kernel: update to 4.14.206

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-10 02:55:55 +02:00 · 2020-11-12 09:02:02 +01:00
parent 1ba481b3f4
commit 2e1bf458e2
16 changed files with 95 additions and 57 deletions
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.198-ipfire Kernel Configuration
+# Linux/arm64 4.14.206-ipfire Kernel Configuration
 #
 CONFIG_ARM64=y
 CONFIG_64BIT=y
@@ -5577,6 +5577,8 @@ CONFIG_TIMER_OF=y
 CONFIG_TIMER_ACPI=y
 CONFIG_TIMER_PROBE=y
 CONFIG_CLKSRC_MMIO=y
+CONFIG_DW_APB_TIMER=y
+CONFIG_DW_APB_TIMER_OF=y
 CONFIG_ROCKCHIP_TIMER=y
 CONFIG_ARM_ARCH_TIMER=y
 CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y
--- a/config/kernel/kernel.config.armv5tel-ipfire-multi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.195-ipfire-multi Kernel Configuration
+# Linux/arm 4.14.206-ipfire-multi Kernel Configuration
 #
 CONFIG_ARM=y
 CONFIG_ARM_HAS_SG_CHAIN=y
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.195-ipfire Kernel Configuration
+# Linux/x86 4.14.206-ipfire Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -4648,7 +4648,6 @@ CONFIG_HDMI=y
 # Console display driver support
 #
 CONFIG_VGA_CONSOLE=y
-# CONFIG_VGACON_SOFT_SCROLLBACK is not set
 CONFIG_MDA_CONSOLE=m
 CONFIG_DUMMY_CONSOLE=y
 CONFIG_DUMMY_CONSOLE_COLUMNS=80
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.195-ipfire Kernel Configuration
+# Linux/x86 4.14.206-ipfire Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -4530,7 +4530,6 @@ CONFIG_HDMI=y
 # Console display driver support
 #
 CONFIG_VGA_CONSOLE=y
-# CONFIG_VGACON_SOFT_SCROLLBACK is not set
 CONFIG_DUMMY_CONSOLE=y
 CONFIG_DUMMY_CONSOLE_COLUMNS=80
 CONFIG_DUMMY_CONSOLE_ROWS=25
--- a/config/rootfiles/common/aarch64/linux
+++ b/config/rootfiles/common/aarch64/linux
@@ -7072,6 +7072,9 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/dw
 #lib/modules/KVER-ipfire/build/include/config/dw/apb
 #lib/modules/KVER-ipfire/build/include/config/dw/apb/ictl.h
+#lib/modules/KVER-ipfire/build/include/config/dw/apb/timer
+#lib/modules/KVER-ipfire/build/include/config/dw/apb/timer.h
+#lib/modules/KVER-ipfire/build/include/config/dw/apb/timer/of.h
 #lib/modules/KVER-ipfire/build/include/config/dw/dmac
 #lib/modules/KVER-ipfire/build/include/config/dw/dmac/core.h
 #lib/modules/KVER-ipfire/build/include/config/dw/dmac/pci.h
--- a/config/rootfiles/core/153/filelists/aarch64/linux
+++ b/config/rootfiles/core/153/filelists/aarch64/linux
@@ -0,0 +1 @@
+../../../../common/aarch64/linux
--- a/config/rootfiles/core/153/filelists/aarch64/linux-initrd
+++ b/config/rootfiles/core/153/filelists/aarch64/linux-initrd
@@ -0,0 +1 @@
+../../../../common/aarch64/linux-initrd
--- a/config/rootfiles/core/153/filelists/armv5tel/linux-initrd-multi
+++ b/config/rootfiles/core/153/filelists/armv5tel/linux-initrd-multi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-initrd-multi
--- a/config/rootfiles/core/153/filelists/armv5tel/linux-multi
+++ b/config/rootfiles/core/153/filelists/armv5tel/linux-multi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-multi
--- a/config/rootfiles/core/153/filelists/i586/linux
+++ b/config/rootfiles/core/153/filelists/i586/linux
@@ -0,0 +1 @@
+../../../../common/i586/linux
--- a/config/rootfiles/core/153/filelists/i586/linux-initrd
+++ b/config/rootfiles/core/153/filelists/i586/linux-initrd
@@ -0,0 +1 @@
+../../../../common/i586/linux-initrd
--- a/config/rootfiles/core/153/filelists/x86_64/linux
+++ b/config/rootfiles/core/153/filelists/x86_64/linux
@@ -0,0 +1 @@
+../../../../common/x86_64/linux
--- a/config/rootfiles/core/153/filelists/x86_64/linux-initrd
+++ b/config/rootfiles/core/153/filelists/x86_64/linux-initrd
@@ -0,0 +1 @@
+../../../../common/x86_64/linux-initrd
--- a/config/rootfiles/core/153/update.sh
+++ b/config/rootfiles/core/153/update.sh
@@ -26,11 +26,66 @@

 core=153

+exit_with_error() {
+	# Set last succesfull installed core.
+	echo $(($core-1)) > /opt/pakfire/db/core/mine
+	# force fsck at next boot, this may fix free space on xfs
+	touch /forcefsck
+	# don't start pakfire again at error
+	killall -KILL pak_update
+	/usr/bin/logger -p syslog.emerg -t ipfire \
+		"core-update-${core}: $1"
+	exit $2
+}
+
 # Remove old core updates from pakfire cache to save space...
 for (( i=1; i<=$core; i++ )); do
 	rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
 done

