Commit Graph

2567 Commits

Author SHA1 Message Date
Hauke Mehrtens
fbaf48387e kernel: netfilter: chain filters merged into nf_tables.ko
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.

This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
f891670704 kernel: netfilter: Adapt merge ipv4/ipv6 masquerade code
In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade
code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and
CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed
to bool and the code will not be compiled as a own module any more, but
it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some
memory.

Activate these options as bool in the generic kernel 4.19 configuration
only, to always build them into the nf_nat_ipv*.ko modules. The kmod
file will still try to select them as module, but the generic
configuration will not be overwritten.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
f72f793c9e kernel: netfilter: Add nf_conncount.ko
Some kernel modules from kmod-ipt-conntrack-extra depend on
nf_conncount.ko, which was added in kernel 4.16, add it to the kmod.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
89806545cc kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
35929059b7 kernel: netfilter: Add nf_defrag_ipv6.ko to NF_CONNTRACK on 4.19
In kernel commit a0ae2562c6c ("netfilter: conntrack: remove l3proto
abstraction") The modules nf_conntrack_ipv4.ko, nf_conntrack_ipv6.ko and
nf_conntrack.ko were squashed together into one module. This module now
depends on nf_defrag_ipv6 when IPv6 support was activated. This is part
of the main netfilter packages, so add nf_defrag_ipv6.ko also to the
default netfilter packages on kernel 4.19 and later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
9261e7447e kernel: Make the patches apply on top of 4.19
This makes the patches which were just copied in the previous commit
apply on top of kernel 4.19.

The patches in the backports-4.19 folder were checked if they are really
in kernel 4.19 based on the title and only removed if they were found in
the upstream kernel.

The following additional patches form the pending folder went into
upstream Linux 4.19:
pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch
pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch
pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch
pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch
pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch
pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch

Bigger changes were introduced to the m25p80 spi nor driver, as far as I
saw it in the new code, it now has the functionality provided in this
patch:
pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch

Part of this patch went upstream independent of OpenWrt:
hack-4.19/220-gc_sections.patch
This patch was reworked to match the changes done upstream.

The MIPS DMA API changed a lot, this patch was rewritten to match the
new DMA handling:
pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch

I did bigger manual changes to the following patches and I am not 100% sure if they are all correct:
pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch
pending-4.19/411-mtd-partial_eraseblock_write.patch
pending-4.19/600-netfilter_conntrack_flush.patch
pending-4.19/611-netfilter_match_bypass_default_table.patch
pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
hack-4.19/211-host_tools_portability.patch
hack-4.19/221-module_exports.patch
hack-4.19/321-powerpc_crtsavres_prereq.patch
hack-4.19/902-debloat_proc.patch

This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr>

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Koen Vandeputte
fdd11a6eae kernel: bump 4.14 to 4.14.88
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Fixes CVE:
- CVE-2018-14625

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:01:49 +01:00
Koen Vandeputte
fd918b413a kernel: bump 4.9 to 4.9.145
Refreshed all patches.

Fixes CVE:
- CVE-2018-14625

Compile-tested on: brcm2708
Runtime-tested on: brcm2708

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-14 13:01:45 +01:00
Koen Vandeputte
2bc4af1770 kernel: bump 3.18 to 3.18.129
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:01:41 +01:00
Koen Vandeputte
f6e9f23771 kernel: bump 4.14 to 4.14.87
Refreshed all patches.

Remove upstreamed:
- 0008-MIPS-ralink-Fix-mt7620-nd_sd-pinmux.patch

Compile-tested: cns3xxx, imx6
Runtime-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 16:32:22 +01:00
Koen Vandeputte
861dcd717f kernel: bump 4.9 to 4.9.144
Refreshed all patches.

Remove upstreamed:
- 014-Kbuild-suppress-packed-not-aligned-warning-for-defau.patch

Compile-tested: ar7, brcm2708
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 16:32:22 +01:00
Koen Vandeputte
0028f86687 kernel: bump 4.14 to 4.14.86
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 11:48:44 +01:00
Koen Vandeputte
dfbf836a52 kernel: bump 4.9 to 4.9.143
Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar7, at91, brcm2708, ixp4xx, layerscape, orion
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix brcm2708/950-0149-Update-vfpmodule.c.patch]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-10 11:48:44 +01:00
Koen Vandeputte
4e38fc824c kernel: bump 3.18 to 3.18.128
Refreshed all patches.

Altered patches:
- 002-phy_drivers_backport.patch

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-10 11:48:44 +01:00
Rafał Miłecki
966ba6daa4 kernel: fix downloading rcX releases
They are no longer stored in the "testing" subdirectory and are not
available as .tar.xz archives. If -rc is detected download it from the
git.kernel.org and use .tar.gz.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-12-03 09:34:57 +01:00
INAGAKI Hiroshi
879f2ef7c0 ath79: modify mtd partitions for Buffalo BHR-4GRV2
This commit modifies mtd partitions define for Buffalo BHR-4GRV2 and
move it to generic subtarget.

In Buffalo BHR-4GRV2, "kernel" partition is located behined "rootfs"
partition in the stock firmware. This causes the size of the kernel
to be limited by the fixed value.

