Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden
Spectre style attacks against branch history and fixed rejects in
following patches:
* generic/hack-4.14/220-gc_sections.patch
* generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
Other patches refreshed automagically.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
All patches refreshed automagically without conflicts.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
All patches refreshed automagically without conflicts.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
All patches refreshed automagically without conflicts, but upstream in
commit 48c2461f28fe ("ARM: 8800/1: use choice for kernel unwinders")
added new config options UNWINDER_ARM and UNWINDER_FRAME_POINTER so we
need to adjust default configs as well.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Rebased patches:
* generic: 273-batman-adv-Convert-packet.h-to-uapi-header.patch
* ipq806x: 0065-arm-override-compiler-flags.patch
* mvebu: 513-arm64-dts-marvell-armada37xx-Add-emmc-sdio-pinctrl-d.patch
Removed patches:
Fixed upstream:
* ar71xx: 821-serial-core-add-support-for-boot-console-with-arbitr.patch
* ath79: 921-serial-core-add-support-for-boot-console-with-arbitr.patch
- in 4.14.256 via 9112e7ef87149b3d8093e7446d784117f6e18d69
* mvebu: 527-PCI-aardvark-allow-to-specify-link-capability.patch
- in 4.14.257 via 62a3dc9b65a2b24800fc4267b8cf590fad135034
* mvebu: 524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
- should be hopefully fixed by the bunch of changes in .256 and .257
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Fixes: CVE-2021-3640
Signed-off-by: Petr Štetiar <ynezz@true.cz>
All updated automatically.
Compile-tested on: malta/le, lantiq/xrx200
Runtime-tested on: malta/le, lantiq/xrx200
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
All updated automatically.
Compile-tested on: lantiq/xrx200, armvirt/64
Runtime-tested on: lantiq/xrx200, armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refreshed all patches and removed upstreamed:
oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch
Fixes: CVE-2020-12114 and CVE-2020-11669
Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Build of the brcm2708 subtarget currently fails with the following error
message:
arch/arm/lib/memset_rpi.S: Assembler messages:
arch/arm/lib/memset_rpi.S:65: Error: garbage following instruction
-- `orr DAT0,DAT0,lsl#8'
arch/arm/lib/memset_rpi.S:67: Error: garbage following instruction
-- `orr DAT0,DAT0,lsl#16'
scripts/Makefile.build:427: recipe for target 'arch/arm/lib/memset_rpi.o'
failed
Using the assembly notation from master fixes this error.
Signed-off-by: David Bauer <mail@david-bauer.net>
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 641f6b6c26cb9ab5e1198810015e5f4b2b5b34ad)
$CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz.
This change makes code more generic and allows refactoring $CONF_TAR.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 62dbe361a1b1ed1506bc0387bff55eddcb619e49)
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)
This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b6f4cd57e19a8cfcd9ff52582b65164ce6213c3d)
Refreshed all patches.
Altered patches:
- 816-pcie-support-layerscape.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40b5)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refreshed all patches.
This bump contains upstream commits which seem to avoid (not properly fix)
the errors as seen in FS#2305 and FS#2297
Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch
Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
