Commit graph

428 commits

Author SHA1 Message Date
Jo-Philipp Wich
55623a9c83 kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 01:03:39 +02:00
Hauke Mehrtens
b9600b8542 kernel: really select kernel 4.4.71
The previous commit f4a4f324cb ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-07 23:01:35 +02:00
Jo-Philipp Wich
f4a4f324cb kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-07 21:40:42 +02:00
Hauke Mehrtens
7142cb45b4 kernel: update kernel 4.4 to 4.4.70
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Hauke Mehrtens
0b17375931 kernel: update kernel 4.9 to 4.9.30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Koen Vandeputte
e842e16f45 kernel: update kernel 4.9 to 4.9.29
- Refresh all patches
- Removed upstreamed
- Adapted 1

Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:51:22 +02:00
Kevin Darbyshire-Bryant
088e28772c kernel: update kernel 4.4 to version 4.4.69
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:

062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block

Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.

Run tested ar71xx Archer C7 v2 and lantiq.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:48:16 +02:00
Jo-Philipp Wich
aefa195749 kernel: update kernel 4.4 to 4.4.61
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-15 18:26:41 +02:00
Hauke Mehrtens
c3778f2647 kernel: update kernel 4.4 to 4.4.59
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:48:00 +02:00
Hauke Mehrtens
b26e34214c kernel: update kernel 4.9 to 4.9.20
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:47:55 +02:00
Hauke Mehrtens
fb7ea71c15 kernel: update kernel 4.9 to 4.9.17
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:19 +02:00
Hauke Mehrtens
88b125e9a4 kernel: update kernel 4.4 to 4.4.56
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:12 +02:00
Hauke Mehrtens
31c6452107 kernel: update kernel 4.4 to 4.4.53
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-12 15:46:02 +01:00
Hauke Mehrtens
9a065fcfec kernel: update kernel 4.9 to 4.9.14
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-12 15:45:50 +01:00
Kevin Darbyshire-Bryant
f229f4af31 kernel: update kernel 4.4 to 4.4.52
Bump kernel from 4.4.50 to 4.4.52

Refresh patches

Compile tested all 4.4. targets

Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-03-03 18:17:47 +01:00
Ansuel Smith
a0a9ba0464 kernel: update 4.9 to 4.9.13
refresh patch 630-packet_socket_type

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-27 11:39:31 +01:00
Ansuel Smith
9c3e29033d kernel: update 4.9 to 4.9.12
Refresh generic patch

Compiled and tested WRT1900ACS

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-26 08:44:26 +01:00
Kevin Darbyshire-Bryant
91a65f6c88 kernel: update kernel 4.4 to 4.4.50
Bump kernel from 4.4.49 to 4.4.50

Compile tested: All targets

Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-23 10:40:21 +01:00
Hauke Mehrtens
a11243578a kernel: update kernel 4.4 to version 4.4.49
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-16 00:46:29 +01:00
Hauke Mehrtens
236840eb47 kernel: update kernel 4.9 to version 4.9.10
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-16 00:46:23 +01:00
Stijn Tintel
d2c4041f02 kernel: update kernel 4.4 to version 4.4.47
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.

Runtime-tested on ar71xx, octeon, ramips and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-06 03:23:06 +01:00
Felix Fietkau
f791fb4af4 kernel: add linux 4.9 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Tim Harvey <tharvey@gateworks.com> [fixes]
2017-02-04 20:28:14 +01:00
Koen Vandeputte
3becadd56c kernel: bump to 4.4.46
Refreshed patches for all supported targets.

Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64.
Run-tested on ar71xx, cns3xxx, imx6 and mt7621.

Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-02-02 20:59:57 +01:00
Koen Vandeputte
4d1515070b kernel: bump to 4.4.45
Refreshed patches for all supported targets.

Compiled & tested on cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-01-27 23:17:49 +01:00
Stijn Segers
20996edd68 Kernel: bump to 4.4.44
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.

.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
2017-01-27 11:18:27 +01:00
Hauke Mehrtens
5b089e45a6 kernel: update 4.4 kernel to 4.4.42
Refresh patches on all 4.4 supported platforms.
Compile & run tested: lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-13 23:05:36 +01:00
Felix Fietkau
b7bee2858b kernel: remove linux 4.1 support
The only target still referencing it is omap24xx, and it is marked as
broken.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 13:09:33 +01:00
Hauke Mehrtens
88ca6390ea kernel: bump to 4.4.40
Refresh patches on all 4.4 supported platforms.
Compile & run tested: lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-06 19:38:55 +01:00
Kevin Darbyshire-Bryant
79abb8f140 kernel: bump to 4.4.39
Bump & refresh patches for all 4.4 targets.

