webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-10 17:28:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
20,516 Commits 2 Branches 1 Tag
e031838684f225c334595f87c783634cc3d4163d
Commit Graph

61 Commits

Author SHA1 Message Date
Arne Fitzenreiter
6a005bd9aa kernel: update to 6.1.28 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-16 18:53:01 +00:00
Arne Fitzenreiter
cb73ca19a6 kernel: patch CVE-2023-32233 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-05-11 19:48:40 +00:00
Arne Fitzenreiter
6a0c5ef65a kernel: update to 6.1.27 
the layer7 patch is rebased to apply without fuzzing.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-03 05:07:17 +00:00
Arne Fitzenreiter
6535255270 kernel: update to 6.1.3 
the kernel-6.1.x series should be the next lts series...
 2023-01-08 10:08:33 +00:00
Peter Müller
63b3a6edb3 linux: Update to 5.15.85 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2023-01-03 16:07:48 +00:00
Peter Müller
ee2e7db90b linux: Add upstream patches for CVE-2022-4{1674,2719-2722} 
https://lists.ipfire.org/pipermail/development/2022-October/014562.html

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-10-17 16:26:19 +00:00
Mathew McBride
e77ef36395 kernel: add patches for SFP support on NXP Layerscape/DPAA2 (arm64) 
These two patches are needed to support SFP's on NXP DPAA2 platforms
(e.g Traverse Ten64).

The deadlock issue patch was submitted upstream a while ago and
rejected, however I am not aware of any better solutions at present.

The 10G mode additions are part of mainline since 5.16.

These two .patches were sourced from our patchset over here:
https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/patches

Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-10-04 14:45:19 +00:00
Peter Müller
4865b7f6b8 Revert "Revert "kernel: update to 5.15.59"" 
This reverts commit f25f1b55af.
 2022-08-08 13:17:30 +00:00
Peter Müller
f25f1b55af Revert "kernel: update to 5.15.59" 
This reverts commit 43df4a0373.
 2022-08-08 10:10:35 +00:00
Arne Fitzenreiter
43df4a0373 kernel: update to 5.15.59 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-06 07:45:02 +00:00
Peter Müller
0664b1720d linux: Amend upstream patch to harden mount points of /dev 
This patch, which has been merged into the mainline Linux kernel, but
not yet backported to the 5.15.x tree, precisely addresses our
situation: IPFire does not use systemd, but CONFIG_DEVTMPFS_MOUNT.

The only explanation I have for bug #12889 arising _now_ is that some
component (dracut, maybe) changed its behaviour regarding remounting of
already mounted special file systems. As current dracut won't (re)mount
any file system already found to be mounted, this means that the mount
options decided by the kernel remained untouched for /dev, hence being
weak in terms of options hardening possible.

As CONFIG_DEVTMPFS_SAFE would not show up in "make menuconfig", changes
to kernel configurations have been simulated.

Fixes: #12889
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-06-25 22:20:48 +00:00
Peter Müller
db8639bbfa linux: Update to 5.15.46 
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46
for the changelog of this version.

Due to operational constraints, ARM rootfile changes are simulated.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-06-13 15:38:42 +00:00
Peter Müller
5bd8fc1273 Revert "linux: Disable LSM for /dev/io port access" 
This reverts commit 5b966f1b0a.
 2022-04-21 19:29:32 +00:00
Peter Müller
5b966f1b0a linux: Disable LSM for /dev/io port access 
flashrom needs access to /dev/io ports for flashing firmware, a
functionality we cannot cease to support. Therefore, LSM constraints are
disabled for ioport.c, hopefully permitting us to keep it enabled.

Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-19 13:57:35 +00:00
Peter Müller
f0a86e1865 linux: Pick up Michael's patch for correctly holding RCU lock while nf_reinject'ing 
Fixes: #12760

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-05 05:47:09 +00:00
Peter Müller
400c4e8edb Kernel: Block non-UID-0 profiling completely 
This is recommended by KSPP, Lynis, and others. Indeed, there is no
legitimate reason why an unprivileged user on IPFire should do any
profiling. Unfortunately, this change never landed in the mainline
kernel, hence a distribution patch is necessary.

The second version of this patch rebases the kernel patch by Jeff
Vander Stoep against Linux 5.15.17 to avoid fuzzying.

Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-04 19:58:49 +00:00
Arne Fitzenreiter
b2b4417857 kernel: update to 5.15.17 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-01-29 20:30:21 +00:00
Arne Fitzenreiter
1296f1b081 kernel: update to 5.15.0 
todo add arm patches, configs and rootfiles

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-11-04 21:49:44 +01:00
Arne Fitzenreiter
4ff8a22566 kernel: fix gcc plugin build with gcc-11 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:39 +02:00
Arne Fitzenreiter
fead781062 kernel: add pc engines apu1 led detection with new bios. 
bios 4.x change the dmi device name from APU to apu1

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
c062c7700f kernel: update to 5.10.5 
todo: add armv5tel and aarch64 config and rootfiles.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2021-07-05 07:42:36 +02:00
Peter Müller
7086c36246 ~/src/patches/: Clean up orphaned patches, second batch 
This also moves existing patches into their applications' directory
within ~/src/patches/, if already existant.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2021-06-04 18:24:23 +02:00
Michael Tremer
4330bf93be Drop backports 
These are some old drivers that we used to pull in from more recent
kernels.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2021-04-08 10:23:56 +00:00
Arne Fitzenreiter
2e1bf458e2 kernel: update to 4.14.206 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-11-12 09:02:02 +01:00
Arne Fitzenreiter
3a69555f90 kernel: add patch agains CVE-2020-14386 
fixes #12483

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-12 09:38:10 +02:00
Arne Fitzenreiter
9dafa28a1c Revert "kernel: add patch against CVE-2020-14386" 
This reverts commit f04023b1ca.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-11 22:16:27 +02:00
Arne Fitzenreiter
f04023b1ca kernel: add patch against CVE-2020-14386 
fixes #12483

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-11 21:27:15 +02:00
Arne Fitzenreiter
b923dd3de0 kernel: backport "random: try to actively add entropy" 
this backports https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/char/random.c?id=50ee7529ec4500c88f8664560770a7a1b65db72b
to gather enough entropy for initialise the crng faster.
Of some machines like the APU it will need forever if
the machine only wait for entropy without doing anything else.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 08:03:01 +00:00
Arne Fitzenreiter
70af65df41 kernel: update to 4.14.173 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-03-11 22:59:38 +01:00
Arne Fitzenreiter
ff58943d8e kernel: cleanup unused kirkwood patches 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-15 17:06:24 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Stefan Schantl
415969cc1b kernel: Backport patch to fix a netfilter contrack related issue. 
This fixes the packet drop issue when using suricata on IPFire.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-09-21 09:53:56 +00:00
Michael Tremer
3966b1e58f iptables: Fix build without kernel source 
The layer7 filter header files were not installed into /usr/include
and therefore we needed to keep the whole kernel source tree.

This is just a waste of space and this patch fixes this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:55:49 +01:00
Arne Fitzenreiter
3005eb2234 kernel: update user regd patch from openwrt 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-30 16:56:56 +01:00
Arne Fitzenreiter
c448474fc7 Revert "kernel: cleanup unused rpi patch" 
This reverts commit a2d49659f3.

The patch is still needed to prevent strange crashes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-03-13 09:39:07 +01:00
Arne Fitzenreiter
c09758302b kernel: update to 4.14.103 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-23 15:56:21 +01:00
Arne Fitzenreiter
173844d352 kernel: import cve-2019-8912 patch 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-22 21:20:57 +01:00
Arne Fitzenreiter
6957b699b3 kernel: apu leds: add more id's 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-22 18:02:45 +01:00
Arne Fitzenreiter
a2d49659f3 kernel: cleanup unused rpi patch 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-21 19:13:27 +01:00
Arne Fitzenreiter
17872019ba kernel: update apu led patch for apu3 and 4 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-19 01:04:19 +01:00
Arne Fitzenreiter
ed4bbe44d1 kernel: fix dwc2 (usb) dma crashes on RPi1-3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-10 20:45:54 +01:00
Arne Fitzenreiter
7529349754 kernel: apu2 leds: update string for newer bios 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 17:19:52 +02:00
Arne Fitzenreiter
39a73adadf kernel: kirkwood: fix iConnect leds and modell name 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-13 07:59:01 +00:00
Arne Fitzenreiter
2e1fe3c816 kernel: update to 4.14.1 
only x86_config has updated yet and grsecurity is removed.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-22 12:29:36 +01:00
Arne Fitzenreiter
d23a284f02 Revert "kernel: revert an upstream patch that break 8TB Blockdevices on 32bit" 
This reverts commit c64e080f3a.
 2017-11-02 19:20:41 +01:00
Arne Fitzenreiter
c64e080f3a kernel: revert an upstream patch that break 8TB Blockdevices on 32bit 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-01 13:38:18 +01:00
Arne Fitzenreiter
b389d73110 Merge branch 'master' into kernel-4.9 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-07-09 12:47:16 +02:00
Arne Fitzenreiter
0b4976e293 kernel: fix amba modules build with gcc6 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-06-20 06:12:45 +02:00