From patchwork Fri Nov 13 08:32:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Schlehofer X-Patchwork-Id: 1399629 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=l/C73VH3; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=tjVNTQ0t; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CXWxV0hGPz9sSn for ; Fri, 13 Nov 2020 19:35:09 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=S2A+Zqnk0RHqoMRpU6NKhMCO5FSMeDLUWqGgcTU+TUc=; b=l/C73VH3rmlvIkPexk+z8ODzXS l19c2wMeJrq5KDk9obkerxyBboEnhdUtVCjScHhzSDl+TuR9C1trBrwyYo1Sv3R6kHDGcaoVSQGCq pKALQ0b6xIW7hY8W/0nkHkK+sfYm1SCuOF6vXUj7YdtqQO3hbeNQmpN8l2wO/ZrSDsb9lgTGg6wTc oR7/Eu84btFJ+4hzOb+zQrYo34jxaqD2SpRjo4kg3jBOuOKQCqA5I71+daRGGc5Jr3a8npOz8qvAd Vvq0jwsnfC3SckfSKE3t9NDhxmNU8Ct7Ycf7zbmz9tgcVqsdX+b7Z4xS5O57MBGJ/jXbaKaKDjkuG L/6q9uJA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kdUW8-0003oH-3M; Fri, 13 Nov 2020 08:33:12 +0000 Received: from mail-ej1-x642.google.com ([2a00:1450:4864:20::642]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kdUW5-0003ne-9H for openwrt-devel@lists.openwrt.org; Fri, 13 Nov 2020 08:33:10 +0000 Received: by mail-ej1-x642.google.com with SMTP id o21so12161400ejb.3 for ; Fri, 13 Nov 2020 00:33:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=c24k/Gci6kkZptfbVAqiNMgglos681IX+oNmhV3G3pc=; b=tjVNTQ0tIoVsifxD8bZP7RRmwJ1tOuxLrrdZ1bywqidESnZJXzBobHDv7iv0IxVEBd l735yTaqkG4oW4GD3vT7yQ0550VTGWpC5KpDW68+vfEjerkwFWdNnzPkJ4Y1k6wa/1LT PfOaV3ZlaJuwJ19W69ZMH8QqSlYx/FdomAwJeDQGMdjYqM8Au5OFEzylZf+W/koTaXvu nNkxbSLPuCN1uXjqPPOzIysbV37UzqLCewGzUBgqVDPlXTz9AcCNyVM30SBH5saxB/fY 2H7zQykvCaZEJiFzMDcSLvDSJDCddNhVq/vW4ekimK0GqNrFvh+NPp4KlhdRnSL2wEzn zdcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=c24k/Gci6kkZptfbVAqiNMgglos681IX+oNmhV3G3pc=; b=i5UE/Y0ujGL+nBQo/2tiCswCH9G+R5JIXwo9IRD1jp2E6H6x3THCdxZFCZ+DasHr+W Y+ed3XD/C6qq5synuVHYOWbs1hZ71me1IWuBJNqou8ZjsE5I+NPXExqTAOfr1hf0g8NL fzLiqu1hASekru9mrpBHxIUpCmGFrejX3yXfSb/r7FeB0zYjKTm4inHFcx3CelzSu2MD biCBEO+OW9tw+S/gQ6vqxd6FYr28FyNVL36c9xD+qHdIWJbWZAOc5q32xGkTiGqw+UQx 9QvXFSL62/JadJ1ymEVKSEJiBbEpugXLGg1wptW1il9eatYir8QCzbS54KqcCXIvIR2Q bAaw== X-Gm-Message-State: AOAM532OGgIYpy+ii/yC2IxzIxCRT9drnVnhfT+KkAr3NbD4nhN3C93g HwayHq9xRUYPwQHrnqlO7sgdRIM74cubiA== X-Google-Smtp-Source: ABdhPJz9h7ihg9iLeqe0+Va4L/5B85cKBv4sOtTOyFoje3OEik5XWUpbiKk1RjynuEZHBbgarhZYQw== X-Received: by 2002:a17:906:5fd0:: with SMTP id k16mr905863ejv.133.1605256385782; Fri, 13 Nov 2020 00:33:05 -0800 (PST) Received: from localhost.localdomain (ip-78-102-112-211.net.upcbroadband.cz. [78.102.112.211]) by smtp.gmail.com with ESMTPSA id p4sm3017624ejw.101.2020.11.13.00.33.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Nov 2020 00:33:05 -0800 (PST) From: Josef Schlehofer To: openwrt-devel@lists.openwrt.org Subject: [PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206 Date: Fri, 13 Nov 2020 09:32:57 +0100 Message-Id: <20201113083257.54331-1-pepe.schlehofer@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201113_033309_412055_BFCBF551 X-CRM114-Status: GOOD ( 18.66 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:642 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [pepe.schlehofer[at]gmail.com] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Hauke Mehrtens This is a security update as currently in OpenWrt 19.07, there is version 4.14.202 it means that it is vulnerable against vulnerability known as Sad DNS (DNS cache poisoning). Since kernel 4.14.203, there is present mitigation to this attack by randomizing ICMP global rate limit. More details can be found here: https://www.saddns.net/ Compile and runtime tested on x86/64. Also compile and run tested on all Turris devices (Turris 1.x - powerpc 8540, Turris Omnia - mvebu/cortex-a9_vfpv3-d16, Turris MOX - mvebu/aarch64_cortex-a53) Signed-off-by: Hauke Mehrtens (cherry picked from commit 9cdc02be88d5c25791664b1baaf9a7c1a4382c95) Signed-off-by: Josef Schlehofer [added commit message about run testing on Turris devices, added mention about Sad DNS] --- include/kernel-version.mk | 4 ++-- target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch | 2 +- ...030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch | 2 +- target/linux/generic/hack-4.14/204-module_strip.patch | 2 +- target/linux/generic/hack-4.14/930-crashlog.patch | 2 +- .../generic/pending-4.14/203-kallsyms_uncompressed.patch | 2 +- target/linux/generic/pending-4.14/920-mangle_bootargs.patch | 2 +- .../0067-generic-Mangle-bootloader-s-kernel-arguments.patch | 2 +- target/linux/mediatek/patches-4.14/0064-dts.patch | 2 +- ...arm64-mediatek-cleanup-message-for-platform-selectio.patch | 2 +- .../006-mvebu-Mangle-bootloader-s-kernel-arguments.patch | 2 +- .../linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch | 2 +- ...arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch | 2 +- .../octeon/patches-4.14/110-er200-ethernet_probe_order.patch | 4 ++-- .../996-generic-Mangle-bootloader-s-kernel-arguments.patch | 2 +- 15 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/kernel-version.mk b/include/kernel-version.mk index a58b17fbf4..e581897dc1 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) endif -LINUX_VERSION-4.14 = .202 +LINUX_VERSION-4.14 = .206 -LINUX_KERNEL_HASH-4.14.202 = 95c717ab5b0bdd2333e829f0507385fbe3424ceee810727f3a8551a0c74be328 +LINUX_KERNEL_HASH-4.14.206 = 1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch index 67f152f43d..0cc4dd1830 100644 --- a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch +++ b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch @@ -43,7 +43,7 @@ { + /* const struct of_device_id *match; - void (*set_params)(void *data); + void (*set_params)(struct dwc2_hsotg *data); + */ dwc2_set_default_params(hsotg); diff --git a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch index ebd90a8ef2..4ad22b3de1 100644 --- a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch +++ b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch @@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c -@@ -2001,7 +2001,8 @@ static const struct usb_device_id option +@@ -2011,7 +2011,8 @@ static const struct usb_device_id option { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, /* D-Link DWM-156 (variant) */ { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) }, { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) }, diff --git a/target/linux/generic/hack-4.14/204-module_strip.patch b/target/linux/generic/hack-4.14/204-module_strip.patch index c53963c530..d93b545b7c 100644 --- a/target/linux/generic/hack-4.14/204-module_strip.patch +++ b/target/linux/generic/hack-4.14/204-module_strip.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau --- a/init/Kconfig +++ b/init/Kconfig -@@ -1903,6 +1903,13 @@ config TRIM_UNUSED_KSYMS +@@ -1904,6 +1904,13 @@ config TRIM_UNUSED_KSYMS If unsure, or if you need to build out-of-tree modules, say N. diff --git a/target/linux/generic/hack-4.14/930-crashlog.patch b/target/linux/generic/hack-4.14/930-crashlog.patch index 9d09dbd760..2da51fb406 100644 --- a/target/linux/generic/hack-4.14/930-crashlog.patch +++ b/target/linux/generic/hack-4.14/930-crashlog.patch @@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau +#endif --- a/init/Kconfig +++ b/init/Kconfig -@@ -1009,6 +1009,10 @@ config RELAY +@@ -1010,6 +1010,10 @@ config RELAY If unsure, say N. diff --git a/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch b/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch index 1f5c83e94f..159a79988f 100644 --- a/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch +++ b/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau --- a/init/Kconfig +++ b/init/Kconfig -@@ -1081,6 +1081,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW +@@ -1082,6 +1082,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW the unaligned access emulation. see arch/parisc/kernel/unaligned.c for reference diff --git a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch index 2f6a52c23d..4d7dd3364d 100644 --- a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch +++ b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch @@ -13,7 +13,7 @@ Signed-off-by: Imre Kaloz --- a/init/Kconfig +++ b/init/Kconfig -@@ -1427,6 +1427,15 @@ config EMBEDDED +@@ -1428,6 +1428,15 @@ config EMBEDDED an embedded system so certain expert options are available for configuration. diff --git a/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch b/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch index f0cc3ed509..c977dd1001 100644 --- a/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch +++ b/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch @@ -22,7 +22,7 @@ Signed-off-by: Adrian Panella --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1934,6 +1934,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN +@@ -1936,6 +1936,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN The command-line arguments provided by the boot loader will be appended to the the device tree bootargs property. diff --git a/target/linux/mediatek/patches-4.14/0064-dts.patch b/target/linux/mediatek/patches-4.14/0064-dts.patch index a2f5000d4d..8cfda50035 100644 --- a/target/linux/mediatek/patches-4.14/0064-dts.patch +++ b/target/linux/mediatek/patches-4.14/0064-dts.patch @@ -106,7 +106,7 @@ reg = <6>; label = "cpu"; ethernet = <&gmac0>; -@@ -187,8 +227,6 @@ +@@ -188,8 +228,6 @@ }; }; }; diff --git a/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch b/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch index 6af0ae8316..1f8a549aac 100644 --- a/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch +++ b/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch @@ -16,7 +16,7 @@ Signed-off-by: Matthias Brugger --- a/arch/arm64/Kconfig.platforms +++ b/arch/arm64/Kconfig.platforms -@@ -91,12 +91,13 @@ config ARCH_HISI +@@ -92,12 +92,13 @@ config ARCH_HISI This enables support for Hisilicon ARMv8 SoC family config ARCH_MEDIATEK diff --git a/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch b/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch index 4ef86edb6a..f9d902b4d9 100644 --- a/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch +++ b/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch @@ -28,7 +28,7 @@ Signed-off-by: Michael Gray --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1934,6 +1934,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN +@@ -1936,6 +1936,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN The command-line arguments provided by the boot loader will be appended to the the device tree bootargs property. diff --git a/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch b/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch index 9174765e6a..6fce278305 100644 --- a/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch +++ b/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch @@ -14,7 +14,7 @@ Signed-off-by: Russell King --- a/drivers/net/phy/sfp.c +++ b/drivers/net/phy/sfp.c -@@ -1168,6 +1168,7 @@ static int sfp_remove(struct platform_de +@@ -1169,6 +1169,7 @@ static int sfp_remove(struct platform_de static const struct of_device_id sfp_of_match[] = { { .compatible = "sff,sfp", }, diff --git a/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch b/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch index 5ff9b47268..6ce49f71f0 100644 --- a/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch +++ b/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch @@ -62,7 +62,7 @@ Signed-off-by: Tomasz Maciej Nowak --- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts +++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts -@@ -79,6 +79,8 @@ +@@ -83,6 +83,8 @@ /* J9 */ &pcie0 { status = "okay"; diff --git a/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch b/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch index 6b1eaf92a2..e5330ffbd6 100644 --- a/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch +++ b/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch @@ -1,6 +1,6 @@ --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c -@@ -673,6 +673,7 @@ static int cvm_oct_probe(struct platform +@@ -674,6 +674,7 @@ static int cvm_oct_probe(struct platform int interface; int fau = FAU_NUM_PACKET_BUFFERS_TO_FREE; int qos; @@ -8,7 +8,7 @@ struct device_node *pip; int mtu_overhead = ETH_HLEN + ETH_FCS_LEN; -@@ -796,13 +797,19 @@ static int cvm_oct_probe(struct platform +@@ -797,13 +798,19 @@ static int cvm_oct_probe(struct platform } num_interfaces = cvmx_helper_get_number_of_interfaces(); diff --git a/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch b/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch index a06825f7c8..313b9b5640 100644 --- a/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch +++ b/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch @@ -22,7 +22,7 @@ Signed-off-by: Adrian Panella --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1934,6 +1934,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN +@@ -1936,6 +1936,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN The command-line arguments provided by the boot loader will be appended to the the device tree bootargs property.