Commit Graph

9 Commits (1063d904b78297b3e21a352bed19bd312235ff65)

Author SHA1 Message Date
Koen Vandeputte 7a9afb8783 kernel: bump 4.9 to 4.9.123
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Axel Neumann 65c05301c2 Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.

The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.

Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-23 09:47:05 +02:00
Kevin Darbyshire-Bryant 7dca1bae82 kernel: bump to 4.9.105
Refresh patches.

Drop patches that have been upstreamed:
target/linux/ar71xx/patches-4.9/106-01-MIPS-ath79-fix-AR724X_PLL_REG_PCIE_CONFIG-offset.patch
target/linux/generic/backport-4.9/095-v4.12-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch
target/linux/generic/pending-4.9/180-net-phy-at803x-add-support-for-AT8032.patch
target/linux/generic/pending-4.9/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
target/linux/generic/pending-4.9/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-01 08:25:14 +02:00
Kevin Darbyshire-Bryant 9aa196e0f2 kernel: bump 4.9 to 4.9.96
Refresh patches, following required reworking:

ar71xx/patches-4.9/930-chipidea-pullup.patch
layerscape/patches-4.9/302-dts-support-layercape.patch
sunxi/patches-4.9/0052-stmmac-form-4-12.patch

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092

Tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Arjen de Korte <build+openwrt@de-korte.org>
2018-04-26 08:53:54 +02:00
Koen Vandeputte cfc5867bce kernel: bump 4.9 to 4.9.86
- Refreshed all patches
- Removed 1 patch which got upstreamed

Compile tested on: ar71xx (Rocket M5, Mikrotik RB2011)
Runtime tested on: ar71xx (Rocket M5, Mikrotik RB2011)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-09 22:13:19 +01:00
Kevin Darbyshire-Bryant d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant 886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Stijn Tintel 2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
John Crispin 74d00a8c38 kernel: split patches folder up into backport, pending and hack folders
* properly format/comment all patches
* merge debloat patches
* merge Kconfig patches
* merge swconfig patches
* merge hotplug patches
* drop 200-fix_localversion.patch - upstream
* drop 222-arm_zimage_none.patch - unused
* drop 252-mv_cesa_depends.patch - no longer required
* drop 410-mtd-move-forward-declaration-of-struct-mtd_info.patch - unused
* drop 661-fq_codel_keep_dropped_stats.patch - outdated
* drop 702-phy_add_aneg_done_function.patch - upstream
* drop 840-rtc7301.patch - unused
* drop 841-rtc_pt7c4338.patch - upstream
* drop 921-use_preinit_as_init.patch - unused
* drop spio-gpio-old and gpio-mmc - unused

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-05 08:46:36 +02:00