Commit Graph

2083 Commits

Author SHA1 Message Date
Jo-Philipp Wich
4fbd072624 kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-07 21:24:41 +02:00
Yousong Zhou
a44d7bfb63 build: fix possible issue with kmod package having multiple AutoLoad's
This commit contains the following changes

 - Use local shell var where appliable
 - The $(sort $$$$$$$$mods) call will have no expected effect
 - Avoid EEXIST when creating symlinks in /etc/modules-boot.d/
 - Avoid duplicate arguments for insert_modules() in postinst-pkg

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-27 15:04:32 +08:00
Hauke Mehrtens
e02b12c4cf kernel: update kernel 4.4 to 4.4.70
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:43:02 +02:00
Stijn Segers
215c1d05b8 kernel: update kernel 4.4 to 4.4.69
Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this
through with jow, he was okay with a clean diff against 17.01 and not a backported trunk
patch.

The following patches were applied upstream:

* 062-[1-6]-MIPS-* series
* 042-0004-mtd-bcm47xxpart-fix-parsing-first-block

Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as
it was incorrectly included upstream thus dropped from LEDE, but subsequently
reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it.

  Compile-tested on: ar71xx, ramips/mt7621, x86/64.

  Run-tested on: ar71xx, ramips/mt7621, x86/64.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
2017-05-24 22:47:01 +02:00
Michal Sojka
dbaaeae428 image.mk: Generate cpiogz with root-owned files
Some files (e.g. /etc/dropbear) need to be owned by root. Add cpio
option to ensure that.

Other image types (at least targz and squashfs) already have this.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-05-16 17:38:08 +02:00
Sergey Ryazanov
37cf921352 build: fix symlinked .config handling
When running "make menuconfig" with symlinked .config (e.g. to
env/.config) it renames symlink to .config.old, creates new .config file
and writes updated configuration here.

This breaks the desired workflow when changes in the configuration could
be checked using "scripts/env diff" and commited with
"scripts/env save". Since the env/.config file is not updated.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-05-02 16:11:09 +02:00
Jo-Philipp Wich
6ca5ccc620 kernel: update kernel 4.4 to 4.4.61
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-15 17:20:51 +02:00
Felix Fietkau
53fcaed1f7 image.mk: force kernel rebuild on every run
DTS dependencies are not processed correctly so makes it safer against
poentially stale builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-05 10:08:22 +02:00
Hauke Mehrtens
0dcc4d239d kernel: update kernel 4.4 to 4.4.59
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 14:37:49 +02:00
Kevin Darbyshire-Bryant
09a8183ce8 kernel: update kernel 4.4 to 4.4.52
Bump kernel from 4.4.50 to 4.4.52

Refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-03-03 18:18:49 +01:00
Felix Fietkau
f6d94b0dd6 cmake: skip build system check on compile
cmake checks the build system and its variables on its own to detect if
the makefiles need to be regenerated.
Unfortunately this can invalidate overrides passed in the
Build/Configure step. On non-Linux systems this breaks the build when
switching between targets of the same package architecture.

Fix this by forcibly disabling the build system check and relying on the
LEDE build system to take care of these things

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 16:16:25 +01:00
Jo-Philipp Wich
06f3b91902 kernel: update kernel 4.4 to version 4.4.50
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-20 16:02:54 +01:00
Stijn Tintel
054ce1624c kernel: update kernel 4.4 to version 4.4.47
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked
broken, except arc770 and arch38 due to broken toolchain.

Runtime-tested on ar71xx, octeon, ramips and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit d2c4041f02)

Conflicts:
	include/kernel-version.mk
	target/linux/ramips/patches-4.4/997-ralink-Introduce-fw_passed_dtb-to-arch-mips-ralink.patch
2017-02-06 20:13:06 +01:00
Koen Vandeputte
b786a5ffc3 kernel: bump to 4.4.46
Refreshed patches for all supported targets.

Compile-tested on ar71xx, cns3xxx, imx6, mt7621, oxnas and x86/64.
Run-tested on ar71xx, cns3xxx, imx6 and mt7621.

Tested-by: Stijn Segers <francesco.borromini@inventati.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 3becadd56c)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-06 20:13:06 +01:00
Koen Vandeputte
c656cbc56b kernel: bump to 4.4.45
Refreshed patches for all supported targets.

Compiled & tested on cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 4d1515070b)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

Conflicts:
	target/linux/ar71xx/patches-4.4/920-usb-chipidea-AR933x-platform-support.patch
2017-02-06 20:13:06 +01:00
Stijn Segers
ee3067c588 Kernel: bump to 4.4.44
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.

