Commit Graph

2804 Commits

Author SHA1 Message Date
DENG Qingfang
29a458b0ca kernel: netfilter.mk: fix kmod-ipt-nat6 installation on 5.4
xt_MASQUERADE.ko is picked up by both kmod-ipt-nat and kmod-ipt-nat6, causing
conflict
As kmod-ipt-nat6 already depends on kmod-ipt-nat, remove xt_MASQUERADE from it

Fixes: FS#2924
Fixes: 0fad8af851 ("kernel: Include xt_MASQUERADE for kernel 5.2 and later")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-04-20 15:07:17 +02:00
Petr Štetiar
23916bca61 kernel: bump 5.4 to 5.4.33
Refreshed patches, removed upstreamed patches:

 oxnas: 001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas: 002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 15:18:12 +02:00
Koen Vandeputte
3c3825436e kernel: bump 4.19 to 4.19.115
Refreshed all patches.

Remove upstreamed:
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:11 +02:00
Koen Vandeputte
e31d158c4d kernel: bump 4.14 to 4.14.176
Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8648 (potentially)
- CVE-2020-8647
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:11 +02:00
Petr Štetiar
0bea89a1d0 kernel: bump 5.4 to 5.4.32
Refreshed patches, removed upstreamed patches:

 generic: 746-stable-net-dsa-mt7530-fix-null-pointer-dereferencing-in-por.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-14 21:58:16 +02:00
Jo-Philipp Wich
6c16d64b2a Revert "build: add option to warn on recursive dependency"
This reverts commit 3204430e38.

Reverting this commit in preparation for reverting
dcf3e63a35 ("build: scripts/config - update to kconfig-v5.6") which
introduces various unaddressed build breakages.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-12 00:10:30 +02:00
Eneas U de Queiroz
3204430e38 build: add option to warn on recursive dependency
This addes the option to treat recursive dependencies as warnings
instead of errors, by running make with WARN_RECURSIVE_DEP=1.

Note that the script/config targets will not get rebuilt when you add or
remove WARN_RECURSIVE_DEP while running make.  One must run
'make config-clean' before building config with a different setting.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Eneas U de Queiroz
8636a17214 build: simplify building *config targets
Instead of passing pkg-config location through a variable when building
qconf (make xconfig), prepend its parent directory to the PATH, as it is
being done for other conf targets.

Use a Makefile pattern rule to group all 'scripts/config/%onf'
(currently conf, mconf, qconf) targets in a single rule.  Add -O2 to
CFLAGS when building them as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Felix Fietkau
4627b5df69 build: move symvers files to kernel build dir
The symvers files of older kernel versions are incompatible with the ones
from 5.4, so changing the kernel version without running make clean was
causing build failures in kernel module packages.
Fix this by moving the directory, ensuring that symvers files get thrown
away with a kernel version change

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-09 09:54:02 +02:00
Felix Fietkau
5c6fe8e850 build: fix kernel_menuconfig on macOS with newer kernel versions
Account for upstream build system changes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-09 09:54:02 +02:00
Petr Štetiar
b299002877 kernel: bump 5.4 to 5.4.31
Refreshed patches, removed upstreamed patches:

 oxnas:   003-ARM-dts-oxnas-Fix-clear-mask-property.patch
 generic: 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Run tested: apu2, qemu-x86-64, apalis
Build tested: sunxi/a53, imx6, x86/64, ipq40xx

Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [apu2]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-09 00:12:46 +02:00
Kevin Darbyshire-Bryant
c14c6902f5 treewide: convert sed -r to posix -E
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:15 +01:00
Paul Spooren
07449f692c build: refactor JSON info files to profiles.json
JSON info files contain machine readable information of built profiles
and resulting images. These files were added in commit 881ed09ee6
("build: create JSON files containing image info").

They are useful for firmware wizards and script checking for
reproducibility.

Currently all JSON files are stored next to the built images, resulting
in up to 168 individual files for the ath79/generic target.

This patch refactors the JSON creation to store individual per image
(not per profile) files in $(BUILD_DIR)/json_info_files and create an
single overview file called `profiles.json` in the target directory.

Storing per image files and not per profile solves the problem of
parallel file writes. If a profiles sysupgrade and factory image are
finished at the same time both processes would write to the same JSON
file, resulting in randomly broken outputs.

Some target like x86/64 do not use the image code yet, resulting in
missing JSON files. If no JSON info files were created, no
`profiles.json` files is created as it would be empty anyway.

As before, this creation is enabled by default only if `BUILDBOT` is set.

