Commit graph

2272 commits

Author SHA1 Message Date
Jonas Gorski
e5e5c3f5fd build: ensure PKG_INFO_DIR exists before trying to use it
PKG_INFO_DIR is only created at the finish step of the first package
build, but kernel modules now use it at the start. Doing a parallel build
could cause a kernel module to be the first package, breaking the build.

Fix this by ensuring the directory exists.

Fixes: 2e496876c6 ("kernel: collect module symvers for external modules")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-28 11:19:25 +02:00
Jonas Gorski
2e496876c6 kernel: collect module symvers for external modules
Collect module symvers for all external modules to make them available
for modpost. This fixes dependencies for most external modules.

Example:

Before:

root@LEDE:/# modinfo mt76
module:         /lib/modules/4.4.74/mt76.ko
license:        Dual BSD/GPL
depends:

After:

root@LEDE:/# modinfo mt76
module:         /lib/modules/4.4.74/mt76.ko
license:        Dual BSD/GPL
depends:        mac80211,cfg80211

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Martin Wetterwald
378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Florian Fainelli
474391573b include: Silence external kernel version checks
During the initial configuration phases, we have not set-up the kernel
source directory, which would lead to such messages:

cat:
/local/users/fainelli/openwrt/trunk/build_dir/target-x86_64_musl/linux-uml/linux-4.9.58/include/config/kernel.release:
No such file or directory

Just silence it, since it does not create a functional problem.

Fixes: 8e0e0e7d8b ("include: Determine MODULES_DIR correctly for external/git kernels")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-24 16:59:15 -07:00
Florian Larysch
f28b3bb56a kernel: fixup KARCH for powerpc64 builds
The kernel calls both ppc64 and ppc32 "powerpc", so we need to fixup
LINUX_KARCH when building with ARCH=powerpc64.

Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
56ed89f078 target: add cpu flags for powerpc64
Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
555985ac90 include/site: add powerpc64 config
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:04 +02:00
Florian Fainelli
818f36aa14 include: Include new location for DT bindings
Starting with commit d5d332d3f7e8 ("devicetree: Move include prefixes
from arch to separate directory") included in 4.12 and newer relocated
the dt-bindings directory, so account for that while passing CPPFLAGS
before DTC runs.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:39:29 -07:00
Stijn Tintel
834810617e kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 17:23:34 +03:00
Kevin Darbyshire-Bryant
398edca82e kernel: bump 4.4 to 4.4.93
No patch refresh required.

Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-15265
- CVE-2017-0786

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:14 +03:00
Kevin Darbyshire-Bryant
886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Kevin Darbyshire-Bryant
f251a795f2 kernel: bump 4.4 to 4.4.92
No patch refresh changes required.

Compile tested for: ar71xx Archer C7 v2
Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-14 00:13:35 +02:00
Alexander Couzens
49b84624eb image-commands: tplink-v2-header: pass kernel loadaddr and entry
Initramfs images won't boot if the default loadaddr and entrypont is
different.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-10-09 16:10:05 +02:00
Stijn Tintel
f12c42940d kernel: bump 4.9 to 4.9.54
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch

Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Kevin Darbyshire-Bryant
e77fa68f1f kernel: bump 4.4 to 4.4.91
Refresh patches.

Compile-tested for: ar71xx Archer C7 v2
Run-tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-08 20:51:03 +03:00
Stijn Tintel
f625df7ab8 kernel: update 4.9 to 4.9.53
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Kevin Darbyshire-Bryant
ae2a8a3b9b kernel: update 4.4 to 4.4.90
No patch refresh required.

Compile & run tested: ar71xx Archer C7 v2

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[reference fixed CVEs]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Thibaut VARÈNE
254061ee97 build: add mktplinkfw2 hardcoded values to makefile
This patch adds all the board-specific values currently hardcoded
in mktplinkfw2.c back to the respective device declarations in the
makefiles.

The rationale is to avoid modifying the source code every time a
new board or board variant is added.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2017-10-06 08:28:41 +02:00
Felix Fietkau
603900ef82 build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errors
Certain functions are available in system headers, but only work on
macOS 10.13

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-05 21:14:43 +02:00
Kevin Darbyshire-Bryant
657f2a1ff8 kernel: update 4.4 to 4.4.89
Refresh patches.
Compile & run tested on ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-29 07:42:43 +03:00
Stijn Tintel
fde7688055 kernel: update 4.9 to 4.9.52
Refresh patches.
Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:50 +03:00
Stijn Tintel
6e48eb22b8 kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-20 23:50:55 +03:00
Sandeep Sheriker Mallikarjun
feb1907270 build: add image command for installing zImage file.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:00:25 +02:00
Philip Prindeville
76ba01a392 build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-20 08:50:49 +02:00
Stijn Tintel
e37c7636ee kernel: update 4.9 to 4.9.50
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.

