aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* build: refactor JSON info files to `profiles.json`Paul Spooren2020-04-031-29/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JSON info files contain machine readable information of built profiles and resulting images. These files were added in commit 881ed09ee6e2 ("build: create JSON files containing image info"). They are useful for firmware wizards and script checking for reproducibility. Currently all JSON files are stored next to the built images, resulting in up to 168 individual files for the ath79/generic target. This patch refactors the JSON creation to store individual per image (not per profile) files in $(BUILD_DIR)/json_info_files and create an single overview file called `profiles.json` in the target directory. Storing per image files and not per profile solves the problem of parallel file writes. If a profiles sysupgrade and factory image are finished at the same time both processes would write to the same JSON file, resulting in randomly broken outputs. Some target like x86/64 do not use the image code yet, resulting in missing JSON files. If no JSON info files were created, no `profiles.json` files is created as it would be empty anyway. As before, this creation is enabled by default only if `BUILDBOT` is set. Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64. Signed-off-by: Paul Spooren <mail@aparcar.org> [json_info_files dir handling in Make, if case refactoring] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* x86: generate EFI platform bootable images李国2020-03-311-0/+1
| | | | | | | | | | | | | | | | | Add EFI platform bootable images for x86 platforms. These images can also boot from legacy BIOS platform. EFI System Partition need to be fat12/fat16/fat32 (not need to load filesystem drivers), so the first partition of EFI images are not ext4 filesystem any more. GPT partition table has an alternate partition table, we did not generate it. This may cause problems when use these images as qemu disk (kernel can not find rootfs), we pad enough sectors will be ok. Signed-off-by: 李国 <uxgood.org@gmail.com> [part_magic_* refactoring, removed genisoimage checks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 5.4 to 5.4.28Petr Štetiar2020-03-281-2/+2
| | | | | | | | | | | | | | | | | | | | Changelog since 5.4.24 mentions CVE-2019-19769, CVE-2020-8648, CVE-2020-8649 and CVE-2020-8647. Removed upstreamed: generic: 507-v5.6-iio-chemical-sps30-fix-missing-triggered-buffer-depe.patch generic: 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch bcm27xx: 950-0435-ASoC-pcm512x-Fix-unbalanced-regulator-enable-call-in.patch ipq806x: 701-stmmac-fix-notifier-registration.patch lantiq: 002-pinctrl-falcon-fix-syntax-error.patch octeontx: 0002-net-thunderx-workaround-BGX-TX-Underflow-issue.patch Run tested: apu2, qemu-x86-64, apalis, a64-olinuxino, nbg6617 Build tested: sunxi/a53, imx6, x86/64, ipq40xx Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [apu2] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* build: prereq: tidy gcc version checksKevin Darbyshire-Bryant2020-03-241-16/+0
| | | | | | | | | | | | | | | | | There is a restriction in the number of parameters(10) that may be passed to the SetupHostCommand macro so continually adding explicit gcc'n' version checks ends up breaking the compiler check for the later versions and oddballs like Darwin as was done in 835d1c68a0 which added gcc10. Drop all the explicitly specified gcc version checks. If a suitable gcc compiler is not found, it may be specified at the dependency checking stage after which that version will be symlinked into the build staging host directory. eg. 'CC=gccfoo CXX=g++foo make prereq' Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Acked-by: Jo-Philipp Wich <jo@mein.io>
* build: add GCC 10 version detectionRobert Marko2020-03-231-4/+6
| | | | | | | Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it. Some tools like mtd-utils need work to compile under GCC10, but that will be next step. Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* build: image: set default parameter for check-sizeSungbo Eo2020-03-211-1/+1
| | | | | | | In most cases check-size is used with IMAGE_SIZE and vice versa. Let check-size use IMAGE_SIZE by default. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* x86: use qemu-image command from image-commands.mkPaul Spooren2020-03-211-0/+7
| | | | | | | | | | | The `qemu-image` command converts images to the specified type and reduces redundant code. Adaption from Alexander Couzens <lynxis@fe80.eu> work[0]. [0]: https://git.openwrt.org/?p=openwrt/staging/lynxis.git;a=blob;f=target/linux/x86/image/Makefile;h=83b8140b7aefbe708fd09c9c61827e7e39bda8b4;hb=416cccf398e9589e3de386e05b61b1c46cace20d#l51 Signed-off-by: Paul Spooren <mail@aparcar.org>
