> -----Original Message----- > From: openwrt-devel [mailto:[email protected]] > On Behalf Of Josef Schlehofer > Sent: Freitag, 13. November 2020 09:33 > To: [email protected] > Cc: Hauke Mehrtens <[email protected]> > Subject: [PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206 > > From: Hauke Mehrtens <[email protected]> > > This is a security update as currently in OpenWrt 19.07, there is version > 4.14.202 it means that it is vulnerable against vulnerability known as Sad DNS > (DNS cache poisoning). Since kernel 4.14.203, there is present mitigation to > this attack by randomizing ICMP global rate limit. > > More details can be found here: https://www.saddns.net/ > > Compile and runtime tested on x86/64. > Also compile and run tested on all Turris devices (Turris 1.x - powerpc 8540, > Turris Omnia - mvebu/cortex-a9_vfpv3-d16, Turris MOX - > mvebu/aarch64_cortex-a53) > > Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from > commit 9cdc02be88d5c25791664b1baaf9a7c1a4382c95) > Signed-off-by: Josef Schlehofer <[email protected]> [added > commit message about run testing on Turris devices, added mention about > Sad DNS]
Did you just pick the patch or properly refresh patches again? Best Adrian > --- > include/kernel-version.mk | 4 ++-- > target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch | 2 +- > ...030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch | 2 +- > target/linux/generic/hack-4.14/204-module_strip.patch | 2 +- > target/linux/generic/hack-4.14/930-crashlog.patch | 2 +- > .../generic/pending-4.14/203-kallsyms_uncompressed.patch | 2 +- > target/linux/generic/pending-4.14/920-mangle_bootargs.patch | 2 +- > .../0067-generic-Mangle-bootloader-s-kernel-arguments.patch | 2 +- > target/linux/mediatek/patches-4.14/0064-dts.patch | 2 +- > ...arm64-mediatek-cleanup-message-for-platform-selectio.patch | 2 +- > .../006-mvebu-Mangle-bootloader-s-kernel-arguments.patch | 2 +- > .../linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch | 2 +- > ...arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch | 2 +- > .../octeon/patches-4.14/110-er200-ethernet_probe_order.patch | 4 ++-- > .../996-generic-Mangle-bootloader-s-kernel-arguments.patch | 2 +- > 15 files changed, 17 insertions(+), 17 deletions(-) > > diff --git a/include/kernel-version.mk b/include/kernel-version.mk index > a58b17fbf4..e581897dc1 100644 > --- a/include/kernel-version.mk > +++ b/include/kernel-version.mk > @@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL > KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) > endif > > -LINUX_VERSION-4.14 = .202 > +LINUX_VERSION-4.14 = .206 > > -LINUX_KERNEL_HASH-4.14.202 = > 95c717ab5b0bdd2333e829f0507385fbe3424ceee810727f3a8551a0c74be328 > +LINUX_KERNEL_HASH-4.14.206 = > +1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac > > remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) > sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst - > ,_,$(subst /,_,$(1))))))) diff --git a/target/linux/cns3xxx/patches-4.14/210- > dwc2_defaults.patch b/target/linux/cns3xxx/patches-4.14/210- > dwc2_defaults.patch > index 67f152f43d..0cc4dd1830 100644 > --- a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch > +++ b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch > @@ -43,7 +43,7 @@ > { > + /* > const struct of_device_id *match; > - void (*set_params)(void *data); > + void (*set_params)(struct dwc2_hsotg *data); > + */ > > dwc2_set_default_params(hsotg); > diff --git a/target/linux/generic/backport-4.14/030-USB-serial-option-fix- > dwm-158-3g-modem-interface.patch b/target/linux/generic/backport- > 4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch > index ebd90a8ef2..4ad22b3de1 100644 > --- a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158- > 3g-modem-interface.patch > +++ b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-1 > +++ 58-3g-modem-interface.patch > @@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold <[email protected]> > > --- a/drivers/usb/serial/option.c > +++ b/drivers/usb/serial/option.c > -@@ -2001,7 +2001,8 @@ static const struct usb_device_id option > +@@ -2011,7 +2011,8 @@ static const struct usb_device_id option > { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, > /* D-Link DWM-156 (variant) */ > { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) }, > { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) }, diff --git > a/target/linux/generic/hack-4.14/204-module_strip.patch > b/target/linux/generic/hack-4.14/204-module_strip.patch > index c53963c530..d93b545b7c 100644 > --- a/target/linux/generic/hack-4.14/204-module_strip.patch > +++ b/target/linux/generic/hack-4.14/204-module_strip.patch > @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <[email protected]> > > --- a/init/Kconfig > +++ b/init/Kconfig > -@@ -1903,6 +1903,13 @@ config TRIM_UNUSED_KSYMS > +@@ -1904,6 +1904,13 @@ config TRIM_UNUSED_KSYMS > > If unsure, or if you need to build out-of-tree modules, say N. > > diff --git a/target/linux/generic/hack-4.14/930-crashlog.patch > b/target/linux/generic/hack-4.14/930-crashlog.patch > index 9d09dbd760..2da51fb406 100644 > --- a/target/linux/generic/hack-4.14/930-crashlog.patch > +++ b/target/linux/generic/hack-4.14/930-crashlog.patch > @@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau <[email protected]> +#endif > --- a/init/Kconfig > +++ b/init/Kconfig > -@@ -1009,6 +1009,10 @@ config RELAY > +@@ -1010,6 +1010,10 @@ config RELAY > > If unsure, say N. > > diff --git a/target/linux/generic/pending-4.14/203- > kallsyms_uncompressed.patch b/target/linux/generic/pending-4.14/203- > kallsyms_uncompressed.patch > index 1f5c83e94f..159a79988f 100644 > --- a/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch > +++ b/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch > @@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau <[email protected]> > > --- a/init/Kconfig > +++ b/init/Kconfig > -@@ -1081,6 +1081,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW > +@@ -1082,6 +1082,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW > the unaligned access emulation. > see arch/parisc/kernel/unaligned.c for reference > > diff --git a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch > b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch > index 2f6a52c23d..4d7dd3364d 100644 > --- a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch > +++ b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch > @@ -13,7 +13,7 @@ Signed-off-by: Imre Kaloz <[email protected]> > > --- a/init/Kconfig > +++ b/init/Kconfig > -@@ -1427,6 +1427,15 @@ config EMBEDDED > +@@ -1428,6 +1428,15 @@ config EMBEDDED > an embedded system so certain expert options are available > for configuration. > > diff --git a/target/linux/ipq806x/patches-4.14/0067-generic-Mangle- > bootloader-s-kernel-arguments.patch b/target/linux/ipq806x/patches- > 4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch > index f0cc3ed509..c977dd1001 100644 > --- a/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s- > kernel-arguments.patch > +++ b/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s > +++ -kernel-arguments.patch > @@ -22,7 +22,7 @@ Signed-off-by: Adrian Panella <[email protected]> > > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > -@@ -1934,6 +1934,17 @@ config > ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN > +@@ -1936,6 +1936,17 @@ config > ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN > The command-line arguments provided by the boot loader will be > appended to the the device tree bootargs property. > > diff --git a/target/linux/mediatek/patches-4.14/0064-dts.patch > b/target/linux/mediatek/patches-4.14/0064-dts.patch > index a2f5000d4d..8cfda50035 100644 > --- a/target/linux/mediatek/patches-4.14/0064-dts.patch > +++ b/target/linux/mediatek/patches-4.14/0064-dts.patch > @@ -106,7 +106,7 @@ > reg = <6>; > label = "cpu"; > ethernet = <&gmac0>; > -@@ -187,8 +227,6 @@ > +@@ -188,8 +228,6 @@ > }; > }; > }; > diff --git a/target/linux/mediatek/patches-4.14/0124-arm64-mediatek- > cleanup-message-for-platform-selectio.patch > b/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup- > message-for-platform-selectio.patch > index 6af0ae8316..1f8a549aac 100644 > --- a/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup- > message-for-platform-selectio.patch > +++ b/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup- > mes > +++ sage-for-platform-selectio.patch > @@ -16,7 +16,7 @@ Signed-off-by: Matthias Brugger > <[email protected]> > > --- a/arch/arm64/Kconfig.platforms > +++ b/arch/arm64/Kconfig.platforms > -@@ -91,12 +91,13 @@ config ARCH_HISI > +@@ -92,12 +92,13 @@ config ARCH_HISI > This enables support for Hisilicon ARMv8 SoC family > > config ARCH_MEDIATEK > diff --git a/target/linux/mvebu/patches-4.14/006-mvebu-Mangle- > bootloader-s-kernel-arguments.patch b/target/linux/mvebu/patches- > 4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch > index 4ef86edb6a..f9d902b4d9 100644 > --- a/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s- > kernel-arguments.patch > +++ b/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s- > kern > +++ el-arguments.patch > @@ -28,7 +28,7 @@ Signed-off-by: Michael Gray > <[email protected]> > > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > -@@ -1934,6 +1934,17 @@ config > ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN > +@@ -1936,6 +1936,17 @@ config > ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN > The command-line arguments provided by the boot loader will be > appended to the the device tree bootargs property. > > diff --git a/target/linux/mvebu/patches-4.14/411-sfp-add-sfp- > compatible.patch b/target/linux/mvebu/patches-4.14/411-sfp-add-sfp- > compatible.patch > index 9174765e6a..6fce278305 100644 > --- a/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch > +++ b/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch > @@ -14,7 +14,7 @@ Signed-off-by: Russell King > <[email protected]> > > --- a/drivers/net/phy/sfp.c > +++ b/drivers/net/phy/sfp.c > -@@ -1168,6 +1168,7 @@ static int sfp_remove(struct platform_de > +@@ -1169,6 +1169,7 @@ static int sfp_remove(struct platform_de > > static const struct of_device_id sfp_of_match[] = { > { .compatible = "sff,sfp", }, > diff --git a/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720- > espressobin-set-max-link-to-ge.patch b/target/linux/mvebu/patches- > 4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch > index 5ff9b47268..6ce49f71f0 100644 > --- a/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720- > espressobin-set-max-link-to-ge.patch > +++ b/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720- > espresso > +++ bin-set-max-link-to-ge.patch > @@ -62,7 +62,7 @@ Signed-off-by: Tomasz Maciej Nowak > <[email protected]> > > --- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts > +++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts > -@@ -79,6 +79,8 @@ > +@@ -83,6 +83,8 @@ > /* J9 */ > &pcie0 { > status = "okay"; > diff --git a/target/linux/octeon/patches-4.14/110-er200- > ethernet_probe_order.patch b/target/linux/octeon/patches-4.14/110- > er200-ethernet_probe_order.patch > index 6b1eaf92a2..e5330ffbd6 100644 > --- a/target/linux/octeon/patches-4.14/110-er200- > ethernet_probe_order.patch > +++ b/target/linux/octeon/patches-4.14/110-er200- > ethernet_probe_order.pa > +++ tch > @@ -1,6 +1,6 @@ > --- a/drivers/staging/octeon/ethernet.c > +++ b/drivers/staging/octeon/ethernet.c > -@@ -673,6 +673,7 @@ static int cvm_oct_probe(struct platform > +@@ -674,6 +674,7 @@ static int cvm_oct_probe(struct platform > int interface; > int fau = FAU_NUM_PACKET_BUFFERS_TO_FREE; > int qos; > @@ -8,7 +8,7 @@ > struct device_node *pip; > int mtu_overhead = ETH_HLEN + ETH_FCS_LEN; > > -@@ -796,13 +797,19 @@ static int cvm_oct_probe(struct platform > +@@ -797,13 +798,19 @@ static int cvm_oct_probe(struct platform > } > > num_interfaces = cvmx_helper_get_number_of_interfaces(); > diff --git a/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader- > s-kernel-arguments.patch b/target/linux/oxnas/patches-4.14/996-generic- > Mangle-bootloader-s-kernel-arguments.patch > index a06825f7c8..313b9b5640 100644 > --- a/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s- > kernel-arguments.patch > +++ b/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s- > ke > +++ rnel-arguments.patch > @@ -22,7 +22,7 @@ Signed-off-by: Adrian Panella <[email protected]> > > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > -@@ -1934,6 +1934,17 @@ config > ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN > +@@ -1936,6 +1936,17 @@ config > ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN > The command-line arguments provided by the boot loader will be > appended to the the device tree bootargs property. > > -- > 2.25.1 > > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