0x50000                       0xe80000        0xff0000
  +-------------------------------+--------------+
  |            rootfs             |    kernel    |
  |           (14528k)            |    (1472k)   |
  +-------------------------------+--------------+

After ar71xx was updated to Kernel 4.14, the kernel size of BHR-4GRV2
exceeded the limit, and it breaks builds on official buildbot.
Since this issue was also confirmed in ath79, I modified the mtd
partitions to get rid of that limitation.

0x50000                                       0xff0000
  +----------------------------------------------+
  |                   firmware                   |
  |                   (16000k)                   |
  +----------------------------------------------+

However, this commit breaks compatibility with ar71xx firmware, so I
dropped "SUPPORTED_DEVICES += bhr-4grv2".

This commit requires new flash instruction instead of the old one.

Flash instruction using initramfs image:

1. Connect the computer to the LAN port of BHR-4GRV2
2. Set the IP address of the computer to 192.168.12.10
3. Rename the OpenWrt initramfs image to
"bhr4grv2-uImage-initramfs-gzip.bin" and place it into the TFTP
directory
4. Start the tftp server on the computer
5. While holding down the "ECO" button, connect power cable to
BHR-4GRV2 and turn on it
6. Flashing (orange) diag LED and release the finger from the button,
BHR-4GRV2 downloads the intiramfs image from TFTP server and boot
with it
7. On the initramfs image, create "/etc/fw_env.config" file with
following contents
  /dev/mtd1 0x0 0x10000 0x10000
8. Execute following commands to add environment variables for
u-boot
  fw_setenv ipaddr 192.168.12.1
  fw_setenv serverip 192.168.12.10
  fw_setenv ethaddr 00:aa:bb:cc:dd:ee
  fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
9. Perform sysupgrade with squashfs-sysupgrade image
10. Wait ~150 seconds to complete flashing

And this commit includes small fix; BHR-4GRV2 has QCA9557 as a SoC,
not QCA9558.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-11-26 12:28:17 +01:00
Tomasz Maciej Nowak
31075313bf include/rootfs.mk: remove boot directory
Currently every file in boot directory is copied over target /boot on
root file system and is usually inaccessible because appropriate boot
file system is mounted on top of it. Therefore remove /boot, which in
result will also save space on target root file system.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-11-26 12:05:44 +01:00
Petr Štetiar
493c9a3551 build: Introduce building of artifacts
We currently could (ab)use IMAGES for this task, but the downside is,
that the filenames has filesystem tied to the filename, which might be
confusing as the artifact itself don't has to be used with that specific
filesystem. Another downside is, that the artifacts built with IMAGES
target are build for every FILESYSTEMS filesystem.

Consider following use case:

 define Device/apalis
   ...
   FILESYSTEMS := ext4 squashfs
   IMAGES := spl-uboot.bin recovery.scr
   IMAGE/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   IMAGE/recovery.scr := recovery-scr
 endef

Where we would get target binaries with following filenames:

 openwrt-imx6-apalis-squashfs.recovery.scr
 openwrt-imx6-apalis-squashfs.spl-uboot.bin
 openwrt-imx6-apalis-ext4.recovery.scr
 openwrt-imx6-apalis-ext4.spl-uboot.bin

With proposed patch, we could now just do:

 define Device/apalis
   ...
   ARTIFACTS := spl-uboot.bin recovery.scr
   ARTIFACT/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   ARTIFACT/recovery.scr := recovery-scr
 endef

Which would produce target binaries with following filenames:

 openwrt-imx6-apalis-recovery.scr
 openwrt-imx6-apalis-spl-uboot.bin

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-11-26 09:39:20 +01:00
Koen Vandeputte
3a1978bbb4 kernel: bump 3.18 to 3.18.126
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 12:40:19 +01:00
Koen Vandeputte
02e16e9e82 kernel: bump 4.14 to 4.14.82
Refreshed all patches.

Compile-tested: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-22 10:49:01 +01:00
Koen Vandeputte
e1debc557c kernel: bump 4.9 to 4.9.138
Refreshed all patches.

Compile-tested: ar71xx, layerscape
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 10:49:01 +01:00
Koen Vandeputte
e14dc93073 kernel: bump 4.14 to 4.14.81
Refreshed all patches.

Removed upstreamed patches:
- 081-spi-bcm-qspi-switch-back-to-reading-flash-using-smal.patch

Altered patches:
- 0054-cpufreq-dt-Handle-OPP-voltage-adjust-events

Compile-tested on: cns3xxx, imx6, ipq806x, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte
7e20e4ab96 kernel: bump 4.9 to 4.9.137
Refreshed all patches.

Removed upstreamed hunks in:
- 703-phy-support-layerscape.patch

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte
f7a406deaf kernel: bump 3.18 to 3.18.125
Refreshed all patches.

Compile-tested on: adm5120
Compile-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Stijn Tintel
e95e9fcbb2 kernel: bump 4.14 to 4.14.80
Refresh patches.

Compile-tested: ar71xx, ath79, x86/64
Runtime-tested: ar71xx, ath79, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-13 00:44:01 +02:00
Koen Vandeputte
c764b2b531 kernel: bump 4.14 to 4.14.79
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-05 16:00:00 +01:00
Koen Vandeputte
bc3d47cd12 kernel: bump 4.14 to 4.14.78
Refreshed all patches.

