bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 05:22:59 +02:00

Author	SHA1	Message	Date
Peter Müller	dce8d55955	linux: Update x86_64 rootfile Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-19 21:34:56 +00:00
Arne Fitzenreiter	3e066f550b	kernel: update rootfiles and config Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-01-15 09:19:25 +00:00
Arne Fitzenreiter	6535255270	kernel: update to 6.1.3 the kernel-6.1.x series should be the next lts series...	2023-01-08 10:08:33 +00:00
Peter Müller	f46f939827	linux: Update configuration files and x86_64 rootfile Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-04 21:26:43 +00:00
Peter Müller	63b3a6edb3	linux: Update to 5.15.85 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-03 16:07:48 +00:00
Peter Müller	ae185d6f9d	linux: Update to 5.15.68 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68 for the changelog of this release. Due to the lack of local build hardware, ARM rootfile and configuration changes have been omitted. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-09-20 10:33:19 +00:00
Peter Müller	4865b7f6b8	Revert "Revert "kernel: update to 5.15.59"" This reverts commit `f25f1b55af`.	2022-08-08 13:17:30 +00:00
Peter Müller	5a18ee55e6	Revert "linux: Randomize layout of sensitive kernel structures" This reverts commit `4c46e7f818`.	2022-08-08 13:17:19 +00:00
Peter Müller	f25f1b55af	Revert "kernel: update to 5.15.59" This reverts commit `43df4a0373`.	2022-08-08 10:10:35 +00:00
Arne Fitzenreiter	43df4a0373	kernel: update to 5.15.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-08-06 07:45:02 +00:00
Peter Müller	893427ad8b	linux: Update rootfiles Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-08-04 12:11:53 +00:00
Peter Müller	4c46e7f818	linux: Randomize layout of sensitive kernel structures To quote from the kernel documentation: > If you say Y here, the layouts of structures that are entirely > function pointers (and have not been manually annotated with > __no_randomize_layout), or structures that have been explicitly > marked with __randomize_layout, will be randomized at compile-time. > This can introduce the requirement of an additional information > exposure vulnerability for exploits targeting these structure > types. > > Enabling this feature will introduce some performance impact, > slightly increase memory usage, and prevent the use of forensic > tools like Volatility against the system (unless the kernel > source tree isn't cleaned after kernel installation). > > The seed used for compilation is located at > scripts/gcc-plgins/randomize_layout_seed.h. It remains after > a make clean to allow for external modules to be compiled with > the existing seed and will be removed by a make mrproper or > make distclean. > > Note that the implementation requires gcc 4.7 or newer. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>	2022-08-03 10:59:03 +00:00
Peter Müller	5591a68c05	linux: Enable Intel DMA Remapping Devices by default on x86_64 If available, the kernel will enable IOMMU (a/k/a DMA remapping) by default on boot. To tools making use of that, particularly hypervisors, this provides better security without any downsides. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-07-28 13:35:20 +00:00
Peter Müller	37895e21bf	linux: Update to 5.15.57 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57 for the changelog of this version. Since it introduces architecture-dependent rootfile changes due to CPU side-channel mitigations, changes to ARM rootfiles have been omitted due to the lack of hardware. Supposed hardening changes will be submitted separately. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-07-28 13:34:52 +00:00
Peter Müller	5991f39282	linux: Update rootfiles to reflect /dev mount option change Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-27 17:30:47 +00:00
Peter Müller	d9aece2af9	linux: Update rootfile Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-23 06:44:09 +00:00
Peter Müller	d819a62b14	linux: Update rootfiles Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-13 20:45:51 +00:00
Peter Müller	db8639bbfa	linux: Update to 5.15.46 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46 for the changelog of this version. Due to operational constraints, ARM rootfile changes are simulated. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:38:42 +00:00