Tested via buildroot & ImageBuilder on ath79/generic, imx6 and x86/64.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[json_info_files dir handling in Make, if case refactoring]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-03 12:17:45 +02:00
李国
a6b7c3e672 x86: generate EFI platform bootable images
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.

EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.

GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-31 16:20:47 +02:00
Petr Štetiar
5ecc0cfd6f kernel: bump 5.4 to 5.4.28
Changelog since 5.4.24 mentions CVE-2019-19769, CVE-2020-8648,
CVE-2020-8649 and CVE-2020-8647.

Removed upstreamed:

 generic: 507-v5.6-iio-chemical-sps30-fix-missing-triggered-buffer-depe.patch
 generic: 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
 bcm27xx: 950-0435-ASoC-pcm512x-Fix-unbalanced-regulator-enable-call-in.patch
 ipq806x: 701-stmmac-fix-notifier-registration.patch
 lantiq: 002-pinctrl-falcon-fix-syntax-error.patch
 octeontx: 0002-net-thunderx-workaround-BGX-TX-Underflow-issue.patch

Run tested: apu2, qemu-x86-64, apalis, a64-olinuxino, nbg6617
Build tested: sunxi/a53, imx6, x86/64, ipq40xx

Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [apu2]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Kevin Darbyshire-Bryant
1fb3c003d6 build: prereq: tidy gcc version checks
There is a restriction in the number of parameters(10)  that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.

Drop all the explicitly specified gcc version checks.  If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.

eg. 'CC=gccfoo CXX=g++foo make prereq'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-03-24 14:42:52 +00:00
Robert Marko
835d1c68a0
build: add GCC 10 version detection
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-03-23 02:12:30 +01:00
Sungbo Eo
1444e31a7b build: image: set default parameter for check-size
In most cases check-size is used with IMAGE_SIZE and vice versa. Let check-size
use IMAGE_SIZE by default.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-03-21 19:59:08 +01:00
Paul Spooren
33cc7e763b x86: use qemu-image command from image-commands.mk
The `qemu-image` command converts images to the specified type and
reduces redundant code.

Adaption from Alexander Couzens <lynxis@fe80.eu> work[0].

[0]: https://git.openwrt.org/?p=openwrt/staging/lynxis.git;a=blob;f=target/linux/x86/image/Makefile;h=83b8140b7aefbe708fd09c9c61827e7e39bda8b4;hb=416cccf398e9589e3de386e05b61b1c46cace20d#l51

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Paul Spooren
cb007a7bf6 x86: switch image generation to new code
This commit introduces few related changes which need to be done in
single commit to keep images buildable between git revisions. In result
it retains all previous image creation possibilities with slight name
change of generated images. Brief summary of the commit:

* Split up image generation recipe to smaller chunks to make it more
  generic and reusable.

* Make iso images x86 specific and drop their definition as root
  filesystem.

* Convert image creation process to generic code specified in image.mk.

* Make geode subtarget inherit features from the main target instead of
  redefining them.

* For subtargets create device definitions with basic packages set.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebased]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Sungbo Eo
90daff4cf8 build: image: move IMAGE_SIZE to image.mk
IMAGE_SIZE is widely used in many targets. Declare it in the default template to
clean up redundant code. This also prevents deriving IMAGE_SIZE unintentionally
from the previously defined device.

While at it, remove duplicate KERNEL_SIZE declaration.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-03-11 18:25:06 +01:00
Koen Vandeputte
f9f62d43e4 kernel: bump 5.4 to 5.4.24
Refreshed all patches.

Compile-tested on: imx6
Runtime-tested on: imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-03-09 20:43:53 +01:00
Koen Vandeputte
e64564920a kernel: bump 4.19 to 4.19.108
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-03-09 20:43:53 +01:00
Koen Vandeputte
d5a3536631 kernel: bump 4.14 to 4.14.172
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-03-09 20:43:53 +01:00
Kevin Darbyshire-Bryant
a5100a0bd1 build: simplify gnu-getopt search
getopt is the only command where /usr/local/bin is specified explicitly.
All other commands are assumed to exist in the PATH in one form or
another.  Remove this exception and require gnugetopt/getopt to be in
the user's PATH.

In the case of macos Homebrew, getopt is 'keg only' hence not linked
into /usr/local/bin whilst other commands are linked and likely found by
virtue of /usr/local/bin being in PATH.