Fixes CVE-2017-1000251.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2017-09-18 04:35:57 +03:00
Florian Fainelli
bb83c9dcca kernel: update to 3.18.71
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 02:08:18 +03:00
Kevin Darbyshire-Bryant
820101873d kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx  Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-16 19:27:08 +02:00
Stijn Tintel
d5b7215e31 kernel: update 4.9 to 4.9.49
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes CVE-2017-11600.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant
09735db18b kernel: update 4.4 to 4.4.87
Fixes CVE-2017-11600

No patch refresh required

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-09 09:55:25 +02:00
Kevin Darbyshire-Bryant
9c82861cb8 kernel: update 4.4 to 4.4.86
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-05 08:43:39 +02:00
Stijn Tintel
046618f5da kernel: update 4.9 to 4.9.47
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 22:06:28 +03:00
Kevin Darbyshire-Bryant
3435de8c16 kernel: update 4.4 to 4.4.85
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-31 19:14:52 +02:00
Koen Vandeputte
40213cc154 kernel: update 4.9 to 4.9.45
Refreshed all patches

Compiled & run-tested on targets: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-30 17:05:10 +02:00
Kevin Darbyshire-Bryant
364befeccf kernel: update 4.4 to 4.4.83
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[cleanup commit message, add compile/runtime tested]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 14:31:45 +02:00
Stijn Tintel
2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
John Crispin
74d00a8c38 kernel: split patches folder up into backport, pending and hack folders
* properly format/comment all patches
* merge debloat patches
* merge Kconfig patches
* merge swconfig patches
* merge hotplug patches
* drop 200-fix_localversion.patch - upstream
* drop 222-arm_zimage_none.patch - unused
* drop 252-mv_cesa_depends.patch - no longer required
* drop 410-mtd-move-forward-declaration-of-struct-mtd_info.patch - unused
* drop 661-fq_codel_keep_dropped_stats.patch - outdated
* drop 702-phy_add_aneg_done_function.patch - upstream
* drop 840-rtc7301.patch - unused
* drop 841-rtc_pt7c4338.patch - upstream
* drop 921-use_preinit_as_init.patch - unused
* drop spio-gpio-old and gpio-mmc - unused

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-05 08:46:36 +02:00
Hauke Mehrtens
39e8ab17d5 kernel: update kernel 4.4 to version 4.4.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:26 +02:00
Hauke Mehrtens
88f3c63572 kernel: update kernel 4.9 to version 4.9.40
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:17 +02:00
Piotr Dymacz
f08f754993 build: move mktplinkfw-combined command to image-commands.mk
We will need "mktplinkfw-combined" command also in the "ramips" target
for new MediaTek based TP-Link devices, with "safeloader" image type.

Also, rename the command to "tplink-v1-header", use "VERSION_DIST"
variable instead of "OpenWrt" and allow passing additional parameters.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-07-22 23:29:50 +02:00
Jo-Philipp Wich
3e26340a2e Revert "kernel: do not try to probe builtin modules on empty kmod package install"
This change currently causes some issues with loading out of tree kernel modules
so revert that commit for now.

Reverts commit 34c01e68b5. Fixes FS#919.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-21 18:55:19 +02:00
Jonas Gorski
34c01e68b5 kernel: do not try to probe builtin modules on empty kmod package install
Builtin modules are always present, and trying to load them will cause
modprobe to spew errors when installing the empty kmod packages.

Fix this by never generating any postinst module install instructions
for builtin modules.

Fixes #842.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-07-20 12:49:09 +02:00
Mathias Kresin
9fe9175c2f image: fix ar71xx legacy images
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:

- an already jffs2 padded squashfs rootfs is overwritten
  with an unpadded/raw one.

- the squashfs-raw and squashfs-64k rootfs are not replaced by the
  ones including the DEVICE_PACKAGES

Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.

Fixes: FS#904

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 07:02:59 +02:00
Koen Vandeputte
cd54b2d42b kernel: update kernel 4.9 to 4.9.37
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:

473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed

403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0

180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item

Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-07-15 00:13:05 +02:00
Alin Nastac
d8748e537f netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2017-07-11 22:09:57 +02:00
Piotr Dymacz
5b7f592251 build: move mktplinkfw2 related commands to image-commands.mk
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Piotr Dymacz
7d6c63d875 build: rename TPLINK_BOARD_NAME to TPLINK_BOARD_ID
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Stijn Tintel
f80963d4d1 kernel: update kernel 4.4 to 4.4.74
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:42:50 +02:00
Koen Vandeputte
69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00
Mathias Kresin
e7cd6f5d66 ar71xx: add AVM FRITZ!WLAN Repeater 300E support
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)

To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin
8e0d7d6574 build: move lzma2eva build step to image-commands.mk
Move it to image-commands.mk so that it can used by other targets with
eva based boards as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Hauke Mehrtens
3ce60ba0a1 build: Fix not altering KERNELRELEASE for external kernel
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054bec ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb ("include: Do not alter KERNELRELEASE for
external/git kernels").

