Commit graph

11 commits

Author SHA1 Message Date
Koen Vandeputte
c764b2b531 kernel: bump 4.14 to 4.14.79
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-05 16:00:00 +01:00
Koen Vandeputte
ca88f4153f kernel: bump 4.14 to 4.14.77
Refreshed all patches.

Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Koen Vandeputte
6b4ba118ac kernel: bump 4.14 to 4.14.66
Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Axel Neumann
65c05301c2 Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.

The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.

Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-23 09:47:05 +02:00
Koen Vandeputte
2b9885571b kernel: bump 4.14 to 4.14.49
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86-64
Runtime-tested on: cns3xxx, imx6, x86-64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 07:10:19 +02:00
Stijn Tintel
e52f3e9b13 kernel: bump 4.14 to 4.14.48
Remove upstreamed patches:
generic/pending/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
generic/pending/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
generic/pending/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
lantiq/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
Update patches that no longer apply:
generic/pending/811-pci_disable_usb_common_quirks.patch
ath79/0009-MIPS-ath79-add-lots-of-missing-registers.patch

Fixes CVE-2018-6412.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-06-05 22:54:00 +03:00
Koen Vandeputte
e2aa0c3f8b kernel: bump 4.14 to 4.14.41
Refreshed all patches

Dropped upstreamed patches:
522-PCI-aardvark-fix-logic-in-PCI-configuration-read-write-functions.patch
523-PCI-aardvark-set-PIO_ADDR_LS-correctly-in-advk_pcie_rd_conf.patch
525-PCI-aardvark-use-isr1-instead-of-isr0-interrupt-in-legacy-irq-mode.patch
527-PCI-aardvark-fix-PCIe-max-read-request-size-setting.patch

updated patches:
524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch

Added new ARM64 symbol: CONFIG_ARM64_ERRATUM_1024718

Compile-tested on: cns3xxx, imx6, mvebu (arm64), x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-18 09:10:46 +02:00
Stijn Tintel
ec1d7b9461 kernel: bump 4.14 to 4.14.34
Refresh patches.
Update patches that no longer apply:
- backport/313-netfilter-remove-defensive-check-on-malformed-packet.patch
- pending/642-net-8021q-support-hardware-flow-table-offload.patch

Compile-tested: x86/64.
Runtime-tested: x86/64.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-16 00:22:57 +03:00
Kabuli Chana
7c1dae6e26 kernel: bump to version 4.14.25
compile/test target mvebu/rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-03-09 22:12:48 +01:00
Kevin Darbyshire-Bryant
9ddfac8015 kernel: bump 4.14 to 4.14.14
Refresh patches.

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:00 +01:00
Hauke Mehrtens
b3f95490b9 kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:19 +01:00