bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	acb3aa6abd	kernel: add nanopi r2c patches https://git.ipfire.org/?p=people/arne_f/kernel.git;a=commit;h=4a06c119e0065bf8794a98bd21a71ff6236d32d1 https://git.ipfire.org/?p=people/arne_f/kernel.git;a=commit;h=716f69f11cf3bf328453cc3e284d5bce7feb9a0e Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-04-24 19:00:45 +00:00
Peter Müller	6aa0837d24	linux: Update to 6.1.24 Compiling the kernel has automatically introduced CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to be confused with its stackleak counterpart). However, according to related documentation, this neither introduces a security nor performance disadvantage. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2023-04-19 09:33:38 +00:00
Michael Tremer	a4a39bb97d	linux: Re-add accidentially dropped download URL This line has accidentially been dropped when fixing a merge conflict. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-02-12 09:06:13 +00:00
Michael Tremer	82e65a3a54	Merge branch 'master' into next	2023-02-11 16:36:13 +00:00
Arne Fitzenreiter	c8bcc3364f	kernel: update to 6.1.11 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-02-11 16:34:22 +00:00
Michael Tremer	39f94ee8eb	Drop support for armv6l (and armv7hl) This removes support for building IPFire for 32 bit ARM architectures. This has been decided in August 2022 with six months notice as there are not very many users and hardware is generally not available any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-02-10 09:26:37 +00:00
Arne Fitzenreiter	b5282bf067	kernel: update to 6.1.10 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-02-08 09:31:51 +00:00
Arne Fitzenreiter	726e227876	kernel: update to 6.1.9 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-02-03 16:01:48 +00:00
Arne Fitzenreiter	65a020cbcf	kernel: update to 6.1.8 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-30 16:46:42 +00:00
Arne Fitzenreiter	e44ec65f55	kernel: update to 6.1.7 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-01-18 14:12:29 +01:00
Arne Fitzenreiter	4526b1c98f	kernel: update to 6.1.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-01-14 14:38:08 +00:00
Arne Fitzenreiter	c35ec822bb	kernel: update to 6.1.5 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-01-13 14:12:56 +00:00
Arne Fitzenreiter	f6be969f1a	kernel: update to 6.1.4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-01-08 10:28:27 +00:00
Arne Fitzenreiter	6535255270	kernel: update to 6.1.3 the kernel-6.1.x series should be the next lts series...	2023-01-08 10:08:33 +00:00
Peter Müller	0e18e19a87	linux: Update to 5.15.86 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-05 14:44:09 +00:00
Peter Müller	63b3a6edb3	linux: Update to 5.15.85 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2023-01-03 16:07:48 +00:00
Peter Müller	ee2e7db90b	linux: Add upstream patches for CVE-2022-4{1674,2719-2722} https://lists.ipfire.org/pipermail/development/2022-October/014562.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-10-17 16:26:19 +00:00
Mathew McBride	e77ef36395	kernel: add patches for SFP support on NXP Layerscape/DPAA2 (arm64) These two patches are needed to support SFP's on NXP DPAA2 platforms (e.g Traverse Ten64). The deadlock issue patch was submitted upstream a while ago and rejected, however I am not aware of any better solutions at present. The 10G mode additions are part of mainline since 5.16. These two .patches were sourced from our patchset over here: https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/patches Signed-off-by: Mathew McBride <matt@traverse.com.au> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-10-04 14:45:19 +00:00
Peter Müller	6e8e9cba2a	linux: Update to 5.15.71 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-09-30 17:20:37 +00:00
Peter Müller	ae185d6f9d	linux: Update to 5.15.68 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.68 for the changelog of this release. Due to the lack of local build hardware, ARM rootfile and configuration changes have been omitted. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-09-20 10:33:19 +00:00
Peter Müller	4865b7f6b8	Revert "Revert "kernel: update to 5.15.59"" This reverts commit `f25f1b55af`.	2022-08-08 13:17:30 +00:00
Peter Müller	f25f1b55af	Revert "kernel: update to 5.15.59" This reverts commit `43df4a0373`.	2022-08-08 10:10:35 +00:00
Arne Fitzenreiter	43df4a0373	kernel: update to 5.15.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>	2022-08-06 07:45:02 +00:00
Peter Müller	37895e21bf	linux: Update to 5.15.57 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57 for the changelog of this version. Since it introduces architecture-dependent rootfile changes due to CPU side-channel mitigations, changes to ARM rootfiles have been omitted due to the lack of hardware. Supposed hardening changes will be submitted separately. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-07-28 13:34:52 +00:00
Peter Müller	0664b1720d	linux: Amend upstream patch to harden mount points of /dev This patch, which has been merged into the mainline Linux kernel, but not yet backported to the 5.15.x tree, precisely addresses our situation: IPFire does not use systemd, but CONFIG_DEVTMPFS_MOUNT. The only explanation I have for bug #12889 arising _now_ is that some component (dracut, maybe) changed its behaviour regarding remounting of already mounted special file systems. As current dracut won't (re)mount any file system already found to be mounted, this means that the mount options decided by the kernel remained untouched for /dev, hence being weak in terms of options hardening possible. As CONFIG_DEVTMPFS_SAFE would not show up in "make menuconfig", changes to kernel configurations have been simulated. Fixes: #12889 Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-25 22:20:48 +00:00
Peter Müller	765da09d41	linux: Update to 5.15.49 Changelog can be retrieved from https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.49 . Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-22 15:10:01 +00:00