Since 2019 Homebrew is very reluctant to install links that have
potential to override default OS behaviour, eg: following instructions
on our current 'how to build on macos' wiki page:

$ brew ln gnu-getopt --force
Warning: Refusing to link macOS-provided software: gnu-getopt
If you need to have gnu-getopt first in your PATH run:
  echo 'export PATH="/usr/local/opt/gnu-getopt/bin:$PATH"' >> ~/.zshrc

A better option for macos is to link getopt as 'gnugetopt' in
/usr/local/bin, thus the build system will find 'gnugetopt' but other
applications looking for just 'getopt' will find the original macos
binary.

Ultimately it makes sense that 'GNU' dependencies are placed in
/usr/local/bin and /usr/local/bin is included in the user's PATH.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-02 11:42:31 +00:00
Jeffery To
dddcff2550 build: Remove STAGING_DIR_HOST references for InstallDev/UninstallDev
Build/InstallDev no longer places a file list in
$(STAGING_DIR_HOST)/packages; this change removes the creation of
$(STAGING_DIR_HOST)/packages and the attempted removal of a
STAGING_DIR_HOST file list during package clean.

This also changes the host directory passed to Build/UninstallDev from
$(STAGING_DIR_HOST) to $(STAGING_DIR)/host, to match the directory
passed to Build/InstallDev.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-03-01 21:35:59 +01:00
Kevin Darbyshire-Bryant
4d87963381 build: add xargs as prerequisite
Build system needs an 'xargs' that supports '-r' which darwin doesn't.
Homebrew installs a 'gxargs' with the findutils package so look for
'gxargs' as well as 'xargs'

This is a bit of a 'fun' corner case anyway. xargs is only required by
the build if 'CONFIG_AUTOREMOVE' is set and after the build system has
built 'tools/findutils' we have a fully working xargs for host anyway.
Until that time we have to rely on the host's xargs implementation.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-29 20:55:37 +00:00
Koen Vandeputte
0fad8af851 kernel: Include xt_MASQUERADE for kernel 5.2 and later
Instead of ip6t_MASQUERADE, include xt_MASQUERADE on kernel >= 5.2.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-28 17:50:46 +01:00
Koen Vandeputte
4e0c54bc5b kernel: add support for kernel 5.4
The following patches were removed because they are integrated in the upstream kernel 5.4:
 * backport-5.4/047-v4.21-mtd-keep-original-flags-for-every-struct-mtd_info.patch
 * backport-5.4/048-v4.21-mtd-improve-calculating-partition-boundaries-when-ch.patch
 * backport-5.4/080-v5.1-0001-bcma-keep-a-direct-pointer-to-the-struct-device.patch
 * backport-5.4/080-v5.1-0002-bcma-use-dev_-printing-functions.patch
 * backport-5.4/095-Allow-class-e-address-assignment-via-ifconfig-ioctl.patch
 * backport-5.4/101-arm-cns3xxx-use-actual-size-reads-for-PCIe.patch
 * backport-5.4/200-v5.2-usb-dwc2-Set-lpm-mode-parameters-depend-on-HW-configuration.patch
 * backport-5.4/210-arm64-sve-Disentangle-uapi-asm-ptrace.h-from-uapi-as.patch
 * backport-5.4/380-v5.3-net-sched-Introduce-act_ctinfo-action.patch
 * backport-5.4/450-v5.0-mtd-spinand-winbond-Add-support-for-W25N01GV.patch
 * backport-5.4/451-v5.0-mtd-spinand-Add-initial-support-for-Toshiba-TC58CVG2.patch
 * backport-5.4/452-v5.0-mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch
 * backport-5.4/455-v5.1-mtd-spinand-Add-support-for-all-Toshiba-Memory-produ.patch
 * backport-5.4/456-v5.1-mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch
 * backport-5.4/460-v5.0-mtd-spi-nor-Add-support-for-mx25u12835f.patch
 * backport-5.4/460-v5.3-mtd-spinand-Define-macros-for-page-read-ops-with-thr.patch
 * backport-5.4/461-v5.3-mtd-spinand-Add-support-for-two-byte-device-IDs.patch
 * backport-5.4/462-v5.3-mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UFxxG.patch
 * backport-5.4/463-v5.3-mtd-spinand-Add-initial-support-for-Paragon-PN26G0xA.patch
 * backport-5.4/700-v5.1-net-phylink-only-call-mac_config-during-resolve-when.patch
 * backport-5.4/701-v5.2-net-phylink-ensure-inband-AN-works-correctly.patch
 * backport-5.4/702-v4.20-net-ethernet-Add-helper-for-MACs-which-support-asym-.patch
 * backport-5.4/703-v4.20-net-ethernet-Add-helper-for-set_pauseparam-for-Asym-.patch
 * backport-5.4/704-v4.20-net-phy-Stop-with-excessive-soft-reset.patch
 * backport-5.4/705-v5.1-net-phy-provide-full-set-of-accessor-functions-to-MM.patch
 * backport-5.4/706-v5.1-net-phy-add-register-modifying-helpers-returning-1-o.patch
 * backport-5.4/707-v5.1-net-phy-add-genphy_c45_check_and_restart_aneg.patch
 * backport-5.4/708-v5.3-net-phylink-remove-netdev-from-phylink-mii-ioctl-emu.patch
 * backport-5.4/709-v5.3-net-phylink-support-for-link-gpio-interrupt.patch
 * backport-5.4/710-v5.3-net-phy-allow-Clause-45-access-via-mii-ioctl.patch
 * backport-5.4/711-v5.3-net-sfp-add-mandatory-attach-detach-methods-for-sfp-.patch
 * backport-5.4/712-v5.3-net-sfp-remove-sfp-bus-use-of-netdevs.patch
 * backport-5.4/713-v5.2-net-phylink-avoid-reducing-support-mask.patch
 * backport-5.4/714-v5.3-net-sfp-Stop-SFP-polling-and-interrupt-handling-duri.patch
 * backport-5.4/715-v5.3-net-phylink-don-t-start-and-stop-SGMII-PHYs-in-SFP-m.patch
 * backport-5.4/740-v5.5-net-phy-avoid-matching-all-ones-clause-45-PHY-IDs.patch
 * backport-5.4/741-v5.5-net-phylink-fix-link-mode-modification-in-PHY-mode.patch
 * pending-5.4/103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch
 * pending-5.4/131-spi-use-gpio_set_value_cansleep-for-setting-chipsele.patch
 * pending-5.4/132-spi-spi-gpio-fix-crash-when-num-chipselects-is-0.patch
 * pending-5.4/220-optimize_inlining.patch
 * pending-5.4/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch
 * pending-5.4/475-mtd-spi-nor-Add-Winbond-w25q128jv-support.patch
 * pending-5.4/477-mtd-add-spi-nor-add-mx25u3235f.patch
 * pending-5.4/479-mtd-spi-nor-add-eon-en25qh64.patch

