Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Also fix a malformed patch issue caught during refresh.
It was caused by removing a whitespace without altering
the index values in a patch which alters a patch.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Fixes: cf65262492 ("kernel: bump 4.19 to 4.19.51")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Refreshed all patches.
Altered patches:
- 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
- 220-optimize_inlining.patch
- 640-netfilter-nf_flow_table-add-hardware-offload-support.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refreshed all patches.
Altered patches:
- 220-optimize_inlining.patch
- 816-pcie-support-layerscape.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refreshed all patches.
This bump contains upstream commits which seem to avoid (not properly fix)
the errors as seen in FS#2305 and FS#2297
Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch
Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
urandom-seed content was split from base-files into separate package so
in order to preserve the current functionality and to provide some
fallback mechanism in case jent-rng initialization fails in urngd we
need to add it back.
urngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Only the repo should not use https. Otherwise the build would need
a wget/uclient_fetch with tls support.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
e26ffb31df fixed only embedded modules
symbol collection. If we are building external modules, like broadcom-wl
or lantiq dsl stuff then modules which do EXPORT_SYMBOL have unresolved
paths in Module.symvers and external module which depend on other
external modules will have empty dependencies, leading to broken
module loading.
This was discussed on IRC with Jonas some time ago.
Fix this by handling both resolved and unresolved paths.
Fixes: e26ffb31df ("build: fix module symbol collection if build_dir is a symlink")
Signed-off-by: Roman Yeryomin <roman@advem.lv>
[jonas.gorski@gmail.com: add appropriate fixes tag]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Adds support to && operand in DEPENDS. Also, fixes generation of ||
dependencies by scripts/package-metadata.pl.
The precedence order from higher to lower is && then ||. Use of
parentheses to change the order is not supported. As before, they are
silently ignored. Use them for readability only.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
The helper shared Build/append-uboot in include/image-commands.mk
uses it, so include this variable in DEFAULT_DEVICE_VARS.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Adds a new variable DISABLED_SERVICES to ImageBuilder Makefile, which
defines a list of services (installed as /etc/init.d/*) to be disabled
during the build of a custom image (normally all are enabled).
It comes handy when a particular service should not be run under normal
circumstances, but should be ready in the image for situations when it
might be needed.
Signed-off-by: Richard Musil <risa2000x@gmail.com>
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refreshed all patches.
New symbols:
- CONFIG_LDISC_AUTOLOAD
- CONFIG_PPC_BARRIER_NOSPEC
Compile-tested on: ar7
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This patch doesn't seem to have any more users.
The only one used to be target in
`target/linux/etrax/image/e100boot/Makefile`.
That target has since been removed via commit
1080f68b2b .
There doesn't seem to be any reason left for this workaround.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Otherwise tar will keep the sgid bit when running
from a sgid-set directory, resulting in a different
file being generated.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[reworked commit message, removed DMARC]
It was reported to me on IRC today, that my change causes issues with
kernel versions between 4.14 and 4.19.
It's because I've wrongly used `git describe` in order to get kernel
version where we should disable noisy DTC checks, but I should've used
`git tag --contains` instead.
Fixes: cbbef976e2 ("build: dtc: Disable noisy warnings by default")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Set the toolchain's ARM CPU and FPU architectures by utilizing' gcc's
--with-cpu / --with-fpu configure options that: "Specify which cpu
variant the compiler should generate code for by default. cpu will
be used as the default value of the -mcpu= switch."
This will resolve the following kernel compilation failures under
gcc 8.x on ARM because the kernel wants to set (possibly conflicting)
optimization flags.
.../ccyVnmrs.s:204: Error: selected processor does not support `dmb ish' in ARM mode
.../ccyVnmrs.s:215: Error: architectural extension `mp' is not allowed for the current base architecture
.../ccyVnmrs.s:216: Error: selected processor does not support `pldw [r4]' in ARM mode
Because this is a big change, the .config and toolchain need to be
refreshed (as in removed and regenerated).
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Reported-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [#1203]
Signed-off-by: Boris Krasnovskiy <borkra@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [extended commit message,
removed now-deprecated CPU_CFLAGS, changed author to gmail address]
If no feed.conf or feeds.conf.default is found on image generation with
the imagebuilder we always get the following message "Unable to open
feeds configuration at <dir>/scripts/feeds line 48." on std error.