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-19 20:39:33 +02:00
Alexander Couzens
e5fc15bf9a build: move definition of KBUILD_BUILD_TIMESTAMP to include/kernel.mk
Fixes: 0aed054bec (build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS
variables and move to kernel.mk)

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-17 15:09:57 +02:00
Alexander Couzens
acc5ab6b92
include/toplevel: set env GIT_ASKPASS=/bin/true
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-08 17:20:55 +02:00
Felix Fietkau
737b063cc2 build: ensure that flock is available for make download
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-08 11:43:15 +02:00
Jo-Philipp Wich
55623a9c83 kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 01:03:39 +02:00
Hauke Mehrtens
b9600b8542 kernel: really select kernel 4.4.71
The previous commit f4a4f324cb ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-07 23:01:35 +02:00
Jo-Philipp Wich
f4a4f324cb kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-07 21:40:42 +02:00
Felix Fietkau
fec38ebf0d kernel: fix segmentation fault in mconf on linux
Commit 86c966a8ae caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.

Fix this by adding the extra override for HOST_LOADLIBES only on macOS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-07 18:31:10 +02:00
Felix Fietkau
0aed054bec build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-07 18:31:10 +02:00
Jonas Gorski
2ab0963971 build: fix kernel refresh failure on first run
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.

Fixes: 36ba6237d6 ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-06-04 10:36:48 +02:00
Felix Fietkau
1a341e89a7 build: fix kmod package build on non-GNU systems
BSD paste requires a filename argument, and it accepts - to use stdin as
intended.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-29 14:27:08 +02:00
Yousong Zhou
546e20e836 build: fix possible issue with kmod package having multiple AutoLoad's
This commit contains the following changes

 - Use local shell var where appliable
 - The $(sort $$$$$$$$mods) call will have no expected effect
 - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
 - Avoid duplicate arguments for insert_modules() in postinst-pkg

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-27 11:21:55 +08:00
Hauke Mehrtens
7142cb45b4 kernel: update kernel 4.4 to 4.4.70
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Hauke Mehrtens
0b17375931 kernel: update kernel 4.9 to 4.9.30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Felix Fietkau
4b8a7c9b48 build: fix QUILT related overrides
They need to be defined before including quilt.mk

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 20:42:45 +02:00
Felix Fietkau
36ba6237d6 build: fix quilt for mixed package/host builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau
221f323782 build: set QUILT=1 automatically when calling package host build refresh
Makes behavor consistent with package builds and regular host builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau
f62f4b3c5c build: stop overriding STAGING_DIR_HOST for toolchain build
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Florian Fainelli
8e0e0e7d8b include: Determine MODULES_DIR correctly for external/git kernels
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.

To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-25 09:22:43 +02:00
Florian Fainelli
b6746a6ffb include: Do not alter KERNELRELEASE for external/git kernels
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-25 09:22:43 +02:00
Florian Fainelli
d0a6340717 Revert "kernel: prevent addition of scm marker to localversion"
This reverts commit 0df2c6563a since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-25 09:22:43 +02:00
Koen Vandeputte
e842e16f45 kernel: update kernel 4.9 to 4.9.29
- Refresh all patches
- Removed upstreamed
- Adapted 1

Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:51:22 +02:00
Kevin Darbyshire-Bryant
088e28772c kernel: update kernel 4.4 to version 4.4.69
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:

062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block

Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.

Run tested ar71xx Archer C7 v2 and lantiq.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:48:16 +02:00
Michal Sojka
aa8e91a1e4 image.mk: Generate cpiogz with root-owned files
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.

Other image types (at least targz and squashfs) already have this.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-05-14 21:43:17 +02:00
Sergey Ryazanov
e06d8f0f6f build: new fixes for symlinked .config handling
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.

This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.

The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc.

Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-05-11 00:53:05 +02:00
Felix Fietkau
ddbb036bbb build: allow val.% targets to bypass the prepare steps
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-05 13:14:00 +02:00
Yousong Zhou
7842ccecc0 build: reset ALTERNATIVES field in Package/Default
Otherwise ipkg packages may wrongly take on alternatives specs of
another package sharing the same package Makefile

Fixes FS#753

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-03 17:40:46 +08:00
Yousong Zhou
73bc636aba build: ipkg: new field Alternatives
It's a list of specs of the following form seprated by commas to
describe alternatives provided by this package

    <prio>:<path>:<altpath>

<path> will be a symbolic link to <altpath> of the highest <prio>

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:10:51 +08:00
Yousong Zhou
dac629f710 build: cleanup tmp/ dir of target rootfs
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:10:50 +08:00
Daniel Engberg
edda8ecd79 include/packages-defaults.mk: Remove LARGEFILE option
Remove LARGEFILE option, support was removed back in 2011 (OpenWrt rev 25208).