Remove upstreamed:
- 050-net-emac-fix-fixed-link-setup-for-the-RTL8363SB-swit.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-22 15:28:31 +02:00
Koen Vandeputte
9c42391c0d kernel: bump 4.9 to 4.9.135
Refreshed all patches.

Fixes:
- CVE-2018-10883

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-22 15:28:31 +02:00
Christian Lamparter
92bcd08989 build: remove obsolete -rc kernel testing rewrites
The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-10-20 16:13:39 +02:00
Koen Vandeputte
ca88f4153f kernel: bump 4.14 to 4.14.77
Refreshed all patches.

Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Koen Vandeputte
6d682d82b0 kernel: bump 4.9 to 4.9.134
Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-19 10:01:57 +02:00
Kevin Darbyshire-Bryant
1063d904b7 hostapd: add basic variant
Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w and
is intended to support 11r & 11w (subject to driver support) out of the
box.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-16 15:07:41 +01:00
Koen Vandeputte
0d0bd8e6da kernel: bump 4.14 to 4.14.76
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:08:56 +02:00
Koen Vandeputte
e80af4b53b kernel: bump 4.9 to 4.9.133
Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:08:54 +02:00
Koen Vandeputte
912340033a kernel: bump 3.18 to 3.18.124
Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-16 10:06:45 +02:00
Koen Vandeputte
f983956a8b kernel: bump 4.14 to 4.14.75
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-10 14:45:11 +02:00
Koen Vandeputte
571fe28464 kernel: bump 4.9 to 4.9.132
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-10 14:45:11 +02:00
Hauke Mehrtens
5933958168 image: ignore usign build errors
The tl-wa850re-v2 images from the ar71xx/tiny target are getting too big
with the default packages. The size check is done before the meta data
is added so there is no file to add meta data to or to sign. Originally
errors in Build/append-metadata were getting ignored, but if the signing
fails the error is not ignored.
This adds a check if the file to be signed is there and only does the
signing if it is there. This way it does not fail if the package
creation was already aborted earlier.

Fixes: 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-10-07 22:14:35 +02:00
Felix Fietkau
b7855230a3 build: insert blank line after KernelPackage template to allow chaining calls to it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-06 13:02:29 +02:00
Koen Vandeputte
a2adeffffc kernel: bump 4.14 to 4.14.74
Refreshed all patches.

Fixes CVE:

- CVE-2018-7755

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-04 16:15:03 +02:00
Koen Vandeputte
0bcff6b0db kernel: bump 4.9 to 4.9.131
Refreshed all patches.

Fixes CVE:

- CVE-2018-10880
- CVE-2018-7755

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-04 16:15:03 +02:00
Koen Vandeputte
7bfe757bc4 kernel: bump 4.14 to 4.14.73
Refreshed all patches.

Removed upstreamed:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-02 13:44:36 +02:00
Koen Vandeputte
00f1dc55e8 kernel: bump 4.9 to 4.9.130
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-02 13:44:36 +02:00
Felix Fietkau
c3a0102195 build: fix kernel headers install for uml
The kernel headers makefile needs to override LINUX_KARCH

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 18:09:45 +02:00
Amol Bhave
366e6ef5c3 build: use CMAKE_SOURCE_SUBDIR variable to cmake.mk
Sometimes, the CMakeLists.txt file is not in the root directory of a
repo. In those cases, the CMAKE_SOURCE_SUBDIR variable can be specified
to use CMakeLists.txt from a subdirectory instead.

Signed-off-by: Amol Bhave <ambhave@fb.com>
2018-09-29 17:23:11 +02:00
Koen Vandeputte
e9d92bf1e1 kernel: bump 4.14 to 4.14.72
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch
- 0013-MIPS-ath79-fix-system-restart.patch
- 180-earlycon-initialize-port-uartclk-based-on-clock-frequency-property.patch
- 181-earlycon-remove-hardcoded-port-uartclk-initialization-in-of_setup_earlycon. patch
- 700-1-6-e1000e-Remove-Other-from-EIAC.patch
- 700-2-6-Partial-revert-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- 700-3-6-e1000e-Fix-queue-interrupt-re-raising-in-Other-interrupt.patch
- 700-4-6-e1000e-Avoid-missed-interrupts-following-ICR-read.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte
3caf940cc6 kernel: bump 4.9 to 4.9.129
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte
17e90d88e2 kernel: bump 3.18 to 3.18.123
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:54:18 +02:00
Koen Vandeputte
0dbdb476f3 kernel: bump 4.14 to 4.14.71
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte
72e9b4059e kernel: bump 4.9 to 4.9.128
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte
0cda4af005 kernel: bump 4.14 to 4.14.70
Refreshed all patches.

Added new patch:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

This fixes a bug introduced in upstream 4.14.68 which caused targets using
ubifs to produce file-system errors on boot, rendering them useless.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
784d7f0251 kernel: bump 4.9 to 4.9.127
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
92511d21cc kernel: bump 3.18 to 3.18.122
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
079871983c kernel: bump 4.14 to 4.14.68
Refreshed all patches.

Remove upstream accepted:
- 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch

Altered:
- 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
- 308-mips32r2_tune.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
752ee31ad2 kernel: bump 4.9 to 4.9.125
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
b4bd6c2c95 kernel: bump 3.18 to 3.18.121
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
01793e8752 kernel: bump 4.14 to 4.14.67
Refreshed all patches.

