Commit Graph

2642 Commits

Author SHA1 Message Date
Koen Vandeputte
8a26f2a0a1 kernel: bump 4.14 to 4.14.146
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:52:52 +02:00
Koen Vandeputte
cd96cdaa60 kernel: bump 4.14 to 4.14.145
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 15:52:25 +02:00
Koen Vandeputte
d14aa19904 kernel: bump 4.14 to 4.14.144
Refreshed all patches.

Altered patches:
- 816-pcie-support-layerscape.patch

Fixes:
- CVE-2019-15030

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 13:16:45 +02:00
Koen Vandeputte
63c0a08d49 kernel: bump 4.14 to 4.14.143
Refreshed all patches.

Remove upstreamed:
- 390-v5.3-net-sched-fix-action-ipt-crash.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:39:44 +02:00
Koen Vandeputte
2cd89cf0d7 kernel: bump 4.14 to 4.4.142
Refreshed all patches.

Remove upstreamed:
- 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-11 09:57:28 +02:00
Jonas Gorski
4c8258c925 Revert "build: remove harmful -nopad option from mksquashfs"
This reverts commit 1c0290c5cc.

Dropping the nopad can make the padding overflow into the next erase
block on devices using a non-aligned rootfs start. This breaks the jffs2
overlay partition with the following messages:

[   30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[   30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes
[   30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit f11d90a76b)
2019-09-08 18:50:11 +02:00
Jo-Philipp Wich
cf2dba5273 include: kernel-build: pass pkg-config overrides to kernel build
Pass suitable pkg-config overrides to the kernel build process in
order to let our pkg-config wrapper discover libraries provided
by tools/.

This mainly affects the use of libelf which is required for the
CONFIG_STACK_VALIDATION features. So far, the build system either
silently used host system libraries or kbuild simply disabled the
feature due to the lack of a suitable libelf.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fe43969336)
2019-09-04 13:46:59 +02:00
Christian Lamparter
5a102a010f build: remove harmful -nopad option from mksquashfs
While the -nopad option prevents mksquashfs from padding the
image to an arbitrary 4k. It does not take into consideration
that squashfs is programmed to have this 4k padding when it's
being used on on a block device... which is its main "use-case".

Now, after a week long discussion on the ML that included a
back-and-forth between some of the possible options.
But this is likely the best KISS patch to deal with the issue
right away given the limited resources.

From squashfs code point of view, be warned. The 4k padding is
not enough when dealing with devices that have a PAGE_SIZE
bigger than 4k.

if it turns out to be affecting you, then please look-up either:
"FS#2460 - kernel panic reading squashfs from ubi volume" bug
Or the discussion on the OpenWrt-Devel ML in
"amp821xx: use newly added pad-squashfs for Meraki MR24" and
"Squashfs breakage lottery with UBI..."
before making an educated guess.

Note: This will not affect the "tiny"/small flash devices as
much as it seems at first. This is because the the rootfs_data
partition that follows uses jffs2. And it requires to be aligned
to the flash block-size in order to work at all.

So either the involved FSes will meet in the middle as before,
or not at all. But in that latter case the image was already
hoping for the "undefined behaviour" gamble to turn out in its
favour and this is probably why this was unnoticed for so long.

Fixes: FS#2460
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 1c0290c5cc)
2019-09-04 13:44:20 +02:00
Luis Araneda
3112703077 u-boot.mk: use openwrt url instead of lede project
The LEDE URL is automatically redirected to the OpenWRT one,
returning an HTTP 301 code (Moved Permanently).

Also, use https, as indicated by the redirect.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
(cherry picked from commit b39ded4ab7)
2019-09-04 13:41:21 +02:00
Adrian Schmutzler
8be111d0ac build: fix indent in image-commands.mk
Convert leading spaces to tab to match rest of the file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 7e5a0da642)
2019-09-04 13:40:17 +02:00
Jonas Gorski
f783ad5b5b build: allow overriding default selection state for devices
Allow overriding the default selection state for Devices, similar to
setting a default for packages.

E.g. by setting DEFAULT to n, they won't be selected by default anymore
when enabling all device in the multi device profile.

This allows preventing images being built by the default config for
known broken devices, devices without enough RAM/flash, or devices not
working with a certain kernel versions.

This does not prevent the devices from being manually selected or images
being built by the ImageBuilder. These devices often still have worth
with a reduced package-set, or as a device for regression testing, when
no better device is available.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 7546be6007)
2019-09-04 13:39:37 +02:00
Jeffery To
cc7560eb22 build: include BUILD_VARIANT in PKG_BUILD_DIR
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.

