Re: [PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206
On 13.11.20 13:35, Adrian Schmutzler wrote: -Original Message- From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] On Behalf Of Josef Schlehofer Sent: Freitag, 13. November 2020 09:33 To: openwrt-devel@lists.openwrt.org Cc: Hauke Mehrtens Subject: [PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206 From: Hauke Mehrtens This is a security update as currently in OpenWrt 19.07, there is version 4.14.202 it means that it is vulnerable against vulnerability known as Sad DNS (DNS cache poisoning). Since kernel 4.14.203, there is present mitigation to this attack by randomizing ICMP global rate limit. More details can be found here: https://www.saddns.net/ Compile and runtime tested on x86/64. Also compile and run tested on all Turris devices (Turris 1.x - powerpc 8540, Turris Omnia - mvebu/cortex-a9_vfpv3-d16, Turris MOX - mvebu/aarch64_cortex-a53) Signed-off-by: Hauke Mehrtens (cherry picked from commit 9cdc02be88d5c25791664b1baaf9a7c1a4382c95) Signed-off-by: Josef Schlehofer [added commit message about run testing on Turris devices, added mention about Sad DNS] Did you just pick the patch or properly refresh patches again? Best Adrian fwiw, I took my .205 patch and bumped it again with .206 It's already in my staging tree and compile tests already executed. Regards, Koen ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
RE: [PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206
> -Original Message- > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] > On Behalf Of Josef Schlehofer > Sent: Freitag, 13. November 2020 09:33 > To: openwrt-devel@lists.openwrt.org > Cc: Hauke Mehrtens > Subject: [PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206 > > From: Hauke Mehrtens > > This is a security update as currently in OpenWrt 19.07, there is version > 4.14.202 it means that it is vulnerable against vulnerability known as Sad DNS > (DNS cache poisoning). Since kernel 4.14.203, there is present mitigation to > this attack by randomizing ICMP global rate limit. > > More details can be found here: https://www.saddns.net/ > > Compile and runtime tested on x86/64. > Also compile and run tested on all Turris devices (Turris 1.x - powerpc 8540, > Turris Omnia - mvebu/cortex-a9_vfpv3-d16, Turris MOX - > mvebu/aarch64_cortex-a53) > > Signed-off-by: Hauke Mehrtens (cherry picked from > commit 9cdc02be88d5c25791664b1baaf9a7c1a4382c95) > Signed-off-by: Josef Schlehofer [added > commit message about run testing on Turris devices, added mention about > Sad DNS] Did you just pick the patch or properly refresh patches again? Best Adrian > --- > include/kernel-version.mk | 4 ++-- > target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch | 2 +- > ...030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch | 2 +- > target/linux/generic/hack-4.14/204-module_strip.patch | 2 +- > target/linux/generic/hack-4.14/930-crashlog.patch | 2 +- > .../generic/pending-4.14/203-kallsyms_uncompressed.patch | 2 +- > target/linux/generic/pending-4.14/920-mangle_bootargs.patch | 2 +- > .../0067-generic-Mangle-bootloader-s-kernel-arguments.patch | 2 +- > target/linux/mediatek/patches-4.14/0064-dts.patch | 2 +- > ...arm64-mediatek-cleanup-message-for-platform-selectio.patch | 2 +- > .../006-mvebu-Mangle-bootloader-s-kernel-arguments.patch | 2 +- > .../linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch | 2 +- > ...arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch | 2 +- > .../octeon/patches-4.14/110-er200-ethernet_probe_order.patch | 4 ++-- > .../996-generic-Mangle-bootloader-s-kernel-arguments.patch| 2 +- > 15 files changed, 17 insertions(+), 17 deletions(-) > > diff --git a/include/kernel-version.mk b/include/kernel-version.mk index > a58b17fbf4..e581897dc1 100644 > --- a/include/kernel-version.mk > +++ b/include/kernel-version.mk > @@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL >KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) > endif > > -LINUX_VERSION-4.14 = .202 > +LINUX_VERSION-4.14 = .206 > > -LINUX_KERNEL_HASH-4.14.202 = > 95c717ab5b0bdd2333e829f0507385fbe3424ceee810727f3a8551a0c74be328 > +LINUX_KERNEL_HASH-4.14.206 = > +1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac > > remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1 > sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst - > ,_,$(subst /,_,$(1))) diff --git a/target/linux/cns3xxx/patches-4.14/210- > dwc2_defaults.patch b/target/linux/cns3xxx/patches-4.14/210- > dwc2_defaults.patch > index 67f152f43d..0cc4dd1830 100644 > --- a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch > +++ b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch > @@ -43,7 +43,7 @@ > { > +/* > const struct of_device_id *match; > - void (*set_params)(void *data); > + void (*set_params)(struct dwc2_hsotg *data); > +*/ > > dwc2_set_default_params(hsotg); > diff --git a/target/linux/generic/backport-4.14/030-USB-serial-option-fix- > dwm-158-3g-modem-interface.patch b/target/linux/generic/backport- > 4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch > index ebd90a8ef2..4ad22b3de1 100644 > --- a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158- > 3g-modem-interface.patch > +++ b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-1 > +++ 58-3g-modem-interface.patch > @@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold > > --- a/drivers/usb/serial/option.c > +++ b/drivers/usb/serial/option.c > -@@ -2001,7 +2001,8 @@ static const struct usb_device_id option > +@@ -2011,7 +2011,8 @@ static const struct usb_device_id option > { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, > /* D-Link DWM-156 (variant) */ > { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) }, > { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) }, diff --git > a/target/linux/generic/hack-4.14/204-module_strip.patch > b/target/linux/generic/hack-4.14/204-module_strip.patch > index c539
[PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206
From: Hauke Mehrtens This is a security update as currently in OpenWrt 19.07, there is version 4.14.202 it means that it is vulnerable against vulnerability known as Sad DNS (DNS cache poisoning). Since kernel 4.14.203, there is present mitigation to this attack by randomizing ICMP global rate limit. More details can be found here: https://www.saddns.net/ Compile and runtime tested on x86/64. Also compile and run tested on all Turris devices (Turris 1.x - powerpc 8540, Turris Omnia - mvebu/cortex-a9_vfpv3-d16, Turris MOX - mvebu/aarch64_cortex-a53) Signed-off-by: Hauke Mehrtens (cherry picked from commit 9cdc02be88d5c25791664b1baaf9a7c1a4382c95) Signed-off-by: Josef Schlehofer [added commit message about run testing on Turris devices, added mention about Sad DNS] --- include/kernel-version.mk | 4 ++-- target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch | 2 +- ...030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch | 2 +- target/linux/generic/hack-4.14/204-module_strip.patch | 2 +- target/linux/generic/hack-4.14/930-crashlog.patch | 2 +- .../generic/pending-4.14/203-kallsyms_uncompressed.patch | 2 +- target/linux/generic/pending-4.14/920-mangle_bootargs.patch | 2 +- .../0067-generic-Mangle-bootloader-s-kernel-arguments.patch | 2 +- target/linux/mediatek/patches-4.14/0064-dts.patch | 2 +- ...arm64-mediatek-cleanup-message-for-platform-selectio.patch | 2 +- .../006-mvebu-Mangle-bootloader-s-kernel-arguments.patch | 2 +- .../linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch | 2 +- ...arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch | 2 +- .../octeon/patches-4.14/110-er200-ethernet_probe_order.patch | 4 ++-- .../996-generic-Mangle-bootloader-s-kernel-arguments.patch| 2 +- 15 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/kernel-version.mk b/include/kernel-version.mk index a58b17fbf4..e581897dc1 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) endif -LINUX_VERSION-4.14 = .202 +LINUX_VERSION-4.14 = .206 -LINUX_KERNEL_HASH-4.14.202 = 95c717ab5b0bdd2333e829f0507385fbe3424ceee810727f3a8551a0c74be328 +LINUX_KERNEL_HASH-4.14.206 = 1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))) diff --git a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch index 67f152f43d..0cc4dd1830 100644 --- a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch +++ b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch @@ -43,7 +43,7 @@ { + /* const struct of_device_id *match; - void (*set_params)(void *data); + void (*set_params)(struct dwc2_hsotg *data); + */ dwc2_set_default_params(hsotg); diff --git a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch index ebd90a8ef2..4ad22b3de1 100644 --- a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch +++ b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch @@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c -@@ -2001,7 +2001,8 @@ static const struct usb_device_id option +@@ -2011,7 +2011,8 @@ static const struct usb_device_id option { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) }, /* D-Link DWM-156 (variant) */ { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) }, { USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) }, diff --git a/target/linux/generic/hack-4.14/204-module_strip.patch b/target/linux/generic/hack-4.14/204-module_strip.patch index c53963c530..d93b545b7c 100644 --- a/target/linux/generic/hack-4.14/204-module_strip.patch +++ b/target/linux/generic/hack-4.14/204-module_strip.patch @@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau --- a/init/Kconfig +++ b/init/Kconfig -@@ -1903,6 +1903,13 @@ config TRIM_UNUSED_KSYMS +@@ -1904,6 +1904,13 @@ config TRIM_UNUSED_KSYMS If unsure, or if you need to build out-of-tree modules, say N. diff --git a/target/linux/generic/hack-4.14/930-crashlog.patch b/target/linux/generic/hack-4.14/930-crashlog.patch index 9d09dbd760..2da51fb406 100644 --- a/target/linux/generic/hack-4.14/930-crashlog.patch +++ b/target/linux/generic/hack-4.14/930-crashlog.patch @@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau +#endif --- a/init/Kconfig +++ b/init/Kconfig -@@ -1009,6 +1009,10 @@ config RELAY +@@ -1010,6