Removed upstreamed patches:
- 037-v4.18-0008-ARM-dts-BCM5301x-Fix-i2c-controller-interrupt-type.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-28 23:05:39 +02:00
Koen Vandeputte
22f899c6dd kernel: bump 4.9 to 4.9.124
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-28 23:05:39 +02:00
David Bauer
8e9a59a6b9 build: add mkrasimage
The current make-ras.sh image generation script for the ZyXEL NBG6617
has portability issues with bash. Because of this, factory images are
currently not built correctly by the OpenWRT buildbots.

This commit replaces the make-ras.sh by C-written mkrasimage.

The new mkrasimage is also compatible with other ZyXEL devices using
the ras image-format.
This is not tested with the NBG6616 but it correctly builds the
header for ZyXEL factory image.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-28 11:26:53 +02:00
Koen Vandeputte
6b4ba118ac kernel: bump 4.14 to 4.14.66
Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte
7a9afb8783 kernel: bump 4.9 to 4.9.123
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte
548182bc6d kernel: bump 3.18 to 3.18.119
Refreshed all patches.

Compile-tested on: adm5120, adm8668, au1000, mcs814x, ppc40x, ppc44x, xburst
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:23 +02:00
Koen Vandeputte
1f7ce19df2 kernel: bump 4.14 to 4.14.65
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Koen Vandeputte
ba30490d05 kernel: bump 4.9 to 4.9.122
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Daniel Engberg
fc9cbf3bc0 target.mk: Remove obsolete octeon CPU_CFLAGS
As of commit c6e02b49f6 the octeon target
uses octeonplus instead of octeon

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-19 18:58:30 +02:00
Hauke Mehrtens
b547ab3143 kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
 * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Hauke Mehrtens
e4bad5f0ac kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
 * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
 * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:31:56 +02:00
Ludwig Thomeczek
e5b802b9c2 firmware-utils: add sercomm/netgear tool
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.

They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.

Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
2018-08-13 08:37:19 +02:00
INAGAKI Hiroshi
a6369206fe ath79: add support for I-O DATA WN-AC1600DGR2
I-O DATA WN-AC1600DGR2 is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.

Specification:

- Qualcomm Atheros QCA9557
- 128 MB of RAM
- 16 MB of Flash
- 2.4/5 GHz wifi
  - 2.4 GHz: 2T2R (SoC internal)
  - 5 GHz: 3T3R (QCA9880)
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 6x keys (4x buttons, 1x slide switch)
- UART header on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of WN-AC1600DGR2
2. Connect power cable to WN-AC1600DGR2 and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-11 21:45:06 +02:00
Koen Vandeputte
0ddb34b6b5 kernel: bump 4.14 to 4.14.62
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:23 +02:00
Koen Vandeputte
21a229317f kernel: bump 4.9 to 4.9.119
Refreshed all patches.

Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:23 +02:00
INAGAKI Hiroshi
23519edbca ath79: add support for Buffalo BHR-4GRV2
Buffalo BHR-4GRV2 is a wired router, based on Qualcomm Atheros
QCA9558.
Ported from ar71xx target.

Specification:

- Qualcomm Atheros QCA9558
- 64 MB of RAM
- 16 MB of Flash
- 5x 10/100/1000 Ethernet
  - QCA8337N
- 4x LEDs, 2x keys
- UART header on PCB
  - Vcc, TX, RX, GND from LED side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of BHR-4GRV2
2. Connect power cable to BHR-4GRV2 and turn on it
3. Access to "http://192.168.12.1/" and open firmware update
page ("ファームウェア更新")
4. Select the OpenWrt factory image and click update ("更新実行")
button
5. Wait ~120 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-09 18:44:57 +02:00
Koen Vandeputte
0ef25a7aee kernel: remove linux 4.4 support
No targets are using this one anymore

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-08 09:51:23 +02:00
Daniel Golle
ec78f03de5 image: fix build without ucert
Make sure the Shell-expression returns true also in case of
key-build.ucert being absent.

Fixes commit 848b455d2e ("image: use ucert to append signature")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 00:48:53 +02:00
Daniel Golle
848b455d2e image: use ucert to append signature
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 23:20:49 +02:00
Koen Vandeputte
7a254aeeb8 kernel: bump 4.14 to 4.14.61
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-07 12:53:47 +02:00
Koen Vandeputte
f7036a34ac kernel: bump 4.9 to 4.9.118
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-07 12:53:47 +02:00
Jo-Philipp Wich
93ac8b03b0 Revert "netfilter: separate IPv6 relevant kernel modules from IPv4"
This reverts commit 42a3c6465a.

The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-06 19:46:37 +02:00
Rosy Song
42a3c6465a netfilter: separate IPv6 relevant kernel modules from IPv4
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:09:04 +02:00
Jo-Philipp Wich
d3ddf6631e build: remove GNU time dependency
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.

Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-05 00:06:27 +02:00
Koen Vandeputte
f960490fc8 kernel: bump 4.14 to 4.14.60
Refreshed all patches

Removed upstreamed patches:
- 500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-03 16:10:38 +02:00
Koen Vandeputte
4ec4dd2a11 kernel: bump 4.9 to 4.9.117
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-03 16:10:38 +02:00
Chen Minqiang
33bce21bb0 base-files: fix HOME_URL replace
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2018-08-02 07:54:40 +02:00
Koen Vandeputte
fec8fe8069 kernel: bump 4.9 to 4.9.116
Refreshed all patches

Remove upstreamed patches.
- 103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch
- 001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch
- 001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- 001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- 900-gen_stats-fix-netlink-stats-padding.patch

Introduce a new backported patch to address ext4 breakage, introduced in 4.9.112
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This patch has been slightly altered to compensate for a new helper function
introduced in later kernels.

Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9

Compile-tested on: ar71xx, bcm2710
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-01 09:46:59 +02:00
Bjørn Mork
c72f3b5e2b include/feeds.mk: fix distfeeds.conf without per-feed repos
commit 514a4b3e1b ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:

 root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
 src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
 src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
 root@wrt1900ac-1:~# opkg update
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
 Updated list of available packages in /var/opkg-lists/openwrt_core
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
 Signature check passed.
 Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
 *** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz

 Collected errors:
  * opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.

Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 514a4b3e1b ("include/feeds.mk: rework generation of opkg distfeeds.conf")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[whitespace/indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-31 14:04:45 +02:00
Stijn Tintel
22b9f99b87 kernel: bump 4.14 to 4.14.59
Drop patch that was superseded upstream:
ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch

Drop upstreamed patches:
- apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch
- generic/pending/900-gen_stats-fix-netlink-stats-padding.patch

In 4.14.55, a patch was introduced that breaks ext4 images in some
cases. The newly introduced patch
backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
addresses this breakage.

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Compile-tested: ath79, octeon, x86/64
Runtime-tested: ath79, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 05:11:07 +03:00
Julien Dusser
4dfa6b7a30 build: fix ASLR for LTO packages
Fix building packages with LTO when CONFIG_PKG_ASLR_PIE is enabled.

Despite comment of PR lto/80838, it seems that GCC needs -fPIC on linker
command line, even if all objects are -fPIC. This may change as PR
lto/80838 is merged into 8.1

compile-tested: ar71xx, ath79

Fix commits:
6dac92a42e
8c11133c9d
07940acc34
e7397eef69
ef16a394d2
ef96d1e34a
47b42137ce
73fc67b614
154c0c4006
804c51e1e6

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-07-30 14:26:16 +02:00
Daniel Engberg
0aaa650755 include/verbose.mk: Add sc to failure message
Add sc to build error message

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:43:36 +02:00
Jo-Philipp Wich
991c7a4f69 build: do not override CCACHE_DIR when ccache is disabled
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-24 15:23:05 +02:00
Jo-Philipp Wich
a6f4c7bce8 build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation
A missing comma caused the first command option to be considered part of
the error message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-24 13:37:24 +02:00
Jo-Philipp Wich
69ea512c62 build: do not alter global default package selection from profiles
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.

In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.

To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.

Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-21 20:52:48 +02:00
Felix Fietkau
7c306ae640 build: fix compile error when a package includes itself in PROVIDES
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-20 10:40:58 +02:00
Matthias Schiffer
b123921a92
include/prereq-build.mk: explicitly check for -f flag when using busybox time
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-14 15:46:35 +02:00
Matthias Schiffer
36fa1bbf6f
include/kernel-build.mk: fix kernel rebuild on backport patch changes
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-14 13:07:34 +02:00
Matthias Schiffer
16035a7dd3
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Matthias Schiffer
9af22f1ac9
include/feeds.mk: always add available feeds to PACKAGE_SUBDIRS
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.

It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
李国
671999157d verbose.mk: quote SUBMAKE options
build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.

make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'

Signed-off-by: 李国 <uxgood.org@gmail.com>
2018-07-12 10:24:36 +02:00
Koen Vandeputte
ba2b0f0ac6 kernel: bump 4.14 to 4.14.54
Rereshed all patches

Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-11 16:02:24 +02:00
Yousong Zhou
9009efa18b download.mk: enable DownloadMethod/github_archive
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Yousong Zhou
04b9f85873 scripts/dl_github_archive.py: rename from download.py
- Make the code more GitHub-specific
 - Requires mirror hash to work with .gitattributes
 - Use different API depending on whether PKG_SOURCE_VERSION is a
   complete commit id or other ref types like tags
 - Fix removing symbolic link
 - pre-clean dir_untar for possible leftovers from previous run

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Yousong Zhou
e48ea13b3b download.mk: add more comments
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-05 01:30:57 +08:00
Koen Vandeputte
d0839e020d kernel: bump 4.14 to 4.14.53
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-04 14:16:37 +02:00
Koen Vandeputte
01ca20cdfd kernel: bump 4.9 to 4.9.111
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-04 14:16:37 +02:00
Kevin Darbyshire-Bryant
89b59994eb build: ASLR hardening use $(FPIC)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 14:19:10 +01:00
Felix Fietkau
29b2199eb0 build: fix target metadata scan dependencies
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-02 14:27:06 +02:00
Felix Fietkau
516d995d6a build: ensure that iwinfo is selected when building for multiple devices
extra_packages needs to be added there, like on profiles and target
packages lists

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-02 14:27:04 +02:00
Koen Vandeputte
f4ac88b509 kernel: bump 4.14 to 4.14.52
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-02 07:04:48 +02:00
Koen Vandeputte
8e622aae58 kernel: bump 4.9 to 4.9.110
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-02 07:04:34 +02:00
Yousong Zhou
e15565a01c download.mk: restore the old dl_method implementation
Seems like the python download.py dl_method call causes serious
performance regression for fresh "make defconfig" as reported in
FS#1621.  GitHub tarball download will also be disabled with this

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-29 13:54:17 +08:00
Mathias Kresin
52a9edb1bf base-files: add menuconfig option for HOME_URL
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.