To get rid off this needless warning on image generation with the
imagebuilder supress the output in feeds.mk.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Having image metadata (and signature) appended is a condition for
semi-automated sysupgrade, hence IB needs to be able to tell which
images will end up with metadata.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
allow downstream projects to see the current version of the metadata,
usefull if eventually more variables change
Signed-off-by: Paul Spooren <mail@aparcar.org>
currently the "board" parameter contains $(BOARD) which actually results
to `<target>` (like ramips, ar71xx) without subtarget. However, one
actually excepts (not?) to contain BOARD_NAME or DEVICE_NAME.
Signed-off-by: Paul Spooren <mail@aparcar.org>
When autoloading more than one modules per packages,
/etc/modules.d/$module depends on the file system ordering.
To test this: use disorderfs on the build_dir and build kmod-sched.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
squashfskit is a fork of the squashfs-tools.
squashfskit creates reproducible filesystems and includes
many of the distro patches.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Tested-by: Paul Spooren <mail@aparcar.org>
Use 'dtc' from kernel sources instead of relying on host tool.
Fixes: bf4630e5ad ("build: add helpers for generating QSDK sysupgrade compatible images")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Qualcomm SDK (QSDK) sysupgrade compatible images for IPQ40xx, IPQ806x
and IPQ807x use FIT format together with 'dumpimage' tool from U-Boot
for verifying and extracting them. Based on 'images' sections names,
corresponding mtd partitions are flashed. For example, in case of
NOR-only boards, below mapping is used (section name -> mtd name):
hlos* -> 0:HLOS
rootfs* -> rootfs
And for boards with NAND (kernel inside UBI):
ubi* -> rootfs
Above mappings come from unmodified QSDK sources and might be wrong for
boards running custom or modified QSDK-based firmware. Some of vendors
adjust them to meet their modified mtd layout or features like recovery
or dual-image support.
This adds simple script 'mkits-qsdk-ipq-image.sh' (based on 'mkits.sh')
for generating FIT images tree source files, compatible with the QSDK
sysupgrade format. Resulting images can be used for initial (factory ->
OpenWrt) installation and would work both in CLI and GUI.
The script is universal in a way it allows to include as many sections
as needed. To make use of it, two generic/basic build recipes for NOR
and NAND based boards are also included in 'image-commands.mk':
Build/qsdk-ipq-factory-nand
Build/qsdk-ipq-factory-nor
Example usage for board with UBI in NAND:
IMAGE/nand-factory.bin := append-ubi | qsdk-ipq-factory-nand
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The original patch removed the printing completely, just remove the
color.
Fixes: eabc1ddc45 ("build: Honour NO_COLOR in include/scan.mk")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
BIN_DIR can be set to overwrite the output path for new images. This is an
advertised feature for the imagebuilder and is used by systems like
LibreMesh's chef.
The legacy images are build using a new sub-make which doesn't receive the
variable overwrites of the parent make process. As result, the BIN_DIR is
automatically defined to the default value from rules.mk. The images will
therefore not be placed in the output path which was selected by the user.
Providing BIN_DIR as an explicit variable override to the sub-make works
around this problem.
Fixes: 26c771452c ("image.mk: add LegacyDevice wrapper to allow legacy image building code to be used for device profiles")
Reported-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Hi all:
This is my first OpenWrt patch. I am a clean, pure newbie! 8-)
Honour NO_COLOR in Makefile function 'progress' in include/scan.mk, in the same way that include/verbose.mk does.
Signed-off-by: R. Diez <rdiezmail-openwrt@yahoo.com>
The KERNEL_ENTRY was missing from the DEFAULT_DEVICE_VARS.
This bug was discovered while preparing alternative images
for the mpc85xx's TP-Link WDR4900-V1, which all failed to
boot due to this:
|## Booting kernel from Legacy Image at 02000000 ...
| Image Name: POWERPC OpenWrt Linux-4.14.96
| Image Type: PowerPC Linux Kernel Image (uncompressed)
| Data Size: 2056568 Bytes = 2 MiB
| Load Address: 01000000
| Entry Point: 00000000
| Verifying Checksum ... OK
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
It was reported to me today on IRC, that building of artifacts doesn't
work properly if the concat_cmd references DEVICE_NAME variable. I've
found out, that it's due to missing call of Device/Export in artifacts
building code path, so this patch adds the missing Device/Export call
which in turn exports DEFAULT_DEVICE_VARS into the artifacts
environment.
