We don't need two versions of this. The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
In addition to backslash and ampersand needing to be escaped for
simple sed RHS strings, we also need to escape comma since we're
using that as our s/// delimiter.
Pass everything through a macro filter to sanitize it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Fixes FS#1260
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.
The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.
If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.
No need to limit just to branches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
In commit fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
I forgot to remove the initial debug test line.
This clearly is wrong as the same symbol is defined conditionally in the
line below as it should be.
I looked over it as I just checked if the symbol was present now upon
testing it.
Fixes: fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Eventually the BUILDONLY package flag could be replaced by simply creating
a package Makefile without any BuildPackage calls. This will fail for now,
as BuildPackage also causes the Makefile's compile target etc. to do
something useful at all.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Package "features" seem to be unused for some time. In any case, custom
Config.in snippets and package PROVIDES are a much more flexible way to
express similar options.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This feature has been unused for years, and its scope is too limited to be
actually useful.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Symbol CONFIG_INITRAMFS_FORCE allows to ignore the value passed by the
bootloader.
By default, all symbols containing INITRAMFS are wiped from the final
config and then re-added conditionally.
Add support for this symbol, as the build will stop otherwise
questioning the user about this option:
* Restart config...
*
*
* General setup
*
Cross-compiler tool prefix (CROSS_COMPILE) []
Compile also drivers which will not load (COMPILE_TEST) [N/y/?] n
...
Initial RAM filesystem and RAM disk (initramfs/initrd) support
(BLK_DEV_INITRD) [Y/n/?] y
Initramfs source file(s) (INITRAMFS_SOURCE) []
Ignore the initramfs passed by the bootloader (INITRAMFS_FORCE)
[N/y/?] (NEW)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Combined Extended Images V1 can be created easily via the new image
commands using
IMAGE/sysupgrade.bin/squashfs := append-rootfs | pad-rootfs | combined-ext-image
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
When generating per-device rootfs directories, the ./etc/opkg/ directory
is moved away prior to calling opkg install, opkg remove and rootfs_prepare.
After the opkg invocations and the rootfs_prepare macro call, the saved opkg
config directory is supposed to be moved back to its previous ./etc/opkg
location.
The mv command however can fail to properly restore the directory under
certain circumstances, e.g. when the prior opkg or files/ overlay copy
operations caused a new ./etc/opkg/ directory to be created.
In this case, the backed up directory (named target-dir-$hash.opkg) will be
moved into the preexisting ./etc/opkg/ directory instead, causing the opkg
configuration to be located in a wrong path on the final rootfs, e.g. in
/etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of
/etc/opkg/distfeeds.conf.
Solve this problem by replacing the naive "mv" command with a recursive
"cp -T" invocation which causes the backed up directory tree to get merged
with the destination directory in case it already exists.
Also perform the rootfs_prepare macro call after restoring the opkg
configuration, to allow users to override it again by using the files/
overlay mechanism.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Introduce a name-agnostic PROJECT_GIT variable poiting to
https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT
as aliases to it.
After some transition time we can drop this alias variables.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch
Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.
Compile-tested on x86/64.
Runtime-tested on x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Some packages, e.g. busybox, explicitly remove old .configured stamps
before attempting configuration, rather than after the actual configuration
step. This seems like a good idea, as there will be no stamp left if
configuration fails. Change generic rules to work like this, so package-
specific rules can be dropped.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Kernel 4.14 has the version number 4.14 and not 4.14.0. This was
different in some older Linux kernel versions, This change makes it
possible to use kernel 4.14 without any minor version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files
Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Replace in router DEFAULT_PACKAGES odhcpd by odhcpd-ipv6only as
such there's no DHCPv4 server functionality overlap with dnsmasq
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Build dependency: Please install the GNU C Compiler (gcc) 4.8 or later cc
-dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Build dependency: Please install the GNU C++ Compiler (g++) 4.8 or later
g++ -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Prerequisite check failed. Use FORCE=1 to override.
On my Fedora 26 machine gcc and g++ -dumpversion returns a whole number
'7' failing the regex introduced in commit:
b78de6207f
This change makes minor versions optional in the build dependency regex
for gcc and g++ whenever any minor version would be accepted and the
whole number version is sufficient as a dependency check. For versions
4.* a minor version is still required.
Signed-off-by: Justin Kilpatrick <jkilpatr@redhat.com>
Only test for supported versions of GCC
The version bump requirement for GCC is because gdb doesn't build with older
versions.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
At the moment, license information can only be specified on a
"per source package" level while other metadata fields (e.g. maintainer)
can be given for each binary package. Apply the same logic for license
fields as well. This can be used e.g. in cases where a library is
distributed under some license while related tools are distributed
under a different one.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
If PKG_BUILD_DIR contains symlinks, the generated Module.symvers will
contain the resolved paths, not the virtual path with the symlink name.
