Koen Vandeputte
9298c443df
kernel: bump 4.14 to 4.14.164
...
Refreshed all patches.
Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years ago
Koen Vandeputte
f3a265575c
kernel: bump 4.14 to 4.14.149
...
Refreshed all patches.
Altered patches:
- 820-sec-support-layerscape.patch
Compile-tested on: ar71xx, brcm2708, cns3xxx, imx6, layerscape, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years ago
Koen Vandeputte
f442b306f9
kernel: bump 4.14 to 4.14.120
...
Refreshed all patches.
Remove upstreamed:
- 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch
- 060-fix-oxnas-rps-dt-match.patch
Altered patches:
- 0067-generic-Mangle-bootloader-s-kernel-arguments.patch
- 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
- 996-generic-Mangle-bootloader-s-kernel-arguments.patch
Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years ago
Koen Vandeputte
1cfbf95393
kernel: bump 4.14 to 4.14.104
...
Refreshed all patches.
Altered patches:
- 332-arc-add-OWRTDTB-section.patch
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years ago
Koen Vandeputte
3662157d8b
kernel: bump 4.14 to 4.14.96
...
Refreshed all patches.
Remove upstreamed patches:
- 142-jffs2-Fix-use-of-uninitialized-delayed_work-lockdep-.patch
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago
Koen Vandeputte
9f2739e924
kernel: bump 4.14 to 4.14.89
...
Refreshed all patches.
Remove upstreamed patches:
- 096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago
Koen Vandeputte
f983956a8b
kernel: bump 4.14 to 4.14.75
...
Refreshed all patches.
Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago
Brett Mastbergen
f57806b56e
kernel: generic: Fix nftables inet table breakage
...
Commit b7265c59ab
("kernel: backport a series of netfilter cleanup
patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use-
multihook-infrast.patch. That patch switches the netfilter core in the
kernel to use the new native NFPROTO_INET support. Unfortunately, the
new native NFPROTO_INET support does not exist in 4.14 and was not
backported along with this patchset. As such, nftables inet tables never
see any traffic.
As an example the following nft counter rule should increment for every
packet coming into the box, but never will:
nft add table inet foo
nft add chain inet foo bar { type filter hook input priority 0\; }
nft add rule inet foo bar counter
This commit pulls in the required backport patches to add the new
native NFPROTO_INET support, and thus restore nftables inet table
functionality.
Tested on Turris Omnia (mvebu)
Fixes: b7265c59ab
("kernel: backport a series of netfilter cleanup ...")
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
6 years ago
Koen Vandeputte
079871983c
kernel: bump 4.14 to 4.14.68
...
Refreshed all patches.
Remove upstream accepted:
- 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch
Altered:
- 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
- 308-mips32r2_tune.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago
Koen Vandeputte
f960490fc8
kernel: bump 4.14 to 4.14.60
...
Refreshed all patches
Removed upstreamed patches:
- 500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago
Stijn Tintel
22b9f99b87
kernel: bump 4.14 to 4.14.59
...
Drop patch that was superseded upstream:
ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch
Drop upstreamed patches:
- apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
- brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch
- generic/pending/900-gen_stats-fix-netlink-stats-padding.patch
In 4.14.55, a patch was introduced that breaks ext4 images in some
cases. The newly introduced patch
backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
addresses this breakage.
Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883
Compile-tested: ath79, octeon, x86/64
Runtime-tested: ath79, octeon, x86/64
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years ago
Koen Vandeputte
ba2b0f0ac6
kernel: bump 4.14 to 4.14.54
...
Rereshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years ago
Stijn Tintel
e52f3e9b13
kernel: bump 4.14 to 4.14.48
...
Remove upstreamed patches:
generic/pending/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
generic/pending/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
generic/pending/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch
lantiq/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
Update patches that no longer apply:
generic/pending/811-pci_disable_usb_common_quirks.patch
ath79/0009-MIPS-ath79-add-lots-of-missing-registers.patch
Fixes CVE-2018-6412.
Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years ago
Koen Vandeputte
467b07e00c
kernel: bump 4.14 to 4.14.43
...
Refreshed all patches
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
6 years ago
Rafał Miłecki
f9dcdc7fef
kernel: mark source kernel for netfilter backports
...
This helps keeping track on patches & adding new kernels in the future.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years ago
Koen Vandeputte
3435dbdc1c
kernel: bump 4.14 to 4.14.37
...
Refreshed all patches
Compile-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64
Runtime-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
[add extra tested targets to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years ago
Stijn Tintel
ec1d7b9461
kernel: bump 4.14 to 4.14.34
...
Refresh patches.
Update patches that no longer apply:
- backport/313-netfilter-remove-defensive-check-on-malformed-packet.patch
- pending/642-net-8021q-support-hardware-flow-table-offload.patch
Compile-tested: x86/64.
Runtime-tested: x86/64.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years ago
Kabuli Chana
7c1dae6e26
kernel: bump to version 4.14.25
...
compile/test target mvebu/rango
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
6 years ago
Stijn Segers
b5469b38cd
kernel: bump 4.14 to 4.14.23
...
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.
Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years ago
Felix Fietkau
1033356442
kernel: backport netfilter NAT offload support to 4.14
...
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years ago