webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-01 07:50:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,684 Commits 2 Branches 1 Tag
4264e41a612187b2c985d0ce843b598aaba648c5
Commit Graph

58 Commits

Author SHA1 Message Date
Peter Müller
4264e41a61 kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64 
> This option checks for a stack overrun on calls to schedule(). If the stack
> end location is found to be over written always panic as the content of the
> corrupted region can no longer be trusted. This is to ensure no erroneous
> behaviour occurs which could result in data corruption or a sporadic crash at a
> later stage once the region is examined. The runtime overhead introduced is
> minimal.

Fixes: #12376

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:34 +00:00
Peter Müller
c2749c1bed kernel: disable CONFIG_USELIB on x86_64 and i586(-pae) 
> This option enables the uselib syscall a system call used in the dynamic
> linker from libc5 and earlier. glibc does not use this system call. If you
> intend to run programs built on libc5 or earlier you may need to enable this
> syscall. Current systems running glibc can safely disable this.

In my point of view, the last sentence matches our situation.

Fixes: #12379

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:13 +00:00
Peter Müller
efd508e9f6 kernel: enable page poisoning on x86_64 
This is already active on i586 and prevents information leaks from freed
data.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:14:15 +00:00
Peter Müller
442a7f5ea2 Kernel: drop Memstick support 
These are not needed anymore since Sony announced EOL in 2010 and there
is no legitimate use case for such hardware on a firewall system.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:13:14 +00:00
Peter Müller
90ecad4f66 Kernel: drop bluetooth support 
The bluetooth addon was recently removed by commit
592be1d206, which is why we do not need to
carry the corresponding kernel modules around anymore.

The second version of this patch correctly updates kernel configuration
files via "make oldconfig" as requested by Arne.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:12:58 +00:00
Arne Fitzenreiter
831ff05d89 kernel: enable and enforce signed kernel modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-06 15:09:52 +01:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:23:08 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 23:07:44 +02:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Arne Fitzenreiter
69cf4f3065 kernel: update to 4.14.146 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-09-21 20:44:52 +02:00
Arne Fitzenreiter
3b415347bb kernel: update to 4.14.137 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-07 20:38:25 +00:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Arne Fitzenreiter
716f00b116 kernel: update to 4.14.121 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:42:51 +02:00
Arne Fitzenreiter
16cb73d901 kernel: update to 4.14.120 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-17 07:10:52 +02:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Arne Fitzenreiter
f2afd5e70d kernel: update to 4.14.111 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:23 +02:00
Arne Fitzenreiter
aa20f1b277 kernel: update to 4.14.110 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-05 07:46:34 +02:00
Michael Tremer
48d3cde9ce kernel: Disable some debugging in expactation to increase performance 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 21:58:23 +01:00
Michael Tremer
474a6a5978 kernel: Enable strict checks for /dev/mem 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 21:55:03 +01:00
Michael Tremer
30c33cb318 kernel: Enable debugging for Atheros drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
62bf7bd2b2 kernel: Enable DFS support for ath*k drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Matthias Fischer
256070e92f Added 'CONFIG_X86_MSR=y for 'powertop' to i586 and x86_64 builds for fixing #11997 
Triggered by:
https://forum.ipfire.org/viewtopic.php?f=69&t=22274

This - probably - fixes Bug #11997.

Needs testing on 64bit installations!

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-17 13:03:56 +00:00
Arne Fitzenreiter
329788dee5 kernel: update to 4.14.97 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-03 12:45:52 +01:00
Arne Fitzenreiter
ec7d630b62 kernel: x86_64 encrease NR_CPUS to 64 
fixes #11963

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-22 07:46:08 +01:00
Arne Fitzenreiter
503a6f155b kernel: update to 4.14.94 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-22 07:41:18 +01:00
Arne Fitzenreiter
16c18024bb kernel: compress kernel modules with xz 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 14:30:14 +01:00
Arne Fitzenreiter
bdf9df742c kernel: update to 4.14.71 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-20 19:51:43 +02:00
Arne Fitzenreiter
924b48c789 kernel: update to 4.14.69 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-12 21:04:07 +02:00
Arne Fitzenreiter
6c9651f620 kernel: update to 4.14.43 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-24 07:40:22 +02:00
Arne Fitzenreiter
b69338e0e8 kernel: update to 4.14.38 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-30 12:26:30 +02:00
Arne Fitzenreiter
8718a67ec5 kernel: disable crng unseeded use message spamming 
there was a bug until 4.14.36 that this message are not printed at all
now it work and spam the log at boot.
For security it is is a nightmare to use unseeded random but we and the user
cannot do anything. This is work for platform maintainers to get the crng
working earlier.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-29 09:50:06 +02:00
Arne Fitzenreiter
96a2ff029e kernel: update config 
disable isdn
disable audit
disable profiling on arm
disable scsi driver on arm

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-11 18:36:57 +02:00
Arne Fitzenreiter
b465322d7c kernel: x86_64 enable DEVFREQ modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-30 16:39:02 +02:00
Arne Fitzenreiter
e5ef944d6e kernel: update to 4.14.21 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-23 19:33:15 +01:00
Arne Fitzenreiter
c7a00111e0 kernel: update to 4.14.16 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-02 07:17:10 +01:00
Arne Fitzenreiter
b715af20c9 kernel: update to 4.14.13 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-01-10 22:20:33 +01:00
Arne Fitzenreiter
6d295033e1 kernel: update to 4.14.12 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-01-05 23:31:54 +01:00
Arne Fitzenreiter
2e1fe3c816 kernel: update to 4.14.1 
only x86_config has updated yet and grsecurity is removed.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-22 12:29:36 +01:00
Arne Fitzenreiter
8b6380784c kernel: enable Mellanox ConnectX-4 ethernet driver on i586 cfg 
and disable debug for older Mellanox cards.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-07-27 20:11:14 +02:00
Arne Fitzenreiter
ddc7b38cc0 kernel: fix and enable layer7 filter 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-03-06 13:36:53 +01:00
Arne Fitzenreiter
60661dddae kernel: update to 4.9.12 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-02-25 15:08:29 +01:00
Arne Fitzenreiter
91648bd166 kernel: updated to 4.9.8 
at the moment its only for x86_64 and layer7 is disabled because it crashs.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-02-12 19:58:43 +01:00
Michael Tremer
f5194e7a38 kernel: Fix broken syntax in configuration file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-07-15 11:09:42 +01:00
Arne Fitzenreiter
7959134a55 kernel: disable amd ccp support 
ccp based trng of the apu2 produce none random data.
Aes accleration is also not used because IPFire prefere
AES-NI if this is supported.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-07-11 11:00:55 +02:00
Arne Fitzenreiter
484e62046e kernel: update to 3.14.74 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-06-29 17:04:28 +02:00
Arne Fitzenreiter
545c15b0a1 kernel: add PC Engines(TM) APU2 LED driver 2016-03-26 10:15:45 +01:00
Arne Fitzenreiter
6fa34327dd kernel: enable NFS_DEBUG 
fixes #11053
 2016-03-14 18:04:38 +01:00