Commit Graph

2861 Commits (040b625c4b530bea4db7312a1af4e59a83be234e)

Author SHA1 Message Date
Koen Vandeputte 604eb94550 kernel: bump 4.9 to 4.9.154
Refreshed all patches.

Adapted patches:
- 012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-01 11:41:00 +01:00
Michal Hrusecky 37e91861cc build: Use LINUX_DIR for Kernel/Patch
Use LINUX_DIR as a path when patching kernel. Doesn't break the current usage,
but allows to create packages that will contain variation of a kernel with
kernel being build in some subdirectory of PKG_BUILD_DIR.

Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
2019-01-30 13:20:14 +01:00
Thorsten Glaser da5bee5345 build: fix umask detection bashism
the leading 0 is optional and not emitted by some shells

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
2019-01-30 12:39:18 +01:00
Jeffery To a117093679 build: fix STAGING_DIR cleaning for packages
This fixes two issues with cleaning package files from STAGING_DIR:

* CleanStaging currently can only remove files and not directories. This
  changes CleanStaging to use clean-package.sh, which does remove
  directories.

* Because of the way directories are ordered in the staging files list,
  clean-package.sh currently tries (and fails) to remove parent
  directories before removing subdirectories. This changes
  clean-package.sh to process the staging files list in reverse, so that
  subdirectories are removed first.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-01-30 12:32:07 +01:00
Koen Vandeputte f003d732d7 kernel: bump 4.19 to 4.19.18
Refreshed all patches.

Removed upstreamed:
- 031-v5.0-MIPS-BCM47XX-Setup-struct-device-for-the-SoC.patch
- 142-jffs2-Fix-use-of-uninitialized-delayed_work-lockdep-.patch

Removed upstreamed hunk in:
- 800-bcma-get-SoC-device-struct-copy-its-DMA-params-to-th.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Koen Vandeputte 3662157d8b kernel: bump 4.14 to 4.14.96
Refreshed all patches.

Remove upstreamed patches:
- 142-jffs2-Fix-use-of-uninitialized-delayed_work-lockdep-.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Koen Vandeputte 662b926146 kernel: bump 4.9 to 4.9.153
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Koen Vandeputte aa95bdd80f kernel: bump 3.18 to 3.18.133
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 18:17:32 +01:00
Petr Štetiar cbbef976e2 build: dtc: Disable noisy warnings by default
While helping with review and build testing of a few 4.19 pull requests,
I've noticed, that dtc compiler in OpenWrt uses different options then
upstream kernel, which is leading to a very noisy output[1]. It wouldn't
be that bad per se, but a lot of such warnings aren't easily fixable so
I think, that we should follow what upstream does and simply ignore^W
silence those noisy warnings.

So this patch tries to syncs dtc compiler flags with upstream kernel
till version 4.19.13, disabling those warnings as they were added in
upstream kernel:

 v4.6-rc1-2-gbc55398 dtc: turn off dtc unit address warnings by default

  The newly added dtc warning to check DT unit-address without reg
  property and vice-versa generates lots of warnings. Turn off the check
  unless building with W=1 or W=2.

 v4.11-rc2-11-g8654cb8 dtc: update warning settings for new bus and node/property

  dtc gained new warnings checking PCI and simple buses, unit address
  formatting, and stricter node and property name checking. Disable the
  new dtc warnings by default as there are 1000s. As before, warnings are
  enabled with W=1 or W=2. The strict node and property name checks are a
  bit subjective, so they are only enabled for W=2.

 v4.16-rc3-9-g4fd98e3 scripts: turn off some new dtc warnings by default

  The latest dtc update adds some new noisy warnings, so turn them off by
  default. Disable 'avoid_unnecessary_addr_size' and 'alias_paths'. They
  can be re-enabled by building with 'W=1'.

 v4.17-rc1-27-g74656b6 kbuild: disable new dtc graph and unit-address warnings

  dtc gained some new warnings for OF graphs and unique unit addresses,
  but they are currently much too noisy. So turn off
  'graph_child_address', 'graph_port', and 'unique_unit_address' warnings
  by default. They can be enabled by building dtbs with W=1.

Build tested on imx6 and ath79 with 4.14 and 4.19.

1. https://github.com/openwrt/openwrt/pull/1694#issuecomment-450864335

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-27 00:16:14 +01:00
Petr Štetiar 66a4978b43 u-boot.mk: Fix building of recent U-Boot sources
This patch fixes following error with U-Boot 2019.01 on imx6:

 In file included from tools/lib/crc16.c:1:0:
 ./tools/../lib/crc16.c: In function 'crc16_ccitt':
 ./tools/../lib/crc16.c:70:2: error: 'for' loop initial declarations are only allowed in C99 mode
   for (int i = 0;  i < len;  i++)
   ^
 ./tools/../lib/crc16.c:70:2: note: use option -std=c99 or -std=gnu99 to compile your code

Code was introduced in the upstream v2019.01-rc1-154-g51c2345:

 commit 51c2345bd24837f9f67f16268da6dc71573f1325
 Author: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
 Date:   Sun Nov 25 19:22:19 2018 +0100

    Roll CRC16-CCITT into the hash infrastructure

Upstream has added -std=gnu11 host flag in v2018.07-rc2-1-gfa89399:

 commit fa893990e9b53425af5f5059e04a2bffde91ccf9
 Author: Tom Rini <trini@konsulko.com>
 Date:   Tue Jun 19 23:53:54 2018 -0400

    Makefile: Ensure we build with -std=gnu11

Build tested on imx6: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g,
                      nitrogen6q, nitrogen6q2g, nitrogen6s, nitrogen6s1g,
                      wandboard

Run tested: apalis (pending PR #1595)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-26 21:46:32 +01:00
Oever González 892d741259 build: add a script for generating Linksys factory images
This commit adds the 'Build/linksys-image' rule and the
'linksys-image.sh' script to the build system.

This change is needed for generating factory images for the Linksys
EA6350v3 device. Without this patch, only valid sysupgrade images can be
generated. With this patch, users can flash the device without the
need of physical access or disassembly.

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:43:07 +01:00
Hauke Mehrtens e61061a088 toolchain: Include hardening.mk for toolchain build
This adds the hardening options also to the toolchain build.
With this change the /usr/lib/libstdc++.so.6.0.24 library will have
stack canaries and the /lib/libgcc_s.so.1 library will have Full RELRO.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-24 21:52:39 +01:00
Jo-Philipp Wich 790bce92ad build: formatting fixes for per-provide ABI_VERSION suffixes
- Filter out potential duplicates with the package name
   (e.g. when renaming libfoo1 w/ ABI_VERSION:=1 to libfoo)
 - Use the GetABISuffix macro to properly separate the suffix
   with a dash in case the basename ends with a number

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:51:39 +01:00
Jo-Philipp Wich 60558790a2 build: extend ABI_VERSION suffixing to provides
When a library package specifies additional provides, e.g. libncurses
which provides libncursesw, we should also append the abi version
suffix to each provide, since there may be more than one package
providing the virtual library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:29 +01:00
Koen Vandeputte 528508ae8b kernel: bump 4.14 to 4.14.95
Refreshed all patches.

Removed superseded patches:
- 0400-Revert-MIPS-smp-mt-Use-CPU-interrupt-controller-IPI-.patch

Compile-tested on: ar71xx, cns3xxx, imx6, lantiq (xrx200, AVM 3370), x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, lantiq (xrx200, AVM 3370)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Mathias Kresin <dev@kresin.me>
Tested-by: Robert Resch <openwrt@webnmail.de>
2019-01-24 10:10:45 +01:00
Koen Vandeputte ed6322a7f8 kernel: bump 4.9 to 4.9.152
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-24 10:10:45 +01:00
Michal Hrusecky 74450124f6 build: Optionally provide file checksums in package metadata
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.

Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
2019-01-22 09:22:25 +01:00
Koen Vandeputte 3fe555c719 kernel: bump 4.14 to 4.14.94
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-21 13:08:39 +01:00
Koen Vandeputte c594cdae0c kernel: bump 4.9 to 4.9.151
Refreshed all patches.

Compile-tested on: ar7
Compile-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-21 13:08:39 +01:00
Jo-Philipp Wich e6bcf1e4ac build: add ABI_VERSION to binary package names
Add the ABI_VERSION source makefile variable to the binary package basename
and resolve source dependencies on packages with ABI_VERSION set to such
expanded names.

If for example a package specifies DEPENDS:=libopenssl while the OpenSSL
Makefile specifies ABI_VERSION:=1.0.0, the resulting ipk control data
dependency will be "Depends: libopenssl1.0.0" and the libopenssl ipk file
will be called "libopenssl1.0.0_<version>_<arch>.ipk".

The next time a library such as OpenSSL is updated to an incompatible
version, the ABI_VERSION shall be changed accordingly to prevent opkg from
simply upgrading to an incompatible library without considering the
dependencies of already installed packages.

Also introduce another "SourceName" control field which is required by
the newly introduced "scritps/ipkg-remove" to determine the proper related
.ipk files to delete upon buildroot package clean operations.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:32:12 +01:00
Jo-Philipp Wich e3d5b384aa build: expose ABI version in .packageauxvars
Subdequent commits need this information to resolve the ABI version when
computing binary ipk dependencies.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:32:01 +01:00
Jo-Philipp Wich 2d9d57b9de build: rename .packagesubdirs to .packageauxvars
Subsequent commits will put more auxiliary information into this file,
such as the per-package ABI version, so rename the metadata script
subcommand and file names accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:31:56 +01:00
Stijn Tintel a37098a2d0 kernel: bump 4.19 to 4.19.16
Refresh patches.
Remove upstreamed patches:
- backport/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch
- backport/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
- backport/424-v4.20-net-dsa-fix-88e6060-roaming.patch
- hack/100-mtd-rawnand-qcom-fix-memory-corruption-that-causes-p.patch
- pending/510-f2fs-fix-sanity_check_raw_super-on-big-endian-machines.patch
Update patch that no longer applies:
- backport/343-netfilter-nft_flow_offload-handle-netdevice-events-f.patch

Compile-tested: mesongx
Runtime-tested: mesongx

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-01-17 03:04:13 +02:00
Koen Vandeputte 63a2ed3ba5 kernel: bump 4.9 to 4.9.150
Refreshed all patches.

Remove upstreamed:
- 096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch

Altered patches:
- 024-7-net-reorganize-struct-sock-for-better-data-locality.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-16 12:56:30 +01:00
Koen Vandeputte 5be22ef2fa kernel: bump 3.18 to 3.18.132
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-16 12:56:30 +01:00
Mathias Kresin 26a016731d firmware-utils: mksercommfw: overhaul image creation
Move the zip compression into a build recipe. Pad the image using the
existing build recipes as well to remove duplicate functionality

Change the code to append header and footer in two steps. Allow to use a
fixed filename as the netgear update image does.

Use a fixed timestamp within the zip archive to make the images
reproducible.

Due to the changes we are now compatible to the gnu89 c standard used by
default on the buildbots and we don't need to force a more recent
standard anymore.

Beside all changes, the footer still looks wrong in compare to the
netgear update image.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-15 19:11:54 +01:00
Stijn Tintel 8c6f00ef4f kernel: bump 4.14 to 4.14.93
Refresh patches.
Remove upstreamed patches:
- backport/096-mips-math-emu-Write-protect-delay-slot-emulation-pages.patch
- pending/510-f2fs-fix-sanity_check_raw_super-on-big-endian-machines.patch
- brcm2708/950-0415-qmi_wwan-apply-SET_DTR-quirk-to-the-SIMCOM-shared-de.patch

Compile-tested: ar71xx, ath79, brcm2708/bcm27{08,10}, octeon, x86/64
Runtime-tested: ar71xx, ath79, brcm2708/bcm27{08,10}, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-01-14 02:20:40 +02:00
Mathias Kresin 6a3f8b8818 build: remove duplicate mksercomfw image recipe
Keep the ramips/mt76x8 copy, since it's only required for this target at
the moment.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-13 18:31:10 +01:00
Koen Vandeputte f56a4e809b kernel: bump 4.14 to 4.14.91
Refreshed all patches.

Removed upstreamed:
- 500-ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Koen Vandeputte 30d518bf16 kernel: bump 4.9 to 4.9.148
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch

Removed upstreamed:
- 424-v4.20-net-dsa-fix-88e6060-roaming.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Koen Vandeputte a18f68ff30 kernel: bump 3.18 to 3.18.131
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Mathias Kresin fd35c5b205 build: move seama commands to image-commands.mk
Move it to image-commands.mk to get rid of duplicate recipes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-30 20:08:13 +01:00
INAGAKI Hiroshi 99df98442e build: move xor-image into image-commands
I moved xor-image into image-commands.mk to use it in ath79 target.