Fixes: FS#1123

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-06-27 08:40:34 +02:00
Yousong Zhou
75ab064d2b build: download code from github using archive API
A new python script scripts/download.py is added to fetch tarballs using
GitHub archive API [1], then repack in a reproducible way same as the
current DownloadMethod/git

GitHub imposes a 60 reqs/hour rate limit on unauthenticated API
access[2].  This affects fetching commit date for feeding tar --mtime=
argument.  However, observation indicates that archive download is NOT
subject to this limit at the moment.  In the rare cases where download
fails because of this, we will falback to using DownloadMethod/git

The missing piece in the GitHub API is that it cannot provide in the
tarball dependent submodules's source code.  In that case, the
implementation will also fallback to using DownloadMethod/git

 [1] Get archive link, https://developer.github.com/v3/repos/contents/#get-archive-link
 [2] Rate limiting, https://developer.github.com/v3/#rate-limiting

v2 <- v1:

 - allow passing multiple urls with --urls argument
 - add commit ts cache.  can be helpful on retry

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-27 10:51:27 +08:00
Christian Lamparter
82618062cf ipq40xx: add support for the ZyXEL NBG6617
This patch adds support for ZyXEL NBG6617

Hardware highlights:

SOC:    IPQ4018 / QCA Dakota
CPU:    Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:   256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR:    32 MiB Macronix MX25L25635F
ETH:    Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB:    1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:  RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS:   Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS

Serial:
	WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
	The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
	pre-soldered. Pinout:
	  1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX

first install / debricking / restore stock:
 0. Have a PC running a tftp-server @ 192.168.1.99/24
 1. connect the PC to any LAN-Ports
 2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
    into the tftp-server root directory and rename it to just "ras.bin".
 3. power-cycle the router and hold down the the WPS button (for 30sek)
 4. Wait (for a long time - the serial console provides some progress
    reports. The u-boot says it best: "Please be patient".
 5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
    flashes fast at the same time. You have to reboot the device and
    it should then come right up.

Installation via Web-UI:
 0. Connect a PC to the powered-on router. It will assign your PC a
    IP-address via DHCP
 1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
 2. Go to the "Expert Mode"
 3. Under "Maintenance", select "Firmware-Upgrade"
 4. Upload the OpenWRT factory image
 5. Wait for the Device to finish.
    It will reboot into OpenWRT without any additional actions needed.

To open the ZyXEL NBG6617:
 0. remove the four rubber feet glued on the backside
 1. remove the four philips screws and pry open the top cover
    (by applying force between the plastic top housing from the
    backside/lan-port side)

Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:

|   Hit any key to stop autoboot:  3

The user is then dropped to a locked shell.

|NBG6617> HELP
|ATEN    x[,y]     set BootExtension Debug Flag (y=password)
|ATSE    x         show the seed of password generator
|ATSH              dump manufacturer related data in ROM
|ATRT    [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO              boot up whole system
|ATUR    x         upgrade RAS image (filename)
|NBG6617>

In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!

First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.

|NBG6617> ATSE NBG6617
|012345678901

This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):

- tool.sh -
ror32() {
  echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -

|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711

copy and paste the result into the shell to unlock zloader.

|NBG6617> ATEN 1,0046B0017430

If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.

|NBG6617> ATGU
|NBG6617#

Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2018-06-26 08:57:26 +02:00
Alin Nastac
ab07ae2f27 netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2018-06-26 08:57:25 +02:00
Kevin Darbyshire-Bryant
094d49cddf kernel: bump 4.14 to 4.14.51
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Refresh patches.

Remove patch that can be reverse applied:
mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch
mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch

Update patch that no longer applied:
ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch

Compiled-tested-for: lantiq, ramips
Run-tested-on: lantiq BT hh5a, ramips MIR3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-06-26 08:57:21 +02:00
Jo-Philipp Wich
333e609703 build: change version.mk defaults to OpenWrt
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 13:45:03 +02:00
Daniel Engberg
c6e02b49f6 octeon: Add and set CPU type Octeon+ as default
The lowest CPU type used by supported Octeon platform
is Octeon+ (EdgeRouter Lite) while EdgeRouter Pro/ER-8 uses
Octeon II which is backwards compatible with Octeon+.

Sources:
https://community.ubnt.com/t5/EdgeRouter/EdgeRouter-Pro-CPU/td-p/654599
https://www.cavium.com/octeon-II-CN68XX.html
"OCTEON II family is fully software compatible with the widely-adopted
OCTEON Plus family"

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-20 15:36:02 +02:00
Andy Boyett
591780615b build: add busybox support to time prereq-check
Busybox time supports the GNU time '-f' syntax used by the build time
logging implemented in ff6e62b288, however the prerequisite check added
only works with GNU time installed as `time` or `gtime`.

