webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,489 Commits 2 Branches 1 Tag
2a0d7a03d7df63806dc37b93ea10a93c2da4e4ea
Commit Graph

69 Commits

Author SHA1 Message Date
Arne Fitzenreiter
6a005bd9aa kernel: update to 6.1.28 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-16 18:53:01 +00:00
Peter Müller
ccd793b360 linux: Update rootfiles 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2023-05-12 18:29:27 +00:00
Peter Müller
6aa0837d24 linux: Update to 6.1.24 
Compiling the kernel has automatically introduced
CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to
be confused with its stackleak counterpart). However, according to
related documentation, this neither introduces a security nor
performance disadvantage.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-04-19 09:33:38 +00:00
Peter Müller
d51c4e566b linux: Update x86_64 rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2023-03-05 14:14:31 +00:00
Peter Müller
dce8d55955 linux: Update x86_64 rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2023-01-19 21:34:56 +00:00
Arne Fitzenreiter
3e066f550b kernel: update rootfiles and config 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-01-15 09:19:25 +00:00
Arne Fitzenreiter
6535255270 kernel: update to 6.1.3 
the kernel-6.1.x series should be the next lts series...
 2023-01-08 10:08:33 +00:00
Peter Müller
f46f939827 linux: Update configuration files and x86_64 rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2023-01-04 21:26:43 +00:00
Peter Müller
63b3a6edb3 linux: Update to 5.15.85 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2023-01-03 16:07:48 +00:00
Peter Müller
ae185d6f9d linux: Update to 5.15.68 
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68
for the changelog of this release. Due to the lack of local build
hardware, ARM rootfile and configuration changes have been omitted.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-09-20 10:33:19 +00:00
Peter Müller
4865b7f6b8 Revert "Revert "kernel: update to 5.15.59"" 
This reverts commit f25f1b55af.
 2022-08-08 13:17:30 +00:00
Peter Müller
5a18ee55e6 Revert "linux: Randomize layout of sensitive kernel structures" 
This reverts commit 4c46e7f818.
 2022-08-08 13:17:19 +00:00
Peter Müller
f25f1b55af Revert "kernel: update to 5.15.59" 
This reverts commit 43df4a0373.
 2022-08-08 10:10:35 +00:00
Arne Fitzenreiter
43df4a0373 kernel: update to 5.15.59 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-06 07:45:02 +00:00
Peter Müller
893427ad8b linux: Update rootfiles 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-04 12:11:53 +00:00
Peter Müller
4c46e7f818 linux: Randomize layout of sensitive kernel structures 
To quote from the kernel documentation:

> If you say Y here, the layouts of structures that are entirely
> function pointers (and have not been manually annotated with
> __no_randomize_layout), or structures that have been explicitly
> marked with __randomize_layout, will be randomized at compile-time.
> This can introduce the requirement of an additional information
> exposure vulnerability for exploits targeting these structure
> types.
>
> Enabling this feature will introduce some performance impact,
> slightly increase memory usage, and prevent the use of forensic
> tools like Volatility against the system (unless the kernel
> source tree isn't cleaned after kernel installation).
>
> The seed used for compilation is located at
> scripts/gcc-plgins/randomize_layout_seed.h. It remains after
> a make clean to allow for external modules to be compiled with
> the existing seed and will be removed by a make mrproper or
> make distclean.
>
> Note that the implementation requires gcc 4.7 or newer.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-03 10:59:03 +00:00
Peter Müller
5591a68c05 linux: Enable Intel DMA Remapping Devices by default on x86_64 
If available, the kernel will enable IOMMU (a/k/a DMA remapping) by
default on boot. To tools making use of that, particularly hypervisors,
this provides better security without any downsides.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-07-28 13:35:20 +00:00
Peter Müller
37895e21bf linux: Update to 5.15.57 
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57
for the changelog of this version. Since it introduces
architecture-dependent rootfile changes due to CPU side-channel
mitigations, changes to ARM rootfiles have been omitted due to the lack
of hardware.