It required for NEC WG800HP.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-12-24 19:18:07 +01:00
Kevin Darbyshire-Bryant 5b3afca757 kernel: bump 4.14 to 4.14.90
Refresh all patches

Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch

Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.

Tested-on: ath79

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-24 15:06:33 +00:00
Yousong Zhou eda3094eb9 build: fix build dependency of kmod .ipk with version filtered files
We need to use resolved file list as prerequisites for repacking kmod
.ipk files.  Note that currently version_filter uses a Makefile macro
KERNEL_PATCHVER that should be available at ipk building time.

Reported-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-12-18 20:04:17 +00:00
Koen Vandeputte 9f2739e924 kernel: bump 4.14 to 4.14.89
Refreshed all patches.

Remove upstreamed patches:
- 096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-18 14:24:57 +01:00
Koen Vandeputte dd0a213bed kernel: bump 4.9 to 4.9.146
Refreshed all patches.

Compile-tested on: brcm2708
Runtime-tested on: brcm2708

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-18 14:24:57 +01:00
Koen Vandeputte 902a9f23d6 kernel: bump 3.18 to 3.18.130
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-18 14:24:57 +01:00
Mathias Kresin 09004e6e13 build: drop cameo-factory recipe
The cameo factory images are created using existing image build
commands, which makes the code obsolete.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-17 23:21:40 +01:00
Mathias Kresin ffdce856e0 build: move append-string to image-commands.mk
Move it to image-commands.mk so that it can used by other targets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-17 23:21:26 +01:00
Sebastian Kemper b8271e9da0 image: remove duplicate cameo-factory
The function was accidentally added twice. Remove the duplicate.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-17 19:44:45 +01:00
Sebastian Kemper 6c3c4436ee ath79: add d-link dir-825-c1 and dir-835-a1
This commit ports both dir-825-c1 and dir-835-a1 from ar71xx to ath79.
They're pretty much identical, except dir-835-a1 has less LEDs.

The routers come with 128 MByte of RAM and 16 MBytes of flash and sport
2.4GHz and 5.0GHz wireless. Both routers have entries already in
OpenWrt's TOH. Please check there for more information on these
antiquities.

https://openwrt.org/toh/hwdata/d-link/d-link_dir-825_c1
https://openwrt.org/toh/hwdata/d-link/d-link_dir-835_a1

Installation:

1. Connect to the web interface of the vendor firmware (usually
   listening on 192.168.0.1).
2. Go to "Tools", then "Firmware".
3. In the "Firmware Upgrade" box click "Browse".
4. Select the OpenWrt factory image for your router.
5. Click "Upload", confirm the popups if you agree to flash the file you
   selected.
6. Wait for firmware upgrade to complete. It takes about 5 minutes.

Run-tested on dir-825-c1. dir-835-a1 should work as well, but I don't
have this router so I can't confirm.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [trivial changes]
2018-12-17 00:21:34 +01:00
Sebastian Kemper 247fdceab6 image: add cameo-factory command
This command enables factory image generation for Cameo boards. On
upgrade the vendor firmware will check the size of the provided image
and if a specific string is located at the end of the binary.
cameo-factory will generate an image that the vendor firmware accepts.

Tested on a D-Link DIR-825 C1 with vendor firmwares 3.01 and 3.04.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2018-12-17 00:21:34 +01:00
Brett Mastbergen 2b6eab507a netfilter: Add fib support for nftables
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2018-12-16 00:57:20 +01:00
Hauke Mehrtens fbaf48387e kernel: netfilter: chain filters merged into nf_tables.ko
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.

This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens f891670704 kernel: netfilter: Adapt merge ipv4/ipv6 masquerade code
In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade
code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and
CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed
to bool and the code will not be compiled as a own module any more, but
it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some
memory.

Activate these options as bool in the generic kernel 4.19 configuration
only, to always build them into the nf_nat_ipv*.ko modules. The kmod
file will still try to select them as module, but the generic
configuration will not be overwritten.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens f72f793c9e kernel: netfilter: Add nf_conncount.ko
Some kernel modules from kmod-ipt-conntrack-extra depend on
nf_conncount.ko, which was added in kernel 4.16, add it to the kmod.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens 89806545cc kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens 35929059b7 kernel: netfilter: Add nf_defrag_ipv6.ko to NF_CONNTRACK on 4.19
In kernel commit a0ae2562c6c ("netfilter: conntrack: remove l3proto
abstraction") The modules nf_conntrack_ipv4.ko, nf_conntrack_ipv6.ko and
nf_conntrack.ko were squashed together into one module. This module now
depends on nf_defrag_ipv6 when IPv6 support was activated. This is part
of the main netfilter packages, so add nf_defrag_ipv6.ko also to the
default netfilter packages on kernel 4.19 and later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens 9261e7447e kernel: Make the patches apply on top of 4.19
This makes the patches which were just copied in the previous commit
apply on top of kernel 4.19.

The patches in the backports-4.19 folder were checked if they are really
in kernel 4.19 based on the title and only removed if they were found in
the upstream kernel.

The following additional patches form the pending folder went into
upstream Linux 4.19:
pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch
pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch
pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch
pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch
pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch
pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch

Bigger changes were introduced to the m25p80 spi nor driver, as far as I
saw it in the new code, it now has the functionality provided in this
patch:
pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch

Part of this patch went upstream independent of OpenWrt:
hack-4.19/220-gc_sections.patch
This patch was reworked to match the changes done upstream.

The MIPS DMA API changed a lot, this patch was rewritten to match the
new DMA handling:
pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch

I did bigger manual changes to the following patches and I am not 100% sure if they are all correct:
pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch
pending-4.19/411-mtd-partial_eraseblock_write.patch
pending-4.19/600-netfilter_conntrack_flush.patch
pending-4.19/611-netfilter_match_bypass_default_table.patch
pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
hack-4.19/211-host_tools_portability.patch
hack-4.19/221-module_exports.patch
hack-4.19/321-powerpc_crtsavres_prereq.patch
hack-4.19/902-debloat_proc.patch

This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr>

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Koen Vandeputte fdd11a6eae kernel: bump 4.14 to 4.14.88
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Fixes CVE:
- CVE-2018-14625

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:01:49 +01:00
Koen Vandeputte fd918b413a kernel: bump 4.9 to 4.9.145
Refreshed all patches.

Fixes CVE:
- CVE-2018-14625

Compile-tested on: brcm2708
Runtime-tested on: brcm2708

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-14 13:01:45 +01:00
Koen Vandeputte 2bc4af1770 kernel: bump 3.18 to 3.18.129
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:01:41 +01:00
Koen Vandeputte f6e9f23771 kernel: bump 4.14 to 4.14.87
Refreshed all patches.

Remove upstreamed:
- 0008-MIPS-ralink-Fix-mt7620-nd_sd-pinmux.patch

Compile-tested: cns3xxx, imx6
Runtime-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 16:32:22 +01:00
Koen Vandeputte 861dcd717f kernel: bump 4.9 to 4.9.144
Refreshed all patches.

Remove upstreamed:
- 014-Kbuild-suppress-packed-not-aligned-warning-for-defau.patch

Compile-tested: ar7, brcm2708
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 16:32:22 +01:00
Koen Vandeputte 0028f86687 kernel: bump 4.14 to 4.14.86
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 11:48:44 +01:00
Koen Vandeputte dfbf836a52 kernel: bump 4.9 to 4.9.143
Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar7, at91, brcm2708, ixp4xx, layerscape, orion
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix brcm2708/950-0149-Update-vfpmodule.c.patch]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-10 11:48:44 +01:00
Koen Vandeputte 4e38fc824c kernel: bump 3.18 to 3.18.128
Refreshed all patches.

Altered patches:
- 002-phy_drivers_backport.patch

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 11:48:44 +01:00
Rafał Miłecki 966ba6daa4 kernel: fix downloading rcX releases
They are no longer stored in the "testing" subdirectory and are not
available as .tar.xz archives. If -rc is detected download it from the
git.kernel.org and use .tar.gz.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-12-03 09:34:57 +01:00
INAGAKI Hiroshi 879f2ef7c0 ath79: modify mtd partitions for Buffalo BHR-4GRV2
This commit modifies mtd partitions define for Buffalo BHR-4GRV2 and
move it to generic subtarget.

In Buffalo BHR-4GRV2, "kernel" partition is located behined "rootfs"
partition in the stock firmware. This causes the size of the kernel
to be limited by the fixed value.

0x50000                       0xe80000        0xff0000
  +-------------------------------+--------------+
  |            rootfs             |    kernel    |
  |           (14528k)            |    (1472k)   |
  +-------------------------------+--------------+

After ar71xx was updated to Kernel 4.14, the kernel size of BHR-4GRV2
exceeded the limit, and it breaks builds on official buildbot.
Since this issue was also confirmed in ath79, I modified the mtd
partitions to get rid of that limitation.

0x50000                                       0xff0000
  +----------------------------------------------+
  |                   firmware                   |
  |                   (16000k)                   |
  +----------------------------------------------+

However, this commit breaks compatibility with ar71xx firmware, so I
dropped "SUPPORTED_DEVICES += bhr-4grv2".

This commit requires new flash instruction instead of the old one.

Flash instruction using initramfs image:

1. Connect the computer to the LAN port of BHR-4GRV2
2. Set the IP address of the computer to 192.168.12.10
3. Rename the OpenWrt initramfs image to
"bhr4grv2-uImage-initramfs-gzip.bin" and place it into the TFTP
directory
4. Start the tftp server on the computer
5. While holding down the "ECO" button, connect power cable to
BHR-4GRV2 and turn on it
6. Flashing (orange) diag LED and release the finger from the button,
BHR-4GRV2 downloads the intiramfs image from TFTP server and boot
with it
7. On the initramfs image, create "/etc/fw_env.config" file with
following contents
  /dev/mtd1 0x0 0x10000 0x10000
8. Execute following commands to add environment variables for
u-boot
  fw_setenv ipaddr 192.168.12.1
  fw_setenv serverip 192.168.12.10
  fw_setenv ethaddr 00:aa:bb:cc:dd:ee
  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
9. Perform sysupgrade with squashfs-sysupgrade image
10. Wait ~150 seconds to complete flashing

And this commit includes small fix; BHR-4GRV2 has QCA9557 as a SoC,
not QCA9558.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-11-26 12:28:17 +01:00
Tomasz Maciej Nowak 31075313bf include/rootfs.mk: remove boot directory
Currently every file in boot directory is copied over target /boot on
root file system and is usually inaccessible because appropriate boot
file system is mounted on top of it. Therefore remove /boot, which in
result will also save space on target root file system.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-11-26 12:05:44 +01:00
Petr Štetiar 493c9a3551 build: Introduce building of artifacts
We currently could (ab)use IMAGES for this task, but the downside is,
that the filenames has filesystem tied to the filename, which might be
confusing as the artifact itself don't has to be used with that specific
filesystem. Another downside is, that the artifacts built with IMAGES
target are build for every FILESYSTEMS filesystem.

Consider following use case:

 define Device/apalis
   ...
   FILESYSTEMS := ext4 squashfs
   IMAGES := spl-uboot.bin recovery.scr
   IMAGE/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   IMAGE/recovery.scr := recovery-scr
 endef

Where we would get target binaries with following filenames:

 openwrt-imx6-apalis-squashfs.recovery.scr
 openwrt-imx6-apalis-squashfs.spl-uboot.bin
 openwrt-imx6-apalis-ext4.recovery.scr
 openwrt-imx6-apalis-ext4.spl-uboot.bin

With proposed patch, we could now just do:

 define Device/apalis
   ...
   ARTIFACTS := spl-uboot.bin recovery.scr
   ARTIFACT/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   ARTIFACT/recovery.scr := recovery-scr
 endef

Which would produce target binaries with following filenames:

 openwrt-imx6-apalis-recovery.scr
 openwrt-imx6-apalis-spl-uboot.bin

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-11-26 09:39:20 +01:00
Koen Vandeputte 3a1978bbb4 kernel: bump 3.18 to 3.18.126
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 12:40:19 +01:00
Koen Vandeputte 02e16e9e82 kernel: bump 4.14 to 4.14.82
Refreshed all patches.

Compile-tested: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-22 10:49:01 +01:00
Koen Vandeputte e1debc557c kernel: bump 4.9 to 4.9.138
Refreshed all patches.