.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
(cherry picked from commit 20996edd68)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

Conflicts:
	target/linux/ar71xx/patches-4.4/920-usb-chipidea-AR933x-platform-support.patch
	target/linux/ar71xx/patches-4.4/930-chipidea-pullup.patch
2017-02-06 20:13:06 +01:00
Florian Fainelli
4d561b3a30 package-ipkg: Do not fail build without base-files
If the base-files package is not selected, we will fail executing the
very first postinst script:

make[3]: Leaving directory `/local/users/fainelli/openwrt/trunk'
cp -fpR
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root.orig-orion
./usr/lib/opkg/info/busybox.postinst: line 3:
/local/users/fainelli/openwrt/trunk/build_dir/target-arm_xscale_musl-1.1.15_eabi/root-orion/lib/functions.sh:
No such file or directory
./usr/lib/opkg/info/busybox.postinst: line 4: default_postinst: command
not found
postinst script ./usr/lib/opkg/info/busybox.postinst has failed with
exit code 127
make[2]: *** [package/install] Error 1

Check for the existence of lib/functions.sh, and if it does not exist,
just bail out gracefully.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-02-01 16:07:30 +01:00
Jo-Philipp Wich
e5bc7bff85 build: properly pass CPP and CXX flags in HOST_MAKE_VARS
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:03:57 +01:00
Alexandru Ardelean
83c9bfad1e build: introduce default HOST_MAKE_VARS for host-builds
Inspired/adapted from `package-defaults.mk` MAKE_VARS.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-02-01 16:03:56 +01:00
Matthias Schiffer
04a5085127
include/rootfs.mk: keep Require-User lines with CONFIG_CLEAN_IPKG
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:09:50 +01:00
Felix Fietkau
b630d525c8 x86: unify CPU_TYPE for legacy and geode
According to some reports, -march=pentium-mmx is a better choice for
older Geode CPUs than -march=geode anyway.

Bump the minimum architecture of the legacy target from i486 to
pentium-mmx. Anything older is not worth supporting anyway.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:47 +01:00
Felix Fietkau
392cccb7f4 build: remove mips16 feature flag from target makefiles
It can be implicitly derived from the MIPS32 revision support in the
kernel configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:45 +01:00
Felix Fietkau
e775adead8 build: remove obsolete mips32r2 CPU_TYPE
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-24 13:35:09 +01:00
Mirko Vogt
c76da77573 git-kernel: $(SUBDIR) should always be $(LINUX_VERSION)
Before SUBDIR was set to $(PATCHVER) which may
or may not include the minor version number of
the linux kernel version. Usually it doesn't.

So the git-clone'd linux kernel was packed without
the minor version number taken into account, which
broke further processing, as it expected the
extracted dir being named linux-$(LINUX_VERSION)
(=with minor version) rather than linux-$(PATCHVER)
(=without minor version).

Changing SUBDIR to $(LINUX_VERSION) creates
consistent behaviour here.

Signed-off-by: Mirko Vogt <mirko-openwrt@nanl.de>
2017-01-19 12:34:04 +01:00
Jo-Philipp Wich
1e1e3ef2fb LEDE v17.01: set branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 18:56:07 +01:00
Andrej Vlasic
5c20a4fec9 ubox: turn logd into a separate package
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.

Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Matthias Schiffer
9c55dede26
include/feeds.mk: base list of enabled feeds on available instead of installed feeds
This fixes handling of CONFIG_FEED_* options for uninstalled feeds.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 09:11:56 +01:00
Matthias Schiffer
12d0a66942
include/autotools.mk: use STAGING_DIR_HOSTPKG where appropriate
Make sure binaries install to STAGING_DIR_HOSTPKG are still found when
this variable is eventually modified.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-14 18:57:13 +01:00
Hauke Mehrtens
5b089e45a6 kernel: update 4.4 kernel to 4.4.42
Refresh patches on all 4.4 supported platforms.
Compile & run tested: lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-13 23:05:36 +01:00
Felix Fietkau
8af5e5751d image.mk: add generic function for gzipping images if enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 16:59:28 +01:00
Felix Fietkau
87b668765e image: when using the new image build code, gzip ext4 images by default
This reduces the amount of hacks in the makefile code.

Remove the apm821xx code to do the same - it was broken and left both
compressed and uncompressed images in $(BIN_DIR)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 16:59:28 +01:00
Ian Pozella
859693509f image.mk: use LINUX_KARCH rather than ARCH for mkits
The generated 'its' is passed to mkimage which expects linux arch
strings rather than the full arch (e.g. mips not mipsel).

It currently works in some cases where LINUX_KARCH == ARCH but
otherwise you get an unknown arch build error.

Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 14:54:11 +01:00
Felix Fietkau
5919cc2dc4 build: let make check warn about use of legacy PKG_MD5SUM variable in feeds
The variable rename change has been merged in OpenWrt now, so it's
possible to convert the feeds as well.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 10:23:43 +01:00
Felix Fietkau
b7bee2858b kernel: remove linux 4.1 support
The only target still referencing it is omap24xx, and it is marked as
broken.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 13:09:33 +01:00
Jo-Philipp Wich
90ed0aa859 build: scan.mk: consider KernelPackage pattern as well
The removal of the ".+Package" pattern in scan.mk also caused the build
system to skip over Makefiles defining only kmods. Adjust the grep pattern
to consider packages with "call KernelPackage" signatures as well.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 16:26:55 +01:00
Jo-Philipp Wich
a891e5e14f build: scan.mk: remove overlay broad grep pattern
Commit af0b91c "allow scan.mk to find python packages introduced in [8639]"
added some special casing to scan.mk to accomodate some nonstandard python
packages.

Nowadays this pattern is not needed anymore and produces false positives
when using the LEDE source repository as feed within the SDK since the
metadata scanning wrongly picks up target/imagebuilder/Makefile as package,
leading to an  "ERROR: please fix feeds/base/target/imagebuilder/Makefile"
message.

Remove the now uneeded pattern to fix such stray errors during metadata
scanning.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 15:16:28 +01:00
Jo-Philipp Wich
83b6bfc235 build: fix HOST_CONFIGURE_VARS placement
Instead of passing HOST_CONFIGURE_VARS as arguments to the configure script,
pass it as environment variables which brings the logic in line with the
behaviour of package-defaults.mk.

The change is needed since passing environment variables as configure
parameters only works with GNU autoconf which evaluates command line arguments
looking like variable assignments. Doing the same with non-autoconf configure
scripts is not guaranteed to work since such scripts might terminate due to
unknown argument errors.

One example case is the cmake configure script which bails out when called
as "./configure LDFLAGS=..." but not when called as "LDFLAGS=... ./configure".

Also change the SHELL override to CONFIG_SHELL in the default
HOST_CONFIGURE_VARS as the former is not properly propagated through the
various GNU configure invocations since it gets lost when configure re-
executes itself.

A prior attempt to change the variable placement had to be reverted due to
the missing SHELL -> CONFIG_SHELL change, leading to misgenerated libtool
executables in various packages.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 12:28:32 +01:00
Felix Fietkau
1e1d735e52 build: remove obsolete parallel build related options
Always use the main make jobserver, which has been the default for ages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
5903c46ef8 build: fix build of ubifs images
--force-compr was added by the xz compression patch, which is gone now.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 16:31:39 +01:00
Felix Fietkau
c2e6ca26e5 build: add image command for calling kernel2minor
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-07 17:50:54 +01:00
Hauke Mehrtens
88ca6390ea kernel: bump to 4.4.40
Refresh patches on all 4.4 supported platforms.
Compile & run tested: lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-06 19:38:55 +01:00
Jo-Philipp Wich
267b05f273 Revert "build: fix HOST_CONFIGURE_VARS placement"
This reverts commit 8395b63aac616f72fd835c59240fc2a4a6b28106.

Various host builds currently rely on the broken behaviour of
HOST_CONFIGURE_VARS so roll back to the previous state.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-05 14:34:11 +01:00
Jo-Philipp Wich
28f9df62f5 build: fix HOST_CONFIGURE_VARS placement
Ensure that HOST_CONFIGURE_VARS are set before the actual configure command
instead of passing them as configure command arguments.

This change brings host-build.mk in line with package-defaults.mk and makes
host configure environment variables work as expected.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-05 14:21:27 +01:00
Felix Fietkau
d2ddda691e build: ensure that prereq-build is run before metadata scan from feeds (FS#367)
Fixes ./scripts/feeds update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:50:40 +01:00
Yousong Zhou
4ebb13a0ef build: unzip: perform operations quietly
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-01-05 11:09:13 +01:00
Felix Fietkau
84bd74057f build: use mkhash to replace various quirky md5sum/openssl calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Felix Fietkau
dad48c6438 build: add a small standalone utility for calculating md5/sha256 hash
This will be used to simplify the build system code for checking hashes.
Instead of using various variants of md5sum / openssl, use one simple
utility for all of them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Felix Fietkau
bdaa138c0d host-build: remove openssl include path from host cflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Felix Fietkau
f6e6341d89 tools: build libressl on all systems
Useful for having a more consistent build environment and finding API
issues faster

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Stijn Tintel
a93accd73d kernel: allow subtarget specific KernelPackage
Add a call to KernelPackage/$(1)/$(BOARD)/$(SUBTARGET) to the
KernelPackage macro. This allows to add kernel packages for x86/64,
without breaking x86. It's not possible to do this with BOARD, as
BOARD=x86 for x86_64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:19 +01:00