* x86: switch image generation to new codePaul Spooren2020-03-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | This commit introduces few related changes which need to be done in single commit to keep images buildable between git revisions. In result it retains all previous image creation possibilities with slight name change of generated images. Brief summary of the commit: * Split up image generation recipe to smaller chunks to make it more generic and reusable. * Make iso images x86 specific and drop their definition as root filesystem. * Convert image creation process to generic code specified in image.mk. * Make geode subtarget inherit features from the main target instead of redefining them. * For subtargets create device definitions with basic packages set. Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl> [rebased] Signed-off-by: Paul Spooren <mail@aparcar.org>
* build: image: move IMAGE_SIZE to image.mkSungbo Eo2020-03-111-3/+3
| | | | | | | | | | IMAGE_SIZE is widely used in many targets. Declare it in the default template to clean up redundant code. This also prevents deriving IMAGE_SIZE unintentionally from the previously defined device. While at it, remove duplicate KERNEL_SIZE declaration. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* kernel: bump 5.4 to 5.4.24Koen Vandeputte2020-03-091-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: imx6 Runtime-tested on: imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.108Koen Vandeputte2020-03-091-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.172Koen Vandeputte2020-03-091-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: simplify gnu-getopt searchKevin Darbyshire-Bryant2020-03-021-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | getopt is the only command where /usr/local/bin is specified explicitly. All other commands are assumed to exist in the PATH in one form or another. Remove this exception and require gnugetopt/getopt to be in the user's PATH. In the case of macos Homebrew, getopt is 'keg only' hence not linked into /usr/local/bin whilst other commands are linked and likely found by virtue of /usr/local/bin being in PATH. Since 2019 Homebrew is very reluctant to install links that have potential to override default OS behaviour, eg: following instructions on our current 'how to build on macos' wiki page: $ brew ln gnu-getopt --force Warning: Refusing to link macOS-provided software: gnu-getopt If you need to have gnu-getopt first in your PATH run: echo 'export PATH="/usr/local/opt/gnu-getopt/bin:$PATH"' >> ~/.zshrc A better option for macos is to link getopt as 'gnugetopt' in /usr/local/bin, thus the build system will find 'gnugetopt' but other applications looking for just 'getopt' will find the original macos binary. Ultimately it makes sense that 'GNU' dependencies are placed in /usr/local/bin and /usr/local/bin is included in the user's PATH. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* build: Remove STAGING_DIR_HOST references for InstallDev/UninstallDevJeffery To2020-03-011-3/+3
| | | | | | | | | | | | | Build/InstallDev no longer places a file list in $(STAGING_DIR_HOST)/packages; this change removes the creation of $(STAGING_DIR_HOST)/packages and the attempted removal of a STAGING_DIR_HOST file list during package clean. This also changes the host directory passed to Build/UninstallDev from $(STAGING_DIR_HOST) to $(STAGING_DIR)/host, to match the directory passed to Build/InstallDev. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* build: add xargs as prerequisiteKevin Darbyshire-Bryant2020-02-291-0/+5
| | | | | | | | | | | | | Build system needs an 'xargs' that supports '-r' which darwin doesn't. Homebrew installs a 'gxargs' with the findutils package so look for 'gxargs' as well as 'xargs' This is a bit of a 'fun' corner case anyway. xargs is only required by the build if 'CONFIG_AUTOREMOVE' is set and after the build system has built 'tools/findutils' we have a fully working xargs for host anyway. Until that time we have to rely on the host's xargs implementation. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: Include xt_MASQUERADE for kernel 5.2 and laterKoen Vandeputte2020-02-281-1/+2