Compile-tested: ar71xx, layerscape
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 10:49:01 +01:00
Koen Vandeputte e14dc93073 kernel: bump 4.14 to 4.14.81
Refreshed all patches.

Removed upstreamed patches:
- 081-spi-bcm-qspi-switch-back-to-reading-flash-using-smal.patch

Altered patches:
- 0054-cpufreq-dt-Handle-OPP-voltage-adjust-events

Compile-tested on: cns3xxx, imx6, ipq806x, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte 7e20e4ab96 kernel: bump 4.9 to 4.9.137
Refreshed all patches.

Removed upstreamed hunks in:
- 703-phy-support-layerscape.patch

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte f7a406deaf kernel: bump 3.18 to 3.18.125
Refreshed all patches.

Compile-tested on: adm5120
Compile-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Stijn Tintel e95e9fcbb2 kernel: bump 4.14 to 4.14.80
Refresh patches.

Compile-tested: ar71xx, ath79, x86/64
Runtime-tested: ar71xx, ath79, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-13 00:44:01 +02:00
Koen Vandeputte c764b2b531 kernel: bump 4.14 to 4.14.79
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-05 16:00:00 +01:00
Koen Vandeputte bc3d47cd12 kernel: bump 4.14 to 4.14.78
Refreshed all patches.

Remove upstreamed:
- 050-net-emac-fix-fixed-link-setup-for-the-RTL8363SB-swit.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-22 15:28:31 +02:00
Koen Vandeputte 9c42391c0d kernel: bump 4.9 to 4.9.135
Refreshed all patches.

Fixes:
- CVE-2018-10883

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-22 15:28:31 +02:00
Christian Lamparter 92bcd08989 build: remove obsolete -rc kernel testing rewrites
The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-10-20 16:13:39 +02:00
Koen Vandeputte ca88f4153f kernel: bump 4.14 to 4.14.77
Refreshed all patches.

Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Koen Vandeputte 6d682d82b0 kernel: bump 4.9 to 4.9.134
Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Kevin Darbyshire-Bryant 1063d904b7 hostapd: add basic variant
Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w and
is intended to support 11r & 11w (subject to driver support) out of the
box.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-16 15:07:41 +01:00
Koen Vandeputte 0d0bd8e6da kernel: bump 4.14 to 4.14.76
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:08:56 +02:00
Koen Vandeputte e80af4b53b kernel: bump 4.9 to 4.9.133
Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:08:54 +02:00
Koen Vandeputte 912340033a kernel: bump 3.18 to 3.18.124
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:06:45 +02:00
Koen Vandeputte f983956a8b kernel: bump 4.14 to 4.14.75
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-10 14:45:11 +02:00
Koen Vandeputte 571fe28464 kernel: bump 4.9 to 4.9.132
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-10 14:45:11 +02:00
Hauke Mehrtens 5933958168 image: ignore usign build errors
The tl-wa850re-v2 images from the ar71xx/tiny target are getting too big
with the default packages. The size check is done before the meta data
is added so there is no file to add meta data to or to sign. Originally
errors in Build/append-metadata were getting ignored, but if the signing
fails the error is not ignored.
This adds a check if the file to be signed is there and only does the
signing if it is there. This way it does not fail if the package
creation was already aborted earlier.

Fixes: 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-10-07 22:14:35 +02:00
Felix Fietkau b7855230a3 build: insert blank line after KernelPackage template to allow chaining calls to it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-06 13:02:29 +02:00
Koen Vandeputte a2adeffffc kernel: bump 4.14 to 4.14.74
Refreshed all patches.

Fixes CVE:

- CVE-2018-7755

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-04 16:15:03 +02:00
Koen Vandeputte 0bcff6b0db kernel: bump 4.9 to 4.9.131
Refreshed all patches.

Fixes CVE:

- CVE-2018-10880
- CVE-2018-7755

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-04 16:15:03 +02:00
Koen Vandeputte 7bfe757bc4 kernel: bump 4.14 to 4.14.73
Refreshed all patches.

Removed upstreamed:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-02 13:44:36 +02:00
Koen Vandeputte 00f1dc55e8 kernel: bump 4.9 to 4.9.130
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-02 13:44:36 +02:00
Felix Fietkau c3a0102195 build: fix kernel headers install for uml
The kernel headers makefile needs to override LINUX_KARCH

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 18:09:45 +02:00
Amol Bhave 366e6ef5c3 build: use CMAKE_SOURCE_SUBDIR variable to cmake.mk
Sometimes, the CMakeLists.txt file is not in the root directory of a
repo. In those cases, the CMAKE_SOURCE_SUBDIR variable can be specified
to use CMakeLists.txt from a subdirectory instead.

Signed-off-by: Amol Bhave <ambhave@fb.com>
2018-09-29 17:23:11 +02:00
Koen Vandeputte e9d92bf1e1 kernel: bump 4.14 to 4.14.72
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch
- 0013-MIPS-ath79-fix-system-restart.patch
- 180-earlycon-initialize-port-uartclk-based-on-clock-frequency-property.patch
- 181-earlycon-remove-hardcoded-port-uartclk-initialization-in-of_setup_earlycon. patch
- 700-1-6-e1000e-Remove-Other-from-EIAC.patch
- 700-2-6-Partial-revert-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- 700-3-6-e1000e-Fix-queue-interrupt-re-raising-in-Other-interrupt.patch
- 700-4-6-e1000e-Avoid-missed-interrupts-following-ICR-read.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte 3caf940cc6 kernel: bump 4.9 to 4.9.129
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte 17e90d88e2 kernel: bump 3.18 to 3.18.123
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte 0dbdb476f3 kernel: bump 4.14 to 4.14.71
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte 72e9b4059e kernel: bump 4.9 to 4.9.128
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte 0cda4af005 kernel: bump 4.14 to 4.14.70
Refreshed all patches.

Added new patch:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

This fixes a bug introduced in upstream 4.14.68 which caused targets using
ubifs to produce file-system errors on boot, rendering them useless.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte 784d7f0251 kernel: bump 4.9 to 4.9.127
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte 92511d21cc kernel: bump 3.18 to 3.18.122
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte 079871983c kernel: bump 4.14 to 4.14.68
Refreshed all patches.

Remove upstream accepted:
- 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch

Altered:
- 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
- 308-mips32r2_tune.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte 752ee31ad2 kernel: bump 4.9 to 4.9.125
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte b4bd6c2c95 kernel: bump 3.18 to 3.18.121
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte 01793e8752 kernel: bump 4.14 to 4.14.67
Refreshed all patches.

Removed upstreamed patches:
- 037-v4.18-0008-ARM-dts-BCM5301x-Fix-i2c-controller-interrupt-type.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-28 23:05:39 +02:00
Koen Vandeputte 22f899c6dd kernel: bump 4.9 to 4.9.124
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-28 23:05:39 +02:00
David Bauer 8e9a59a6b9 build: add mkrasimage
The current make-ras.sh image generation script for the ZyXEL NBG6617
has portability issues with bash. Because of this, factory images are
currently not built correctly by the OpenWRT buildbots.

This commit replaces the make-ras.sh by C-written mkrasimage.

The new mkrasimage is also compatible with other ZyXEL devices using
the ras image-format.
This is not tested with the NBG6616 but it correctly builds the
header for ZyXEL factory image.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-28 11:26:53 +02:00
Koen Vandeputte 6b4ba118ac kernel: bump 4.14 to 4.14.66
Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte 7a9afb8783 kernel: bump 4.9 to 4.9.123
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte 548182bc6d kernel: bump 3.18 to 3.18.119
Refreshed all patches.

Compile-tested on: adm5120, adm8668, au1000, mcs814x, ppc40x, ppc44x, xburst
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:23 +02:00
Koen Vandeputte 1f7ce19df2 kernel: bump 4.14 to 4.14.65
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Koen Vandeputte ba30490d05 kernel: bump 4.9 to 4.9.122
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Daniel Engberg fc9cbf3bc0 target.mk: Remove obsolete octeon CPU_CFLAGS
As of commit c6e02b49f6 the octeon target
uses octeonplus instead of octeon

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-19 18:58:30 +02:00
Hauke Mehrtens b547ab3143 kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
 * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Hauke Mehrtens e4bad5f0ac kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
 * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
 * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:31:56 +02:00
Ludwig Thomeczek e5b802b9c2 firmware-utils: add sercomm/netgear tool
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.

They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.

Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
2018-08-13 08:37:19 +02:00
INAGAKI Hiroshi a6369206fe ath79: add support for I-O DATA WN-AC1600DGR2
I-O DATA WN-AC1600DGR2 is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.

Specification:

- Qualcomm Atheros QCA9557
- 128 MB of RAM
- 16 MB of Flash
- 2.4/5 GHz wifi
  - 2.4 GHz: 2T2R (SoC internal)
  - 5 GHz: 3T3R (QCA9880)
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 6x keys (4x buttons, 1x slide switch)
- UART header on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of WN-AC1600DGR2
2. Connect power cable to WN-AC1600DGR2 and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-11 21:45:06 +02:00
Koen Vandeputte 0ddb34b6b5 kernel: bump 4.14 to 4.14.62
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:23 +02:00
Koen Vandeputte 21a229317f kernel: bump 4.9 to 4.9.119
Refreshed all patches.

Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:23 +02:00
INAGAKI Hiroshi 23519edbca ath79: add support for Buffalo BHR-4GRV2
Buffalo BHR-4GRV2 is a wired router, based on Qualcomm Atheros
QCA9558.
Ported from ar71xx target.

Specification:

- Qualcomm Atheros QCA9558
- 64 MB of RAM
- 16 MB of Flash
- 5x 10/100/1000 Ethernet
  - QCA8337N
- 4x LEDs, 2x keys
- UART header on PCB
  - Vcc, TX, RX, GND from LED side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of BHR-4GRV2
2. Connect power cable to BHR-4GRV2 and turn on it
3. Access to "http://192.168.12.1/" and open firmware update
page ("ファームウェア更新")
4. Select the OpenWrt factory image and click update ("更新実行")
button
5. Wait ~120 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-09 18:44:57 +02:00
Koen Vandeputte 0ef25a7aee kernel: remove linux 4.4 support
No targets are using this one anymore

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-08 09:51:23 +02:00
Daniel Golle ec78f03de5 image: fix build without ucert
Make sure the Shell-expression returns true also in case of
key-build.ucert being absent.

Fixes commit 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 00:48:53 +02:00
Daniel Golle 848b455d2e image: use ucert to append signature
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 23:20:49 +02:00
Koen Vandeputte 7a254aeeb8 kernel: bump 4.14 to 4.14.61
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-07 12:53:47 +02:00
Koen Vandeputte f7036a34ac kernel: bump 4.9 to 4.9.118
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-07 12:53:47 +02:00
Jo-Philipp Wich 93ac8b03b0 Revert "netfilter: separate IPv6 relevant kernel modules from IPv4"
This reverts commit 42a3c6465a.

The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-06 19:46:37 +02:00
Rosy Song 42a3c6465a netfilter: separate IPv6 relevant kernel modules from IPv4
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:09:04 +02:00
Jo-Philipp Wich d3ddf6631e build: remove GNU time dependency
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.

Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-05 00:06:27 +02:00
Koen Vandeputte f960490fc8 kernel: bump 4.14 to 4.14.60
Refreshed all patches

Removed upstreamed patches:
- 500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-03 16:10:38 +02:00
Koen Vandeputte 4ec4dd2a11 kernel: bump 4.9 to 4.9.117
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-03 16:10:38 +02:00
Chen Minqiang 33bce21bb0 base-files: fix HOME_URL replace
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2018-08-02 07:54:40 +02:00
Koen Vandeputte fec8fe8069 kernel: bump 4.9 to 4.9.116
Refreshed all patches

Remove upstreamed patches.
- 103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch
- 001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch
- 001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- 001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- 900-gen_stats-fix-netlink-stats-padding.patch

Introduce a new backported patch to address ext4 breakage, introduced in 4.9.112
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This patch has been slightly altered to compensate for a new helper function
introduced in later kernels.

Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9

Compile-tested on: ar71xx, bcm2710
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-01 09:46:59 +02:00
Bjørn Mork c72f3b5e2b include/feeds.mk: fix distfeeds.conf without per-feed repos
commit 514a4b3e1b ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:

 root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
 src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
 src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
 root@wrt1900ac-1:~# opkg update
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
 Updated list of available packages in /var/opkg-lists/openwrt_core
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
 Signature check passed.
 Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
 *** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz

 Collected errors:
  * opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.

Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 514a4b3e1b ("include/feeds.mk: rework generation of opkg distfeeds.conf")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[whitespace/indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-31 14:04:45 +02:00
Stijn Tintel 22b9f99b87 kernel: bump 4.14 to 4.14.59
Drop patch that was superseded upstream:
ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch

Drop upstreamed patches:
- apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch
- generic/pending/900-gen_stats-fix-netlink-stats-padding.patch

In 4.14.55, a patch was introduced that breaks ext4 images in some
cases. The newly introduced patch
backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
addresses this breakage.

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Compile-tested: ath79, octeon, x86/64
Runtime-tested: ath79, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 05:11:07 +03:00
Julien Dusser 4dfa6b7a30 build: fix ASLR for LTO packages
Fix building packages with LTO when CONFIG_PKG_ASLR_PIE is enabled.

Despite comment of PR lto/80838, it seems that GCC needs -fPIC on linker
command line, even if all objects are -fPIC. This may change as PR
lto/80838 is merged into 8.1

compile-tested: ar71xx, ath79

Fix commits:
6dac92a42e
8c11133c9d
07940acc34
e7397eef69
ef16a394d2
ef96d1e34a
47b42137ce
73fc67b614
154c0c4006
804c51e1e6

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-07-30 14:26:16 +02:00
Daniel Engberg 0aaa650755 include/verbose.mk: Add sc to failure message
Add sc to build error message

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:43:36 +02:00
Jo-Philipp Wich 991c7a4f69 build: do not override CCACHE_DIR when ccache is disabled
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-24 15:23:05 +02:00
Jo-Philipp Wich a6f4c7bce8 build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation
A missing comma caused the first command option to be considered part of
the error message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-24 13:37:24 +02:00
Jo-Philipp Wich 69ea512c62 build: do not alter global default package selection from profiles
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.

In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.

To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.

Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-21 20:52:48 +02:00
Felix Fietkau 7c306ae640 build: fix compile error when a package includes itself in PROVIDES
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-20 10:40:58 +02:00
Matthias Schiffer b123921a92
include/prereq-build.mk: explicitly check for -f flag when using busybox time
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-14 15:46:35 +02:00
Matthias Schiffer 36fa1bbf6f
include/kernel-build.mk: fix kernel rebuild on backport patch changes
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-14 13:07:34 +02:00
Matthias Schiffer 16035a7dd3
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Matthias Schiffer 9af22f1ac9
include/feeds.mk: always add available feeds to PACKAGE_SUBDIRS
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.

It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
李国 671999157d verbose.mk: quote SUBMAKE options
build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.

make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'

Signed-off-by: 李国 <uxgood.org@gmail.com>
2018-07-12 10:24:36 +02:00
Koen Vandeputte ba2b0f0ac6 kernel: bump 4.14 to 4.14.54
Rereshed all patches

Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-11 16:02:24 +02:00
Yousong Zhou 9009efa18b download.mk: enable DownloadMethod/github_archive
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Yousong Zhou 04b9f85873 scripts/dl_github_archive.py: rename from download.py
- Make the code more GitHub-specific
 - Requires mirror hash to work with .gitattributes
 - Use different API depending on whether PKG_SOURCE_VERSION is a
   complete commit id or other ref types like tags
 - Fix removing symbolic link
 - pre-clean dir_untar for possible leftovers from previous run

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Yousong Zhou e48ea13b3b download.mk: add more comments
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Koen Vandeputte d0839e020d kernel: bump 4.14 to 4.14.53
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-04 14:16:37 +02:00
Koen Vandeputte 01ca20cdfd kernel: bump 4.9 to 4.9.111
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-04 14:16:37 +02:00
Kevin Darbyshire-Bryant 89b59994eb build: ASLR hardening use $(FPIC)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 14:19:10 +01:00
Felix Fietkau 29b2199eb0 build: fix target metadata scan dependencies
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-02 14:27:06 +02:00
Felix Fietkau 516d995d6a build: ensure that iwinfo is selected when building for multiple devices
extra_packages needs to be added there, like on profiles and target
packages lists

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-02 14:27:04 +02:00
Koen Vandeputte f4ac88b509 kernel: bump 4.14 to 4.14.52
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-02 07:04:48 +02:00
Koen Vandeputte 8e622aae58 kernel: bump 4.9 to 4.9.110
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-02 07:04:34 +02:00
Yousong Zhou e15565a01c download.mk: restore the old dl_method implementation
Seems like the python download.py dl_method call causes serious
performance regression for fresh "make defconfig" as reported in
FS#1621.  GitHub tarball download will also be disabled with this

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-29 13:54:17 +08:00
Mathias Kresin 52a9edb1bf base-files: add menuconfig option for HOME_URL
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.

Fixes: FS#1123

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-06-27 08:40:34 +02:00
Yousong Zhou 75ab064d2b build: download code from github using archive API
A new python script scripts/download.py is added to fetch tarballs using
GitHub archive API [1], then repack in a reproducible way same as the
current DownloadMethod/git

GitHub imposes a 60 reqs/hour rate limit on unauthenticated API
access[2].  This affects fetching commit date for feeding tar --mtime=
argument.  However, observation indicates that archive download is NOT
subject to this limit at the moment.  In the rare cases where download
fails because of this, we will falback to using DownloadMethod/git

The missing piece in the GitHub API is that it cannot provide in the
tarball dependent submodules's source code.  In that case, the
implementation will also fallback to using DownloadMethod/git

 [1] Get archive link, https://developer.github.com/v3/repos/contents/#get-archive-link
 [2] Rate limiting, https://developer.github.com/v3/#rate-limiting

v2 <- v1:

 - allow passing multiple urls with --urls argument
 - add commit ts cache.  can be helpful on retry

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-27 10:51:27 +08:00
Christian Lamparter 82618062cf ipq40xx: add support for the ZyXEL NBG6617
This patch adds support for ZyXEL NBG6617

Hardware highlights:

SOC:    IPQ4018 / QCA Dakota
CPU:    Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:   256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR:    32 MiB Macronix MX25L25635F
ETH:    Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB:    1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:  RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS:   Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS

Serial:
	WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
	The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
	pre-soldered. Pinout:
	  1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX

first install / debricking / restore stock:
 0. Have a PC running a tftp-server @ 192.168.1.99/24
 1. connect the PC to any LAN-Ports
 2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
    into the tftp-server root directory and rename it to just "ras.bin".
 3. power-cycle the router and hold down the the WPS button (for 30sek)
 4. Wait (for a long time - the serial console provides some progress
    reports. The u-boot says it best: "Please be patient".
 5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
    flashes fast at the same time. You have to reboot the device and
    it should then come right up.

Installation via Web-UI:
 0. Connect a PC to the powered-on router. It will assign your PC a
    IP-address via DHCP
 1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
 2. Go to the "Expert Mode"
 3. Under "Maintenance", select "Firmware-Upgrade"
 4. Upload the OpenWRT factory image
 5. Wait for the Device to finish.
    It will reboot into OpenWRT without any additional actions needed.

To open the ZyXEL NBG6617:
 0. remove the four rubber feet glued on the backside
 1. remove the four philips screws and pry open the top cover
    (by applying force between the plastic top housing from the
    backside/lan-port side)

Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:

|   Hit any key to stop autoboot:  3

The user is then dropped to a locked shell.

|NBG6617> HELP
|ATEN    x[,y]     set BootExtension Debug Flag (y=password)
|ATSE    x         show the seed of password generator
|ATSH              dump manufacturer related data in ROM
|ATRT    [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO              boot up whole system
|ATUR    x         upgrade RAS image (filename)
|NBG6617>

In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!

First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.

|NBG6617> ATSE NBG6617
|012345678901

This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):

- tool.sh -
ror32() {
  echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -

|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711

copy and paste the result into the shell to unlock zloader.

|NBG6617> ATEN 1,0046B0017430

If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.

|NBG6617> ATGU
|NBG6617#

Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2018-06-26 08:57:26 +02:00
Alin Nastac ab07ae2f27 netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2018-06-26 08:57:25 +02:00
Kevin Darbyshire-Bryant 094d49cddf kernel: bump 4.14 to 4.14.51
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Refresh patches.

Remove patch that can be reverse applied:
mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch
mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch

Update patch that no longer applied:
ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch

Compiled-tested-for: lantiq, ramips
Run-tested-on: lantiq BT hh5a, ramips MIR3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-06-26 08:57:21 +02:00
Jo-Philipp Wich 333e609703 build: change version.mk defaults to OpenWrt
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 13:45:03 +02:00
Daniel Engberg c6e02b49f6 octeon: Add and set CPU type Octeon+ as default
The lowest CPU type used by supported Octeon platform
is Octeon+ (EdgeRouter Lite) while EdgeRouter Pro/ER-8 uses
Octeon II which is backwards compatible with Octeon+.

Sources:
https://community.ubnt.com/t5/EdgeRouter/EdgeRouter-Pro-CPU/td-p/654599
https://www.cavium.com/octeon-II-CN68XX.html
"OCTEON II family is fully software compatible with the widely-adopted
OCTEON Plus family"

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-20 15:36:02 +02:00
Andy Boyett 591780615b build: add busybox support to `time` prereq-check
Busybox time supports the GNU time '-f' syntax used by the build time
logging implemented in ff6e62b288, however the prerequisite check added
only works with GNU time installed as `time` or `gtime`.

As busybox is a multicall binary, the name of the symlink setup by
SetupHostCommand also must be changed from `gtime` to `time` to fix the
value of argv[0]. This causes a number of shells (including bash) to use
their builtin impelementation of time, so the sole invocation has been
changed to use `env time` to use the value found on the $PATH.

Signed-off-by: Andy Boyett <agb@agb.io>
2018-06-18 21:27:01 +02:00
Hannu Nyman dcfe2a461e include/image-commands.mk: shorter version in Netgear factory header
Shorten the version string in Netgear factory image header in order
to enable u-boot TFTP recovery flash mode to work again.

Strip 'r7210-14cb05909a' into 'r7210' in the Netgear image header
by removing the hash (anything after "-").

background:
Some Netgear routers have recently been unable to flash Openwrt
factory image with the TFTP recovery flash mode provided by Netgear
u-boot. That is due to over-long Openwrt version string overflowing
into the router type string in u-boot code. Modern git versions
produce 10-digit short hashes for the Openwrt main repo, and that
causes the version string to be too long in the image header,
breaking the image ID verification by the TFTP flash routine.

(Other option could be to force a shorter hash in scripts/getver.sh,
but as the problem only concerns Netgear routers, let's patch just
them.)

More detailed explanations in FS#1583

Tested with WNDR3800

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-06-18 20:29:37 +02:00
Koen Vandeputte 510f2efab6 kernel: bump 4.14 to 4.14.50
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 15:25:42 +02:00
Koen Vandeputte db73c71e8d kernel: bump 4.9 to 4.9.109
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 15:25:28 +02:00
Koen Vandeputte 2b9885571b kernel: bump 4.14 to 4.14.49
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86-64
Runtime-tested on: cns3xxx, imx6, x86-64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 07:10:19 +02:00
Koen Vandeputte 8c1f088521 kernel: bump 4.9 to 4.9.108
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 07:10:19 +02:00
Kevin Darbyshire-Bryant f60301db74 kernel: bump 4.9 to 4.9.107
Refresh patches.

Compile-tested for: ar71xx
Run-tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-09 22:39:17 +02:00
Koen Vandeputte 2792ef55ab kernel: bump 4.9 to 4.9.106
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-07 09:04:46 +02:00
Stijn Tintel e52f3e9b13 kernel: bump 4.14 to 4.14.48
Remove upstreamed patches:
generic/pending/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
generic/pending/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
generic/pending/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
lantiq/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
Update patches that no longer apply:
generic/pending/811-pci_disable_usb_common_quirks.patch
ath79/0009-MIPS-ath79-add-lots-of-missing-registers.patch

Fixes CVE-2018-6412.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-06-05 22:54:00 +03:00
Kevin Darbyshire-Bryant 7dca1bae82 kernel: bump to 4.9.105
Refresh patches.

Drop patches that have been upstreamed:
target/linux/ar71xx/patches-4.9/106-01-MIPS-ath79-fix-AR724X_PLL_REG_PCIE_CONFIG-offset.patch
target/linux/generic/backport-4.9/095-v4.12-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch
target/linux/generic/pending-4.9/180-net-phy-at803x-add-support-for-AT8032.patch
target/linux/generic/pending-4.9/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
target/linux/generic/pending-4.9/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-01 08:25:14 +02:00
Stijn Tintel 64b53247c4 kernel: bump 4.14 to 4.14.44
Refresh patches.

