The following patch was integrated upstream:
* target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The 4.4 version hash was accidentally reintroduced while rebasing the
master commit, remove it again.
Fixes ca3174e4e9 ("kernel: bump 4.9 to 4.9.118")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit f7036a34ac)
* Refreshed patches.
* Removed patches:
- target/linux/ar71xx/patches-4.9/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch superseded by upstream
- target/linux/ar71xx/patches-4.9/403-mtd_fix_cfi_cmdset_0002_status_check.patch superseded by upstream
- target/linux/brcm63xx/patches-4.9/001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch accepted upstream
- target/linux/brcm63xx/patches-4.9/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch accepted upstream
- target/linux/brcm63xx/patches-4.9/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch accepted upstream
- target/linux/generic/pending-4.9/900-gen_stats-fix-netlink-stats-padding.patch
* New backported patch to address ext4 breakage, introduced in 4.9.112:
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9
Thanks to Koen Vandeputte for pointing out the need to add the ARM64_SSBD symbol, and the ext4 patch.
Compile-tested on: ar71xx
Run-tested on: ar71xx
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.
In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.
To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.
Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 69ea512c62)
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b123921a92)
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 36fa1bbf6f)
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 16035a7dd3)
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.
It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 9af22f1ac9)
Refreshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 97b1765a45.
The tree is in an inconsistent state and we need to complete some rebranding.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Koen Vandeputte
Stijn Segers
Jo-Philipp Wich
Hauke Mehrtens
Bjørn Mork
Felix Fietkau
Matthias Schiffer