| | | | | | Instead of ip6t_MASQUERADE, include xt_MASQUERADE on kernel >= 5.2. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add support for kernel 5.4Koen Vandeputte2020-02-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were removed because they are integrated in the upstream kernel 5.4: * backport-5.4/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch * backport-5.4/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch * backport-5.4/080-v5.1-0001-bcma-keep-a-direct-pointer-to-the-struct-device.patch * backport-5.4/080-v5.1-0002-bcma-use-dev_-printing-functions.patch * backport-5.4/095-Allow-class-e-address-assignment-via-ifconfig-ioctl.patch * backport-5.4/101-arm-cns3xxx-use-actual-size-reads-for-PCIe.patch * backport-5.4/200-v5.2-usb-dwc2-Set-lpm-mode-parameters-depend-on-HW-configuration.patch * backport-5.4/210-arm64-sve-Disentangle-uapi-asm-ptrace.h-from-uapi-as.patch * backport-5.4/380-v5.3-net-sched-Introduce-act_ctinfo-action.patch * backport-5.4/450-v5.0-mtd-spinand-winbond-Add-support-for-W25N01GV.patch * backport-5.4/451-v5.0-mtd-spinand-Add-initial-support-for-Toshiba-TC58CVG2.patch * backport-5.4/452-v5.0-mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch * backport-5.4/455-v5.1-mtd-spinand-Add-support-for-all-Toshiba-Memory-produ.patch * backport-5.4/456-v5.1-mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch * backport-5.4/460-v5.0-mtd-spi-nor-Add-support-for-mx25u12835f.patch * backport-5.4/460-v5.3-mtd-spinand-Define-macros-for-page-read-ops-with-thr.patch * backport-5.4/461-v5.3-mtd-spinand-Add-support-for-two-byte-device-IDs.patch * backport-5.4/462-v5.3-mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UFxxG.patch * backport-5.4/463-v5.3-mtd-spinand-Add-initial-support-for-Paragon-PN26G0xA.patch * backport-5.4/700-v5.1-net-phylink-only-call-mac_config-during-resolve-when.patch * backport-5.4/701-v5.2-net-phylink-ensure-inband-AN-works-correctly.patch * backport-5.4/702-v4.20-net-ethernet-Add-helper-for-MACs-which-support-asym-.patch * backport-5.4/703-v4.20-net-ethernet-Add-helper-for-set_pauseparam-for-Asym-.patch * backport-5.4/704-v4.20-net-phy-Stop-with-excessive-soft-reset.patch * backport-5.4/705-v5.1-net-phy-provide-full-set-of-accessor-functions-to-MM.patch * backport-5.4/706-v5.1-net-phy-add-register-modifying-helpers-returning-1-o.patch * backport-5.4/707-v5.1-net-phy-add-genphy_c45_check_and_restart_aneg.patch * backport-5.4/708-v5.3-net-phylink-remove-netdev-from-phylink-mii-ioctl-emu.patch * backport-5.4/709-v5.3-net-phylink-support-for-link-gpio-interrupt.patch * backport-5.4/710-v5.3-net-phy-allow-Clause-45-access-via-mii-ioctl.patch * backport-5.4/711-v5.3-net-sfp-add-mandatory-attach-detach-methods-for-sfp-.patch * backport-5.4/712-v5.3-net-sfp-remove-sfp-bus-use-of-netdevs.patch * backport-5.4/713-v5.2-net-phylink-avoid-reducing-support-mask.patch * backport-5.4/714-v5.3-net-sfp-Stop-SFP-polling-and-interrupt-handling-duri.patch * backport-5.4/715-v5.3-net-phylink-don-t-start-and-stop-SGMII-PHYs-in-SFP-m.patch * backport-5.4/740-v5.5-net-phy-avoid-matching-all-ones-clause-45-PHY-IDs.patch * backport-5.4/741-v5.5-net-phylink-fix-link-mode-modification-in-PHY-mode.patch * pending-5.4/103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch * pending-5.4/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch * pending-5.4/132-spi-spi-gpio-fix-crash-when-num-chipselects-is-0.patch * pending-5.4/220-optimize_inlining.patch * pending-5.4/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch * pending-5.4/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch * pending-5.4/477-mtd-add-spi-nor-add-mx25u3235f.patch * pending-5.4/479-mtd-spi-nor-add-eon-en25qh64.patch Some bigger changes were done to this feature and we did not port this patch yet: * hack-5.4/207-disable-modorder.patch This depends on BOOTMEM which was removed from the kernel, this needs some bigger changes: * hack-5.4/930-crashlog.patch A different version of the FPU disable patch was merged upstream, OpenWrt needs some adaptations. * pending-5.4/304-mips_disable_fpu.patch - no crashlog support yet as a required file got deleted upstream - Removed patch below, which is now seen as a recursive dependency [1] - Removed patch below due to build error [2] - fix still required to avoid identical function def [3] - Fixes included from Blocktrron - Fixes included from Chunkeey - Fix included from nbd regarding "dst leak in Flow Offload" [1] target/linux/generic/hack-5.4/260-crypto_test_dependencies.patch [2] target/linux/generic/hack-5.4/207-disable-modorder.patch [3] target/linux/generic/pending-5.4/613-netfilter_optional_tcp_window_check.patch Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: David Bauer <mail@david-bauer.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> Signed-off-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.106Koen Vandeputte2020-02-241-2/+2
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 950-0786-leds-pca963x-Fix-open-drain-initialization.patch Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.105Koen Vandeputte2020-02-241-2/+2
| | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2013-1798 - CVE-2019-3016 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.171Koen Vandeputte2020-02-241-2/+2
