ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-09 22:42:57 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
45,881 Commits 9 Branches 77 Tags 905 MiB
b24905c38a
Commit Graph

22 Commits

Author SHA1 Message Date
Petr Štetiar
565159db57 kernel: bump 4.14 to 4.14.272 
Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden
Spectre style attacks against branch history and fixed rejects in
following patches:

 * generic/hack-4.14/220-gc_sections.patch
 * generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Other patches refreshed automagically.

Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
 2022-03-17 08:47:54 +01:00
Hauke Mehrtens
662fe6a6ee kernel: bump 4.14 to 4.14.254 
All updated automatically.

Compile-tested on: malta/le, lantiq/xrx200
Runtime-tested on: malta/le, lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-11-07 19:49:50 +01:00
Hauke Mehrtens
93a48cb1a0 kernel: bump 4.14 to 4.14.248 
All updated automatically.

Compile-tested on: lantiq/xrx200, armvirt/64
Runtime-tested on: lantiq/xrx200, armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-10-02 16:11:47 +02:00
David Bauer
9882a54c48 kernel: bump 4.14 to 4.14.245 
Compile-tested: ath79-generic
Run-tested: ath79-generic

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-09-02 22:30:34 +02:00
David Bauer
e902d11de9 kernel: bump 4.14 to 4.14.241 
Refreshed all patches

Compile-tested: ath79-generic brcm2708-bcm2708
Run-tested: ath79-generic brcm2708-bcm2708

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-07-28 17:23:36 +02:00
Koen Vandeputte
55e9d87754 kernel: bump 4.14 to 4.14.223 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-03-10 13:55:56 +01:00
Koen Vandeputte
b4a4d04b91 kernel: bump 4.14 to 4.14.222 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-02-26 10:11:21 +01:00
Koen Vandeputte
d816c6cd31 kernel: bump 4.14 to 4.14.216 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-01-21 15:36:18 +01:00
Hauke Mehrtens
148d59c67e kernel: update kernel 4.14 to version 4.14.193 
Compile and runtime tested on lantiq/xrx200 and ipq40xx.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-08-11 00:12:50 +02:00
Hauke Mehrtens
f4985a22ca kernel: Update kernel 4.14 to version 4.14.187 
Fixes:
- CVE-2020-10757

Run tested: ath79, ipq40xx
Build tested: ath79, ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-07-04 19:22:23 +02:00
Koen Vandeputte
33af038bec kernel: bump 4.14 to 4.14.137 
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2019-08-09 18:32:38 +02:00
Koen Vandeputte
bcbc7ba768 kernel: bump 4.14 to 4.14.136 
Refreshed all patches.

Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Remove upstreamed:
- 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch
- 088-0002-i2c-qup-fixed-releasing-dma-without-flush-operation.patch
- 500-arm64-dts-marvell-Fix-A37xx-UART0-register-size.patch

Fixes:
- CVE-2019-13648
- CVE-2019-10207

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2019-08-06 11:54:50 +02:00
Koen Vandeputte
b765f4be40 kernel: bump 4.14 to 4.14.114 
Refreshed all patches.

Altered patches:
- 150-bridge_allow_receiption_on_disabled_port.patch
- 201-extra_optimization.patch

Remove upstreamed:
- 022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2019-05-02 12:59:26 +02:00
Koen Vandeputte
0028f86687 kernel: bump 4.14 to 4.14.86 
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2018-12-10 11:48:44 +01:00
Koen Vandeputte
c764b2b531 kernel: bump 4.14 to 4.14.79 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2018-11-05 16:00:00 +01:00
Koen Vandeputte
079871983c kernel: bump 4.14 to 4.14.68 
Refreshed all patches.

Remove upstream accepted:
- 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch

Altered:
- 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
- 308-mips32r2_tune.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2018-09-07 17:21:24 +02:00
Stijn Tintel
22b9f99b87 kernel: bump 4.14 to 4.14.59 
Drop patch that was superseded upstream:
ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch

Drop upstreamed patches:
- apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch
- generic/pending/900-gen_stats-fix-netlink-stats-padding.patch

In 4.14.55, a patch was introduced that breaks ext4 images in some
cases. The newly introduced patch
backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
addresses this breakage.

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Compile-tested: ath79, octeon, x86/64
Runtime-tested: ath79, octeon, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
 2018-07-31 05:11:07 +03:00
Stijn Tintel
e52f3e9b13 kernel: bump 4.14 to 4.14.48 
Remove upstreamed patches:
generic/pending/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
generic/pending/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
generic/pending/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
lantiq/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
Update patches that no longer apply:
generic/pending/811-pci_disable_usb_common_quirks.patch
ath79/0009-MIPS-ath79-add-lots-of-missing-registers.patch

Fixes CVE-2018-6412.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
 2018-06-05 22:54:00 +03:00
Stijn Segers
9899ffcfd3 kernel: bump 4.14 to 4.14.27 
* Refreshed patches.
* Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
 2018-03-17 22:15:38 +01:00
Stijn Tintel
88ba41453d kernel: bump 4.14 to 4.14.20 
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
 2018-02-18 02:59:48 +01:00
Stijn Tintel
c5ca1c9ab6 kernel: bump 4.14 to 4.14.11 
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch

Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.

Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
 2018-01-03 00:07:10 +02:00
Hauke Mehrtens
b3f95490b9 kernel: generic: Add kernel 4.14 support 
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2017-12-16 22:11:19 +01:00