Remove upstreamed patch:
generic/pending/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
Update patches that no longer applies:
generic/hack/901-debloat_sock_diag.patch

Compile-tested on: x86/64.
Runtime-tested on: x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-05-29 00:53:15 +03:00
Koen Vandeputte 467b07e00c kernel: bump 4.14 to 4.14.43
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
2018-05-24 08:58:17 +02:00
Koen Vandeputte 82cf3c7c61 kernel: bump 4.9 to 4.9.102
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-24 08:58:03 +02:00
Koen Vandeputte faf0a460c4 kernel: bump 4.14 to 4.14.42
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-22 20:49:08 +02:00
Koen Vandeputte 6c5f2d73e9 kernel: bump 4.9 to 4.9.101
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-22 20:48:43 +02:00
David Bauer 399495a952 build: add apend-uboot command
This commit adds an append-uboot command to append U-Boot from the
bin-directory.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-05-22 20:34:14 +02:00
Jo-Philipp Wich b287c82bed build: prevent spurious package rebuilds under CONFIG_AUTOREMOVE
When CONFIG_AUTOREMOVE is enabled, the build system touches an additional
".autoremove" stamp file in the cleaned build directory.

Since the autoremove stamp file is touched after the compile process
completed, it ends up being the most recent file of the package build
directory, causing the timestamp.pl check of depends.mk to erroneously
declare the ".built" and ".prepared" stamp files as stale, triggering
a forced clean-build submake process.

Fix the problem by using the ".built" stamp file as modification time
reference when touching the ".autoremove" stamp file.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-22 09:27:38 +02:00
Mathew McBride fba168f574 build: use busybox gzip compatible force option
commit 138c763 ("build: add --force option to gzip in Build/gzip")
added the --force flag to the gzip invocation.

Under environments with busybox gzip (e.g Alpine Linux), this fails
as busybox only recognizes "-f".

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2018-05-21 18:07:48 +02:00
Koen Vandeputte e2aa0c3f8b kernel: bump 4.14 to 4.14.41
Refreshed all patches

Dropped upstreamed patches:
522-PCI-aardvark-fix-logic-in-PCI-configuration-read-write-functions.patch
523-PCI-aardvark-set-PIO_ADDR_LS-correctly-in-advk_pcie_rd_conf.patch
525-PCI-aardvark-use-isr1-instead-of-isr0-interrupt-in-legacy-irq-mode.patch
527-PCI-aardvark-fix-PCIe-max-read-request-size-setting.patch

updated patches:
524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch

Added new ARM64 symbol: CONFIG_ARM64_ERRATUM_1024718

Compile-tested on: cns3xxx, imx6, mvebu (arm64), x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-18 09:10:46 +02:00
Koen Vandeputte 12f44b83a8 kernel: bump 4.9 to 4.9.100
Refreshed all patches

Added new ARM64 symbol: ARM64_ERRATUM_1024718

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-18 09:10:21 +02:00
Etienne Champetier ff6e62b288 build: log time taken by each packages/steps
The idea is to easily get the list of packages taking the most time to build,
and see if we can improve them

v1: Use SetupHostCommand as recommended by John
v2: add space after 'time:', remove useless /usr/bin/time from SetupHostCommand

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2018-05-07 10:31:35 +02:00
Koen Vandeputte 3435dbdc1c kernel: bump 4.14 to 4.14.37
Refreshed all patches

Compile-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64
Runtime-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
[add extra tested targets to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-30 09:07:53 +03:00
Hauke Mehrtens 8dcd941d8b tools/zlib: move zlib build to tools
This allows us to link the other tools against our libz and we do not
need the system zlib any more.

Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:28:59 +02:00
Felix Fietkau 6fa88be486 build: add support for git submodules with CONFIG_SRC_TREE_OVERRIDE
Also work around an issue where git would store the modified workdir in
the submodule git config files

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Koen Vandeputte 6cd41b419c kernel: bump 4.14 to 4.14.36
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092
CVE-2018-1094
CVE-2018-1095

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2018-04-26 08:54:01 +02:00
Kevin Darbyshire-Bryant 9aa196e0f2 kernel: bump 4.9 to 4.9.96
Refresh patches, following required reworking:

ar71xx/patches-4.9/930-chipidea-pullup.patch
layerscape/patches-4.9/302-dts-support-layercape.patch
sunxi/patches-4.9/0052-stmmac-form-4-12.patch

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092

Tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Arjen de Korte <build+openwrt@de-korte.org>
2018-04-26 08:53:54 +02:00
Mathias Kresin 74a0d8cd92 build: consolidate fake uImage header build commands
Merge the two existing functions and use a parameter for the type
header field.

It updates the syntax of the former mpc85xx fake ramdisk header
command to be compatible with mkimage from u-boot 2018.03 and fixes the
build error spotted by the build bot.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-20 20:58:52 +02:00
Felix Fietkau a1c65b41cb build: pass HOSTCXX to host builds as CXX
Fixes cmake build on some systems that also have an older clang++

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 13:20:25 +02:00
Mathias Kresin 38bd4e4eb5 build: fix uImage fake header command
Use a syntax compatible with mkimage from u-boot 2018.03 to fix the
build errors spotted by the build bot.

The images are binary identical to the ones generated with mkimage from
u-boot 2014.10.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-19 19:15:00 +02:00
Stijn Tintel ec1d7b9461 kernel: bump 4.14 to 4.14.34
Refresh patches.
Update patches that no longer apply:
- backport/313-netfilter-remove-defensive-check-on-malformed-packet.patch
- pending/642-net-8021q-support-hardware-flow-table-offload.patch

Compile-tested: x86/64.
Runtime-tested: x86/64.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-16 00:22:57 +03:00
Matthias Schiffer d3756a9a13
include/kernel.mk: build kmod packages with empty FILES
kmod packages without FILES did not have an install step defined, leading
to no package being built. This affected netfilter/iptables packages, which
filter out builtin modules from FILES.

Not building a package that it is selected in .config is problematic, as
the generated empty package may be necessary to satisfy dependencies.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-12 05:47:10 +02:00
Matthias Schiffer 177fa14340
iptables: split physdev match out as a separate package
Split physdev match out of ipt-extra to allow installing ipt-extra without
pulling in br-netfilter.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-09 19:41:48 +02:00
Jo-Philipp Wich e9eb9393f4 include: extend SetupHostCommand macro to accept more arguments
Commit d6d3db0543 added more gcc version probes, exceeding the argument
limit of the SetupHostCommand macro, leading to failing GCC/LLVM tests
on OS X.

Extend the handled number of arguments to restore proper functionality.

Fixes FS#1470
Fixes d6d3db0543 ("build: Improve GCC version detection")

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05 13:58:15 +02:00
Hauke Mehrtens a74fd570a2 kernel: update kernel 4.14 to 4.14.32
The following patches are now included upstream:
* 0052-MIPS-lantiq-fix-usb-clocks.patch
* 0053-MIPS-lantiq-enable-AHB-Bus-for-USB.patch
* 0060-lantiq-ase-enable-MFD-SYSCON.patch

Closes: FS#1466

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens d6d3db0543 build: Improve GCC version detection
This now makes sure that the beginning of the version number gets checked
and "4.4.5" will not match was a supported version.
GCC 8 and GCC 9 are now marked as supported, but we probably have to fix
some problems for them.

Closes: FS#1433
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens aed03d5d0f kernel: update kernel 4.9 to version 4.9.91
* Refreshed patches.
 * Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream)
 * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile and run tested on lantiq

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:31:26 +02:00
Damir Samardzic 2534141322 mvebu: add support for MACCHIATObin (cortex-a72)
Add initial support for Marvell MACCHIATObin, cortex-a72 based Marvell
ARMADA 8040 Community board. Comes in two forms: Single Shot and Double
Shot.

Specifications:
- Quad core Cortex-A72 (up to 2GHz)
- DDR4 DIMM slot with optional ECC and single/dual chip select support
- Dual 10GbE (1/2.5/10GbE) via copper or SFP
  2.5GbE (1/2.5GbE) via SFP
  1GbE via copper
- SPI Flash
- 3 X SATA 3.0 connectors
- MicroSD connector
- eMMC
- PCI x4 3.0 slot
- USB 2.0 Headers (Internal)
- USB 3.0 connector
- Console port (UART) over microUSB connector
- 20-pin Connector for CPU JTAG debugger
- 2 X UART Headers
- 12V input via DC Jack
- ATX type power connector
- Form Factor: Mini-ITX (170 mm x 170 mm)

More details at http://macchiatobin.net

Booting from micro SD card:
 1. reset U-Boot environment:
      env default -a
      saveenv

 2. prepare U-Boot with boot script:
      setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000"
      saveenv

   or manually:
      setenv fdt_name armada-8040-mcbin.dtb
      setenv image_name Image
      setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv   bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti $kernel_addr - $fdt_addr'
      saveenv

Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
2018-03-31 16:13:19 +02:00
Felix Fietkau fd588dbf6b build: filter out kmod-ipt-offload from the default selection on targets that do not support it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-30 00:34:25 -07:00
Felix Fietkau 905a3f249a build: include kmod-ipt-offload in default images
Netfilter flow offload has now started to become useful and suitable for
a wider testing audience. Configuring it via UCI is also integrated in
firewall3 by adding 'option flow_offloading 1' to the 'defaults'
section in /etc/config/firewall

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-27 08:26:41 +02:00
Stijn Segers 41a881a8d9 Kernel: bump 4.14 to 4.14.29
Right patch version this time, sorry!

* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00
Stijn Segers 9899ffcfd3 kernel: bump 4.14 to 4.14.27
* Refreshed patches.
* Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-17 22:15:38 +01:00
Koen Vandeputte 895ea64a76 kernel: bump 4.4 to 4.4.121
- Refreshed all patches
- Only compile-tested

Compile tested on: Gemini

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-17 22:15:38 +01:00
Koen Vandeputte fa8e99c51d kernel: bump 4.9 to 4.9.87
- Refreshed all patches

Compile tested on: ar71xx
Runtime tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-17 22:15:38 +01:00
Sven Eckelmann 1b773a46c2 build: Allow to change the FIT config section name
Some devices only boot when a special config is found in the image and
completely ignore the default entry during the selection. These devices can
now use the variable DEVICE_DTS_CONFIG in their device image definition.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2018-03-17 08:09:04 +01:00
Christian Lamparter 5862f01ef7 build: revert "make image target wait for initramfs"
This reverts commit 43be5087a9.

The change is incompatible with the image builder code.
Luckily the RT-AC58U is no longer depending on the initramfs
being available for the target's image generation rules.

Reported-by: Venitex Aveon <aveon@aenote.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-15 22:27:37 +01:00
Christian Lamparter 43be5087a9 build: make image target wait for initramfs
The image production rules does not have the initramfs-image
as a dependency. So, from make’s perspective initramfs
creation can run independently/in parallel with the image
generation code in the target's Makefile.

This is a problem for devices that have to use the initramfs
for the image creation and can lead to broken images.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:51 +01:00
Koen Vandeputte cfc5867bce kernel: bump 4.9 to 4.9.86
- Refreshed all patches
- Removed 1 patch which got upstreamed

Compile tested on: ar71xx (Rocket M5, Mikrotik RB2011)
Runtime tested on: ar71xx (Rocket M5, Mikrotik RB2011)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-09 22:13:19 +01:00
Kabuli Chana 7c1dae6e26 kernel: bump to version 4.14.25
compile/test target mvebu/rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-03-09 22:12:48 +01:00
Matthias Schiffer 643850f568
inclue/image.mk: fix package installation for per-device rootfs
Fixes FS#1421.

Fixes: 2fbf669730 ("imagebuilder: reuse rootfs preparation from rootfs.mk")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-09 08:18:54 +01:00
Matthias Schiffer 359273d7f6
include/package-defaults.mk: fix default Build/Prepare with empty ./src
Copying ./src/* would fail when src exists, but is empty or only contains
hidden files.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:08 +01:00
Matthias Schiffer f505fb07f3
include/image.mk: base package-list manifest on unprepared rootfs
With CONFIG_CLEAN_IPKG, the prepared rootfs does not have a full opkg
status file.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:08 +01:00
Matthias Schiffer 2fbf669730
imagebuilder: reuse rootfs preparation from rootfs.mk
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.

We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:08 +01:00
Matthias Schiffer cf1c7c0f17
include/rootfs.mk: pass additional files dir to prepare_rootfs as an argument
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:07 +01:00
Matthias Schiffer 6ab50bb10d
include/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKG
/usr/lib/opkg/status must not be removed completely, otherwise the
packages' conffile lists will be missing. Replace it with a reduced version
only containing the conffile entries.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:58:50 +01:00
Matthias Schiffer d2daaf8f40
include/rootfs.mk: do not remove opkg prerm scripts during rootfs preparation
When a user removes a preinstalled opkg package, the package's prerm script
(and in particular our default_prerm) should run.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 08:49:45 +01:00
Stijn Segers e72b2464b1 kernel: bump 4.4 to 4.4.119
This bumps the 4.4. kernel in master to 4.4.119.
Includes more Meltdown & Spectre mitigation.