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2013-1798 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: fix empty SUBTARGET in json filesPaul Spooren2020-02-131-1/+1
| | | | | | | | | | | | | | | Some targets like kirkwood or omap don't use a subtarget which results in a malformed JSON info file. Instead of having a valid value like `"target": "ath79/tiny"` for these targets the value is `"target": "kirkwood/"`. This patch uses the same if condition to use `generic` if the subtarget is empty. Tested for the kirkwood target. Signed-off-by: Paul Spooren <mail@aparcar.org>
* kernel: bump 4.19 to 4.19.101Koen Vandeputte2020-02-041-2/+2
| | | | | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14896 - CVE-2019-14897 Remove upstreamed: - 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch - 950-0202-staging-bcm2835-camera-fix-module-autoloading.patch - 001-4.22-01-MIPS-BCM63XX-drop-unused-and-broken-DSP-platform-dev.patch Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.169Koen Vandeputte2020-02-041-2/+2
| | | | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14896 - CVE-2019-14897 Remove upstreamed: - 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch - 001-4.22-01-MIPS-BCM63XX-drop-unused-and-broken-DSP-platform-dev.patch Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* build: Add KBUILD_HOSTLDLIBSHauke Mehrtens2020-01-261-0/+1
| | | | | | | | | | In Linux kernel commit 8377bd2b9ee1 ("kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS") HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS. This patch adapts the OpenWrt kernel build to this new variable. Without this change the kernel host tools would not link against the libraries found in the staging directory. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* kernel: bump 4.19 to 4.19.98Koen Vandeputte2020-01-241-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.167Koen Vandeputte2020-01-241-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.97Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.166Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.96Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.165Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.95Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.164Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: remove further obsolete kernel version switchesSungbo Eo2020-01-182-16/+7
| | | | | | | | Most of the kernel version switches below 4.14 were removed in commit 97940f876616 ("kernel: remove obsolete kernel version switches"), but some of them still remained. Remove them now. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* build: define check-kernel-size to remove unflashable imagesJeff Kletsky2020-01-151-0/+7
| | | | | | | | | | | | | | | | | | | | | Certain boards have limitations on U-Boot that prevent flashing of images where the kernel size exceeds a threshold, yet sysupgrade can sucessfully manage larger kernels. The current check-size will remove the target artifact if its total size exceeds the threshold. If applied after append-kernel, it will remove the kernel, but the remaining image-assembly steps will continue, resulting in an image without a kernel that is likely unbootable. By defining check-kernel-size, it is now possible to prevent release of such unbootable images through a construct similar to: IMAGE/factory.img := append-kernel | pad-to $$$$(GL_UBOOT_UBI_OFFSET) | \ append-ubi | check-kernel-size $$$$(GL_UBOOT_UBI_OFFSET) Cc: Chuanhong Guo <gch981213@gmail.com> Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
* base-files: fix build for /sbin/pkg_checkXu Wang2020-01-141-1/+1
| | | | | | | | | | Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be included with the packages to check for corruption. This commit fixes two issues: - /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y - checksums were being saved in the wrong file Signed-off-by: Xu Wang <xwang1498@gmx.com>
* netfilter: package required kmods for nftablesJo-Philipp Wich2020-01-141-13/+15
| | | | | | | | | | | | | Package new kmods "nf_tables_set" and "nft_objref" which got introduced with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash" modules to sub-4.18 versions. Also reorder the nftables related netfilter.mk entries alphabetically while touching this code section. Fixes: FS#2699 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* buildsystem: Make PIE ASLR option tristateHauke Mehrtens2020-01-131-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | This tristate choose allows to select to build only some applications with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE is activated for the, which is a huge increase. Network exposed applications like dnsmasq should then be build with PIE