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-04-26 13:39:11 +02:00
Sergey Ryazanov
5bf98b1acc build: fix symlinked .config handling
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.

This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-04-26 11:34:41 +02:00
John Crispin
003e15221a include/image.mk: allow passing a compat string to the NAND image template
Signed-off-by: John Crispin <john@phrozen.org>
2017-04-24 11:11:52 +02:00
Yousong Zhou
b889d1e3cf build: fix aarch64 default cpu selection
Not sure since when the issue emerged, but according to the current doc of gcc
and as, armv8-a is intended as argument of -march

The change will affect at the moment arm64 and layerscape/64b

Below is the relevant error messages when building toolchain

    Assembler messages:
    Error: unknown cpu `armv8-a'
    Error: unrecognized option -mcpu=armv8-a
    /home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-04-23 09:19:33 +08:00
Jo-Philipp Wich
aefa195749 kernel: update kernel 4.4 to 4.4.61
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-15 18:26:41 +02:00
Felix Fietkau
b044bd5921 build: remove package makefile overlay functionality
Recent attempts to use it have shown that it does not work properly
except for a few undocumented cases. It's better to remove this now to
avoid having more people fall into the same trap

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-12 09:53:06 +02:00
Rafał Miłecki
f6433eede7 kernel: move initramfs's init script out of base-files
Keeping it in base-files was resulting in adding it to the base-files
package. This file is meant to be included manually for initramfs
images only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-04-04 14:06:40 +02:00
Felix Fietkau
68139cc0e8 u-boot.mk: pass HOSTCC and HOST_CFLAGS into the build
Cuts build time on Mac OS X in half by avoiding repeated $(shell) calls
from the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-04 12:34:23 +02:00
Philip Prindeville
d3bc11857a target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping
If someone creates a target and indicates a CPU_TYPE, but there's
no corresponding support for that CPU_TYPE's flags in include/target.mk
then that should probably be indicated rather than silently ignored.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-04-04 12:34:13 +02:00
Felix Fietkau
6411a12de2 build: move PKG_CONFIG_DEPENDS from feeds.mk to opkg
Normal packages don't rely on the feed configuration variables for the
build step

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-03 08:51:33 +02:00
Hauke Mehrtens
c3778f2647 kernel: update kernel 4.4 to 4.4.59
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:48:00 +02:00
Hauke Mehrtens
b26e34214c kernel: update kernel 4.9 to 4.9.20
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:47:55 +02:00
Hauke Mehrtens
fb7ea71c15 kernel: update kernel 4.9 to 4.9.17
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:19 +02:00
Hauke Mehrtens
88b125e9a4 kernel: update kernel 4.4 to 4.4.56
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:12 +02:00
Felix Fietkau
89118da865 build: fix STAMP_PREPARED with quilt
quilt.mk needs to be included first, to ensure that STAMP_PREPARED does
not include the hash if quilt is used.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-22 20:17:20 +01:00
Felix Fietkau
370d740647 kernel: do not try to copy vmlinux out of arch/$(ARCH)/boot
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-22 11:43:22 +01:00
John Crispin
eb3ac8281b include: add KERNEL_LOAD_ADDR to TARGET_VARS
This will allow us to override the variable from within a Device template.

Signed-off-by: John Crispin <john@phrozen.org>
2017-03-22 09:45:18 +01:00
Hauke Mehrtens
7c7ea09004 include: Add nomips16 CPU_SUBTYPE
This can be used to indicate that a target does not support the optional mips16
extension even when it is a mips32r2 or later CPU.

This will generate a separate toolchain and a separate package folder,
e.g. mips_24kc_nomips16

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-03-20 22:04:45 +01:00
Felix Fietkau
aab0b0704a build: fix high cpu usage / hang in prereq-build.mk
host-build.mk should not be included for prereq

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-18 21:50:46 +01:00
Felix Fietkau
1f12a3daaa kernel: speed up build system by getting rid of redundant work
KERNELRELEASE contains a $(shell) call which is evaluated over and over
again.
The call to checksyscalls.sh is unnecessary for LEDE and also takes a
few seconds to complete.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-16 19:14:09 +01:00
Felix Fietkau
a9c96ef0ac build: improve performance by avoiding lazy-eval for make shell calls
Avoids lots of redundant calls to mkhash on things like
package/kernel/linux

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-16 19:13:47 +01:00