This breaks the filter for the module's own symbols, so to fix this
ensure we also grep for the resolved path.
Reported-by: Roman Yeryomin <roman@advem.lv>
Tested-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Let the generic postinstall script invoke "kmodloader" when the just
installed package contains any /etc/module.d/ entries.
This allows us to skip the explicit "insert_module()" calls in the
package postinstall.
Due to the removed insert_module calls we do not need to assemble a
complete list of modules per package anymore, which allows for vast
simplification of the package generation code.
While we're at it, also support specifying default parameters for
modules using either the MODPARAM or MODPARAM.modulename variables
in KernelPackage.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
mpc85xx uses this for firmware image files, since the dtb data is not
directly part of the kernel image. This causes build failures in the
image builder.
Fix this by adding a separate build step that runs this call earlier,
reusing the generated file for any calls from kernel or image build
commands.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add xconfig target to include/toplevel.mk, so that ``make xconfig`` can
be invoked from $TOPDIR to use Qt based configuration tool to prepare
.config file.
The qconf related sources are taken from linux 4.9.13 archive.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
The creation was accidentally moved to the wrong hook, fix it by moving
it to the pre hook.
Fixes: e5e5c3f5fd ("build: ensure PKG_INFO_DIR exists before trying to use it")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
PKG_INFO_DIR is only created at the finish step of the first package
build, but kernel modules now use it at the start. Doing a parallel build
could cause a kernel module to be the first package, breaking the build.
Fix this by ensuring the directory exists.
Fixes: 2e496876c6 ("kernel: collect module symvers for external modules")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Collect module symvers for all external modules to make them available
for modpost. This fixes dependencies for most external modules.
Example:
Before:
root@LEDE:/# modinfo mt76
module: /lib/modules/4.4.74/mt76.ko
license: Dual BSD/GPL
depends:
After:
root@LEDE:/# modinfo mt76
module: /lib/modules/4.4.74/mt76.ko
license: Dual BSD/GPL
depends: mac80211,cfg80211
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.
I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!
https://dev.openwrt.org/ticket/16694https://dev.openwrt.org/ticket/19661
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
During the initial configuration phases, we have not set-up the kernel
source directory, which would lead to such messages:
cat:
/local/users/fainelli/openwrt/trunk/build_dir/target-x86_64_musl/linux-uml/linux-4.9.58/include/config/kernel.release:
No such file or directory
Just silence it, since it does not create a functional problem.
Fixes: 8e0e0e7d8b ("include: Determine MODULES_DIR correctly for external/git kernels")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
The kernel calls both ppc64 and ppc32 "powerpc", so we need to fixup
LINUX_KARCH when building with ARCH=powerpc64.
Signed-off-by: Florian Larysch <fl@n621.de>
Starting with commit d5d332d3f7e8 ("devicetree: Move include prefixes
from arch to separate directory") included in 4.12 and newer relocated
the dt-bindings directory, so account for that while passing CPPFLAGS
before DTC runs.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
No patch refresh required.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on ar71xx - Archer C7 v2
Fixes the following CVEs:
- CVE-2017-15265
- CVE-2017-0786
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch adds all the board-specific values currently hardcoded
in mktplinkfw2.c back to the respective device declarations in the
makefiles.
The rationale is to avoid modifying the source code every time a
new board or board variant is added.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes CVE-2017-11600.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.
Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We will need "mktplinkfw-combined" command also in the "ramips" target
for new MediaTek based TP-Link devices, with "safeloader" image type.
Also, rename the command to "tplink-v1-header", use "VERSION_DIST"
variable instead of "OpenWrt" and allow passing additional parameters.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This change currently causes some issues with loading out of tree kernel modules
so revert that commit for now.
Reverts commit 34c01e68b5. Fixes FS#919.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Builtin modules are always present, and trying to load them will cause
modprobe to spew errors when installing the empty kmod packages.
Fix this by never generating any postinst module install instructions
for builtin modules.
Fixes#842.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
If TARGET_PER_DEVICE_ROOTFS and DEVICE_PACKAGES are used for ar71xx
legacy images:
- an already jffs2 padded squashfs rootfs is overwritten
with an unpadded/raw one.
- the squashfs-raw and squashfs-64k rootfs are not replaced by the
ones including the DEVICE_PACKAGES
Call Image/Build/squashfs after the DEVICE_PACKAGES are added to the
base squashfs rootfs to fix the issues.
