webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,115 Commits 2 Branches 1 Tag
2fdec1c5c98c216e1c2d53eff0f66cd1663d7f98
Commit Graph

150 Commits

Author SHA1 Message Date
Arne Fitzenreiter
2e1bf458e2 kernel: update to 4.14.206 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-11-12 09:02:02 +01:00
Arne Fitzenreiter
ce9f979c01 kernel: update to 4.14.195 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-31 06:58:32 +02:00
Arne Fitzenreiter
f3a59d63e2 kernel: update to 4.14.184 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 16:04:48 +02:00
Peter Müller
92e828b3b0 kernel: disable CONFIG_UPROBES 
Quoted from #12433:
> Uprobes is the user-space counterpart to kprobes: they enable instrumentation
> applications (such as 'perf probe') to establish unintrusive probes in
> user-space binaries and libraries, by executing handler functions when the
> probes are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints, managed by the
> kernel and kept transparent to the probed application. )

IMHO this can be safely disabled, as there is little if any need to debug
userspace programs _that_ deeply on an IPFire machine.

Fixes: #12433

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:18:36 +00:00
Arne Fitzenreiter
325a2680c8 kernel: fix diabling CONFIG_MODFIFY_LDT_SYSCALL 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 16:21:49 +02:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Peter Müller
e6514b3af8 kernel: disable CONFIG_DEBUG_LIST on i586(-pae) 
Fixes: #12378

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:51 +00:00
Peter Müller
c2749c1bed kernel: disable CONFIG_USELIB on x86_64 and i586(-pae) 
> This option enables the uselib syscall a system call used in the dynamic
> linker from libc5 and earlier. glibc does not use this system call. If you
> intend to run programs built on libc5 or earlier you may need to enable this
> syscall. Current systems running glibc can safely disable this.

In my point of view, the last sentence matches our situation.

Fixes: #12379

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:13 +00:00
Peter Müller
442a7f5ea2 Kernel: drop Memstick support 
These are not needed anymore since Sony announced EOL in 2010 and there
is no legitimate use case for such hardware on a firewall system.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:13:14 +00:00
Peter Müller
90ecad4f66 Kernel: drop bluetooth support 
The bluetooth addon was recently removed by commit
592be1d206, which is why we do not need to
carry the corresponding kernel modules around anymore.

The second version of this patch correctly updates kernel configuration
files via "make oldconfig" as requested by Arne.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:12:58 +00:00
Arne Fitzenreiter
831ff05d89 kernel: enable and enforce signed kernel modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-06 15:09:52 +01:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:23:08 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 23:07:44 +02:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Arne Fitzenreiter
69cf4f3065 kernel: update to 4.14.146 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-09-21 20:44:52 +02:00
Arne Fitzenreiter
3b415347bb kernel: update to 4.14.137 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-07 20:38:25 +00:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Arne Fitzenreiter
716f00b116 kernel: update to 4.14.121 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:42:51 +02:00
Arne Fitzenreiter
16cb73d901 kernel: update to 4.14.120 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-17 07:10:52 +02:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Arne Fitzenreiter
f2afd5e70d kernel: update to 4.14.111 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:23 +02:00
Arne Fitzenreiter
aa20f1b277 kernel: update to 4.14.110 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-05 07:46:34 +02:00
Michael Tremer
48d3cde9ce kernel: Disable some debugging in expactation to increase performance 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 21:58:23 +01:00
Michael Tremer
474a6a5978 kernel: Enable strict checks for /dev/mem 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 21:55:03 +01:00
Michael Tremer
30c33cb318 kernel: Enable debugging for Atheros drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
62bf7bd2b2 kernel: Enable DFS support for ath*k drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Matthias Fischer
256070e92f Added 'CONFIG_X86_MSR=y for 'powertop' to i586 and x86_64 builds for fixing #11997 
Triggered by:
https://forum.ipfire.org/viewtopic.php?f=69&t=22274

This - probably - fixes Bug #11997.

Needs testing on 64bit installations!

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-17 13:03:56 +00:00
Arne Fitzenreiter
329788dee5 kernel: update to 4.14.97 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-03 12:45:52 +01:00
Arne Fitzenreiter
503a6f155b kernel: update to 4.14.94 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-22 07:41:18 +01:00
Arne Fitzenreiter
5ed864857a kernel: disable FW_LOADER_USER_HELPER_FALLBACK 
newer (e)udev has dropped the support for this.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 14:33:45 +01:00
Arne Fitzenreiter
16c18024bb kernel: compress kernel modules with xz 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 14:30:14 +01:00
Arne Fitzenreiter
bdf9df742c kernel: update to 4.14.71 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-20 19:51:43 +02:00
Arne Fitzenreiter
924b48c789 kernel: update to 4.14.69 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-12 21:04:07 +02:00
Arne Fitzenreiter
6c9651f620 kernel: update to 4.14.43 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-24 07:40:22 +02:00
Arne Fitzenreiter
b69338e0e8 kernel: update to 4.14.38 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-30 12:26:30 +02:00
Arne Fitzenreiter
8718a67ec5 kernel: disable crng unseeded use message spamming 
there was a bug until 4.14.36 that this message are not printed at all
now it work and spam the log at boot.
For security it is is a nightmare to use unseeded random but we and the user
cannot do anything. This is work for platform maintainers to get the crng
working earlier.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-29 09:50:06 +02:00
Arne Fitzenreiter
a9203b4f5b kernel: i586 enable cs5535 gpio module 
this modul is needed for alix led support

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-18 06:11:15 +02:00
Arne Fitzenreiter
96a2ff029e kernel: update config 
disable isdn
disable audit
disable profiling on arm
disable scsi driver on arm

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-11 18:36:57 +02:00
Arne Fitzenreiter
e5ef944d6e kernel: update to 4.14.21 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-23 19:33:15 +01:00
Arne Fitzenreiter
c7a00111e0 kernel: update to 4.14.16 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-02 07:17:10 +01:00
Arne Fitzenreiter
b715af20c9 kernel: update to 4.14.13 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-01-10 22:20:33 +01:00
Arne Fitzenreiter
6d295033e1 kernel: update to 4.14.12 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-01-05 23:31:54 +01:00
Arne Fitzenreiter
f952832418 kernel: updated i586 config and rootfiles 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-26 09:32:47 +01:00
Arne Fitzenreiter
8b6380784c kernel: enable Mellanox ConnectX-4 ethernet driver on i586 cfg 
and disable debug for older Mellanox cards.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-07-27 20:11:14 +02:00
Arne Fitzenreiter
ddc7b38cc0 kernel: fix and enable layer7 filter 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-03-06 13:36:53 +01:00