As busybox is a multicall binary, the name of the symlink setup by
SetupHostCommand also must be changed from `gtime` to `time` to fix the
value of argv[0]. This causes a number of shells (including bash) to use
their builtin impelementation of time, so the sole invocation has been
changed to use `env time` to use the value found on the $PATH.

Signed-off-by: Andy Boyett <agb@agb.io>
2018-06-18 21:27:01 +02:00
Hannu Nyman
dcfe2a461e include/image-commands.mk: shorter version in Netgear factory header
Shorten the version string in Netgear factory image header in order
to enable u-boot TFTP recovery flash mode to work again.

Strip 'r7210-14cb05909a' into 'r7210' in the Netgear image header
by removing the hash (anything after "-").

background:
Some Netgear routers have recently been unable to flash Openwrt
factory image with the TFTP recovery flash mode provided by Netgear
u-boot. That is due to over-long Openwrt version string overflowing
into the router type string in u-boot code. Modern git versions
produce 10-digit short hashes for the Openwrt main repo, and that
causes the version string to be too long in the image header,
breaking the image ID verification by the TFTP flash routine.

(Other option could be to force a shorter hash in scripts/getver.sh,
but as the problem only concerns Netgear routers, let's patch just
them.)

More detailed explanations in FS#1583

Tested with WNDR3800

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-06-18 20:29:37 +02:00
Koen Vandeputte
510f2efab6 kernel: bump 4.14 to 4.14.50
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 15:25:42 +02:00
Koen Vandeputte
db73c71e8d kernel: bump 4.9 to 4.9.109
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 15:25:28 +02:00
Koen Vandeputte
2b9885571b kernel: bump 4.14 to 4.14.49
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86-64
Runtime-tested on: cns3xxx, imx6, x86-64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 07:10:19 +02:00
Koen Vandeputte
8c1f088521 kernel: bump 4.9 to 4.9.108
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 07:10:19 +02:00
Kevin Darbyshire-Bryant
f60301db74 kernel: bump 4.9 to 4.9.107
Refresh patches.

Compile-tested for: ar71xx
Run-tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-09 22:39:17 +02:00
Koen Vandeputte
2792ef55ab kernel: bump 4.9 to 4.9.106
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-07 09:04:46 +02:00
Stijn Tintel
e52f3e9b13 kernel: bump 4.14 to 4.14.48
Remove upstreamed patches:
generic/pending/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
generic/pending/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
generic/pending/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
lantiq/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
Update patches that no longer apply:
generic/pending/811-pci_disable_usb_common_quirks.patch
ath79/0009-MIPS-ath79-add-lots-of-missing-registers.patch

Fixes CVE-2018-6412.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-06-05 22:54:00 +03:00
Kevin Darbyshire-Bryant
7dca1bae82 kernel: bump to 4.9.105
Refresh patches.

Drop patches that have been upstreamed:
target/linux/ar71xx/patches-4.9/106-01-MIPS-ath79-fix-AR724X_PLL_REG_PCIE_CONFIG-offset.patch
target/linux/generic/backport-4.9/095-v4.12-ipv6-Need-to-export-ipv6_push_frag_opts-for-tunnelin.patch
target/linux/generic/pending-4.9/180-net-phy-at803x-add-support-for-AT8032.patch
target/linux/generic/pending-4.9/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
target/linux/generic/pending-4.9/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-01 08:25:14 +02:00
Stijn Tintel
64b53247c4 kernel: bump 4.14 to 4.14.44
Refresh patches.

Remove upstreamed patch:
generic/pending/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
Update patches that no longer applies:
generic/hack/901-debloat_sock_diag.patch

Compile-tested on: x86/64.
Runtime-tested on: x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-05-29 00:53:15 +03:00
Koen Vandeputte
467b07e00c kernel: bump 4.14 to 4.14.43
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
2018-05-24 08:58:17 +02:00
Koen Vandeputte
82cf3c7c61 kernel: bump 4.9 to 4.9.102
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-24 08:58:03 +02:00
Koen Vandeputte
faf0a460c4 kernel: bump 4.14 to 4.14.42
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-22 20:49:08 +02:00
Koen Vandeputte
6c5f2d73e9 kernel: bump 4.9 to 4.9.101
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-22 20:48:43 +02:00
David Bauer
399495a952 build: add apend-uboot command
This commit adds an append-uboot command to append U-Boot from the
bin-directory.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-05-22 20:34:14 +02:00
Jo-Philipp Wich
b287c82bed build: prevent spurious package rebuilds under CONFIG_AUTOREMOVE
When CONFIG_AUTOREMOVE is enabled, the build system touches an additional
".autoremove" stamp file in the cleaned build directory.

Since the autoremove stamp file is touched after the compile process
completed, it ends up being the most recent file of the package build
directory, causing the timestamp.pl check of depends.mk to erroneously
declare the ".built" and ".prepared" stamp files as stale, triggering
a forced clean-build submake process.

Fix the problem by using the ".built" stamp file as modification time
reference when touching the ".autoremove" stamp file.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-22 09:27:38 +02:00
Mathew McBride
fba168f574 build: use busybox gzip compatible force option
commit 138c763 ("build: add --force option to gzip in Build/gzip")
added the --force flag to the gzip invocation.

Under environments with busybox gzip (e.g Alpine Linux), this fails
as busybox only recognizes "-f".