Fixes: FS#904
Signed-off-by: Mathias Kresin <dev@kresin.me>
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:
473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed
403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0
180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item
Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)
Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)
To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1
Signed-off-by: Mathias Kresin <dev@kresin.me>
When an external kernel tree is used the version should not get
modified by the LEDE build scripts. This was added by Florian some time
ago.
The commit 0aed054bec ("build: add KERNEL_MAKE and
KERNEL_MAKE_FLAGS variables and move to kernel.mk") breaks this feature
introduced in b6746a6ffb ("include: Do not alter KERNELRELEASE for
external/git kernels").
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When git-https request a service (e.g. github) which ask for credentials
git will pass this request to the user resulting download.pl to wait for
user input. Set GIT_ASKPASS to stop asking.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
It ensures that make download can parallelize downloads, even when some
packages download the same files (e.g. gcc/initial, gcc/final)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The previous commit f4a4f324cb ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit 86c966a8ae caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.
Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override {HOST_}QUILT before making decisions based on it, else it will
cause target/linux/refresh to fail on first run.
Fixes: 36ba6237d6 ("build: fix quilt for mixed package/host builds")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit contains the following changes
- Use local shell var where appliable
- The $(sort $$$$$$$$mods) call will have no expected effect
- Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
- Avoid duplicate arguments for insert_modules() in postinst-pkg
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This causes various issues in other places that assume that host
binaries are staged in STAGING_DIR_HOST.
Since all the right places use HOST_BUILD_PREFIX, override that instead.
This fixes some issues with quilt on toolchain dirs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When using external or git cloned kernels, any kind of modifications
will alter KERNELRELEASE. LEDE still tries to stage modules in
lib/modules/$(LINUX_UNAME_VERSION) and LINUX_UNAME_VERSION is based on
KERNEL_PATCHVER (indirectly) so this does not work, and we lose all
kinds of automatic modules loading.
To remedy that, just cat $(LINUX_DIR)/include/config/kernel.release
which is late enough the kernel has prepared this file, and is correctly
tracking changes done throughout the kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
In case we use external and/or git cloned kernels, let the kernel
determine the appropriate KERNELRELEASE. We cannot used
LINUX_UNAME_VERSION because that one gets determined at a later time,
when the kernel is already built proper.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This reverts commit 0df2c6563a since it
gets in the way of identifying properly which kernel we are running.
This is particularly important if LEDE is using external kernels/git
cloned kernels. We want to make sure we only load modules from that
specific kernel.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Refresh patches. A number of patches have landed upstream & hence are no
longer required locally:
062-[1-6]-MIPS-* series
042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup
as it was incorrectly included upstream thus dropped from LEDE.
As it has now been reverted upstream it needs to be included again for
LEDE.
Run tested ar71xx Archer C7 v2 and lantiq.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[update from 4.4.68 to 4.4.69]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.
Other image types (at least targz and squashfs) already have this.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.
This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.
The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc.
Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Otherwise ipkg packages may wrongly take on alternatives specs of
another package sharing the same package Makefile
Fixes FS#753
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It's a list of specs of the following form seprated by commas to
describe alternatives provided by this package
<prio>:<path>:<altpath>
<path> will be a symbolic link to <altpath> of the highest <prio>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.
This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.
Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Not sure since when the issue emerged, but according to the current doc of gcc
and as, armv8-a is intended as argument of -march
The change will affect at the moment arm64 and layerscape/64b
Below is the relevant error messages when building toolchain
Assembler messages:
Error: unknown cpu `armv8-a'
Error: unrecognized option -mcpu=armv8-a
/home/yousong/git-repo/lede-project/lede/build_dir/toolchain-aarch64_armv8-a_gcc-5.4.0_musl/gcc-5.4.0/libgcc/libgcc2.c:1:0: error: unknown value 'armv8-a' for -mcpu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Recent attempts to use it have shown that it does not work properly
except for a few undocumented cases. It's better to remove this now to
avoid having more people fall into the same trap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Keeping it in base-files was resulting in adding it to the base-files
package. This file is meant to be included manually for initramfs
images only.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If someone creates a target and indicates a CPU_TYPE, but there's
no corresponding support for that CPU_TYPE's flags in include/target.mk
then that should probably be indicated rather than silently ignored.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
quilt.mk needs to be included first, to ensure that STAMP_PREPARED does
not include the hash if quilt is used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This can be used to indicate that a target does not support the optional mips16
extension even when it is a mips32r2 or later CPU.
This will generate a separate toolchain and a separate package folder,
e.g. mips_24kc_nomips16
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
KERNELRELEASE contains a $(shell) call which is evaluated over and over
again.