Fixes: 493c9a3551 ("build: Introduce building of artifacts")
Tested-by: Oskari Lemmela <oskari@lemmela.net>
Reported-by: Oskari Lemmela <oskari@lemmela.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Use LINUX_DIR as a path when patching kernel. Doesn't break the current usage,
but allows to create packages that will contain variation of a kernel with
kernel being build in some subdirectory of PKG_BUILD_DIR.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
This fixes two issues with cleaning package files from STAGING_DIR:
* CleanStaging currently can only remove files and not directories. This
changes CleanStaging to use clean-package.sh, which does remove
directories.
* Because of the way directories are ordered in the staging files list,
clean-package.sh currently tries (and fails) to remove parent
directories before removing subdirectories. This changes
clean-package.sh to process the staging files list in reverse, so that
subdirectories are removed first.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
While helping with review and build testing of a few 4.19 pull requests,
I've noticed, that dtc compiler in OpenWrt uses different options then
upstream kernel, which is leading to a very noisy output[1]. It wouldn't
be that bad per se, but a lot of such warnings aren't easily fixable so
I think, that we should follow what upstream does and simply ignore^W
silence those noisy warnings.
So this patch tries to syncs dtc compiler flags with upstream kernel
till version 4.19.13, disabling those warnings as they were added in
upstream kernel:
v4.6-rc1-2-gbc55398 dtc: turn off dtc unit address warnings by default
The newly added dtc warning to check DT unit-address without reg
property and vice-versa generates lots of warnings. Turn off the check
unless building with W=1 or W=2.
v4.11-rc2-11-g8654cb8 dtc: update warning settings for new bus and node/property
dtc gained new warnings checking PCI and simple buses, unit address
formatting, and stricter node and property name checking. Disable the
new dtc warnings by default as there are 1000s. As before, warnings are
enabled with W=1 or W=2. The strict node and property name checks are a
bit subjective, so they are only enabled for W=2.
v4.16-rc3-9-g4fd98e3 scripts: turn off some new dtc warnings by default
The latest dtc update adds some new noisy warnings, so turn them off by
default. Disable 'avoid_unnecessary_addr_size' and 'alias_paths'. They
can be re-enabled by building with 'W=1'.
v4.17-rc1-27-g74656b6 kbuild: disable new dtc graph and unit-address warnings
dtc gained some new warnings for OF graphs and unique unit addresses,
but they are currently much too noisy. So turn off
'graph_child_address', 'graph_port', and 'unique_unit_address' warnings
by default. They can be enabled by building dtbs with W=1.
Build tested on imx6 and ath79 with 4.14 and 4.19.
1. https://github.com/openwrt/openwrt/pull/1694#issuecomment-450864335
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch fixes following error with U-Boot 2019.01 on imx6:
In file included from tools/lib/crc16.c:1:0:
./tools/../lib/crc16.c: In function 'crc16_ccitt':
./tools/../lib/crc16.c:70:2: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; i < len; i++)
^
./tools/../lib/crc16.c:70:2: note: use option -std=c99 or -std=gnu99 to compile your code
Code was introduced in the upstream v2019.01-rc1-154-g51c2345:
commit 51c2345bd24837f9f67f16268da6dc71573f1325
Author: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Date: Sun Nov 25 19:22:19 2018 +0100
Roll CRC16-CCITT into the hash infrastructure
Upstream has added -std=gnu11 host flag in v2018.07-rc2-1-gfa89399:
commit fa893990e9b53425af5f5059e04a2bffde91ccf9
Author: Tom Rini <trini@konsulko.com>
Date: Tue Jun 19 23:53:54 2018 -0400
Makefile: Ensure we build with -std=gnu11
Build tested on imx6: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g,
nitrogen6q, nitrogen6q2g, nitrogen6s, nitrogen6s1g,
wandboard
Run tested: apalis (pending PR #1595)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit adds the 'Build/linksys-image' rule and the
'linksys-image.sh' script to the build system.