* Refresh patches.
* Refresh x86/config for RETPOLINE.
* Deleted 8049-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch (accepted upstream)
* Deleted 8050-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch (accepted upstream)
* Deleted 650-pppoe_header_pad.patch (does not apply anymore (code was replaced)).

Bumps from 4.4.112 to 4.4.115 were handled by Kevin Darbyshire-Bryant.

Compile-tested on: ar71xx & oxnas.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-03 12:58:56 +01:00
Magnus Kroken 5af85dab22 kernel: bump 4.9 to 4.9.85
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-03-03 12:58:55 +01:00
Stijn Segers b5469b38cd kernel: bump 4.14 to 4.14.23
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
  the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.

Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-02 21:33:08 +01:00
Felix Fietkau 820f030998 netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload support
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.

Requires Linux 4.14

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Stijn Tintel 138c76332b build: add --force option to gzip in Build/gzip
When using pigz, a parallel gzip implementation, the gzip step in the
image build for some targets fails, because the image filename already
has the .gz extension. This results in an emtpy image file. Fix this by
adding the --force option to gzip in the Build/gzip macro.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Martin Schleier <drahemmaps@gmx.net>
2018-02-19 23:54:38 +01:00
Stijn Tintel f621b53951 kernel: bump 4.9 to 4.9.82
Refresh patches.
Remove upstreamed patches:
- ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch,
it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd.
Remove pending/650-pppoe_header_pad.patch, it is superseded by
upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480.
Update patches that no longer apply:
- ar71xx/004-register_gpio_driver_earlier.patch
- hack/204-module_strip.patch
- pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: ar71xx.
Runtime-tested: ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:57 +01:00
Stijn Tintel 88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Jo-Philipp Wich b9aca834e8 at91: fix image building with CONFIG_TARGET_MULTI_PROFILE
The current image build code has a number of race conditions and interface
contract violations in the custom image build steps:

 - Build/install-zImage, solely used by at91, relies on $(PROFILE_SANITIZED)
   which is not available when building with CONFIG_TARGET_MULTI_PROFILE

 - Build/at91-sdcard, which may run concurrently, creates scratch files at
   fixed locations and manipulates target files directly which can lead
   to file corruption and other unexpected failures

Rename the install-zImage macro to at91-install-zImage and move it to the
at91 image Makefile since this target is the sole user. Also utilize "$@"
as output file name and switch the usage of $(PROFILE_SANITIZED) to
$(DEVICE_NAME) in order to fix naming under multi profile builds.

Fix the at91-sdcard macro to construct scratch file paths relative to "$@",
which is guaranteed to be unique and store the final artifact output in "$@"
as well, instead of inside $(BIN_DIR). The generic image build code takes
care of moving a build steps "$@" output to the final destination in a
concurrency-safe manner.

Finally remove the broken install-zImage from the generic image-commands
Makefile.

Fixes: d7a679a036 ("at91: Install zImage.")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-02-14 15:47:16 +01:00
Philip Prindeville ca32373c95 target.mk: let profile remove from DEFAULT_PACKAGES
In a profile, specifying -pkg in the list of PACKAGES will suppress
it even if it appears in the target's DEFAULT_PACKAGES list.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-13 13:02:03 +01:00
Rosen Penev bef3f85742 target: Remove nomips16 option.
There is no target with a CPU subtype of nomips16.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-02-13 10:01:53 +01:00
Kristian Evensen 2d27ebbb93 iptables: Support building connlabel module
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2018-02-13 10:01:52 +01:00
Alexandru Ardelean c72e6582c0 u-boot.mk: add HOST_LDFLAGS to UBOOT_MAKE_FLAGS
This will make sure that the build system's
paths for linking are available.
This is needed mostly for linking with tools/libressl.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-02-10 20:52:31 +01:00
Alexandru Ardelean df9781a420 u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable
This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```

And then it would complain with:
```
 /bin/sh: 1: HOSTCPPFLAGS: not found
```

Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-02-10 20:52:31 +01:00
Stijn Tintel 3072908d0d kernel: bump 4.14 to 4.14.18
Refresh patches.

Remove upstreamed patches:
- apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by
upstream commit d32e5740001972c1bb193dd60af02721d047a17e.
Update patch that no longer applies: hack/204-module_strip.patch

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-08 18:43:13 +01:00
Felix Fietkau cde71a543c build: replace uses of OpenWrt with $(VERSION_DIST)
This makes the distribution name more configurable.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-05 10:15:53 +01:00
Philip Prindeville ff8e9a4ecb treewide: combine VERSION_SED and VERSION_SED_SCRIPT
We don't need two versions of this.  The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-02 13:59:34 +01:00
Philip Prindeville abbb07a661 version.mk: escape values used in VERSION_SED macro
In addition to backslash and ampersand needing to be escaped for
simple sed RHS strings, we also need to escape comma since we're
using that as our s/// delimiter.

Pass everything through a macro filter to sanitize it.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-02 13:59:34 +01:00
Matthias Schiffer 352c74fcb4
netfilter: add packages for arp and bridge tables of nftables
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:32:40 +01:00
Matthias Schiffer e7e025426a
netfilter: clean up dependencies of kernel modules
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:32:40 +01:00
Yousong Zhou 60ad837bea procd: fix procd_lock() when prepare_roofs
This fixes the following errors when doing "make package/install"

    /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
    ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
    flock: 1000: Bad file descriptor

Fixes FS#1260

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-28 09:51:06 +08:00
Julien Dusser 241e6dd3e9 build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 19:02:48 +01:00
Julien Dusser df0bd42fde build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
Alexandru Ardelean 953bf6b43d kernel.mk: update LINUX_VERSION filename for cloned repo
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.

The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.

If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Alexandru Ardelean ab6a96f3f5 Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.

No need to limit just to branches.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Kevin Darbyshire-Bryant a30370bbf1 kernel: bump 4.4 to 4.4.112
Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant 9ddfac8015 kernel: bump 4.14 to 4.14.14
Refresh patches.

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:00 +01:00
Koen Vandeputte d29e47f191 config: don't define the same symbol twice
In commit fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
I forgot to remove the initial debug test line.

This clearly is wrong as the same symbol is defined conditionally in the
line below as it should be.

I looked over it as I just checked if the symbol was present now upon
testing it.

Fixes: fce35bce0f ("config: support new symbol intro'd in kernel
4.12")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-17 11:07:17 +01:00
Matthias Schiffer 1e2570dd04
include/package-dumpinfo.mk: don't duplicate source package information for every binary package
Eventually the BUILDONLY package flag could be replaced by simply creating
a package Makefile without any BuildPackage calls. This will fail for now,
as BuildPackage also causes the Makefile's compile target etc. to do
something useful at all.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:45 +01:00
Matthias Schiffer 4bb54ed15e
build: remove obsolete "package feature" feature
Package "features" seem to be unused for some time. In any case, custom
Config.in snippets and package PROVIDES are a much more flexible way to
express similar options.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:45 +01:00
Matthias Schiffer 37cf77d946
treewide: fix build depends to refer to source package names
Build depends must refer to source packages rather than binary package
names.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:44 +01:00
Matthias Schiffer 3abf663c22
build: remove package preconfig feature
This feature has been unused for years, and its scope is too limited to be
actually useful.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:44 +01:00
Koen Vandeputte fce35bce0f config: support new symbol intro'd in kernel 4.12
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.

By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.

Add support for this symbol, as the build will stop otherwise
questioning the user about this option:

* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n

...

Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-13 16:27:45 +01:00
Sven Eckelmann a28bf67c26 build: add image command for CE images
Combined Extended Images V1 can be created easily via the new image
commands using

    IMAGE/sysupgrade.bin/squashfs := append-rootfs | pad-rootfs | combined-ext-image

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:47 +01:00
Kevin Darbyshire-Bryant 7c7586b6d0 kernel: bump 4.14 to 4.14.13
Refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:34:33 +01:00
Kevin Darbyshire-Bryant eceff9ea8f kernel: bump 4.4 to 4.4.111
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:33:40 +01:00
Kevin Darbyshire-Bryant 2228dbf4e6 kernel: bump 4.9 to 4.9.76
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-11 20:32:36 +01:00
Jo-Philipp Wich ab1785b1b2 build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS
When generating per-device rootfs directories, the ./etc/opkg/ directory
is moved away prior to calling opkg install, opkg remove and rootfs_prepare.
After the opkg invocations and the rootfs_prepare macro call, the saved opkg
config directory is supposed to be moved back to its previous ./etc/opkg
location.

The mv command however can fail to properly restore the directory under
certain circumstances, e.g. when the prior opkg or files/ overlay copy
operations caused a new ./etc/opkg/ directory to be created.

In this case, the backed up directory (named target-dir-$hash.opkg) will be
moved into the preexisting ./etc/opkg/ directory instead, causing the opkg
configuration to be located in a wrong path on the final rootfs, e.g. in
/etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of
/etc/opkg/distfeeds.conf.

Solve this problem by replacing the naive "mv" command with a recursive
"cp -T" invocation which causes the backed up directory tree to get merged
with the destination directory in case it already exists.

Also perform the rootfs_prepare macro call after restoring the opkg
configuration, to allow users to override it again by using the files/
overlay mechanism.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-11 18:20:39 +01:00
Jo-Philipp Wich 4700544e40 downloads.mk: introduce name-agnostic PROJECT_GIT variable
Introduce a name-agnostic PROJECT_GIT variable poiting to
https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT
as aliases to it.

After some transition time we can drop this alias variables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:31 +01:00
Kevin Darbyshire-Bryant efb375b579 kernel: bump 4.4 to 4.4.110
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[fix typo in commit msg, conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Kevin Darbyshire-Bryant 1d2590f838 kernel: bump 4.9 to 4.9.75
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Stijn Tintel aa399b4e27 kernel: bump 4.14 to 4.14.12
No patch refresh required.

Compile-tested on: octeon, x86/64.
Runtime-tested on: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-08 20:13:03 +02:00
Stijn Tintel c5ca1c9ab6 kernel: bump 4.14 to 4.14.11
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch

Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.

Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-03 00:07:10 +02:00
Kevin Darbyshire-Bryant 4b275baf91 kernel: bump 4.9 to 4.9.73
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-02 07:14:09 +01:00
Matthias Schiffer 307b29032f
include/package.mk: remove old configured stamps before attempting configuration
Some packages, e.g. busybox, explicitly remove old .configured stamps
before attempting configuration, rather than after the actual configuration
step. This seems like a good idea, as there will be no stamp left if
configuration fails. Change generic rules to work like this, so package-
specific rules can be dropped.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:24:25 +01:00
Kevin Darbyshire-Bryant e547f1692a kernel: bump 4.4 to 4.4.108
Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant 7b6e01d389 kernel: bump 4.9 to 4.9.72
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant b0d99b77e5 kernel: bump 4.4 to 4.4.107
Refresh patches.

Update patch that no longer applied:
oxnas/0072-mtd-backport-v4.7-0day-patches-from-Boris.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
2017-12-23 15:36:01 +01:00
Hauke Mehrtens f704b643b9 kernel: Update kernel 4.9 to 4.9.70
Runtime tested on lantiq.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-19 22:45:27 +01:00
Hauke Mehrtens 5c944d95ec kernel: include: remove last .0 from kernel versions again
Kernel 4.14 has the version number 4.14 and not 4.14.0. This was
different in some older Linux kernel versions, This change makes it
possible to use kernel 4.14 without any minor version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:23 +01:00
Hauke Mehrtens b3f95490b9 kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:19 +01:00
Felix Fietkau 905bbc96ef build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after including package.mk
Reverts commit a9c96ef0ac and replaces it
with a different approach

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-12 12:45:28 +01:00
Jo-Philipp Wich d23e1e1e1a merge: properly remove %n / %N references
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files

Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-09 16:01:14 +01:00
Zoltan HERPAI d2c06eb075 merge: etc: update remaining files
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI 7b5c989ab9 merge: targets: update image generation and targets
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI bf5cef47b3 merge: release/banner: drop release name and update banner
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Stijn Tintel f997478655 kernel: bump 4.9 to 4.9.67
Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 01:41:09 +02:00
Felix Fietkau e23ff063d3 build: avoid failing in append-metadata if image could not be generated
The image build might have failed due to a size check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-04 20:24:51 +01:00
Hans Dedecker c7b052db73 target: replace odhcpd by odhcpd-ipv6only
Replace in router DEFAULT_PACKAGES odhcpd by odhcpd-ipv6only as
such there's no DHCPv4 server functionality overlap with dnsmasq

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-29 22:34:58 +01:00
Justin Kilpatrick 8ee2d3f718 build: accept gcc/g++ without minor version
Build dependency: Please install the GNU C Compiler (gcc) 4.8 or later cc
  -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Build dependency: Please install the GNU C++ Compiler (g++) 4.8 or later
  g++ -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'

Prerequisite check failed. Use FORCE=1 to override.