The call to checksyscalls.sh is unnecessary for LEDE and also takes a
few seconds to complete.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch makes specifying NETGEAR_REGION optional, in which case
mkchkimage will default to region 1 (WW).
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Bump kernel from 4.4.50 to 4.4.52
Refresh patches
Compile tested all 4.4. targets
Run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Instead of using a separate .clean stamp file, remove the install info
file on compile, then append the install package list afterwards
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bump kernel from 4.4.49 to 4.4.50
Compile tested: All targets
Run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The @ sign in front of the "mv" command was significantly suppressing
output to stdout. When reviewing the make/build logs it was tricking
me a whole lot and it mad me lose time. Removing the @ sign will get
stdout and logs right about what happened when.
Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
cmake checks the build system and its variables on its own to detect if
the makefiles need to be regenerated.
Unfortunately this can invalidate overrides passed in the
Build/Configure step. On non-Linux systems this breaks the build when
switching between targets of the same package architecture.
Fix this by forcibly disabling the build system check and relying on the
LEDE build system to take care of these things
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running "make kernel_menuconfig" in a clean tree, it fails with:
make[1]: *** No rule to make target 'tools/quilt/install'. Stop.
Replacing the dependency with 'tools/quilt/compile' fixes the issue (quilt
and all its prerequisites will be built, and quilt will be installed in
staging_dir).
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
-mXXX option is deprecated already in arc-2016.03 toolchain
and removed completely starting from arc-2016.09.
Direct replacement is -mcpu=XXX which is already supported by
arc-2016.03 used today in Lede.
With that change we'll be ready for ARC toolchain update still
keeping everything working with current tools.
Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
Cc: John Crispin <john@phrozen.org>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.
Runtime-tested on ar71xx, octeon, ramips and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch moves the fakeroot code required by some devices to
`image-commands.mk`.
Create the fakeroot on the fly by using the undocumented -s (skip copy)
parameter of mkimage.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
[remove unused NETGEAR_KERNEL_MAGIC, remove workarounds to have a dummy
rootfs for mkimage]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refreshed patches for all supported targets.
Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64.
Run-tested on ar71xx, cns3xxx, imx6 and mt7621.
Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Since the main stamp file depends on the _check stampfile, the _check
stampfile needs to be created on the first run as well.
Fixes spurious rebuilds with CONFIG_AUTOREBUILD=y
Signed-off-by: Felix Fietkau <nbd@nbd.name>
some of Buffalo DHP series use slightly different trx magic, buffalo-enc,
buffalo-tag, and factory image begin with 'bgn'.
this patch adds support for building those images.
Signed-off-by: FUKAUMI Naoki <naobsd@gmail.com>
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.
.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
If the base-files package is not selected, we will fail executing the
very first postinst script:
make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk'
cp -fpR
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root.orig-orion
./usr/lib/opkg/info/busybox.postinst: line 3:
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion/lib/functions.sh:
No such file or directory
./usr/lib/opkg/info/busybox.postinst: line 4: default_postinst: command
not found
postinst script ./usr/lib/opkg/info/busybox.postinst has failed with
exit code 127
make[2]: *** [package/install] Error 1
Check for the existence of lib/functions.sh, and if it does not exist,
just bail out gracefully.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
According to some reports, -march=pentium-mmx is a better choice for
older Geode CPUs than -march=geode anyway.
Bump the minimum architecture of the legacy target from i486 to
pentium-mmx. Anything older is not worth supporting anyway.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This avoids repeatedly unpacking and rebuilding packages that are
failing the build. Re-running the failing step should be much faster.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Calling the clean target removes all .ipk files and un-stages the
package. Add a new target just for clearing the build dir and call that
one instead of the full clean target
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is used to save space on buildbot instances.
If any part of a package needs to be rebuild, the whole package is
rebuilt from scratch. Stamp files are preserved to allow dependency
checks to work
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the build slightly more efficient by avoiding the need to
re-stage packages on every full build run.
It is also necessary for the upcoming CONFIG_AUTOREMOVE feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the build slightly more efficient by avoiding the need to
re-stage packages on every full build run.
It is also necessary for the upcoming CONFIG_AUTOREMOVE feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The make target does not rewrite the file if the contents didn't
change. This causes make to always consider the target old.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Before SUBDIR was set to $(PATCHVER) which may
or may not include the minor version number of
the linux kernel version. Usually it doesn't.
So the git-clone'd linux kernel was packed without
the minor version number taken into account, which
broke further processing, as it expected the
extracted dir being named linux-$(LINUX_VERSION)
(=with minor version) rather than linux-$(PATCHVER)
(=without minor version).
Changing SUBDIR to $(LINUX_VERSION) creates
consistent behaviour here.