Some bigger changes were done to this feature and we did not port this patch yet:
 * hack-5.4/207-disable-modorder.patch

This depends on BOOTMEM which was removed from the kernel, this needs some bigger changes:
 * hack-5.4/930-crashlog.patch

A different version of the FPU disable patch was merged upstream, OpenWrt needs some adaptations.
 * pending-5.4/304-mips_disable_fpu.patch

- no crashlog support yet as a required file got deleted upstream
- Removed patch below, which is now seen as a recursive dependency [1]
- Removed patch below due to build error [2]
- fix still required to avoid identical function def [3]
- Fixes included from Blocktrron
- Fixes included from Chunkeey
- Fix included from nbd regarding "dst leak in Flow Offload"

[1] target/linux/generic/hack-5.4/260-crypto_test_dependencies.patch
[2] target/linux/generic/hack-5.4/207-disable-modorder.patch
[3] target/linux/generic/pending-5.4/613-netfilter_optional_tcp_window_check.patch

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:45 +01:00
Koen Vandeputte
7ae2523323 kernel: bump 4.19 to 4.19.106
Refreshed all patches.

Remove upstreamed:
- 950-0786-leds-pca963x-Fix-open-drain-initialization.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-24 19:11:36 +01:00
Koen Vandeputte
b6c9d2bab0 kernel: bump 4.19 to 4.19.105
Refreshed all patches.

Fixes:
- CVE-2013-1798
- CVE-2019-3016

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-24 14:19:16 +01:00
Koen Vandeputte
f4bea1b6a3 kernel: bump 4.14 to 4.14.171
Refreshed all patches.

Fixes:
- CVE-2013-1798

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-24 14:18:59 +01:00
Paul Spooren
73f3ad1df2 build: fix empty SUBTARGET in json files
Some targets like kirkwood or omap don't use a subtarget which results
in a malformed JSON info file.

Instead of having a valid value like `"target": "ath79/tiny"` for these
targets the value is `"target": "kirkwood/"`.

This patch uses the same if condition to use `generic` if the subtarget
is empty.

Tested for the kirkwood target.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-02-13 17:45:46 +01:00
Koen Vandeputte
20b5a4ca01 kernel: bump 4.19 to 4.19.101
Refreshed all patches.

