[PATCH 19.07] kernel: Update kernel 4.14 to version 4.14.206

Josef Schlehofer pepe.schlehofer at gmail.com
Fri Nov 13 03:32:57 EST 2020


From: Hauke Mehrtens <hauke at hauke-m.de>

This is a security update as currently in OpenWrt 19.07, there is
version 4.14.202 it means that it is vulnerable against vulnerability
known as Sad DNS (DNS cache poisoning). Since kernel 4.14.203, there is
present mitigation to this attack by randomizing ICMP global rate limit.

More details can be found here: https://www.saddns.net/

Compile and runtime tested on x86/64.
Also compile and run tested on all Turris devices
(Turris 1.x - powerpc 8540, Turris Omnia - mvebu/cortex-a9_vfpv3-d16,
Turris MOX - mvebu/aarch64_cortex-a53)

Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
(cherry picked from commit 9cdc02be88d5c25791664b1baaf9a7c1a4382c95)
Signed-off-by: Josef Schlehofer <pepe.schlehofer at gmail.com>
[added commit message about run testing on Turris devices, added mention
about Sad DNS]
---
 include/kernel-version.mk                                     | 4 ++--
 target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch     | 2 +-
 ...030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch | 2 +-
 target/linux/generic/hack-4.14/204-module_strip.patch         | 2 +-
 target/linux/generic/hack-4.14/930-crashlog.patch             | 2 +-
 .../generic/pending-4.14/203-kallsyms_uncompressed.patch      | 2 +-
 target/linux/generic/pending-4.14/920-mangle_bootargs.patch   | 2 +-
 .../0067-generic-Mangle-bootloader-s-kernel-arguments.patch   | 2 +-
 target/linux/mediatek/patches-4.14/0064-dts.patch             | 2 +-
 ...arm64-mediatek-cleanup-message-for-platform-selectio.patch | 2 +-
 .../006-mvebu-Mangle-bootloader-s-kernel-arguments.patch      | 2 +-
 .../linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch | 2 +-
 ...arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch | 2 +-
 .../octeon/patches-4.14/110-er200-ethernet_probe_order.patch  | 4 ++--
 .../996-generic-Mangle-bootloader-s-kernel-arguments.patch    | 2 +-
 15 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/kernel-version.mk b/include/kernel-version.mk
index a58b17fbf4..e581897dc1 100644
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-4.14 = .202
+LINUX_VERSION-4.14 = .206
 
-LINUX_KERNEL_HASH-4.14.202 = 95c717ab5b0bdd2333e829f0507385fbe3424ceee810727f3a8551a0c74be328
+LINUX_KERNEL_HASH-4.14.206 = 1c233efaa5063983293a02d4692acc9ced9c03e18857364855d4f612347086ac
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
diff --git a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch
index 67f152f43d..0cc4dd1830 100644
--- a/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch
+++ b/target/linux/cns3xxx/patches-4.14/210-dwc2_defaults.patch
@@ -43,7 +43,7 @@
  {
 +	/*
  	const struct of_device_id *match;
- 	void (*set_params)(void *data);
+ 	void (*set_params)(struct dwc2_hsotg *data);
 +	*/
  
  	dwc2_set_default_params(hsotg);
diff --git a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch
index ebd90a8ef2..4ad22b3de1 100644
--- a/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch
+++ b/target/linux/generic/backport-4.14/030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch
@@ -30,7 +30,7 @@ Signed-off-by: Johan Hovold <johan at kernel.org>
 
 --- a/drivers/usb/serial/option.c
 +++ b/drivers/usb/serial/option.c
-@@ -2001,7 +2001,8 @@ static const struct usb_device_id option
+@@ -2011,7 +2011,8 @@ static const struct usb_device_id option
  	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d01, 0xff) },			/* D-Link DWM-156 (variant) */
  	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d02, 0xff) },
  	{ USB_DEVICE_INTERFACE_CLASS(0x2001, 0x7d03, 0xff) },
diff --git a/target/linux/generic/hack-4.14/204-module_strip.patch b/target/linux/generic/hack-4.14/204-module_strip.patch
index c53963c530..d93b545b7c 100644
--- a/target/linux/generic/hack-4.14/204-module_strip.patch
+++ b/target/linux/generic/hack-4.14/204-module_strip.patch
@@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
  
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1903,6 +1903,13 @@ config TRIM_UNUSED_KSYMS
+@@ -1904,6 +1904,13 @@ config TRIM_UNUSED_KSYMS
  
  	  If unsure, or if you need to build out-of-tree modules, say N.
  
diff --git a/target/linux/generic/hack-4.14/930-crashlog.patch b/target/linux/generic/hack-4.14/930-crashlog.patch
index 9d09dbd760..2da51fb406 100644
--- a/target/linux/generic/hack-4.14/930-crashlog.patch
+++ b/target/linux/generic/hack-4.14/930-crashlog.patch
@@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
 +#endif
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1009,6 +1009,10 @@ config RELAY
+@@ -1010,6 +1010,10 @@ config RELAY
  
  	  If unsure, say N.
  
diff --git a/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch b/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch
index 1f5c83e94f..159a79988f 100644
--- a/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch
+++ b/target/linux/generic/pending-4.14/203-kallsyms_uncompressed.patch
@@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1081,6 +1081,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
+@@ -1082,6 +1082,17 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
  	  the unaligned access emulation.
  	  see arch/parisc/kernel/unaligned.c for reference
  
diff --git a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch
index 2f6a52c23d..4d7dd3364d 100644
--- a/target/linux/generic/pending-4.14/920-mangle_bootargs.patch
+++ b/target/linux/generic/pending-4.14/920-mangle_bootargs.patch
@@ -13,7 +13,7 @@ Signed-off-by: Imre Kaloz <kaloz at openwrt.org>
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1427,6 +1427,15 @@ config EMBEDDED
+@@ -1428,6 +1428,15 @@ config EMBEDDED
  	  an embedded system so certain expert options are available
  	  for configuration.
  