Signed-off-by: Mirko Vogt <mirko-openwrt@nanl.de>
Using a single host package staging dir (and build dir) significantly speeds up
builds when multiple targets are built in succession, especially for large host
packages like NodeJS.
$(STAGING_DIR)/host is kept in addition to $(STAGING_DIR_HOSTPKG) in most
places; it is still used as destination for host files in Build/InstallDev.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Make sure binaries install to STAGING_DIR_HOSTPKG are still found when
this variable is eventually modified.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This reduces the amount of hacks in the makefile code.
Remove the apm821xx code to do the same - it was broken and left both
compressed and uncompressed images in $(BIN_DIR)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The generated 'its' is passed to mkimage which expects linux arch
strings rather than the full arch (e.g. mips not mipsel).
It currently works in some cases where LINUX_KARCH == ARCH but
otherwise you get an unknown arch build error.
Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The removal of the ".+Package" pattern in scan.mk also caused the build
system to skip over Makefiles defining only kmods. Adjust the grep pattern
to consider packages with "call KernelPackage" signatures as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit af0b91c "allow scan.mk to find python packages introduced in [8639]"
added some special casing to scan.mk to accomodate some nonstandard python
packages.
Nowadays this pattern is not needed anymore and produces false positives
when using the LEDE source repository as feed within the SDK since the
metadata scanning wrongly picks up target/imagebuilder/Makefile as package,
leading to an "ERROR: please fix feeds/base/target/imagebuilder/Makefile"
message.
Remove the now uneeded pattern to fix such stray errors during metadata
scanning.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of passing HOST_CONFIGURE_VARS as arguments to the configure script,
pass it as environment variables which brings the logic in line with the
behaviour of package-defaults.mk.
The change is needed since passing environment variables as configure
parameters only works with GNU autoconf which evaluates command line arguments
looking like variable assignments. Doing the same with non-autoconf configure
scripts is not guaranteed to work since such scripts might terminate due to
unknown argument errors.
One example case is the cmake configure script which bails out when called
as "./configure LDFLAGS=..." but not when called as "LDFLAGS=... ./configure".
Also change the SHELL override to CONFIG_SHELL in the default
HOST_CONFIGURE_VARS as the former is not properly propagated through the
various GNU configure invocations since it gets lost when configure re-
executes itself.
A prior attempt to change the variable placement had to be reverted due to
the missing SHELL -> CONFIG_SHELL change, leading to misgenerated libtool
executables in various packages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 8395b63aac616f72fd835c59240fc2a4a6b28106.
Various host builds currently rely on the broken behaviour of
HOST_CONFIGURE_VARS so roll back to the previous state.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ensure that HOST_CONFIGURE_VARS are set before the actual configure command
instead of passing them as configure command arguments.
This change brings host-build.mk in line with package-defaults.mk and makes
host configure environment variables work as expected.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a call to KernelPackage/$(1)/$(BOARD)/$(SUBTARGET) to the
KernelPackage macro. This allows to add kernel packages for x86/64,
without breaking x86. It's not possible to do this with BOARD, as
BOARD=x86 for x86_64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Looks like this was meant to workaround some limitations with
non-GNU tar variants (like BSD-tar which are present on Mac os BSD hosts).
Though, I cannot find any use of that `+s` option that's mentioned
in the comment.
Last hash of this I found was 24faf55360
In my case, it now this fails for `python-setuptools` on Mac OS X (the host-build with):
```
trapret 2 tar -C <home-dir>/work/sources-work/lede/build_dir/target-i386_pentium4_musl-1.1.15/python-setuptools-27.2.0 --strip-components=1 -xzf <home-dir>/work/sources-work/lede/dl/setuptools-27.2.0.tar.gz
bash: trapret: command not found
```
So, I was thinking maybe it's time to remove this workaround (9 years later).
I could also fix the `python-setuptools` host build. If that's more preferred.
[ Btw, I just recently transitioned to a Mac machine for dev-ing,
so a lot of (this Mac) stuff I'm finding out is new to me too. ]
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This makes it easier to unify versioning of git based package downloads.
PKG_SOURCE_DATE along with an 8-character abbreviation of the git hash
is used as PKG_VERSION, PKG_RELEASE should be used like normal packages.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds support for install-overlay define. When used in package it
allows installing files to a special directory that gets copied to the
root when installing it.
It allows overwriting files provided by other packages.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Bump & refresh patches for all 4.4 targets.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This will attempt to automatically fix common mistakes like using MD5
instead of SHA256, using the MD5SUM variable instead of HASH, or even a
missing mirror file hash.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is intended to be used for a wide array of package sanity checks.