This change is needed for generating factory images for the Linksys
EA6350v3 device. Without this patch, only valid sysupgrade images can be
generated. With this patch, users can flash the device without the
need of physical access or disassembly.
Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
This adds the hardening options also to the toolchain build.
With this change the /usr/lib/libstdc++.so.6.0.24 library will have
stack canaries and the /lib/libgcc_s.so.1 library will have Full RELRO.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- Filter out potential duplicates with the package name
(e.g. when renaming libfoo1 w/ ABI_VERSION:=1 to libfoo)
- Use the GetABISuffix macro to properly separate the suffix
with a dash in case the basename ends with a number
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When a library package specifies additional provides, e.g. libncurses
which provides libncursesw, we should also append the abi version
suffix to each provide, since there may be more than one package
providing the virtual library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.
Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
Add the ABI_VERSION source makefile variable to the binary package basename
and resolve source dependencies on packages with ABI_VERSION set to such
expanded names.
If for example a package specifies DEPENDS:=libopenssl while the OpenSSL
Makefile specifies ABI_VERSION:=1.0.0, the resulting ipk control data
dependency will be "Depends: libopenssl1.0.0" and the libopenssl ipk file
will be called "libopenssl1.0.0_<version>_<arch>.ipk".
The next time a library such as OpenSSL is updated to an incompatible
version, the ABI_VERSION shall be changed accordingly to prevent opkg from
simply upgrading to an incompatible library without considering the
dependencies of already installed packages.
Also introduce another "SourceName" control field which is required by
the newly introduced "scritps/ipkg-remove" to determine the proper related
.ipk files to delete upon buildroot package clean operations.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Subdequent commits need this information to resolve the ABI version when
computing binary ipk dependencies.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Subsequent commits will put more auxiliary information into this file,
such as the per-package ABI version, so rename the metadata script
subcommand and file names accordingly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Move the zip compression into a build recipe. Pad the image using the
existing build recipes as well to remove duplicate functionality
Change the code to append header and footer in two steps. Allow to use a
fixed filename as the netgear update image does.
Use a fixed timestamp within the zip archive to make the images
reproducible.
Due to the changes we are now compatible to the gnu89 c standard used by
default on the buildbots and we don't need to force a more recent
standard anymore.
Beside all changes, the footer still looks wrong in compare to the
netgear update image.
Signed-off-by: Mathias Kresin <dev@kresin.me>
I moved xor-image into image-commands.mk to use it in ath79 target.
It required for NEC WG800HP.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Refresh all patches
Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch
Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.
Tested-on: ath79
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
We need to use resolved file list as prerequisites for repacking kmod
.ipk files. Note that currently version_filter uses a Makefile macro
KERNEL_PATCHVER that should be available at ipk building time.
Reported-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This commit ports both dir-825-c1 and dir-835-a1 from ar71xx to ath79.
They're pretty much identical, except dir-835-a1 has less LEDs.
The routers come with 128 MByte of RAM and 16 MBytes of flash and sport
2.4GHz and 5.0GHz wireless. Both routers have entries already in
OpenWrt's TOH. Please check there for more information on these
antiquities.
https://openwrt.org/toh/hwdata/d-link/d-link_dir-825_c1https://openwrt.org/toh/hwdata/d-link/d-link_dir-835_a1
Installation:
1. Connect to the web interface of the vendor firmware (usually
listening on 192.168.0.1).
2. Go to "Tools", then "Firmware".
3. In the "Firmware Upgrade" box click "Browse".
4. Select the OpenWrt factory image for your router.
5. Click "Upload", confirm the popups if you agree to flash the file you
selected.
6. Wait for firmware upgrade to complete. It takes about 5 minutes.
Run-tested on dir-825-c1. dir-835-a1 should work as well, but I don't
have this router so I can't confirm.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [trivial changes]
This command enables factory image generation for Cameo boards. On
upgrade the vendor firmware will check the size of the provided image
and if a specific string is located at the end of the binary.
cameo-factory will generate an image that the vendor firmware accepts.
Tested on a D-Link DIR-825 C1 with vendor firmwares 3.01 and 3.04.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.
This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>