The following patch was integrated upstream:
* target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.
They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.
Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
I-O DATA WN-AC1600DGR2 is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.
Specification:
- Qualcomm Atheros QCA9557
- 128 MB of RAM
- 16 MB of Flash
- 2.4/5 GHz wifi
- 2.4 GHz: 2T2R (SoC internal)
- 5 GHz: 3T3R (QCA9880)
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 6x keys (4x buttons, 1x slide switch)
- UART header on PCB
- Vcc, GND, TX, RX from ethernet port side
- 115200n8
Flash instruction using factory image:
1. Connect the computer to the LAN port of WN-AC1600DGR2
2. Connect power cable to WN-AC1600DGR2 and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Buffalo BHR-4GRV2 is a wired router, based on Qualcomm Atheros
QCA9558.
Ported from ar71xx target.
Specification:
- Qualcomm Atheros QCA9558
- 64 MB of RAM
- 16 MB of Flash
- 5x 10/100/1000 Ethernet
- QCA8337N
- 4x LEDs, 2x keys
- UART header on PCB
- Vcc, TX, RX, GND from LED side
- 115200n8
Flash instruction using factory image:
1. Connect the computer to the LAN port of BHR-4GRV2
2. Connect power cable to BHR-4GRV2 and turn on it
3. Access to "http://192.168.12.1/" and open firmware update
page ("ファームウェア更新")
4. Select the OpenWrt factory image and click update ("更新実行")
button
5. Wait ~120 seconds to complete flashing
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Make sure the Shell-expression returns true also in case of
key-build.ucert being absent.
Fixes commit 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit 42a3c6465a.
The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.
Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refreshed all patches
Remove upstreamed patches.
- 103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch
- 001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch
- 001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- 001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- 900-gen_stats-fix-netlink-stats-padding.patch
Introduce a new backported patch to address ext4 breakage, introduced in 4.9.112
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
This patch has been slightly altered to compensate for a new helper function
introduced in later kernels.
Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9
Compile-tested on: ar71xx, bcm2710
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Fix building packages with LTO when CONFIG_PKG_ASLR_PIE is enabled.
Despite comment of PR lto/80838, it seems that GCC needs -fPIC on linker
command line, even if all objects are -fPIC. This may change as PR
lto/80838 is merged into 8.1
compile-tested: ar71xx, ath79
Fix commits:
6dac92a42e8c11133c9d07940acc34e7397eef69ef16a394d2ef96d1e34a47b42137ce73fc67b614154c0c4006804c51e1e6
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.
In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.
To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.
Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.
It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.
make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'
Signed-off-by: 李国 <uxgood.org@gmail.com>
Rereshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
- Make the code more GitHub-specific
- Requires mirror hash to work with .gitattributes
- Use different API depending on whether PKG_SOURCE_VERSION is a
complete commit id or other ref types like tags
- Fix removing symbolic link
- pre-clean dir_untar for possible leftovers from previous run
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Seems like the python download.py dl_method call causes serious
performance regression for fresh "make defconfig" as reported in
FS#1621. GitHub tarball download will also be disabled with this
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.
Fixes: FS#1123
Signed-off-by: Mathias Kresin <dev@kresin.me>