The first check that is implemented is for the hash of downloaded files.
It checks:
- Missing hash
- Use of SHA256 instead of MD5
- dl/<file> hash not matching hash in makefile
- deprecated MD5SUM variable
The deprecated MD5SUM variable check is skipped for feeds/ until OpenWrt
is updated as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since we've switched to preferring SHA256 over MD5, the old variable
name is misleading. Packages using the old name remain compatible.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Calling a build ##.##-CURRENT might mislead users into thinking that this
build is the most current release of a branch.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will avoid loading it in the default configuration, which reduces
image size a bit, and (more importantly) improves performance by
avoiding some unnecessary netfilter hooks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Now that the VERSION_NUMBER variable holds the human friendly name and not
the commit ID anymore, we need to support adding the revision ID as well.
Introduce a new config variable CONFIG_VERSION_CODE_FILENAMES which, if set,
causes the resulting file names to contain a commit ID designation as printed
by scripts/getver.sh.
Also sanitize the input variables to ensure that the resulting strings are
lowercased and no not contain spaces.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Utilize the existing git download logic from include/download.mk and migrate
the kernel download over to it. This avoids repeatedly cloning kernel sources
after a make target/linux/clean for instance.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix build error]
This is going to be used to migrate the hand rolled git clone for the kernel
into using the git download method. The kernel uses custom options that we may
have to pass down.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.
Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.
While we're at it, also adjust the various URLs to match the current web site.
After this commit, the relevent files will look like the examples given below:
# cat /etc/openwrt_version
r2398+1
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='CURRENT'
DISTRIB_REVISION='r2398+1'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="CURRENT, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot CURRENT"
VERSION_ID="current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2398+1"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"
On a release branch, those files would look like:
# cat /etc/openwrt_version
r2399
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='16.12-CURRENT'
DISTRIB_REVISION='r2399'
DISTRIB_CODENAME='test_release'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="16.12-CURRENT, Test Release"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
VERSION_ID="16.12-current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2399"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"
On a release tag, those files would look like:
# cat /etc/openwrt_version
r2500
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.02.1'
DISTRIB_REVISION='r2500'
DISTRIB_CODENAME='mighty_unicorn'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="17.02.1, Mighty Unicorn"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
VERSION_ID="17.02.1"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2500"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
The SDK Makefile still trys to copy the docs folder which was removed
with 882f4d2d63. This causes an SDK build
error.
All other removals are just cleanup.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refresh patches on all 4.4 supported platforms.
077-0005-bgmac-stop-clearing-DMA-receive-control-register-rig.patch
removed as now upstream.
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Targets like malta can have no patches/ directory available and this
commit tries quash "no such file or directory" messages from `find`
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
If a package nonshared status is changed, a stale .ipk file might still
be present in the old package directory. Remove the .ipk file from all
package directories when building a new one (or explicitly running
clean)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Specifying a mtune option with cortex-a53 is also valid for an aarch64
toolchain
Fixes: SVN 48964
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This patch bumps the 4.4 kernel from .28 to .30 and refreshes the patches.
Compile-tested on ar71xx, x86/64, ramips/mt7621, brcm47xx and kirkwood.
Run-tested on ar71xx & ramips/mt7621, brcm47xx and kirkwood (last two confirmed
by P. Wassi).
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Right now the $(PKG_INSTALL_STAMP) files are only written if a package is
selected as <*> but never deleted or emptied if the corresponding package
is getting deselected.
For ordinary packages this usually is no problem as the package/install
recipe performs its own check for enabled packages when assembling the
list of install stamp files to consider, but this logic might fail under
certain circumstances for packages providing multiple build variants.
In case of a multi-variant package, the buildroot first checks if any
of the variants is enabled, then resolves all variants of the common
source package and finally processes the corresponding .install stamp
files of all variants, relying on the assumption that only the selected
.install stamp file exists.
When an initially selected variant is getting deselected or changed from
<*> to <m> and another variant is marked as <*> instead, the .install
stamp file of the deselected variant remains unchanged and a second
.install stamp file for the newly selected variant is getting created,
causing the package/install recipe to pick up two .install stamps with
conflicting variants, leading to opkg file clashes.
This issue happens for example if package "ip" is set to <m> and package
"ip-full" to <*> - the install command will eventually fail with:
* check_conflicts_for: The following packages conflict with ip:
* check_conflicts_for: ip-full *
* opkg_install_cmd: Cannot install package ip.