This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e545fac8d9)
2019-09-04 13:35:17 +02:00
Petr Štetiar
fb99be49f9 autotools.mk: autoreconf: fix missing install-sh
I'm trying to create a package for libgpiod, which uses
AC_CONFIG_AUX_DIR macro, which is probably leading to the following
configure error:

 autoreconf: running: /openwrt.git/staging_dir/host/bin/libtoolize --force
 OpenWrt-libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `autostuff'.
 OpenWrt-libtoolize: linking file `autostuff/ltmain.sh'
 OpenWrt-libtoolize: putting macros in `m4'.
 ...
 configure: error: cannot find install-sh, install.sh, or shtool in autostuff "."/autostuff

>From the build output it's clear, that libtoolize isn't installing
install-sh symlink, because libtoolize would install install-sh only if
it's being run with --install parameter. Corresponding part in
libtoolize:

 if $opt_install; then
   func_config_update config.guess \
     "$pkgdatadir/config" "$auxdir" pkgconfig_header
   func_config_update config.sub \
     "$pkgdatadir/config" "$auxdir" pkgconfig_header
   func_install_update install-sh \
     "$pkgdatadir/config" "$auxdir" pkgconfig_header
 fi
 func_ltmain_update ltmain.sh \
    "$pkgdatadir/config" "$auxdir" pkgconfig_header

Adding --install parameter to libtoolize fixes this build issue:

 autoreconf: running: /openwrt.git/staging_dir/host/bin/libtoolize --install --force
 OpenWrt-libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `autostuff'.
 OpenWrt-libtoolize: linking file `autostuff/config.guess'
 OpenWrt-libtoolize: linking file `autostuff/config.sub'
 OpenWrt-libtoolize: linking file `autostuff/install-sh'
 OpenWrt-libtoolize: linking file `autostuff/ltmain.sh'
 OpenWrt-libtoolize: putting macros in `m4'.

Cc: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5cf897779e)
2019-09-04 13:32:36 +02:00
John Crispin
0f4a3be2f4 include/package.mk: Add support for src-checkout/ folder
This feature is similar to the SRC_TREE_OVERRIDE. However instead of having
to manually create a symlink inside the package folder, the buildsystem
will check if $(TOP_DIR)/src-checkout/$(PKG_NAME)/.git is present and use
this instead.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 9e57b62783)
2019-09-04 13:26:54 +02:00
Felix Fietkau
3ff6397068 build: skip kernel stack validation when building on macOS
Since we switched to 4.19, the kernel build checks for libelf to decide if
it should build tools for stack validation.

On macOS, this check fails during target/compile, but succeeds during package
build (because of the pkg-config path picking up target libraries).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c3e31b6a9b)
2019-09-04 13:23:33 +02:00
Jonas Gorski
bdd1bf8b89 build: warn when packages have no associated install section
Declaring a package without the appropriate install section is an easy
mistake to make, especially when renaming packages. Since this is also
easy to detect, warn about it when it happens.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
No-objections-at-all-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5ede3fcdf7)
2019-09-04 13:21:22 +02:00
Jo-Philipp Wich
193366ee23 metadata: handle ABI version rebuild tracking for transient dependencies
Extend the packageauxvars database to keep a list of possible package
dependencies for each provider, then utilize this information in buildroot
to resolve the ABI version dependencies of dependent packages up to five
levels deep.

This should properly trigger rebuilds for packages indirectly depending
on other packages whose ABI_VERSION changed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 27a4a71c24)
2019-09-04 13:18:24 +02:00
Koen Vandeputte
db94ee6256 kernel: bump 4.14 to 4.14.141
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-30 16:46:52 +02:00
Koen Vandeputte
9e837873e7 kernel: bump 4.14 to 4.14.140
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-28 13:09:41 +02:00
Koen Vandeputte
8fba3ebe88 kernel: bump 4.14 to 4.14.139
Refreshed all patches.

Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT

Compile-tested on: cns3xxx, x86_64
Runtime-tested on: cns3xxx, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-27 10:31:06 +02:00
Koen Vandeputte
bc138c5b72 kernel: bump 4.14 to 4.14.138
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-14 18:24:11 +02:00
Koen Vandeputte
33af038bec kernel: bump 4.14 to 4.14.137
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:32:38 +02:00
Koen Vandeputte
bcbc7ba768 kernel: bump 4.14 to 4.14.136
Refreshed all patches.

Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Remove upstreamed:
- 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch
- 088-0002-i2c-qup-fixed-releasing-dma-without-flush-operation.patch
- 500-arm64-dts-marvell-Fix-A37xx-UART0-register-size.patch

Fixes:
- CVE-2019-13648
- CVE-2019-10207

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-06 11:54:50 +02:00
Koen Vandeputte
4fd61b6220 kernel: bump 4.14 to 4.14.134
Refreshed all patches.

Remove upstreamed:
- 049-v4.20-mips-remove-superfluous-check-for-linux.patch

Fixes:
- CVE-2019-3846
- CVE-2019-3900

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-07-31 16:56:19 +02:00
Petr Štetiar
a624821474 build: add urandom-seed and urngd to default packages set
urandom-seed content was split from base-files into separate package so
in order to preserve the current functionality and to provide some
fallback mechanism in case jent-rng initialization fails in urngd we
need to add it back.

urngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f5387b754f)
2019-07-22 09:53:01 +02:00
Koen Vandeputte
519cdf377a kernel: delete leftovers from unused kernel versions
Commit 000d400baa ("kernel: drop everything not on kernel version 4.14")
dropped everything not related to kernel 4.14, but forgot
to remove the parts in kernel-version.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-07-12 09:39:33 +02:00
Koen Vandeputte
f40f7b0fb5 kernel: bump 4.14 to 4.14.133
Refreshed all patches.