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2018-05-21 18:07:48 +02:00
Koen Vandeputte
e2aa0c3f8b kernel: bump 4.14 to 4.14.41
Refreshed all patches

Dropped upstreamed patches:
522-PCI-aardvark-fix-logic-in-PCI-configuration-read-write-functions.patch
523-PCI-aardvark-set-PIO_ADDR_LS-correctly-in-advk_pcie_rd_conf.patch
525-PCI-aardvark-use-isr1-instead-of-isr0-interrupt-in-legacy-irq-mode.patch
527-PCI-aardvark-fix-PCIe-max-read-request-size-setting.patch

updated patches:
524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch

Added new ARM64 symbol: CONFIG_ARM64_ERRATUM_1024718

Compile-tested on: cns3xxx, imx6, mvebu (arm64), x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-18 09:10:46 +02:00
Koen Vandeputte
12f44b83a8 kernel: bump 4.9 to 4.9.100
Refreshed all patches

Added new ARM64 symbol: ARM64_ERRATUM_1024718

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-18 09:10:21 +02:00
Etienne Champetier
ff6e62b288 build: log time taken by each packages/steps
The idea is to easily get the list of packages taking the most time to build,
and see if we can improve them

v1: Use SetupHostCommand as recommended by John
v2: add space after 'time:', remove useless /usr/bin/time from SetupHostCommand

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2018-05-07 10:31:35 +02:00
Koen Vandeputte
3435dbdc1c kernel: bump 4.14 to 4.14.37
Refreshed all patches

Compile-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64
Runtime-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
[add extra tested targets to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-30 09:07:53 +03:00
Hauke Mehrtens
8dcd941d8b tools/zlib: move zlib build to tools
This allows us to link the other tools against our libz and we do not
need the system zlib any more.

Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:28:59 +02:00
Felix Fietkau
6fa88be486 build: add support for git submodules with CONFIG_SRC_TREE_OVERRIDE
Also work around an issue where git would store the modified workdir in
the submodule git config files

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-27 15:19:19 +02:00
Koen Vandeputte
6cd41b419c kernel: bump 4.14 to 4.14.36
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092
CVE-2018-1094
CVE-2018-1095

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2018-04-26 08:54:01 +02:00
Kevin Darbyshire-Bryant
9aa196e0f2 kernel: bump 4.9 to 4.9.96
Refresh patches, following required reworking:

ar71xx/patches-4.9/930-chipidea-pullup.patch
layerscape/patches-4.9/302-dts-support-layercape.patch
sunxi/patches-4.9/0052-stmmac-form-4-12.patch

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092

Tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Arjen de Korte <build+openwrt@de-korte.org>
2018-04-26 08:53:54 +02:00
Mathias Kresin
74a0d8cd92 build: consolidate fake uImage header build commands
Merge the two existing functions and use a parameter for the type
header field.

It updates the syntax of the former mpc85xx fake ramdisk header
command to be compatible with mkimage from u-boot 2018.03 and fixes the
build error spotted by the build bot.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-20 20:58:52 +02:00
Felix Fietkau
a1c65b41cb build: pass HOSTCXX to host builds as CXX
Fixes cmake build on some systems that also have an older clang++

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 13:20:25 +02:00
Mathias Kresin
38bd4e4eb5 build: fix uImage fake header command
Use a syntax compatible with mkimage from u-boot 2018.03 to fix the
build errors spotted by the build bot.

The images are binary identical to the ones generated with mkimage from
u-boot 2014.10.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-19 19:15:00 +02:00
Stijn Tintel
ec1d7b9461 kernel: bump 4.14 to 4.14.34
Refresh patches.
Update patches that no longer apply:
- backport/313-netfilter-remove-defensive-check-on-malformed-packet.patch
- pending/642-net-8021q-support-hardware-flow-table-offload.patch

Compile-tested: x86/64.
Runtime-tested: x86/64.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-16 00:22:57 +03:00
Matthias Schiffer
d3756a9a13
include/kernel.mk: build kmod packages with empty FILES
kmod packages without FILES did not have an install step defined, leading
to no package being built. This affected netfilter/iptables packages, which
filter out builtin modules from FILES.

Not building a package that it is selected in .config is problematic, as
the generated empty package may be necessary to satisfy dependencies.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-12 05:47:10 +02:00
Matthias Schiffer
177fa14340
iptables: split physdev match out as a separate package
Split physdev match out of ipt-extra to allow installing ipt-extra without
pulling in br-netfilter.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-09 19:41:48 +02:00
Jo-Philipp Wich
e9eb9393f4 include: extend SetupHostCommand macro to accept more arguments
Commit d6d3db0543 added more gcc version probes, exceeding the argument
limit of the SetupHostCommand macro, leading to failing GCC/LLVM tests
on OS X.

Extend the handled number of arguments to restore proper functionality.

Fixes FS#1470
Fixes d6d3db0543 ("build: Improve GCC version detection")

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-05 13:58:15 +02:00
Hauke Mehrtens
a74fd570a2 kernel: update kernel 4.14 to 4.14.32
The following patches are now included upstream:
* 0052-MIPS-lantiq-fix-usb-clocks.patch
* 0053-MIPS-lantiq-enable-AHB-Bus-for-USB.patch
* 0060-lantiq-ase-enable-MFD-SYSCON.patch

Closes: FS#1466

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-03 23:26:45 +02:00