On my Fedora 26 machine gcc and g++ -dumpversion returns a whole number
'7' failing the regex introduced in commit:

b78de6207f

This change makes minor versions optional in the build dependency regex
for gcc and g++ whenever any minor version would be accepted and the
whole number version is sufficient as a dependency check. For versions
4.* a minor version is still required.

Signed-off-by: Justin Kilpatrick <jkilpatr@redhat.com>
2017-11-26 13:33:51 +01:00
Daniel Engberg b78de6207f toolchain: Test for supported versions of GCC
Only test for supported versions of GCC
The version bump requirement for GCC is because gdb doesn't build with older
versions.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-25 20:17:20 +01:00
Michael Heimpold 2cb75cd8b9 build: allow defining license information per binary package
At the moment, license information can only be specified on a
"per source package" level while other metadata fields (e.g. maintainer)
can be given for each binary package. Apply the same logic for license
fields as well. This can be used e.g. in cases where a library is
distributed under some license while related tools are distributed
under a different one.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2017-11-25 20:02:04 +01:00
Rosen Penev 7a318bc1a1 kernel: Update kernel 4.4 to 4.4.100
Run-tested on ramips

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-25 19:48:39 +01:00
Stijn Tintel 9fe59abef8 kernel: bump 4.9 to 4.9.65
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: ar71xx, octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-24 14:09:11 +02:00
Koen Vandeputte 62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Felix Fietkau b0e6284879 build: fix generating dtb with / in DEVICE_DTS
Fixes layerscape build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-09 14:40:32 +01:00
Jonas Gorski e26ffb31df build: fix module symbol collection if build_dir is a symlink
If PKG_BUILD_DIR contains symlinks, the generated Module.symvers will
contain the resolved paths, not the virtual path with the symlink name.

This breaks the filter for the module's own symbols, so to fix this
ensure we also grep for the resolved path.

Reported-by: Roman Yeryomin <roman@advem.lv>
Tested-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:46 +01:00
Jo-Philipp Wich 2b6facc8d4 include: kernel.mk: simplify module autoloading
Let the generic postinstall script invoke "kmodloader" when the just
installed package contains any /etc/module.d/ entries.

This allows us to skip the explicit "insert_module()" calls in the
package postinstall.

Due to the removed insert_module calls we do not need to assemble a
complete list of modules per package anymore, which allows for vast
simplification of the package generation code.

While we're at it, also support specifying default parameters for
modules using either the MODPARAM or MODPARAM.modulename variables
in KernelPackage.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-07 12:02:06 +01:00
Denis Osvald ee791fa4ab netfilter, iptables: add optional CHECKSUM module
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-11-06 16:39:41 +01:00
Felix Fietkau c6f71ad30b build: fix another regression in append-dtb fix
Filter out duplicate generated code for the same dts files

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-03 16:21:24 +01:00
Felix Fietkau fae5f02912 build: fix regression in append-dtb fix
Strip whitespace from DTS directory
Put the dependency earlier in the chain to avoid make errors

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-03 11:00:20 +01:00
Felix Fietkau 986d9deb3b build: allow calling append-dtb from image build commands
mpc85xx uses this for firmware image files, since the dtb data is not
directly part of the kernel image. This causes build failures in the
image builder.

Fix this by adding a separate build step that runs this call earlier,
reusing the generated file for any calls from kernel or image build
commands.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-02 16:01:18 +01:00
Alif M. Ahmad 23dd6db2ea include/toplevel.mk: Add xconfig target
Add xconfig target to include/toplevel.mk, so that ``make xconfig`` can
be invoked from $TOPDIR to use Qt based configuration tool to prepare
.config file.

The qconf related sources are taken from linux 4.9.13 archive.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-11-02 15:58:45 +01:00
Jonas Gorski 22b5e285ab build: actually fix the creation of PKG_INFO_DIR
The creation was accidentally moved to the wrong hook, fix it by moving
it to the pre hook.

Fixes: e5e5c3f5fd ("build: ensure PKG_INFO_DIR exists before trying to use it")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-28 11:57:39 +02:00
Jonas Gorski e5e5c3f5fd build: ensure PKG_INFO_DIR exists before trying to use it
PKG_INFO_DIR is only created at the finish step of the first package
build, but kernel modules now use it at the start. Doing a parallel build
could cause a kernel module to be the first package, breaking the build.

Fix this by ensuring the directory exists.

Fixes: 2e496876c6 ("kernel: collect module symvers for external modules")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-28 11:19:25 +02:00
Jonas Gorski 2e496876c6 kernel: collect module symvers for external modules
Collect module symvers for all external modules to make them available
for modpost. This fixes dependencies for most external modules.

Example:

Before:

root@LEDE:/# modinfo mt76
module:         /lib/modules/4.4.74/mt76.ko
license:        Dual BSD/GPL
depends:

After:

root@LEDE:/# modinfo mt76
module:         /lib/modules/4.4.74/mt76.ko
license:        Dual BSD/GPL
depends:        mac80211,cfg80211

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Martin Wetterwald 378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Florian Fainelli 474391573b include: Silence external kernel version checks
During the initial configuration phases, we have not set-up the kernel
source directory, which would lead to such messages:

cat:
/local/users/fainelli/openwrt/trunk/build_dir/target-x86_64_musl/linux-uml/linux-4.9.58/include/config/kernel.release:
No such file or directory

Just silence it, since it does not create a functional problem.

Fixes: 8e0e0e7d8b ("include: Determine MODULES_DIR correctly for external/git kernels")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-24 16:59:15 -07:00
Florian Larysch f28b3bb56a kernel: fixup KARCH for powerpc64 builds
The kernel calls both ppc64 and ppc32 "powerpc", so we need to fixup
LINUX_KARCH when building with ARCH=powerpc64.

Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch 56ed89f078 target: add cpu flags for powerpc64
Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch 555985ac90 include/site: add powerpc64 config
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:04 +02:00
Florian Fainelli 818f36aa14 include: Include new location for DT bindings
Starting with commit d5d332d3f7e8 ("devicetree: Move include prefixes
from arch to separate directory") included in 4.12 and newer relocated
the dt-bindings directory, so account for that while passing CPPFLAGS
before DTC runs.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:39:29 -07:00
Stijn Tintel 834810617e kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 17:23:34 +03:00
Kevin Darbyshire-Bryant 398edca82e kernel: bump 4.4 to 4.4.93
No patch refresh required.

Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-15265
- CVE-2017-0786

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:14 +03:00
Kevin Darbyshire-Bryant 886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Kevin Darbyshire-Bryant f251a795f2 kernel: bump 4.4 to 4.4.92
No patch refresh changes required.

Compile tested for: ar71xx Archer C7 v2
Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-14 00:13:35 +02:00
Alexander Couzens 49b84624eb image-commands: tplink-v2-header: pass kernel loadaddr and entry
Initramfs images won't boot if the default loadaddr and entrypont is
different.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-10-09 16:10:05 +02:00
Stijn Tintel f12c42940d kernel: bump 4.9 to 4.9.54
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch

Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Kevin Darbyshire-Bryant e77fa68f1f kernel: bump 4.4 to 4.4.91
Refresh patches.

Compile-tested for: ar71xx Archer C7 v2
Run-tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-08 20:51:03 +03:00
Stijn Tintel f625df7ab8 kernel: update 4.9 to 4.9.53
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Kevin Darbyshire-Bryant ae2a8a3b9b kernel: update 4.4 to 4.4.90
No patch refresh required.

Compile & run tested: ar71xx Archer C7 v2

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[reference fixed CVEs]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Thibaut VARÈNE 254061ee97 build: add mktplinkfw2 hardcoded values to makefile
This patch adds all the board-specific values currently hardcoded
in mktplinkfw2.c back to the respective device declarations in the
makefiles.

The rationale is to avoid modifying the source code every time a
new board or board variant is added.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2017-10-06 08:28:41 +02:00
Felix Fietkau 603900ef82 build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errors
Certain functions are available in system headers, but only work on
macOS 10.13

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-05 21:14:43 +02:00
Kevin Darbyshire-Bryant 657f2a1ff8 kernel: update 4.4 to 4.4.89
Refresh patches.
Compile & run tested on ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-29 07:42:43 +03:00
Stijn Tintel fde7688055 kernel: update 4.9 to 4.9.52
Refresh patches.
Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:50 +03:00
Stijn Tintel 6e48eb22b8 kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-20 23:50:55 +03:00
Sandeep Sheriker Mallikarjun feb1907270 build: add image command for installing zImage file.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:00:25 +02:00
Philip Prindeville 76ba01a392 build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-20 08:50:49 +02:00
Stijn Tintel e37c7636ee kernel: update 4.9 to 4.9.50
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.

Fixes CVE-2017-1000251.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2017-09-18 04:35:57 +03:00
Florian Fainelli bb83c9dcca kernel: update to 3.18.71
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 02:08:18 +03:00
Kevin Darbyshire-Bryant 820101873d kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx  Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-16 19:27:08 +02:00
Stijn Tintel d5b7215e31 kernel: update 4.9 to 4.9.49
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes CVE-2017-11600.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant 09735db18b kernel: update 4.4 to 4.4.87
Fixes CVE-2017-11600

No patch refresh required

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-09 09:55:25 +02:00
Kevin Darbyshire-Bryant 9c82861cb8 kernel: update 4.4 to 4.4.86
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-05 08:43:39 +02:00
Stijn Tintel 046618f5da kernel: update 4.9 to 4.9.47
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 22:06:28 +03:00
Kevin Darbyshire-Bryant 3435de8c16 kernel: update 4.4 to 4.4.85
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-31 19:14:52 +02:00
Koen Vandeputte 40213cc154 kernel: update 4.9 to 4.9.45
Refreshed all patches

Compiled & run-tested on targets: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-30 17:05:10 +02:00
Kevin Darbyshire-Bryant 364befeccf kernel: update 4.4 to 4.4.83
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[cleanup commit message, add compile/runtime tested]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 14:31:45 +02:00
Stijn Tintel 2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
John Crispin 74d00a8c38 kernel: split patches folder up into backport, pending and hack folders
* properly format/comment all patches
* merge debloat patches
* merge Kconfig patches
* merge swconfig patches
* merge hotplug patches
* drop 200-fix_localversion.patch - upstream
* drop 222-arm_zimage_none.patch - unused
* drop 252-mv_cesa_depends.patch - no longer required
* drop 410-mtd-move-forward-declaration-of-struct-mtd_info.patch - unused
* drop 661-fq_codel_keep_dropped_stats.patch - outdated
* drop 702-phy_add_aneg_done_function.patch - upstream
* drop 840-rtc7301.patch - unused
* drop 841-rtc_pt7c4338.patch - upstream
* drop 921-use_preinit_as_init.patch - unused
* drop spio-gpio-old and gpio-mmc - unused

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-05 08:46:36 +02:00
Hauke Mehrtens 39e8ab17d5 kernel: update kernel 4.4 to version 4.4.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:26 +02:00
Hauke Mehrtens 88f3c63572 kernel: update kernel 4.9 to version 4.9.40
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:17 +02:00
Piotr Dymacz f08f754993 build: move mktplinkfw-combined command to image-commands.mk
We will need "mktplinkfw-combined" command also in the "ramips" target
for new MediaTek based TP-Link devices, with "safeloader" image type.

Also, rename the command to "tplink-v1-header", use "VERSION_DIST"
variable instead of "OpenWrt" and allow passing additional parameters.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-07-22 23:29:50 +02:00
Jo-Philipp Wich 3e26340a2e Revert "kernel: do not try to probe builtin modules on empty kmod package install"
This change currently causes some issues with loading out of tree kernel modules
so revert that commit for now.

Reverts commit 34c01e68b5. Fixes FS#919.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-21 18:55:19 +02:00
Jonas Gorski 34c01e68b5 kernel: do not try to probe builtin modules on empty kmod package install
Builtin modules are always present, and trying to load them will cause
modprobe to spew errors when installing the empty kmod packages.

