as well. This is because fs-tools decides on the
blocksize of the sdcard. So either f2fs or ext4 can get choosen as
the rootfs_data filesystem (depends on the size of the root partition).
- rootfs_data is placed into the rootfs partition. This makes
it difficult for tools that expect a /dev/mmc0pX device.
It also makes it difficult for data recovery tools since they
might not expect to find a embedded partition or will be
confused.
For people with existing build configurations: make sure to include mkf2fs
and f2fsck package into the image... Otherwise the new -squashfs image will
boot of a ram-overlay and won't keep the configurations after a reboot.
Cc: Álvaro Fernández Rojas <noltari@gmail.com>
Cc: Paul Spooren <spooren@informatik.uni-leipzig.de>
Cc: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Acked-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 707b6c815bba34e9783d2695020bb17385fdcf1d)
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches
Added new ARM64 symbol: ARM64_ERRATUM_1024718
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
| |
The harden branch predictor was backported for arm64 with 4.9.92-96.
Fixes: 9aa196e0f260 ("kernel: bump 4.9 to bump 4.9.96")
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
| |
Signed-off-by: Christo Nedev <christo.nedev@me.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches, following required reworking:
ar71xx/patches-4.9/930-chipidea-pullup.patch
layerscape/patches-4.9/302-dts-support-layercape.patch
sunxi/patches-4.9/0052-stmmac-form-4-12.patch
Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092
Tested on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Arjen de Korte <build+openwrt@de-korte.org>
|
|
|
|
|
|
|
|
|
|
| |
* Refreshed patches.
* Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream)
* Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)
Compile and run tested on lantiq
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
- Refreshed all patches
- Removed 1 patch which got upstreamed
Compile tested on: ar71xx (Rocket M5, Mikrotik RB2011)
Runtime tested on: ar71xx (Rocket M5, Mikrotik RB2011)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
| |
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6c2e1ff80f52b939405fe0c14577c584602ae432.
GNU gzip does not fail when the image filename already contains the .gz
extension, this is a problem specific to pigz. Revert the commit, as we
now gzip the image twice.
Reported-by: Martin Schleier <drahemmaps@gmx.net>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
| |
Fixes: f621b539512e ("kernel: bump 4.9 to 4.9.82")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Remove upstreamed patches:
- ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch,
it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd.
Remove pending/650-pppoe_header_pad.patch, it is superseded by
upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480.
Update patches that no longer apply:
- ar71xx/004-register_gpio_driver_earlier.patch
- hack/204-module_strip.patch
- pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch
Fixes CVE-2017-8824.
Compile-tested: ar71xx.
Runtime-tested: ar71xx.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gzip step in the sdcard image build fails because the image filename
already has the gzip extension. This results in an empty image file, to
which the metadata is finally appended.
Remove the .gz extension from the image filename to fix this.
Fixes: e79b096ee175 ("brcm2708: convert to metadata")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
| |
Disable CONFIG_PROC_PAGE_MONITOR in most places and only keep it enabled
for virtual targets such as malta or potent ones like x86.
This saves up to 4KB of uncompressed kernel size and significantly
decreases CPU load under certain workloads.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
While bumping 4.14, the kernel build failed due to missing CONFIG_KASAN
symbol. Move it to generic config instead of defining it for all arm64
and x86/64 targets.
It was only added in 4.0, so not needed in config-3.18.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
Refresh patches.
Runtime tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Advantages:
- preserves existing partition layout on the sd-card.
Only the boot and rootfs partition will be overwritten.
Please note that sysupgrade will refuse to upgrade, if the existing
installation has an incompatible partition layout. Future changes
to the bootfs and/or rootfs partition size will likely cause breakage
to the sysupgrade procedure. In these cases, the ext4-sdcard.img.gz
will have to be written to the sdcard manually.
Please don't forget to backup your configuration in this case.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the values populated by the generic board detect function. The
first compatible from the device tree source file will be the board
name in userspace. The model property from the device tree source file
will be the model name.
Change the board name where used in the userspace and drop the target
specific board detect, to use the generic one.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the compatible string for the various RPIs from
4.14 upstream.
Note: The 4.14 upstream does not include the compute modules.
If the CM* would just house the SoC, it could in theory use the
"raw" chip compatible string. However, these CM boards also come
with RAM and eMMC. So they have to have a proper comaptible.
For now, "raspberrypi,compute-module-{1|3}" will be good enough.
Note2: The original CM was renamed to CM1 when CM3 was released.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch converts all the raspberrypi images to utilize
the common metadata-based image verification.
Note: the CM1 and CM3 currently use the same "rpi-cm"
boardname.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
| |
Runtime tested on lantiq.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed upstreamed parts.
Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Raspberry Pi bootloader reads configuration values from config.txt
in the boot partition. This file allows to specify the amount of memory
to assign to the GPU, the license keys for hardware MPEG-2 and VC-1
decoding, Device Tree parameters and overlays, and lots of other things.
Since sysupgrade only restores the configuration after booting the newly
flashed image, these values will not be active, even if sysupgrade would
save /boot/config.txt. To solve this, add the file to the files to be
backed up, and restore it in platform_copy_config, before reboot.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch
Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
Neon and vfpv4 support are activated by GCC on all ARMv8 CPUs because
this is now a mandatory part of the architecture. There is not need to
activate is manually.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.
Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
| |
They are not used any longer.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
| |
Use the generic function instead ot the target specific ones.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For targets using the generic board detection and board specific
settings in diag.sh, the board name is still unset at the time the
set_state() provided by diag.sh is called by 10_indicate_preinit.
Change the execution order to ensure the boardname is populated before
required the first time. Do the target specific board detection as
early as possible, directly followed by the generic one to allow a
seamless switch to the generic function for populating /tmp/sysinfo/.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:
473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed
403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0
180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item
Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
| |
Remove CONFIG_SCHED_HRTICK from target configs, as it was added to the
generic config in b47fd7656336162360ebf66147326763ddae3f8d.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)
Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With cpufreq disabled, the CPU stays locked at the frequency set by the
bootloader. This severely degrades performance as the bootloader sets
the CPU at the lowest frequency by default.
Enable cpufreq for all subtargets and use the ondemand governor.
Tested bcm2708 on RPi0W. Tested bcm2709 and bcm2710 on RPi3.
Reported-by: Bryan Mayland <bmayland@capnbry.net>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|