Fixes:

- CVE-2019-3900

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-07-12 09:39:33 +02:00
Koen Vandeputte
7f4510a251 kernel: bump 4.14 to 4.14.132
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-07-09 17:02:09 +02:00
Koen Vandeputte
1792df73c4 kernel: bump 4.14 to 4.14.131
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-27 14:17:48 +02:00
Koen Vandeputte
eee336ee4a kernel: bump 4.14 to 4.14.130
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-25 16:48:50 +02:00
Koen Vandeputte
b8fc9c1580 kernel: bump 4.14 to 4.14.129
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-24 16:40:01 +02:00
Koen Vandeputte
9ed98198cb kernel: bump 4.14 to 4.14.128
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-20 15:50:00 +02:00
Koen Vandeputte
17fc5375f0 kernel: bump 4.14 to 4.14.127
Refreshed all patches.

Fixes:

- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-18 14:49:13 +02:00
Koen Vandeputte
c26420b914 kernel: bump 4.14 to 4.14.126
Refreshed all patches.

Altered patches:
- 816-pcie-support-layerscape.patch

This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-18 11:41:38 +02:00
Koen Vandeputte
4089df4f4b kernel: bump 4.14 to 4.14.125 (FS#2305 FS#2297)
Refreshed all patches.

This bump contains upstream commits which seem to avoid (not properly fix)
the errors as seen in FS#2305 and FS#2297

Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch

Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 15:25:41 +02:00
Alexander Couzens
b344ca9ca6 OpenWrt v19.07: set branch defaults
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:53:08 +02:00
Alexander Couzens
c53f62b111
version.mk: use https:// instead of http://
Only the repo should not use https. Otherwise the build would need
a wget/uclient_fetch with tls support.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:49:44 +02:00
Alexander Couzens
79948e9d61
replace links towards lede-project.org with openwrt.org
Modify VERSION_SUPPORT_URL VERSION_REPO
Replace BUGS variable in toolchain/gcc/common.mk

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:46:53 +02:00
Roman Yeryomin
94464cfca2 build: fix external module symbol collection if build_dir is a symlink
e26ffb31df fixed only embedded modules
symbol collection. If we are building external modules, like broadcom-wl
or lantiq dsl stuff then modules which do EXPORT_SYMBOL have unresolved
paths in Module.symvers and external module which depend on other
external modules will have empty dependencies, leading to broken
module loading.
This was discussed on IRC with Jonas some time ago.
Fix this by handling both resolved and unresolved paths.

Fixes: e26ffb31df ("build: fix module symbol collection if build_dir is a symlink")
Signed-off-by: Roman Yeryomin <roman@advem.lv>
[jonas.gorski@gmail.com: add appropriate fixes tag]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2019-06-06 12:05:51 +02:00
Koen Vandeputte
66d1c29655 kernel: bump 4.19 to 4.19.48
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-05 12:12:59 +02:00
Koen Vandeputte
3209f5ae3d kernel: bump 4.19 to 4.19.47
Refreshed all patches.

Compile-tested on: imx6
Runtime-tested on: imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:00:29 +02:00
Koen Vandeputte
794771afde kernel: bump 4.14 to 4.14.123
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:00:29 +02:00
Koen Vandeputte
ff88d94372 kernel: bump 4.9 to 4.9.180
Refreshed all patches.

Compile-tested: ar7
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:00:29 +02:00
Koen Vandeputte
405e08bee6 kernel: bump 4.19 to 4.19.46
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:40:53 +02:00
Koen Vandeputte
8f6fd53db9 kernel: bump 4.14 to 4.14.122
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:40:53 +02:00
Koen Vandeputte
a0f7bdfc71 kernel: bump 4.9 to 4.9.179
Refreshed all patches.

Compile-tested: ar7
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:40:53 +02:00
Eneas U de Queiroz
a41f474d17 build: add support to && in DEPENDS
Adds support to && operand in DEPENDS.  Also, fixes generation of ||
dependencies by scripts/package-metadata.pl.

The precedence order from higher to lower is && then ||.  Use of
parentheses to change the order is not supported. As before, they are
silently ignored.  Use them for readability only.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
2019-05-31 11:21:22 +02:00
Koen Vandeputte
b97d44af67 kernel: bump 4.19 to 4.19.45
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:02:42 +02:00
Koen Vandeputte
35551e58db kernel: bump 4.14 to 4.14.121
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:02:42 +02:00
Koen Vandeputte
bcb6fc2f84 kernel: bump 4.9 to 4.9.178
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:02:42 +02:00