Commit Graph

481 Commits

Author SHA1 Message Date
Magnus Kroken
5af85dab22 kernel: bump 4.9 to 4.9.85
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-03-03 12:58:55 +01:00
Stijn Segers
b5469b38cd kernel: bump 4.14 to 4.14.23
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
  the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.

Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-02 21:33:08 +01:00
Stijn Tintel
f621b53951 kernel: bump 4.9 to 4.9.82
Refresh patches.
Remove upstreamed patches:
- ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch,
it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd.
Remove pending/650-pppoe_header_pad.patch, it is superseded by
upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480.
Update patches that no longer apply:
- ar71xx/004-register_gpio_driver_earlier.patch
- hack/204-module_strip.patch
- pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: ar71xx.
Runtime-tested: ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:57 +01:00
Stijn Tintel
88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Stijn Tintel
3072908d0d kernel: bump 4.14 to 4.14.18
Refresh patches.

Remove upstreamed patches:
- apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by
upstream commit d32e5740001972c1bb193dd60af02721d047a17e.
Update patch that no longer applies: hack/204-module_strip.patch

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-08 18:43:13 +01:00
Alexandru Ardelean
953bf6b43d kernel.mk: update LINUX_VERSION filename for cloned repo
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.

The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.

If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-01-27 16:46:45 +01:00
Kevin Darbyshire-Bryant
a30370bbf1 kernel: bump 4.4 to 4.4.112
Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
9ddfac8015 kernel: bump 4.14 to 4.14.14
Refresh patches.

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:00 +01:00
Kevin Darbyshire-Bryant
7c7586b6d0 kernel: bump 4.14 to 4.14.13
Refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:34:33 +01:00
Kevin Darbyshire-Bryant
eceff9ea8f kernel: bump 4.4 to 4.4.111
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:33:40 +01:00
Kevin Darbyshire-Bryant
2228dbf4e6 kernel: bump 4.9 to 4.9.76
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-11 20:32:36 +01:00
Kevin Darbyshire-Bryant
efb375b579 kernel: bump 4.4 to 4.4.110
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[fix typo in commit msg, conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Kevin Darbyshire-Bryant
1d2590f838 kernel: bump 4.9 to 4.9.75
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Stijn Tintel
aa399b4e27 kernel: bump 4.14 to 4.14.12
No patch refresh required.

Compile-tested on: octeon, x86/64.
Runtime-tested on: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-08 20:13:03 +02:00
Stijn Tintel
c5ca1c9ab6 kernel: bump 4.14 to 4.14.11
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch

Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.

Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-03 00:07:10 +02:00
Kevin Darbyshire-Bryant
4b275baf91 kernel: bump 4.9 to 4.9.73
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-02 07:14:09 +01:00
Kevin Darbyshire-Bryant
e547f1692a kernel: bump 4.4 to 4.4.108
Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant
7b6e01d389 kernel: bump 4.9 to 4.9.72
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Kevin Darbyshire-Bryant
b0d99b77e5 kernel: bump 4.4 to 4.4.107
Refresh patches.

Update patch that no longer applied:
oxnas/0072-mtd-backport-v4.7-0day-patches-from-Boris.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
2017-12-23 15:36:01 +01:00
Hauke Mehrtens
f704b643b9 kernel: Update kernel 4.9 to 4.9.70
Runtime tested on lantiq.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-19 22:45:27 +01:00
Hauke Mehrtens
b3f95490b9 kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:19 +01:00
Stijn Tintel
f997478655 kernel: bump 4.9 to 4.9.67
Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 01:41:09 +02:00
Rosen Penev
7a318bc1a1 kernel: Update kernel 4.4 to 4.4.100
Run-tested on ramips

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-25 19:48:39 +01:00
Stijn Tintel
9fe59abef8 kernel: bump 4.9 to 4.9.65
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: ar71xx, octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-24 14:09:11 +02:00
Koen Vandeputte
62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Stijn Tintel
834810617e kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 17:23:34 +03:00
Kevin Darbyshire-Bryant
398edca82e kernel: bump 4.4 to 4.4.93
No patch refresh required.

Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-15265
- CVE-2017-0786

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:14 +03:00
Kevin Darbyshire-Bryant
886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Kevin Darbyshire-Bryant
f251a795f2 kernel: bump 4.4 to 4.4.92
No patch refresh changes required.

Compile tested for: ar71xx Archer C7 v2
Run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-14 00:13:35 +02:00
Stijn Tintel
f12c42940d kernel: bump 4.9 to 4.9.54
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch

Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Kevin Darbyshire-Bryant
e77fa68f1f kernel: bump 4.4 to 4.4.91
Refresh patches.

Compile-tested for: ar71xx Archer C7 v2
Run-tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-08 20:51:03 +03:00
Stijn Tintel
f625df7ab8 kernel: update 4.9 to 4.9.53
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Kevin Darbyshire-Bryant
ae2a8a3b9b kernel: update 4.4 to 4.4.90
No patch refresh required.

Compile & run tested: ar71xx Archer C7 v2

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[reference fixed CVEs]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Kevin Darbyshire-Bryant
657f2a1ff8 kernel: update 4.4 to 4.4.89
Refresh patches.
Compile & run tested on ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-29 07:42:43 +03:00
Stijn Tintel
fde7688055 kernel: update 4.9 to 4.9.52
Refresh patches.
Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:50 +03:00
Stijn Tintel
6e48eb22b8 kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-20 23:50:55 +03:00
Stijn Tintel
e37c7636ee kernel: update 4.9 to 4.9.50
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.

Fixes CVE-2017-1000251.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2017-09-18 04:35:57 +03:00
Florian Fainelli
bb83c9dcca kernel: update to 3.18.71
Delete a bunch of fixes that are already included.
Refresh patches.
Compile-tested on malta/mipsel
Runtime-tested on malta/mipsel

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 02:08:18 +03:00
Kevin Darbyshire-Bryant
820101873d kernel: update 4.4 to 4.4.88
Refresh patches.
Compile & run tested: ar71xx  Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-16 19:27:08 +02:00
Stijn Tintel
d5b7215e31 kernel: update 4.9 to 4.9.49
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes CVE-2017-11600.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant
09735db18b kernel: update 4.4 to 4.4.87
Fixes CVE-2017-11600

No patch refresh required

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-09 09:55:25 +02:00
Kevin Darbyshire-Bryant
9c82861cb8 kernel: update 4.4 to 4.4.86
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-05 08:43:39 +02:00
Stijn Tintel
046618f5da kernel: update 4.9 to 4.9.47
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 22:06:28 +03:00
Kevin Darbyshire-Bryant
3435de8c16 kernel: update 4.4 to 4.4.85
Refresh patches

Compile & run tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-31 19:14:52 +02:00
Koen Vandeputte
40213cc154 kernel: update 4.9 to 4.9.45
Refreshed all patches

Compiled & run-tested on targets: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-30 17:05:10 +02:00
Kevin Darbyshire-Bryant
364befeccf kernel: update 4.4 to 4.4.83
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[cleanup commit message, add compile/runtime tested]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 14:31:45 +02:00
Stijn Tintel
2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
Hauke Mehrtens
39e8ab17d5 kernel: update kernel 4.4 to version 4.4.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:26 +02:00
Hauke Mehrtens
88f3c63572 kernel: update kernel 4.9 to version 4.9.40
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:17 +02:00