Peter Müller	0ffba7d4f6	linux: Update to 5.15.48 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.48 for the changelog of this version. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-06-17 06:59:50 +00:00
Peter Müller	db8639bbfa	linux: Update to 5.15.46 Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46 for the changelog of this version. Due to operational constraints, ARM rootfile changes are simulated. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:38:42 +00:00
Arne Fitzenreiter	9fa01e4276	kernel: update to 5.15.35 in kernel 5.15.32 the driver for ATH9K wlan cards is unstable. This is one of the most used cards so we need this update before releasing core167 final. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-04-22 12:48:32 +00:00
Peter Müller	5bd8fc1273	Revert "linux: Disable LSM for /dev/io port access" This reverts commit `5b966f1b0a`.	2022-04-21 19:29:32 +00:00
Peter Müller	5b966f1b0a	linux: Disable LSM for /dev/io port access flashrom needs access to /dev/io ports for flashing firmware, a functionality we cannot cease to support. Therefore, LSM constraints are disabled for ioport.c, hopefully permitting us to keep it enabled. Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-19 13:57:35 +00:00
Peter Müller	f0a86e1865	linux: Pick up Michael's patch for correctly holding RCU lock while nf_reinject'ing Fixes: #12760 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-05 05:47:09 +00:00
Peter Müller	c241c6a0b9	linux: Fix BLAKE2 checksum I accidentally copied & wasted the wrong one into it. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-05 05:33:06 +00:00
Peter Müller	9a647fe59d	kernel: Update to 5.15.32 Refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.32 for the changelog of this version. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-04 20:02:19 +00:00
Peter Müller	400c4e8edb	Kernel: Block non-UID-0 profiling completely This is recommended by KSPP, Lynis, and others. Indeed, there is no legitimate reason why an unprivileged user on IPFire should do any profiling. Unfortunately, this change never landed in the mainline kernel, hence a distribution patch is necessary. The second version of this patch rebases the kernel patch by Jeff Vander Stoep against Linux 5.15.17 to avoid fuzzying. Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-04 19:58:49 +00:00
Peter Müller	9a7e4d8506	Switch checksums from MD5 to BLAKE2 Historically, the MD5 checksums in our LFS files serve as a protection against broken downloads, or accidentally corrupted source files. While the sources are nowadays downloaded via HTTPS, it make sense to beef up integrity protection for them, since transparently intercepting TLS is believed to be feasible for more powerful actors, and the state of the public PKI ecosystem is clearly not helping. Therefore, this patch switches from MD5 to BLAKE2, updating all LFS files as well as make.sh to deal with this checksum algorithm. BLAKE2 is notably faster (and more secure) than SHA2, so the performance penalty introduced by this patch is negligible, if noticeable at all. In preparation of this patch, the toolchain files currently used have been supplied with BLAKE2 checksums as well on https://source.ipfire.org/. Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremeripfire.org>	2022-04-02 14:19:25 +00:00
Michael Tremer	32ce7ab402	linux: Fix for CVE-2022-0847 aka Dirty Pipe https://dirtypipe.cm4all.com Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2022-03-08 09:59:43 +00:00
Michael Tremer	5c1a1094ed	kernel: Add a basic configuration for riscv64 This kernel configuration is a copy of our kernel configuration for x86_64 on which I ran "make olddefconfig" which will set any unknown values to their defaults. This exists so that we have some kernel (which I did not try to boot) to complete the build process. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2022-02-22 19:41:39 +00:00
Peter Müller	66c3619872	Early spring clean: Remove trailing whitespaces, and correct licence headers Bumping across one of our scripts with very long trailing whitespaces, I thought it might be a good idea to clean these up. Doing so, some missing or inconsistent licence headers were fixed. There is no need in shipping all these files en bloc, as their functionality won't change. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-02-18 23:54:57 +00:00
Arne Fitzenreiter	a17f1fbbe2	kernel: update to 5.15.23 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-12 07:03:49 +00:00
Arne Fitzenreiter	59ec91c171	kernel: update to 5.15.22 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-09 12:17:53 +00:00
Arne Fitzenreiter	70c57ed33e	kernel: update to 5.15.21 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-06 14:09:43 +00:00
Arne Fitzenreiter	b2b4417857	kernel: update to 5.15.17 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-29 20:30:21 +00:00
Arne Fitzenreiter	c18dda556b	kernel: update to 5.15.16 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-21 10:06:22 +00:00
Michael Tremer	6cf219c427	Drop support for i586 This patch removes support for i586 according to the decision being taken over a year ago. It removes the architecture from the build system and removes all required hacks and other quirks that have been necessary before. There is no need to ship any changed files to the remaining architectures as the removed code branches have not been used. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-12-04 23:27:26 +01:00
Arne Fitzenreiter	65067248d1	kernel: update to 5.15.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-12-02 11:34:38 +01:00
Arne Fitzenreiter	6e739d1050	kernel: update to 5.15.5 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-25 11:26:12 +00:00
Arne Fitzenreiter	90aa257477	kernel: update to 5.15.4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-24 07:42:25 +00:00
Arne Fitzenreiter	d4a6dc4270	kernel: update to 5.15.3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-21 10:56:26 +00:00
Arne Fitzenreiter	96c83b21b3	kernel: update to 5.15.2 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-13 15:25:39 +00:00

1 2 3 4 5 ...

730 Commits