bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Peter Müller	ee2e7db90b	linux: Add upstream patches for CVE-2022-4{1674,2719-2722} https://lists.ipfire.org/pipermail/development/2022-October/014562.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-10-17 16:26:19 +00:00
Mathew McBride	e77ef36395	kernel: add patches for SFP support on NXP Layerscape/DPAA2 (arm64) These two patches are needed to support SFP's on NXP DPAA2 platforms (e.g Traverse Ten64). The deadlock issue patch was submitted upstream a while ago and rejected, however I am not aware of any better solutions at present. The 10G mode additions are part of mainline since 5.16. These two .patches were sourced from our patchset over here: https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/patches Signed-off-by: Mathew McBride <matt@traverse.com.au> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-10-04 14:45:19 +00:00
Peter Müller	6e8e9cba2a	linux: Update to 5.15.71 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-09-30 17:20:37 +00:00
Peter Müller	ae185d6f9d	linux: Update to 5.15.68 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68 for the changelog of this release. Due to the lack of local build hardware, ARM rootfile and configuration changes have been omitted. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-09-20 10:33:19 +00:00
Peter Müller	4865b7f6b8	Revert "Revert "kernel: update to 5.15.59"" This reverts commit `f25f1b55af`.	2022-08-08 13:17:30 +00:00
Peter Müller	f25f1b55af	Revert "kernel: update to 5.15.59" This reverts commit `43df4a0373`.	2022-08-08 10:10:35 +00:00
Arne Fitzenreiter	43df4a0373	kernel: update to 5.15.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-08-06 07:45:02 +00:00
Peter Müller	37895e21bf	linux: Update to 5.15.57 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57 for the changelog of this version. Since it introduces architecture-dependent rootfile changes due to CPU side-channel mitigations, changes to ARM rootfiles have been omitted due to the lack of hardware. Supposed hardening changes will be submitted separately. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-07-28 13:34:52 +00:00
Peter Müller	0664b1720d	linux: Amend upstream patch to harden mount points of /dev This patch, which has been merged into the mainline Linux kernel, but not yet backported to the 5.15.x tree, precisely addresses our situation: IPFire does not use systemd, but CONFIG_DEVTMPFS_MOUNT. The only explanation I have for bug #12889 arising _now_ is that some component (dracut, maybe) changed its behaviour regarding remounting of already mounted special file systems. As current dracut won't (re)mount any file system already found to be mounted, this means that the mount options decided by the kernel remained untouched for /dev, hence being weak in terms of options hardening possible. As CONFIG_DEVTMPFS_SAFE would not show up in "make menuconfig", changes to kernel configurations have been simulated. Fixes: #12889 Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-25 22:20:48 +00:00
Peter Müller	765da09d41	linux: Update to 5.15.49 Changelog can be retrieved from https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.49 . Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-22 15:10:01 +00:00
Peter Müller	0ffba7d4f6	linux: Update to 5.15.48 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.48 for the changelog of this version. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-17 06:59:50 +00:00
Peter Müller	db8639bbfa	linux: Update to 5.15.46 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46 for the changelog of this version. Due to operational constraints, ARM rootfile changes are simulated. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:38:42 +00:00
Arne Fitzenreiter	9fa01e4276	kernel: update to 5.15.35 in kernel 5.15.32 the driver for ATH9K wlan cards is unstable. This is one of the most used cards so we need this update before releasing core167 final. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-04-22 12:48:32 +00:00
Peter Müller	5bd8fc1273	Revert "linux: Disable LSM for /dev/io port access" This reverts commit `5b966f1b0a`.	2022-04-21 19:29:32 +00:00
Peter Müller	5b966f1b0a	linux: Disable LSM for /dev/io port access flashrom needs access to /dev/io ports for flashing firmware, a functionality we cannot cease to support. Therefore, LSM constraints are disabled for ioport.c, hopefully permitting us to keep it enabled. Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-19 13:57:35 +00:00
Peter Müller	f0a86e1865	linux: Pick up Michael's patch for correctly holding RCU lock while nf_reinject'ing Fixes: #12760 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-05 05:47:09 +00:00
Peter Müller	c241c6a0b9	linux: Fix BLAKE2 checksum I accidentally copied & wasted the wrong one into it. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-05 05:33:06 +00:00
Peter Müller	9a647fe59d	kernel: Update to 5.15.32 Refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.32 for the changelog of this version. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-04 20:02:19 +00:00
Peter Müller	400c4e8edb	Kernel: Block non-UID-0 profiling completely This is recommended by KSPP, Lynis, and others. Indeed, there is no legitimate reason why an unprivileged user on IPFire should do any profiling. Unfortunately, this change never landed in the mainline kernel, hence a distribution patch is necessary. The second version of this patch rebases the kernel patch by Jeff Vander Stoep against Linux 5.15.17 to avoid fuzzying. Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-04 19:58:49 +00:00