Supposed hardening changes will be submitted separately.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-07-28 13:34:52 +00:00
Peter Müller
5991f39282 linux: Update rootfiles to reflect /dev mount option change 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-06-27 17:30:47 +00:00
Peter Müller
d9aece2af9 linux: Update rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-06-23 06:44:09 +00:00
Peter Müller
d819a62b14 linux: Update rootfiles 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-06-13 20:45:51 +00:00
Peter Müller
db8639bbfa linux: Update to 5.15.46 
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46
for the changelog of this version.

Due to operational constraints, ARM rootfile changes are simulated.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-06-13 15:38:42 +00:00
Arne Fitzenreiter
9fa01e4276 kernel: update to 5.15.35 
in kernel 5.15.32 the driver for ATH9K wlan cards is unstable.
This is one of the most used cards so we need this update before
releasing core167 final.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-04-22 12:48:32 +00:00
Peter Müller
3f65e4996b kernel: Align rootfile again due to forgotten hardening patch 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-06 20:18:22 +00:00
Peter Müller
4fb7569811 linux: Update rootfile to reflect kernel hardening changes 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-05 08:42:00 +00:00
Arne Fitzenreiter
70c57ed33e kernel: update to 5.15.21 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-06 14:09:43 +00:00
Arne Fitzenreiter
d68f875d61 kernel: enable support for compressed firmwares 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-01-28 14:44:03 +00:00
Arne Fitzenreiter
6f6d66105a kernel: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-11-21 19:31:49 +01:00
Arne Fitzenreiter
c0cb2605d7 kernel: x86_64 rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-11-05 18:03:02 +01:00
Arne Fitzenreiter
58f6264fa4 kernel: update to 5.10.71 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-10-10 06:46:25 +00:00
Arne Fitzenreiter
6d8cc5a74e kernel: x86 rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-09-20 23:46:14 +02:00
Arne Fitzenreiter
f696f419ad kernel: update to 5.10.46 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:40 +02:00
Arne Fitzenreiter
663ab267ba kernel: update to 5.10.42 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
5235ab4817 kernel: update to 5.10.38 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
03b7752c80 kernel: update to 5.10.29 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
82b0e0f13d kernel: x86* disable alg modules 
the application layer gateway modules can used to bypass the nat
via nat slipstreaming. I had disabled all of them. If one is really needed
we can reenable it later.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
f721328ce2 kernel: update i586 and x86_64 rootfiles 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
3c3d0be877 kernel: x86_64 rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
551756d35d kernel: i586 and x86_64 rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:36 +02:00
Michael Tremer
904386624c kernel: Compile RNG drivers into the kernel 
The kernel will try to gather entropy really early in the boot process
where those device drivers might not have been loaded yet. They are
small and can therefore be compiled into the kernel like we already do
on ARM.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-07-05 07:42:36 +02:00
Arne Fitzenreiter
c062c7700f kernel: update to 5.10.5 
todo: add armv5tel and aarch64 config and rootfiles.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:36 +02:00
Arne Fitzenreiter
10ce44b0c6 kernel: update to 4.14.232 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-05-16 11:58:42 +00:00
Michael Tremer
710b6ef1e8 Update the kernel's rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-02-01 11:13:24 +00:00
Arne Fitzenreiter
ce9f979c01 kernel: update to 4.14.195 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-31 06:58:32 +02:00
Arne Fitzenreiter
f3a59d63e2 kernel: update to 4.14.184 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 16:04:48 +02:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Arne Fitzenreiter
ee9bc7c477 kernel: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-08 15:21:16 +01:00
Arne Fitzenreiter
4baee8fa4c kernel: fix x86_64 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 16:29:42 +01:00
Arne Fitzenreiter
44b227b102 kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 22:12:12 +01:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00