In order to fix the problem, always process the removal requests or the
.install stamp files, even for deselected packages but only write the
package base name into the stamp file if the corresponding package is
marked as builtin.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of hardcoding $(STAGING_DIR)/host, use the new $(STAGING_DIR_HOSTPKG)
variable to refer to the directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on ar71xx, brcm47xx, kirkwood.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
There is very little practical use to limit the number of available inodes on
an ext4 filesystem and the make_ext4fs utility is able to calculate useful
defaults by itself.
Drop the option to make resulting ext4 filesystems more flexible by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Michael Heimpold <mhei@heimpold.de>
Allow CONFIG_TARGET_EXT4_RESERVED_PCT to be empty as make_ext4fs is usually
able to figure out a suitable default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Reviewed-by: Michael Heimpold <mhei@heimpold.de>
Refresh patches for all targets supporting 3.18 and not marked broken.
Compile-tested on all targets using 3.18 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets supporting 4.1 and not marked broken.
Compile-tested on all targets using 4.1 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Changes to generic/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch based
on a90ee92337.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on cns3xxx & imx6.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
When building packages within the SDK, there is no Git revision history
available so prepopulate SOURCE_DATE_EPOCH in version.mk, similar to
how we handle REVISION already.
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on cns3xxx & imx6.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The normal Prepare step for a build is unpack, apply patches.
But for certain packages, patches contain whole files, which
would be nice to have separately and copied over as a last step
in the Prepare phase.
We need it for some other packages + patches, but I think
the 'hostapd' package can be used as a test for this.
As a quick note:
the reason the condition is being evaluated as
`[ ! -d ./src/ ] || $(CP) ./src/* $(HOST_BUILD_DIR)`
and not with
`[ -d ./src/ ] && $(CP) ./src/* $(HOST_BUILD_DIR)`
is that the latter would translate in a build failure if the `src`
folder is not present (the exit code would be 1).
The first one, succeeds for both cases (if `src` present or not).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
We have packages with their own parts appended to standard STAMP_CONFIGURED
(mostly with an underscore character). This will render the current
STAMP_CONFIGURED_WILD setting invalid and the build system may miss a rebuild
on config change
1. Build with config A
2. Build with config B, yet .configured_A_xx did not get cleaned
3. Return to config A, but rebuild will not happen because stamp file
of config A still exists
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
0.19.8.1 gettext-full uses "archive-version" of 0.19.8
to replace makros, leading to breakage of PKG_FIXUP:=gettext-version
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Instead of using TARGET_CFLAGS and EXTRA_CFLAGS in cmake and scons
build use the TARGET_CXXFLAGS and EXTRA_CXXFLAGS like it is done for
normal make and configure. configure used TARGET_CXXFLAGS and
EXTRA_CFLAGS for the CXXFLAGS. The package-default.mk sets
"EXTRA_CXXFLAGS = $(EXTRA_CFLAGS)" so using EXTRA_CXXFLAGS flags should
be save.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adjust the check for gcp (GNU copy command) to rule out false positives
with "Goffi's CoPier" a python copy command.
Fixes FS#218.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Package/*/install was using a different PATH than all other steps like
Build/Install, which was confusing and easily led to mistakes.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Having a different PATH in Host/Install than in other steps like Host/Build
is confusing and easily leads to mistakes. Setting all of Host/Exports
makes host builds match target builds (Build/Install is part of
$(STAMP_BUILT), which has Build/Exports set).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It seems the intention was to add both $(STAGING_DIR_HOST)/... and
$(STAGING_DIR)/host/... instead of passing $(STAGING_DIR_HOST) twice. This
makes the definition match HOST_CPPFLAGS and HOST_LDFLAGS.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Using HOST_BUILD_PREFIX instead of STAGING_DIR_HOST will make the argument
work as expected from packages.
Nothing changes for tools, for which HOST_BUILD_PREFIX and STAGING_DIR_HOST
are equivalent.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Adds a slightly higher compression level to xz by default which roughly raises memory usage from 100MiB to about 200MiB during compression, about 10MiB for decompression. (Source: xz manpage)
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Apply a number of changes to the tarball generation in order to produce
identical files on different systems:
1) Use an explicit `gzip -cn` to avoid storing file mtime in the gzip header
2) Instruct `tar` to unconditionally use uid and gid 0 for archive members
3) Instruct `tar` to sort archive members by file name
4) For SCMs that do not preserve file modification times like Git or Mercurial,
use the date of the last commit to the repository and pass it as `--mtime`
value to `tar`
After these changes, locally produced tarballs generated from SCM checkouts
should be identical on any system, simplifying the mirroring of cache archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The build system overrides HOST_LOADLIBES to add the staging dir to the
library search path. menuconfig needs -lncurses, add another override
for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For now we only want to ensure that the group permission mask is permissive
enough to not clobber required permissions on the rootfs, so allow less
strict masks as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When building LEDE with umask values other than 022, the resulting packages
will embed improper permissions, which may lead to random errors or non-
functional scripts on the target.