Peter Müller	9a7e4d8506	Switch checksums from MD5 to BLAKE2 Historically, the MD5 checksums in our LFS files serve as a protection against broken downloads, or accidentally corrupted source files. While the sources are nowadays downloaded via HTTPS, it make sense to beef up integrity protection for them, since transparently intercepting TLS is believed to be feasible for more powerful actors, and the state of the public PKI ecosystem is clearly not helping. Therefore, this patch switches from MD5 to BLAKE2, updating all LFS files as well as make.sh to deal with this checksum algorithm. BLAKE2 is notably faster (and more secure) than SHA2, so the performance penalty introduced by this patch is negligible, if noticeable at all. In preparation of this patch, the toolchain files currently used have been supplied with BLAKE2 checksums as well on https://source.ipfire.org/. Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremeripfire.org>	2022-04-02 14:19:25 +00:00
Michael Tremer	32ce7ab402	linux: Fix for CVE-2022-0847 aka Dirty Pipe https://dirtypipe.cm4all.com Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2022-03-08 09:59:43 +00:00
Michael Tremer	5c1a1094ed	kernel: Add a basic configuration for riscv64 This kernel configuration is a copy of our kernel configuration for x86_64 on which I ran "make olddefconfig" which will set any unknown values to their defaults. This exists so that we have some kernel (which I did not try to boot) to complete the build process. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2022-02-22 19:41:39 +00:00
Peter Müller	66c3619872	Early spring clean: Remove trailing whitespaces, and correct licence headers Bumping across one of our scripts with very long trailing whitespaces, I thought it might be a good idea to clean these up. Doing so, some missing or inconsistent licence headers were fixed. There is no need in shipping all these files en bloc, as their functionality won't change. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-02-18 23:54:57 +00:00
Arne Fitzenreiter	a17f1fbbe2	kernel: update to 5.15.23 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-12 07:03:49 +00:00
Arne Fitzenreiter	59ec91c171	kernel: update to 5.15.22 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-09 12:17:53 +00:00
Arne Fitzenreiter	70c57ed33e	kernel: update to 5.15.21 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-06 14:09:43 +00:00
Arne Fitzenreiter	b2b4417857	kernel: update to 5.15.17 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-29 20:30:21 +00:00
Arne Fitzenreiter	c18dda556b	kernel: update to 5.15.16 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-21 10:06:22 +00:00
Michael Tremer	6cf219c427	Drop support for i586 This patch removes support for i586 according to the decision being taken over a year ago. It removes the architecture from the build system and removes all required hacks and other quirks that have been necessary before. There is no need to ship any changed files to the remaining architectures as the removed code branches have not been used. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-12-04 23:27:26 +01:00
Arne Fitzenreiter	65067248d1	kernel: update to 5.15.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-12-02 11:34:38 +01:00
Arne Fitzenreiter	6e739d1050	kernel: update to 5.15.5 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-25 11:26:12 +00:00
Arne Fitzenreiter	90aa257477	kernel: update to 5.15.4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-24 07:42:25 +00:00
Arne Fitzenreiter	d4a6dc4270	kernel: update to 5.15.3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-21 10:56:26 +00:00
Arne Fitzenreiter	96c83b21b3	kernel: update to 5.15.2 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-13 15:25:39 +00:00
Arne Fitzenreiter	db8199076d	kernel: increase CMA size to 24MB mmc ports need this for DMA transfers. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-10 21:58:44 +00:00
Arne Fitzenreiter	cb9c6cfbd7	kernel: update to 5.15.1 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-09 18:24:26 +01:00
Arne Fitzenreiter	1296f1b081	kernel: update to 5.15.0 todo add arm patches, configs and rootfiles Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-04 21:49:44 +01:00
Arne Fitzenreiter	832490f063	kernel: update to 5.10.76 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-28 00:39:07 +02:00
Arne Fitzenreiter	2e82a4002d	kernel: update to 5.10.75 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-21 04:39:52 +02:00
Arne Fitzenreiter	03c7877845	kernel: update to 5.10.74 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-18 00:35:42 +02:00
Arne Fitzenreiter	79930b29a4	kernel: update to 5.10.73 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-15 08:07:04 +02:00
Arne Fitzenreiter	5c372259e3	kernel: update to 5.10.72 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-10 13:23:30 +02:00
Arne Fitzenreiter	58f6264fa4	kernel: update to 5.10.71 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-10 06:46:25 +00:00
Arne Fitzenreiter	577c7c09fa	kernel: update to 5.10.70 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-01 23:23:01 +02:00
Arne Fitzenreiter	3d17e0d683	kernel: update to 5.10.69 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-27 12:21:51 +02:00
Arne Fitzenreiter	13fcfb9a0e	kernel: update to 5.10.68 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-26 14:58:27 +02:00
Arne Fitzenreiter	037dc6b9bc	kernel: update to 5.10.67 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 23:45:56 +02:00
Arne Fitzenreiter	52758d52c3	kernel: update to 5.10.55 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-08-01 11:50:25 +02:00
Arne Fitzenreiter	4e6052e937	kernel: update to 5.10.54 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-28 22:42:51 +02:00
Arne Fitzenreiter	bcea571211	kernel: update to 5.10.53 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-25 23:48:58 +02:00

1 2 3 4 5 ...

714 Commits