Arne Fitzenreiter	9fa01e4276	kernel: update to 5.15.35 in kernel 5.15.32 the driver for ATH9K wlan cards is unstable. This is one of the most used cards so we need this update before releasing core167 final. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-04-22 12:48:32 +00:00
Peter Müller	3f65e4996b	kernel: Align rootfile again due to forgotten hardening patch Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-06 20:18:22 +00:00
Peter Müller	4fb7569811	linux: Update rootfile to reflect kernel hardening changes Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-05 08:42:00 +00:00
Arne Fitzenreiter	70c57ed33e	kernel: update to 5.15.21 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-06 14:09:43 +00:00
Arne Fitzenreiter	d68f875d61	kernel: enable support for compressed firmwares Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-28 14:44:03 +00:00
Arne Fitzenreiter	6f6d66105a	kernel: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-21 19:31:49 +01:00
Arne Fitzenreiter	c0cb2605d7	kernel: x86_64 rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-05 18:03:02 +01:00
Arne Fitzenreiter	58f6264fa4	kernel: update to 5.10.71 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-10 06:46:25 +00:00
Arne Fitzenreiter	6d8cc5a74e	kernel: x86 rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 23:46:14 +02:00
Arne Fitzenreiter	f696f419ad	kernel: update to 5.10.46 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:40 +02:00
Arne Fitzenreiter	663ab267ba	kernel: update to 5.10.42 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:38 +02:00
Arne Fitzenreiter	5235ab4817	kernel: update to 5.10.38 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:38 +02:00
Arne Fitzenreiter	03b7752c80	kernel: update to 5.10.29 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:38 +02:00
Arne Fitzenreiter	82b0e0f13d	kernel: x86* disable alg modules the application layer gateway modules can used to bypass the nat via nat slipstreaming. I had disabled all of them. If one is really needed we can reenable it later. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:37 +02:00
Arne Fitzenreiter	f721328ce2	kernel: update i586 and x86_64 rootfiles Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:37 +02:00
Arne Fitzenreiter	3c3d0be877	kernel: x86_64 rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:37 +02:00
Arne Fitzenreiter	551756d35d	kernel: i586 and x86_64 rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:36 +02:00
Michael Tremer	904386624c	kernel: Compile RNG drivers into the kernel The kernel will try to gather entropy really early in the boot process where those device drivers might not have been loaded yet. They are small and can therefore be compiled into the kernel like we already do on ARM. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-07-05 07:42:36 +02:00
Arne Fitzenreiter	c062c7700f	kernel: update to 5.10.5 todo: add armv5tel and aarch64 config and rootfiles. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-07-05 07:42:36 +02:00
Arne Fitzenreiter	10ce44b0c6	kernel: update to 4.14.232 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-05-16 11:58:42 +00:00
Michael Tremer	710b6ef1e8	Update the kernel's rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-02-01 11:13:24 +00:00
Arne Fitzenreiter	ce9f979c01	kernel: update to 4.14.195 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-08-31 06:58:32 +02:00
Arne Fitzenreiter	f3a59d63e2	kernel: update to 4.14.184 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-12 16:04:48 +02:00
Arne Fitzenreiter	a43b370411	kernel: update to 4.14.183 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-04 08:37:00 +02:00
Arne Fitzenreiter	ee9bc7c477	kernel: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-02-08 15:21:16 +01:00
Arne Fitzenreiter	4baee8fa4c	kernel: fix x86_64 rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-15 16:29:42 +01:00
Arne Fitzenreiter	44b227b102	kernel: update to 4.14.154 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-14 22:12:12 +01:00
Michael Tremer	951a9f9ba0	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:08 +00:00
Arne Fitzenreiter	c27fdd8697	Revert "linux+iptables: Drop support for IMQ" This reverts commit `59b9a6bd22`.	2019-10-20 20:20:26 +00:00
Michael Tremer	59b9a6bd22	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:55 +00:00
Michael Tremer	759be5855f	linux: Fix rootfile to ship GeoIP modules Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-24 14:39:30 +01:00
Arne Fitzenreiter	70590cef48	Kernel: update to 4.14.128 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-06-19 21:01:29 +02:00

1 2

65 Commits