enabled, but some applications which are normally not parsing data from the network do not have it activated. The regular option should give a good trade off between extra flash and RAM memory usage and security. This changes the default from building no applications with PIE to build some specifically marked applications with PIE enabled. This option is only activated for targets with bigger flash and RAM to not consume extra memory on the very small targets. On SDK builds the Regular option should always be selected, because some tiny targets share the applications with big targets and only the images for the tiny targets should contain the none PIE applications, but the images for the normal targets should use PIE. The shared packages should always use PIE when it should be normally activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* netfilter: add back nft_hashDavid Bauer2020-01-121-0/+1
| | | | | | | | | | | nft_hash hash falsely removed in commit 97940f876616 ("kernel: remove obsolete kernel version switches"). Add the module back, as otherwise the build fails. Fixes: 97940f876616 ("kernel: remove obsolete kernel version switches") Signed-off-by: David Bauer <mail@david-bauer.net>
* kernel: remove obsolete kernel version switchesAdrian Schmutzler2020-01-121-14/+12
| | | | | | | | | After kernel 4.9 has been removed, this removes all (now obsolete) kernel version switches that deal with versions before 4.14. Package kmod-crypto-iv is empty now and thus removed entirely. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: remove support for kernel 4.9Adrian Schmutzler2020-01-081-2/+0
| | | | | | No target uses kernel 4.9 anymore. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* treewide: move mktplinkfw to tplink-v1-image in image-commands.mkAdrian Schmutzler2020-01-081-0/+22
| | | | | | | | | | | | | | | | | | | | | This move the slightly different target-specific implementations of mktplinkfw from the targets to include/image-commands.mk and renames it to tplink-v1-image. Having a common version will increase consistency between implementation and will complete the tplink build command already present in the new location. Due to the slight differences of the original implementations, this also does some adjustments to the device build commands/variables. This also moves rootfs_align as this is required as dependency. Tested on: - TL-WDR4300 v1 (ath79, factory) - TL-WDR4900 v1 (mpc85xx, sysupgrade) - RE210 v1 (ramips, see Tested-by) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Tested-by: Christoph Krapp <achterin@googlemail.com>
* kernel: bump 4.9 to 4.9.208Hauke Mehrtens2020-01-051-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: none Runtime-tested on: none Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.93Hauke Mehrtens2020-01-051-2/+2
| | | | | | | | | | | | | | Refreshed all patches. The patch hack-4.19/550-loop-better-discard-for-block-devices.patch was replaced with an new version of the patch from: https://lore.kernel.org/patchwork/patch/1153625/ https://lore.kernel.org/patchwork/patch/1153626/ Compile-tested on: ipq40xx, lantiq Runtime-tested on: ipq40xx, lantiq Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.162Hauke Mehrtens2020-01-051-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ramips Runtime-tested on: ramips Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.161Hauke Mehrtens2020-01-041-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx, ramips Runtime-tested on: ipq40xx Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.9 to 4.9.207Hauke Mehrtens2019-12-241-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.160Hauke Mehrtens2019-12-241-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx, apm821xx Runtime-tested on: ipq40xx Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.91Hauke Mehrtens2019-12-241-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx, apm821xx Runtime-tested on: ipq40xx Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.90Koen Vandeputte2019-12-241-2/+2
| | | | | | | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 010-dmaengine-dw-dmac-implement-dma-prot.patch - 950-0148-Increase-firmware-call-buffer-size-to-48-bytes.patch - 950-0206-Mailbox-firmware-calls-now-use-kmalloc-2749.patch - 402-leds-trigger-netdev-fix-handling-on-interface-rename.patch Fixes: - CVE-2019-19332 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [Add 010-dt-bindings-dmaengine-dw-dmac-add-protection-control.patch] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.159Koen Vandeputte2019-12-241-2/+2
| | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 302-0002-dmaengine-dw-implement-per-channel-protection-contro.patch Fixes: - CVE-2019-19332 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>