bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-10 01:08:28 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	6a005bd9aa	kernel: update to 6.1.28 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-05-16 18:53:01 +00:00
Arne Fitzenreiter	cb73ca19a6	kernel: patch CVE-2023-32233 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2023-05-11 19:48:40 +00:00
Arne Fitzenreiter	6a0c5ef65a	kernel: update to 6.1.27 the layer7 patch is rebased to apply without fuzzing. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-05-03 05:07:17 +00:00
Arne Fitzenreiter	6535255270	kernel: update to 6.1.3 the kernel-6.1.x series should be the next lts series...	2023-01-08 10:08:33 +00:00
Peter Müller	63b3a6edb3	linux: Update to 5.15.85 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-03 16:07:48 +00:00
Peter Müller	ee2e7db90b	linux: Add upstream patches for CVE-2022-4{1674,2719-2722} https://lists.ipfire.org/pipermail/development/2022-October/014562.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-10-17 16:26:19 +00:00
Mathew McBride	e77ef36395	kernel: add patches for SFP support on NXP Layerscape/DPAA2 (arm64) These two patches are needed to support SFP's on NXP DPAA2 platforms (e.g Traverse Ten64). The deadlock issue patch was submitted upstream a while ago and rejected, however I am not aware of any better solutions at present. The 10G mode additions are part of mainline since 5.16. These two .patches were sourced from our patchset over here: https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/patches Signed-off-by: Mathew McBride <matt@traverse.com.au> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-10-04 14:45:19 +00:00
Peter Müller	4865b7f6b8	Revert "Revert "kernel: update to 5.15.59"" This reverts commit `f25f1b55af`.	2022-08-08 13:17:30 +00:00
Peter Müller	f25f1b55af	Revert "kernel: update to 5.15.59" This reverts commit `43df4a0373`.	2022-08-08 10:10:35 +00:00
Arne Fitzenreiter	43df4a0373	kernel: update to 5.15.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-08-06 07:45:02 +00:00
Peter Müller	0664b1720d	linux: Amend upstream patch to harden mount points of /dev This patch, which has been merged into the mainline Linux kernel, but not yet backported to the 5.15.x tree, precisely addresses our situation: IPFire does not use systemd, but CONFIG_DEVTMPFS_MOUNT. The only explanation I have for bug #12889 arising _now_ is that some component (dracut, maybe) changed its behaviour regarding remounting of already mounted special file systems. As current dracut won't (re)mount any file system already found to be mounted, this means that the mount options decided by the kernel remained untouched for /dev, hence being weak in terms of options hardening possible. As CONFIG_DEVTMPFS_SAFE would not show up in "make menuconfig", changes to kernel configurations have been simulated. Fixes: #12889 Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-25 22:20:48 +00:00
Peter Müller	db8639bbfa	linux: Update to 5.15.46 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46 for the changelog of this version. Due to operational constraints, ARM rootfile changes are simulated. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:38:42 +00:00
Peter Müller	5bd8fc1273	Revert "linux: Disable LSM for /dev/io port access" This reverts commit `5b966f1b0a`.	2022-04-21 19:29:32 +00:00
Peter Müller	5b966f1b0a	linux: Disable LSM for /dev/io port access flashrom needs access to /dev/io ports for flashing firmware, a functionality we cannot cease to support. Therefore, LSM constraints are disabled for ioport.c, hopefully permitting us to keep it enabled. Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-19 13:57:35 +00:00
Peter Müller	f0a86e1865	linux: Pick up Michael's patch for correctly holding RCU lock while nf_reinject'ing Fixes: #12760 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-05 05:47:09 +00:00
Peter Müller	400c4e8edb	Kernel: Block non-UID-0 profiling completely This is recommended by KSPP, Lynis, and others. Indeed, there is no legitimate reason why an unprivileged user on IPFire should do any profiling. Unfortunately, this change never landed in the mainline kernel, hence a distribution patch is necessary. The second version of this patch rebases the kernel patch by Jeff Vander Stoep against Linux 5.15.17 to avoid fuzzying. Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-04 19:58:49 +00:00
Arne Fitzenreiter	b2b4417857	kernel: update to 5.15.17 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-29 20:30:21 +00:00
Arne Fitzenreiter	1296f1b081	kernel: update to 5.15.0 todo add arm patches, configs and rootfiles Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-04 21:49:44 +01:00
Arne Fitzenreiter	4ff8a22566	kernel: fix gcc plugin build with gcc-11 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:39 +02:00
Arne Fitzenreiter	fead781062	kernel: add pc engines apu1 led detection with new bios. bios 4.x change the dmi device name from APU to apu1 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:37 +02:00
Arne Fitzenreiter	c062c7700f	kernel: update to 5.10.5 todo: add armv5tel and aarch64 config and rootfiles. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:36 +02:00