In order to make users aware of this problem, add a build-prereq check to
assert a correct umask setting before starting the build.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
The Gluon firmware framework [1] uses postinst scripts for sanity checks.
Make the build fail when a postinst script exits with an error to make
these sanity checks effective.
All postinst scripts in packages from the LEDE core and the packages feed
seem to work correctly with this change and will always return 0 unless
something is very broken.
[1] https://github.com/freifunk-gluon/gluon
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Especially --force-overwrite and --force-depends will often lead to broken
images; it's better to fail the build in such cases than to silently ignore
the errors.
Instead, ignore errors in the per-device rootfs opkg remove command, so
the build doesn't break when packages can't be removed because of
dependencies.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some DEVICE_PACKAGES definitions replace one package variant with another
(e.g. wpad-mini is replaced with wpad). To avoid file conflicts, first
remove, then install packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Modifying the file permissions can be harmful, as it would make files
world-readable even if they weren't in the ipk packages. The
Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp
and /overlay are already provided by base-files with the correct
permissions).
It has been verified that this change does not affect any permissions of
files in the default package set except /etc/ppp/chap-secrets, which was
world-readable before. All packages not in the default set are more likely
to be installed via opkg than being part of a base image and thus were
usually not affected by the permission modification anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add a new option to each device in multi-profile mode, allowing to provide
a list of packages to add or remove. In case of added packages, the user
must take care that these are selected to be built.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
opkg's -l option is always interpreted relative to the installation root.
This leads to very weird paths inside the rootfs (containing the whole path
to the LEDE tree on the build machine) and causes the subsequent deletion
of the list directory to fail (cluttering the resulting images).
Instead, use the default list directory and remove its contents in
prepare_rootfs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Using pad-to instead of passing the optional padding to append-kernel
or append-rootfs. It could be that the value of a variable is passed.
In case the variable is empty no error is thrown.
Furthermore the purpose of the extra parameter is hard to get without
reading the code.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Only add them where they are actually required.
Should help with compatibility issues with stock U-Boot images that
access UBI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At the moment the padding steps are hardcoded. Especially images for
devices with a 4K sector size can be unnecessarily bloated using the
hardcoded padding steps.
It has been observed that 192Kb of padding was added to the image of a
4MB device, albeit due to the 4K sector size the minimum required extra
padding for the jffs2 rootfs_data is 20Kb.
In worst case it means that the image-size check could fail albeit
there is enough space for all selected packages
For device build code not exposing the blocksize, use the hardcoded
padding further on.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Allows to use the same unit for all definitions of the blocksize to be
consistent regardless of the used filesystem.
Signed-off-by: Mathias Kresin <dev@kresin.me>
A few linux BSP's create a manifest file of installed packages for a given
target in order to help them understand exactly what's on their images. Create
one here as well as a build artifact since many users have an affinity to
prune down on packages to save valuable flash space.
Signed-off-by: Pushpal Sidhu <psidhu@gateworks.com>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
1004kc is just a SMP capable 34kc, and GCC treats 24kc and 34kc exactly
the same and will generate identical code, so there is no need to tune
to 1004kc instead of 24kc.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Pass KERNEL_FILE_DEPENDS to rdep instead of PKG_FILE_DEPENDS, which is
empty. Also don't pass $(CURDIR) as the directory to timestamp, as it
would also pick up non kernel related changes like image building code.
Should fix kernel being rebuild for unrelated changes, as well as not
being rebuild for changes in target/linux/generic.
Fixes: 22ef1c83b3 ("kernel: make the kernel build auto-clean the build dir like package build")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
When the kernel build picks up a localversion file in the source tree,
that string is unconditionally appended to LOCALVERSION and affects the
uname string.
Make sure to delete any such file.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
When building the kernel from a git repository, the kernel build appends
either a + or a short commit hash to localversion.
This behaviour can be prevented by passing the empty LOCALVERSION variable
to make.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Similar how we fix the file times in the filesystems, fix the build time
of the kernel, and make the build number static. This should allow the
kernel build to be reproducable when combined with setting the
KERNEL_BUILD_USER and _DOMAIN in case of different machines.
The reproducability only applies to non-initramfs kernels, those still
require additional changes.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
Since the only difference between 24Kec and 24Kc is the addition of DSP
ASE support, and we don't use it anymore, there is no need to keep 24Kec
as a separate cpu type.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
There does not seem to be any meaningful difference in generated code.
This will save some time and space on snapshot builds
Signed-off-by: Felix Fietkau <nbd@nbd.name>