+KVER="xxxKVERxxx"
+
+# Backup uEnv.txt if exist
+if [ -e /boot/uEnv.txt ]; then
+	cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+fi
+
+# Do some sanity checks.
+case $(uname -r) in
+	*-ipfire-kirkwood)
+		exit_with_error "ERROR cannot update. kirkwood kernel was not supported." 1
+		;;
+	*-ipfire*)
+		# Ok.
+		;;
+	*)
+		exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+		;;
+esac
+if [ -e /boot/grub/grub.conf ]; then
+	exit_with_error "ERROR unsupported GRUB1/pygrub found!" 1
+fi
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 100000 ]; then
+	exit_with_error "ERROR cannot update because not enough free space on root." 2
+	exit 2
+fi
+
+# Remove the old kernel
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/initramfs-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-*-ipfire-*
+rm -rf /boot/zImage-*-ipfire-*
+rm -rf /boot/uInit-*-ipfire-*
+rm -rf /boot/dtb-*-ipfire-*
+rm -rf /lib/modules
+
 # Remove files

 # Stop services
@@ -50,12 +105,31 @@ chown -vR root:root /etc/ntp
 # Filesytem cleanup
 /usr/local/bin/filesystem-cleanup

+# Fix invalid cronjob syntax
+sed -e "s/^%hourly,random \* \* \*/%hourly,random */g" \
+	-i /var/spool/cron/root.orig
+fcrontab -z
+
 # Start services
 /etc/init.d/suricata restart

 # Reload sysctl.conf
 sysctl -p

+# remove lm_sensor config after collectd was started
+# to reserch sensors at next boot with updated kernel
+rm -f  /etc/sysconfig/lm_sensors
+
+# Upadate Kernel version uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+	sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# call user update script (needed for some arm boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+	/boot/pakfire-kernel-update ${KVER}
+fi
+
 # This update needs a reboot...
 touch /var/run/need_reboot

--- a/lfs/linux
+++ b/lfs/linux
@@ -24,8 +24,8 @@

 include Config

-VER         = 4.14.198
-ARM_PATCHES = 4.14.198-ipfire0
+VER         = 4.14.206
+ARM_PATCHES = 4.14.206-ipfire0

 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -79,8 +79,8 @@ objects =$(DL_FILE) \
 $(DL_FILE)					= $(URL_IPFIRE)/$(DL_FILE)
 arm-multi-patches-$(ARM_PATCHES).patch.xz	= $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz

-$(DL_FILE)_MD5					= 9bf8f170f93283549cba55df5247b7b8
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5	= 84b7afe9148e02568777ae0338da3844
+$(DL_FILE)_MD5					= c08bf53b35b816089d04b99036e0304a
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5	= 2b0e8e3ebe9827b2bfed7397b043dbc5

 install : $(TARGET)

@@ -144,9 +144,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-random_try_to_actively_add_entropy.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.x-add_timer_setup_on_stack.patch

-	# Patch CVE-2020-14386
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_cve-2020-14386_net_packet_fix_overflow_in_tpacket_rcv.patch
-
 ifeq "$(KCFG)" "-multi"
 	# Apply Arm-multiarch kernel patches.
 	cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
--- a/src/patches/linux/linux-4.14_cve-2020-14386_net_packet_fix_overflow_in_tpacket_rcv.patch
+++ b/src/patches/linux/linux-4.14_cve-2020-14386_net_packet_fix_overflow_in_tpacket_rcv.patch
@@ -1,44 +0,0 @@
-From: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
-
-patch based on acf69c946233259ab4d64f8869d4037a198c7f06
-From: Or Cohen <orcohen@paloaltonetworks.com>
-Subject: net/packet: fix overflow in tpacket_rcv
-
-Using tp_reserve to calculate netoff can overflow as
-tp_reserve is unsigned int and netoff is unsigned short.
-
-This may lead to macoff receving a smaller value then
-sizeof(struct virtio_net_hdr), and if po->has_vnet_hdr
-is set, an out-of-bounds write will occur when
-calling virtio_net_hdr_from_skb.
-
-The bug is fixed by converting netoff to unsigned int
-and checking if it exceeds USHRT_MAX.
-
-This addresses CVE-2020-14386
-
-
-diff -Naur linux-4.14.197.org/net/packet/af_packet.c linux-4.14.197/net/packet/af_packet.c
--- linux-4.14.197.org/net/packet/af_packet.c	2020-09-11 22:27:31.003458577 +0200
-+++ linux-4.14.197/net/packet/af_packet.c	2020-09-11 22:38:53.104021712 +0200
-@@ -2201,7 +2201,8 @@
- 	int skb_len = skb->len;
- 	unsigned int snaplen, res;
- 	unsigned long status = TP_STATUS_USER;
-	unsigned short macoff, netoff, hdrlen;
-+	unsigned short macoff, hdrlen;
-+	unsigned int netoff;
- 	struct sk_buff *copy_skb = NULL;
- 	struct timespec ts;
- 	__u32 ts_status;
-@@ -2264,6 +2265,10 @@
- 		}
- 		macoff = netoff - maclen;
- 	}
-+	if (netoff > USHRT_MAX) {
-+		po->stats.stats1.tp_drops++;
-+		goto drop_n_restore;
-+	}
- 	if (po->tp_version <= TPACKET_V2) {
- 		if (macoff + snaplen > po->rx_ring.frame_size) {
- 			if (po->copy_thresh &&
				`@@ -0,0 +1 @@`
				`../../../../common/armv5tel/linux-initrd-multi`