Peter Müller	7086c36246	~/src/patches/: Clean up orphaned patches, second batch This also moves existing patches into their applications' directory within ~/src/patches/, if already existant. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2021-06-04 18:24:23 +02:00
Michael Tremer	4330bf93be	Drop backports These are some old drivers that we used to pull in from more recent kernels. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-04-08 10:23:56 +00:00
Arne Fitzenreiter	2e1bf458e2	kernel: update to 4.14.206 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-11-12 09:02:02 +01:00
Arne Fitzenreiter	3a69555f90	kernel: add patch agains CVE-2020-14386 fixes #12483 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-09-12 09:38:10 +02:00
Arne Fitzenreiter	9dafa28a1c	Revert "kernel: add patch against CVE-2020-14386" This reverts commit `f04023b1ca`. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-09-11 22:16:27 +02:00
Arne Fitzenreiter	f04023b1ca	kernel: add patch against CVE-2020-14386 fixes #12483 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-09-11 21:27:15 +02:00
Arne Fitzenreiter	b923dd3de0	kernel: backport "random: try to actively add entropy" this backports https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/char/random.c?id=50ee7529ec4500c88f8664560770a7a1b65db72b to gather enough entropy for initialise the crng faster. Of some machines like the APU it will need forever if the machine only wait for entropy without doing anything else. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-03 08:03:01 +00:00
Arne Fitzenreiter	70af65df41	kernel: update to 4.14.173 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-03-11 22:59:38 +01:00
Arne Fitzenreiter	ff58943d8e	kernel: cleanup unused kirkwood patches Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-02-15 17:06:24 +00:00
Michael Tremer	951a9f9ba0	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:08 +00:00
Arne Fitzenreiter	c27fdd8697	Revert "linux+iptables: Drop support for IMQ" This reverts commit `59b9a6bd22`.	2019-10-20 20:20:26 +00:00
Michael Tremer	59b9a6bd22	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:55 +00:00
Stefan Schantl	415969cc1b	kernel: Backport patch to fix a netfilter contrack related issue. This fixes the packet drop issue when using suricata on IPFire. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-09-21 09:53:56 +00:00
Michael Tremer	3966b1e58f	iptables: Fix build without kernel source The layer7 filter header files were not installed into /usr/include and therefore we needed to keep the whole kernel source tree. This is just a waste of space and this patch fixes this. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-10 04:55:49 +01:00
Arne Fitzenreiter	3005eb2234	kernel: update user regd patch from openwrt Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-30 16:56:56 +01:00
Arne Fitzenreiter	c448474fc7	Revert "kernel: cleanup unused rpi patch" This reverts commit `a2d49659f3`. The patch is still needed to prevent strange crashes Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-13 09:39:07 +01:00
Arne Fitzenreiter	c09758302b	kernel: update to 4.14.103 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-23 15:56:21 +01:00
Arne Fitzenreiter	173844d352	kernel: import cve-2019-8912 patch Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-22 21:20:57 +01:00
Arne Fitzenreiter	6957b699b3	kernel: apu leds: add more id's Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-22 18:02:45 +01:00
Arne Fitzenreiter	a2d49659f3	kernel: cleanup unused rpi patch Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-21 19:13:27 +01:00
Arne Fitzenreiter	17872019ba	kernel: update apu led patch for apu3 and 4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-19 01:04:19 +01:00
Arne Fitzenreiter	ed4bbe44d1	kernel: fix dwc2 (usb) dma crashes on RPi1-3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-10 20:45:54 +01:00
Arne Fitzenreiter	7529349754	kernel: apu2 leds: update string for newer bios Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-08-05 17:19:52 +02:00
Arne Fitzenreiter	39a73adadf	kernel: kirkwood: fix iConnect leds and modell name Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-05-13 07:59:01 +00:00
Arne Fitzenreiter	2e1fe3c816	kernel: update to 4.14.1 only x86_config has updated yet and grsecurity is removed. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-22 12:29:36 +01:00
Arne Fitzenreiter	d23a284f02	Revert "kernel: revert an upstream patch that break 8TB Blockdevices on 32bit" This reverts commit `c64e080f3a`.	2017-11-02 19:20:41 +01:00
Arne Fitzenreiter	c64e080f3a	kernel: revert an upstream patch that break 8TB Blockdevices on 32bit Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-01 13:38:18 +01:00
Arne Fitzenreiter	b389d73110	Merge branch 'master' into kernel-4.9 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-07-09 12:47:16 +02:00
Arne Fitzenreiter	0b4976e293	kernel: fix amba modules build with gcc6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-06-20 06:12:45 +02:00

1 2

61 Commits