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-12-20 09:35:36 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Kevin Darbyshire-Bryant
f5b833b8fe kernel: bump to 4.4.38
Bump & refresh patches for all 4.4 supported targets.

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-12-13 08:28:28 +01:00
Álvaro Fernández Rojas
758ef7aa99 kernel: bump to 4.4.36
Refresh patches on all 4.4 supported platforms.
Compile & run tested: brcm2708/bcm2710 - Raspberry Pi 3

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-12-04 12:31:30 +01:00
Kevin Darbyshire-Bryant
102cb4742c kernel: bump to 4.4.35
Refresh patches on all 4.4 supported platforms.

077-0005-bgmac-stop-clearing-DMA-receive-control-register-rig.patch
removed as now upstream.

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-11-29 21:12:08 +01:00
Stijn Tintel
8e47655d4e kernel: update kernel 4.4 to version 4.4.32
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-11-16 17:31:29 +01:00
Koen Vandeputte
3bbc3bd1bd kernel: update kernel 4.4 to version 4.4.31
+ Refresh patches
compile/run-tested on cns3xxx & imx6.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2016-11-16 10:54:33 +01:00
Stijn Segers
2f2ea7b44c kernel: update kernel 4.4 to version 4.4.30
This patch bumps the 4.4 kernel from .28 to .30 and refreshes the patches.
Compile-tested on ar71xx, x86/64, ramips/mt7621, brcm47xx and kirkwood.

Run-tested on ar71xx & ramips/mt7621, brcm47xx and kirkwood (last two confirmed
by P. Wassi).

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
2016-11-02 10:25:44 +01:00
Paul Wassi
a569354481 kernel: update kernel 4.4 to version 4.4.28
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on ar71xx, brcm47xx, kirkwood.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2016-10-31 16:33:53 +01:00
Stijn Tintel
75e63c2494 kernel: update kernel 3.18 to version 3.18.43
Refresh patches for all targets supporting 3.18 and not marked broken.
Compile-tested on all targets using 3.18 and not marked broken.

Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-10-24 20:25:14 +03:00
Stijn Tintel
2fc3680dd0 kernel: update kernel 4.1 to version 4.1.34
Refresh patches for all targets supporting 4.1 and not marked broken.
Compile-tested on all targets using 4.1 and not marked broken.

Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Changes to generic/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch based
on a90ee92337.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-10-24 20:25:14 +03:00
Álvaro Fernández Rojas
920f922652 kernel: update kernel 4.4 to version 4.4.27
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-10-23 14:56:09 +02:00
Koen Vandeputte
32c28a78f7 kernel: update kernel 4.4 to version 4.4.26
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on cns3xxx & imx6.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2016-10-21 18:52:28 +03:00
Koen Vandeputte
7f87f82753 kernel: update kernel 4.4 to version 4.4.25
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on cns3xxx & imx6.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2016-10-16 16:27:38 +02:00
Álvaro Fernández Rojas
7cc89af937 kernel: update kernel 4.4 to version 4.4.24
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-10-08 09:40:15 +02:00
Álvaro Fernández Rojas
7d559169c5 kernel: update to v4.4.23
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-30 20:08:21 +02:00
Stijn Segers
949cfbb243 kernel: update kernel 4.4 to version 4.4.22
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
2016-09-30 13:34:04 +02:00
Álvaro Fernández Rojas
41eab9048b kernel: update kernel 4.4 to version 4.4.21
Refresh patches for all targets that support kernel 4.4.
Compile-tested on brcm2708 only.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-16 10:17:27 +02:00
Álvaro Fernández Rojas
d14c28fc80 kernel: update kernel 4.4 to version 4.4.20
Refresh patches for all targets that support kernel 4.4.
Compile-tested on brcm2708 only.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 08:10:55 +02:00
Stijn Tintel
8072264b96 kernel: update kernel 4.4 to version 4.4.19
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-08-23 10:51:17 +03:00
Hauke Mehrtens
efa1960abb kernel: update kernel 4.4 to version 4.4.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-07-13 15:39:15 +02:00
Hauke Mehrtens
84d489f64f kernel: update to version 4.4.14
Changelog: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.14

Some manual changes to target/linux/generic/patches-4.4/610-
netfilter_match_bypass_default_checks.patch were needed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-26 18:20:37 +02:00