Fixes:
- CVE-2019-14896
- CVE-2019-14897

Remove upstreamed:
- 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch
- 950-0202-staging-bcm2835-camera-fix-module-autoloading.patch
- 001-4.22-01-MIPS-BCM63XX-drop-unused-and-broken-DSP-platform-dev.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-04 18:10:13 +01:00
Koen Vandeputte
1b310cff0f kernel: bump 4.14 to 4.14.169
Refreshed all patches.

Fixes:
- CVE-2019-14896
- CVE-2019-14897

Remove upstreamed:
- 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch
- 001-4.22-01-MIPS-BCM63XX-drop-unused-and-broken-DSP-platform-dev.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-04 18:10:13 +01:00
Hauke Mehrtens
eec50c73c4 build: Add KBUILD_HOSTLDLIBS
In Linux kernel commit 8377bd2b9ee1 ("kbuild: Rename HOST_LOADLIBES to
KBUILD_HOSTLDLIBS") HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS.
This patch adapts the OpenWrt kernel build to this new variable. Without
this change the kernel host tools would not link against the libraries
found in the staging directory.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2020-01-26 19:20:08 +01:00
Koen Vandeputte
40842167d2 kernel: bump 4.19 to 4.19.98
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-24 13:14:33 +01:00
Koen Vandeputte
76254cb75e kernel: bump 4.14 to 4.14.167
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-24 13:14:33 +01:00
Koen Vandeputte
7adb0f9810 kernel: bump 4.19 to 4.19.97
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-20 13:41:49 +01:00
Koen Vandeputte
ac050025a5 kernel: bump 4.14 to 4.14.166
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-20 13:41:49 +01:00
Koen Vandeputte
6cc7498daa kernel: bump 4.19 to 4.19.96
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-20 13:41:49 +01:00
Koen Vandeputte
2b4654f74f kernel: bump 4.14 to 4.14.165
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-20 13:41:49 +01:00
Koen Vandeputte
692b91f56b kernel: bump 4.19 to 4.19.95
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-20 13:41:49 +01:00
Koen Vandeputte
b5480de4d1 kernel: bump 4.14 to 4.14.164
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-20 13:41:49 +01:00
Sungbo Eo
c26b687e31 kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-01-18 19:39:05 +01:00
Jeff Kletsky
f0b76d02e8 build: define check-kernel-size to remove unflashable images
Certain boards have limitations on U-Boot that prevent flashing
of images where the kernel size exceeds a threshold, yet
sysupgrade can sucessfully manage larger kernels. The current
check-size will remove the target artifact if its total size
exceeds the threshold. If applied after append-kernel,
it will remove the kernel, but the remaining image-assembly
steps will continue, resulting in an image without a kernel
that is likely unbootable.

By defining check-kernel-size, it is now possible to prevent release
of such unbootable images through a construct similar to:

  IMAGE/factory.img := append-kernel | pad-to $$$$(GL_UBOOT_UBI_OFFSET) | \
    append-ubi | check-kernel-size $$$$(GL_UBOOT_UBI_OFFSET)

Cc: Chuanhong Guo <gch981213@gmail.com>

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2020-01-15 20:05:48 +01:00
Xu Wang
44304c1d67 base-files: fix build for /sbin/pkg_check
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-01-14 17:52:34 +01:00
Jo-Philipp Wich
0e05093b12 netfilter: package required kmods for nftables
Package new kmods "nf_tables_set" and "nft_objref" which got introduced
with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash"
modules to sub-4.18 versions.

Also reorder the nftables related netfilter.mk entries alphabetically
while touching this code section.

Fixes: FS#2699
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-14 16:58:43 +01:00
Hauke Mehrtens
19cbac7d26 buildsystem: Make PIE ASLR option tristate
This tristate choose allows to select to build only some applications
with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE
is activated for the, which is a huge increase.

Network exposed applications like dnsmasq should then be build with PIE
enabled, but some applications which are normally not parsing data from
the network do not have it activated. The regular option should give a
good trade off between extra flash and RAM memory usage and security.

This changes the default from building no applications with PIE to build
some specifically marked applications with PIE enabled. This option is
only activated for targets with bigger flash and RAM to not consume
extra memory on the very small targets. On SDK builds the Regular option
should always be selected, because some tiny targets share the
applications with big targets and only the images for the tiny targets
should contain the none PIE applications, but the images for the normal
targets should use PIE. The shared packages should always use PIE when
it should be normally activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
David Bauer
8b86ddf4d5 netfilter: add back nft_hash
nft_hash hash falsely removed in commit 97940f8766
("kernel: remove obsolete kernel version switches").

Add the module back, as otherwise the build fails.

Fixes: 97940f8766 ("kernel: remove obsolete kernel version switches")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-01-12 18:59:07 +01:00