Fix this by never generating any postinst module install instructions
for builtin modules.

Fixes #842.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-07-20 12:49:09 +02:00
Mathias Kresin 9fe9175c2f image: fix ar71xx legacy images
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:

- an already jffs2 padded squashfs rootfs is overwritten
  with an unpadded/raw one.

- the squashfs-raw and squashfs-64k rootfs are not replaced by the
  ones including the DEVICE_PACKAGES

Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.

Fixes: FS#904

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 07:02:59 +02:00
Koen Vandeputte cd54b2d42b kernel: update kernel 4.9 to 4.9.37
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:

473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed

403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0

180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item

Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-07-15 00:13:05 +02:00
Alin Nastac d8748e537f netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2017-07-11 22:09:57 +02:00
Piotr Dymacz 5b7f592251 build: move mktplinkfw2 related commands to image-commands.mk
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Piotr Dymacz 7d6c63d875 build: rename TPLINK_BOARD_NAME to TPLINK_BOARD_ID
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-06-29 10:37:36 +02:00
Stijn Tintel f80963d4d1 kernel: update kernel 4.4 to 4.4.74
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:42:50 +02:00
Koen Vandeputte 69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00
Mathias Kresin e7cd6f5d66 ar71xx: add AVM FRITZ!WLAN Repeater 300E support
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)

To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Mathias Kresin 8e0d7d6574 build: move lzma2eva build step to image-commands.mk
Move it to image-commands.mk so that it can used by other targets with
eva based boards as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Hauke Mehrtens 3ce60ba0a1 build: Fix not altering KERNELRELEASE for external kernel
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054bec ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb ("include: Do not alter KERNELRELEASE for
external/git kernels").

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-19 20:39:33 +02:00
Alexander Couzens e5fc15bf9a build: move definition of KBUILD_BUILD_TIMESTAMP to include/kernel.mk
Fixes: 0aed054bec (build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS
variables and move to kernel.mk)

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-17 15:09:57 +02:00
Alexander Couzens acc5ab6b92
include/toplevel: set env GIT_ASKPASS=/bin/true
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-08 17:20:55 +02:00
Felix Fietkau 737b063cc2 build: ensure that flock is available for make download
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-08 11:43:15 +02:00
Jo-Philipp Wich 55623a9c83 kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 01:03:39 +02:00
Hauke Mehrtens b9600b8542 kernel: really select kernel 4.4.71
The previous commit f4a4f324cb ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-07 23:01:35 +02:00
Jo-Philipp Wich f4a4f324cb kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-07 21:40:42 +02:00
Felix Fietkau fec38ebf0d kernel: fix segmentation fault in mconf on linux
Commit 86c966a8ae caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.

Fix this by adding the extra override for HOST_LOADLIBES only on macOS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-07 18:31:10 +02:00
Felix Fietkau 0aed054bec build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-07 18:31:10 +02:00
Jonas Gorski 2ab0963971 build: fix kernel refresh failure on first run
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.

Fixes: 36ba6237d6 ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-06-04 10:36:48 +02:00
Felix Fietkau 1a341e89a7 build: fix kmod package build on non-GNU systems
BSD paste requires a filename argument, and it accepts - to use stdin as
intended.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-29 14:27:08 +02:00
Yousong Zhou 546e20e836 build: fix possible issue with kmod package having multiple AutoLoad's
This commit contains the following changes

 - Use local shell var where appliable
 - The $(sort $$$$$$$$mods) call will have no expected effect
 - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
 - Avoid duplicate arguments for insert_modules() in postinst-pkg

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-27 11:21:55 +08:00
Hauke Mehrtens 7142cb45b4 kernel: update kernel 4.4 to 4.4.70
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Hauke Mehrtens 0b17375931 kernel: update kernel 4.9 to 4.9.30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Felix Fietkau 4b8a7c9b48 build: fix QUILT related overrides
They need to be defined before including quilt.mk

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 20:42:45 +02:00
Felix Fietkau 36ba6237d6 build: fix quilt for mixed package/host builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau 221f323782 build: set QUILT=1 automatically when calling package host build refresh
Makes behavor consistent with package builds and regular host builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau f62f4b3c5c build: stop overriding STAGING_DIR_HOST for toolchain build
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Florian Fainelli 8e0e0e7d8b include: Determine MODULES_DIR correctly for external/git kernels
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.

To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-25 09:22:43 +02:00
Florian Fainelli b6746a6ffb include: Do not alter KERNELRELEASE for external/git kernels
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-25 09:22:43 +02:00
Florian Fainelli d0a6340717 Revert "kernel: prevent addition of scm marker to localversion"
This reverts commit 0df2c6563a since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-25 09:22:43 +02:00
Koen Vandeputte e842e16f45 kernel: update kernel 4.9 to 4.9.29
- Refresh all patches
- Removed upstreamed
- Adapted 1

Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:51:22 +02:00
Kevin Darbyshire-Bryant 088e28772c kernel: update kernel 4.4 to version 4.4.69
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:

062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block

Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.

Run tested ar71xx Archer C7 v2 and lantiq.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:48:16 +02:00
Michal Sojka aa8e91a1e4 image.mk: Generate cpiogz with root-owned files
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.

Other image types (at least targz and squashfs) already have this.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-05-14 21:43:17 +02:00
Sergey Ryazanov e06d8f0f6f build: new fixes for symlinked .config handling
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.

This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.

The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc.

Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-05-11 00:53:05 +02:00
Felix Fietkau ddbb036bbb build: allow val.% targets to bypass the prepare steps
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-05 13:14:00 +02:00
Yousong Zhou 7842ccecc0 build: reset ALTERNATIVES field in Package/Default
Otherwise ipkg packages may wrongly take on alternatives specs of
another package sharing the same package Makefile

Fixes FS#753

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-03 17:40:46 +08:00
Yousong Zhou 73bc636aba build: ipkg: new field Alternatives
It's a list of specs of the following form seprated by commas to
describe alternatives provided by this package

    <prio>:<path>:<altpath>

<path> will be a symbolic link to <altpath> of the highest <prio>

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:10:51 +08:00
Yousong Zhou dac629f710 build: cleanup tmp/ dir of target rootfs
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:10:50 +08:00
Daniel Engberg edda8ecd79 include/packages-defaults.mk: Remove LARGEFILE option
Remove LARGEFILE option, support was removed back in 2011 (OpenWrt rev 25208).

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-04-26 13:39:11 +02:00
Sergey Ryazanov 5bf98b1acc build: fix symlinked .config handling
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.

This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-04-26 11:34:41 +02:00
John Crispin 003e15221a include/image.mk: allow passing a compat string to the NAND image template
Signed-off-by: John Crispin <john@phrozen.org>
2017-04-24 11:11:52 +02:00
Yousong Zhou b889d1e3cf build: fix aarch64 default cpu selection
Not sure since when the issue emerged, but according to the current doc of gcc
and as, armv8-a is intended as argument of -march

The change will affect at the moment arm64 and layerscape/64b

Below is the relevant error messages when building toolchain

    Assembler messages:
    Error: unknown cpu `armv8-a'
    Error: unrecognized option -mcpu=armv8-a
    /home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-04-23 09:19:33 +08:00
Jo-Philipp Wich aefa195749 kernel: update kernel 4.4 to 4.4.61
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-15 18:26:41 +02:00
Felix Fietkau b044bd5921 build: remove package makefile overlay functionality
Recent attempts to use it have shown that it does not work properly
except for a few undocumented cases. It's better to remove this now to
avoid having more people fall into the same trap

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-12 09:53:06 +02:00
Rafał Miłecki f6433eede7 kernel: move initramfs's init script out of base-files
Keeping it in base-files was resulting in adding it to the base-files
package. This file is meant to be included manually for initramfs
images only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-04-04 14:06:40 +02:00
Felix Fietkau 68139cc0e8 u-boot.mk: pass HOSTCC and HOST_CFLAGS into the build
Cuts build time on Mac OS X in half by avoiding repeated $(shell) calls
from the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-04 12:34:23 +02:00
Philip Prindeville d3bc11857a target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping
If someone creates a target and indicates a CPU_TYPE, but there's
no corresponding support for that CPU_TYPE's flags in include/target.mk
then that should probably be indicated rather than silently ignored.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-04-04 12:34:13 +02:00
Felix Fietkau 6411a12de2 build: move PKG_CONFIG_DEPENDS from feeds.mk to opkg
Normal packages don't rely on the feed configuration variables for the
build step

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-03 08:51:33 +02:00
Hauke Mehrtens c3778f2647 kernel: update kernel 4.4 to 4.4.59
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:48:00 +02:00
Hauke Mehrtens b26e34214c kernel: update kernel 4.9 to 4.9.20
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:47:55 +02:00
Hauke Mehrtens fb7ea71c15 kernel: update kernel 4.9 to 4.9.17
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:19 +02:00
Hauke Mehrtens 88b125e9a4 kernel: update kernel 4.4 to 4.4.56
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:12 +02:00
Felix Fietkau 89118da865 build: fix STAMP_PREPARED with quilt
quilt.mk needs to be included first, to ensure that STAMP_PREPARED does
not include the hash if quilt is used.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-22 20:17:20 +01:00
Felix Fietkau 370d740647 kernel: do not try to copy vmlinux out of arch/$(ARCH)/boot
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-22 11:43:22 +01:00
John Crispin eb3ac8281b include: add KERNEL_LOAD_ADDR to TARGET_VARS
This will allow us to override the variable from within a Device template.

Signed-off-by: John Crispin <john@phrozen.org>
2017-03-22 09:45:18 +01:00
Hauke Mehrtens 7c7ea09004 include: Add nomips16 CPU_SUBTYPE
This can be used to indicate that a target does not support the optional mips16
extension even when it is a mips32r2 or later CPU.

This will generate a separate toolchain and a separate package folder,
e.g. mips_24kc_nomips16

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-03-20 22:04:45 +01:00
Felix Fietkau aab0b0704a build: fix high cpu usage / hang in prereq-build.mk
host-build.mk should not be included for prereq

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-18 21:50:46 +01:00
Felix Fietkau 1f12a3daaa kernel: speed up build system by getting rid of redundant work
KERNELRELEASE contains a $(shell) call which is evaluated over and over
again.
The call to checksyscalls.sh is unnecessary for LEDE and also takes a
few seconds to complete.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-16 19:14:09 +01:00
Felix Fietkau a9c96ef0ac build: improve performance by avoiding lazy-eval for make shell calls
Avoids lots of redundant calls to mkhash on things like
package/kernel/linux

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-16 19:13:47 +01:00
Felix Fietkau 0d6494daf5 image.mk: force kernel rebuild on every run
DTS dependencies are not processed correctly so makes it safer against
poentially stale builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-13 13:33:50 +01:00
Hauke Mehrtens 31c6452107 kernel: update kernel 4.4 to 4.4.53
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-12 15:46:02 +01:00
Hauke Mehrtens 9a065fcfec kernel: update kernel 4.9 to 4.9.14
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-12 15:45:50 +01:00
Joseph C. Lehner 2c2fc50d06 build: make NETGEAR_REGION optional in netgear-chk
This patch makes specifying NETGEAR_REGION optional, in which case
mkchkimage will default to region 1 (WW).

Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
2017-03-12 09:28:19 +01:00
Kevin Darbyshire-Bryant f229f4af31 kernel: update kernel 4.4 to 4.4.52
Bump kernel from 4.4.50 to 4.4.52

Refresh patches

Compile tested all 4.4. targets

Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-03-03 18:17:47 +01:00
Ansuel Smith a0a9ba0464 kernel: update 4.9 to 4.9.13
refresh patch 630-packet_socket_type

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-27 11:39:31 +01:00
Felix Fietkau 1f22957247 build: clean up redundant touching of the package install info file
Instead of using a separate .clean stamp file, remove the install info
file on compile, then append the install package list afterwards

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-26 13:31:44 +01:00
Felix Fietkau 9467ce42da build: get rid of host.mk
Defined required host related variables in toplevel.mk instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-26 13:31:44 +01:00
Felix Fietkau be206eba3a build: get rid of FIND_L from host.mk
This was added for Mac OS X many years ago, but recent versions also
support find -L

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-26 13:31:44 +01:00
Ansuel Smith 9c3e29033d kernel: update 4.9 to 4.9.12
Refresh generic patch

Compiled and tested WRT1900ACS

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-26 08:44:26 +01:00
Kevin Darbyshire-Bryant 91a65f6c88 kernel: update kernel 4.4 to 4.4.50
Bump kernel from 4.4.49 to 4.4.50

Compile tested: All targets

Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-23 10:40:21 +01:00