diff --git a/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch b/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch
index f0cc3ed509..c977dd1001 100644
--- a/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch
+++ b/target/linux/ipq806x/patches-4.14/0067-generic-Mangle-bootloader-s-kernel-arguments.patch
@@ -22,7 +22,7 @@ Signed-off-by: Adrian Panella <ianchi74 at outlook.com>
 
 --- a/arch/arm/Kconfig
 +++ b/arch/arm/Kconfig
-@@ -1934,6 +1934,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN
+@@ -1936,6 +1936,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN
  	  The command-line arguments provided by the boot loader will be
  	  appended to the the device tree bootargs property.
  
diff --git a/target/linux/mediatek/patches-4.14/0064-dts.patch b/target/linux/mediatek/patches-4.14/0064-dts.patch
index a2f5000d4d..8cfda50035 100644
--- a/target/linux/mediatek/patches-4.14/0064-dts.patch
+++ b/target/linux/mediatek/patches-4.14/0064-dts.patch
@@ -106,7 +106,7 @@
  					reg = <6>;
  					label = "cpu";
  					ethernet = <&gmac0>;
-@@ -187,8 +227,6 @@
+@@ -188,8 +228,6 @@
  				};
  			};
  		};
diff --git a/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch b/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch
index 6af0ae8316..1f8a549aac 100644
--- a/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch
+++ b/target/linux/mediatek/patches-4.14/0124-arm64-mediatek-cleanup-message-for-platform-selectio.patch
@@ -16,7 +16,7 @@ Signed-off-by: Matthias Brugger <matthias.bgg at gmail.com>
 
 --- a/arch/arm64/Kconfig.platforms
 +++ b/arch/arm64/Kconfig.platforms
-@@ -91,12 +91,13 @@ config ARCH_HISI
+@@ -92,12 +92,13 @@ config ARCH_HISI
  	  This enables support for Hisilicon ARMv8 SoC family
  
  config ARCH_MEDIATEK
diff --git a/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch b/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
index 4ef86edb6a..f9d902b4d9 100644
--- a/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
+++ b/target/linux/mvebu/patches-4.14/006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
@@ -28,7 +28,7 @@ Signed-off-by: Michael Gray <michael.gray at lantisproject.com>
 
 --- a/arch/arm/Kconfig
 +++ b/arch/arm/Kconfig
-@@ -1934,6 +1934,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN
+@@ -1936,6 +1936,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN
  	  The command-line arguments provided by the boot loader will be
  	  appended to the the device tree bootargs property.
  
diff --git a/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch b/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch
index 9174765e6a..6fce278305 100644
--- a/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch
+++ b/target/linux/mvebu/patches-4.14/411-sfp-add-sfp-compatible.patch
@@ -14,7 +14,7 @@ Signed-off-by: Russell King <rmk+kernel at armlinux.org.uk>
 
 --- a/drivers/net/phy/sfp.c
 +++ b/drivers/net/phy/sfp.c
-@@ -1168,6 +1168,7 @@ static int sfp_remove(struct platform_de
+@@ -1169,6 +1169,7 @@ static int sfp_remove(struct platform_de
  
  static const struct of_device_id sfp_of_match[] = {
  	{ .compatible = "sff,sfp", },
diff --git a/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch b/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch
index 5ff9b47268..6ce49f71f0 100644
--- a/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch
+++ b/target/linux/mvebu/patches-4.14/528-arm64-dts-armada-3720-espressobin-set-max-link-to-ge.patch
@@ -62,7 +62,7 @@ Signed-off-by: Tomasz Maciej Nowak <tmn505 at gmail.com>
 
 --- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts
 +++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts
-@@ -79,6 +79,8 @@
+@@ -83,6 +83,8 @@
  /* J9 */
  &pcie0 {
  	status = "okay";
diff --git a/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch b/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch
index 6b1eaf92a2..e5330ffbd6 100644
--- a/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch
+++ b/target/linux/octeon/patches-4.14/110-er200-ethernet_probe_order.patch
@@ -1,6 +1,6 @@
 --- a/drivers/staging/octeon/ethernet.c
 +++ b/drivers/staging/octeon/ethernet.c
-@@ -673,6 +673,7 @@ static int cvm_oct_probe(struct platform
+@@ -674,6 +674,7 @@ static int cvm_oct_probe(struct platform
  	int interface;
  	int fau = FAU_NUM_PACKET_BUFFERS_TO_FREE;
  	int qos;
@@ -8,7 +8,7 @@
  	struct device_node *pip;
  	int mtu_overhead = ETH_HLEN + ETH_FCS_LEN;
  
-@@ -796,13 +797,19 @@ static int cvm_oct_probe(struct platform
+@@ -797,13 +798,19 @@ static int cvm_oct_probe(struct platform
  	}
  
  	num_interfaces = cvmx_helper_get_number_of_interfaces();
diff --git a/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch b/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch
index a06825f7c8..313b9b5640 100644
--- a/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch
+++ b/target/linux/oxnas/patches-4.14/996-generic-Mangle-bootloader-s-kernel-arguments.patch
@@ -22,7 +22,7 @@ Signed-off-by: Adrian Panella <ianchi74 at outlook.com>
 
 --- a/arch/arm/Kconfig
 +++ b/arch/arm/Kconfig
-@@ -1934,6 +1934,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN
+@@ -1936,6 +1936,17 @@ config ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEN
  	  The command-line arguments provided by the boot loader will be
  	  appended to the the device tree bootargs property.
  
-- 
2.25.1




More information about the openwrt-devel mailing list