Commit Graph

478 Commits (1c308bbbf598e09e463f67686ff4b7dafcb98ae6)

Author SHA1 Message Date
Stijn Tintel 88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Stijn Tintel 3072908d0d kernel: bump 4.14 to 4.14.18
Refresh patches.

Remove upstreamed patches:
- apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by
upstream commit d32e5740001972c1bb193dd60af02721d047a17e.
Update patch that no longer applies: hack/204-module_strip.patch

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-08 18:43:13 +01:00
Alexandru Ardelean 953bf6b43d kernel.mk: update LINUX_VERSION filename for cloned repo
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.

The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.

If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Kevin Darbyshire-Bryant a30370bbf1 kernel: bump 4.4 to 4.4.112
Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant 9ddfac8015 kernel: bump 4.14 to 4.14.14
Refresh patches.

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:00 +01:00
Kevin Darbyshire-Bryant 7c7586b6d0 kernel: bump 4.14 to 4.14.13
Refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:34:33 +01:00
Kevin Darbyshire-Bryant eceff9ea8f kernel: bump 4.4 to 4.4.111
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:33:40 +01:00
Kevin Darbyshire-Bryant 2228dbf4e6 kernel: bump 4.9 to 4.9.76
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-11 20:32:36 +01:00
Kevin Darbyshire-Bryant efb375b579 kernel: bump 4.4 to 4.4.110
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[fix typo in commit msg, conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Kevin Darbyshire-Bryant 1d2590f838 kernel: bump 4.9 to 4.9.75
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Stijn Tintel aa399b4e27 kernel: bump 4.14 to 4.14.12
No patch refresh required.

Compile-tested on: octeon, x86/64.
Runtime-tested on: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-08 20:13:03 +02:00
Stijn Tintel c5ca1c9ab6 kernel: bump 4.14 to 4.14.11
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch

Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.

Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-03 00:07:10 +02:00
Kevin Darbyshire-Bryant 4b275baf91 kernel: bump 4.9 to 4.9.73
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-02 07:14:09 +01:00
Kevin Darbyshire-Bryant e547f1692a kernel: bump 4.4 to 4.4.108
Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant 7b6e01d389 kernel: bump 4.9 to 4.9.72
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant b0d99b77e5 kernel: bump 4.4 to 4.4.107
Refresh patches.

Update patch that no longer applied:
oxnas/0072-mtd-backport-v4.7-0day-patches-from-Boris.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
2017-12-23 15:36:01 +01:00
Hauke Mehrtens f704b643b9 kernel: Update kernel 4.9 to 4.9.70
Runtime tested on lantiq.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-19 22:45:27 +01:00
Hauke Mehrtens b3f95490b9 kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:19 +01:00
Stijn Tintel f997478655 kernel: bump 4.9 to 4.9.67
Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 01:41:09 +02:00
Rosen Penev 7a318bc1a1 kernel: Update kernel 4.4 to 4.4.100
Run-tested on ramips

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-25 19:48:39 +01:00
Stijn Tintel 9fe59abef8 kernel: bump 4.9 to 4.9.65
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: ar71xx, octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-24 14:09:11 +02:00
Koen Vandeputte 62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Stijn Tintel 834810617e kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 17:23:34 +03:00
Kevin Darbyshire-Bryant 398edca82e kernel: bump 4.4 to 4.4.93
No patch refresh required.

Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-15265
- CVE-2017-0786

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:14 +03:00
Kevin Darbyshire-Bryant 886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Kevin Darbyshire-Bryant f251a795f2 kernel: bump 4.4 to 4.4.92
No patch refresh changes required.

Compile tested for: ar71xx Archer C7 v2
Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-14 00:13:35 +02:00
Stijn Tintel f12c42940d kernel: bump 4.9 to 4.9.54
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch

Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Kevin Darbyshire-Bryant e77fa68f1f kernel: bump 4.4 to 4.4.91
Refresh patches.

Compile-tested for: ar71xx Archer C7 v2
Run-tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-08 20:51:03 +03:00
Stijn Tintel f625df7ab8 kernel: update 4.9 to 4.9.53
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Kevin Darbyshire-Bryant ae2a8a3b9b kernel: update 4.4 to 4.4.90
No patch refresh required.

Compile & run tested: ar71xx Archer C7 v2

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[reference fixed CVEs]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Kevin Darbyshire-Bryant 657f2a1ff8 kernel: update 4.4 to 4.4.89
Refresh patches.
Compile & run tested on ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-29 07:42:43 +03:00
Stijn Tintel fde7688055 kernel: update 4.9 to 4.9.52
Refresh patches.
Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:50 +03:00
Stijn Tintel 6e48eb22b8 kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-20 23:50:55 +03:00
Stijn Tintel e37c7636ee kernel: update 4.9 to 4.9.50
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.

Fixes CVE-2017-1000251.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2017-09-18 04:35:57 +03:00
Florian Fainelli bb83c9dcca kernel: update to 3.18.71
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 02:08:18 +03:00
Kevin Darbyshire-Bryant 820101873d kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx  Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-16 19:27:08 +02:00
Stijn Tintel d5b7215e31 kernel: update 4.9 to 4.9.49
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes CVE-2017-11600.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant 09735db18b kernel: update 4.4 to 4.4.87
Fixes CVE-2017-11600

No patch refresh required

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-09 09:55:25 +02:00
Kevin Darbyshire-Bryant 9c82861cb8 kernel: update 4.4 to 4.4.86
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-05 08:43:39 +02:00
Stijn Tintel 046618f5da kernel: update 4.9 to 4.9.47
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 22:06:28 +03:00
Kevin Darbyshire-Bryant 3435de8c16 kernel: update 4.4 to 4.4.85
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-31 19:14:52 +02:00
Koen Vandeputte 40213cc154 kernel: update 4.9 to 4.9.45
Refreshed all patches

Compiled & run-tested on targets: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-30 17:05:10 +02:00
Kevin Darbyshire-Bryant 364befeccf kernel: update 4.4 to 4.4.83
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[cleanup commit message, add compile/runtime tested]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 14:31:45 +02:00
Stijn Tintel 2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
Hauke Mehrtens 39e8ab17d5 kernel: update kernel 4.4 to version 4.4.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:26 +02:00
Hauke Mehrtens 88f3c63572 kernel: update kernel 4.9 to version 4.9.40
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:17 +02:00
Koen Vandeputte cd54b2d42b kernel: update kernel 4.9 to 4.9.37
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:

473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed

403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0

180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item

Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-07-15 00:13:05 +02:00
Stijn Tintel f80963d4d1 kernel: update kernel 4.4 to 4.4.74
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:42:50 +02:00
Koen Vandeputte 69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00