Refreshed all patches.
Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR
Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.
The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.
Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>