bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	d1f10f3b15	kernel: update to 6.6.47 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-08-19 17:24:09 +02:00
Arne Fitzenreiter	7e70a93aaa	kernel: update to 6.6.46 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-08-18 15:40:33 +02:00
Arne Fitzenreiter	03de90cc3c	kernel: update to 6.6.32 I hope this fix the problems with ASIX AX99179 USB LAN adaptors Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-27 22:03:14 +02:00
Arne Fitzenreiter	25b6a76646	kernel: update to 6.6.31 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-19 13:26:52 +02:00
Arne Fitzenreiter	b712270fb3	Revert "kernel: update x86_64 rootfile" This reverts commit `7b68ef8515`. I have copied the rootfile over the config...	2024-05-08 13:27:24 +02:00
Arne Fitzenreiter	7b68ef8515	kernel: update x86_64 rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-08 06:19:30 +00:00
Arne Fitzenreiter	ae77ce8707	kernel: update aarch64 config and rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-07 07:03:38 +02:00
Arne Fitzenreiter	2eda35a51e	kernel: update to 6.6.30 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-06 19:59:11 +02:00
Michael Tremer	69dde418f1	kernel: Enable XDP https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/thread/S4GPL3OBFZ6LMA52JNLHIOPMNA5C3V6R/ Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-04 06:43:57 +00:00
Arne Fitzenreiter	8c6dd630eb	kernel: update to 6.6.29 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-02 12:35:08 +02:00
Peter Müller	5fea15ef76	linux: Properly load Landlock module Fixes: #13645 Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-29 12:44:31 +00:00
Arne Fitzenreiter	a8e7c5ff86	kernel: update to 6.6.28 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-17 19:39:14 +02:00
Arne Fitzenreiter	4b5d8a37b6	kernel: disable CONFIG_N_GSM this feature should not used by IPFire and there is a possible unfixed race condition that can used for a privilege elevation attack. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-14 14:38:32 +02:00
Arne Fitzenreiter	31a8214d16	kernel: update to 6.6.26 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-11 12:55:25 +02:00
Arne Fitzenreiter	c2eb250ac6	kernel: update riscv64 config and rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-08 10:10:27 +02:00
Arne Fitzenreiter	732199b11b	kernel: enable CPUFREQ for Raspberry Pi Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-06 07:47:42 +00:00
Arne Fitzenreiter	340f11ccbc	kernel: update to 6.6.25 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-05 22:27:55 +02:00
Arne Fitzenreiter	2fc167d93b	kernel: update to 6.6.24 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-04 23:33:01 +02:00
Arne Fitzenreiter	ce30d74893	kernel: update to 6.6.23 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-03-31 10:49:46 +02:00
Arne Fitzenreiter	28796e09e5	kernel: update to 6.6.22 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-03-21 19:10:10 +01:00
Arne Fitzenreiter	d145574673	kernel: update to 6.6.15 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-02-02 07:33:38 +00:00
Arne Fitzenreiter	0722f42ed2	kernel: update to 6.6.13 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-21 19:10:22 +01:00
Peter Müller	bca096b453	linux: Forbid legacy TIOCSTI usage To quote from the kernel documentation: > Historically the kernel has allowed TIOCSTI, which will push > characters into a controlling TTY. This continues to be used > as a malicious privilege escalation mechanism, and provides no > meaningful real-world utility any more. Its use is considered > a dangerous legacy operation, and can be disabled on most > systems. > > Say Y here only if you have confirmed that your system's > userspace depends on this functionality to continue operating > normally. > > Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can > use TIOCSTI even when this is set to N. > > This functionality can be changed at runtime with the > dev.tty.legacy_tiocsti sysctl. This configuration option sets > the default value of the sysctl. This patch therefore proposes to no longer allow legacy TIOCSTI usage in IPFire, given its security implications and the apparent lack of legitimate usage. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2024-01-16 15:46:37 +00:00
Arne Fitzenreiter	a93525c0ca	kernel: update to 6.6.12 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-16 12:41:08 +01:00
Arne Fitzenreiter	19e66d7e2b	kernel: update to 6.6.11 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-11 10:30:13 +01:00
Arne Fitzenreiter	a2af8c7186	kernel: aarch64: enable CONFIG_SHADOW_CALL_STACK Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-10 06:26:25 +00:00
Arne Fitzenreiter	d303f7c154	kernel: update to 6.6.10 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-07 16:08:31 +01:00
Arne Fitzenreiter	3920ba127f	kernel: update to 6.6.9 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-02 09:54:10 +01:00
Arne Fitzenreiter	bf92e55968	kernel: update to 6.6.8 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-21 13:50:59 +01:00
Arne Fitzenreiter	0108697131	kernel: update to 6.6.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-12 21:12:37 +01:00
Arne Fitzenreiter	5109f8ee7f	kernel: update to 6.6.5 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-08 16:12:17 +01:00
Arne Fitzenreiter	a7c9eca495	kernel: update to 6.6.4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-05 17:17:40 +00:00
Arne Fitzenreiter	941190cb3a	kernel: update to 6.6.3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2023-12-05 17:17:35 +00:00
Arne Fitzenreiter	95f9d9350d	kernel: update to 6.6.2 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-05 17:15:48 +00:00
Arne Fitzenreiter	8a37e7f0e3	kernel: update to 6.1.61 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-11-03 14:27:58 +00:00
Arne Fitzenreiter	cfe911bab5	kernel: update to 6.1.60 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-27 08:43:35 +00:00
Arne Fitzenreiter	cce398bca5	kernel: update to 6.1.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-25 11:01:30 +00:00
Arne Fitzenreiter	2b834ef42a	kernel: update to 6.1.58 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-25 11:01:30 +00:00
Peter Müller	7f8b75f8ba	linux: Set default IOMMU handling to "strict" on 64-bit ARM This has been our default setting on x86_64 for quite some time now, which is why this patch aligns the aarch64 kernel configuration to that value. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-20 08:44:26 +00:00
Peter Müller	447d0bf51e	linux: Disable io_uring This subsystem has been a frequent source of security vulnerabilities affecting the Linux kernel; as a result, Google announced on June 14, 2023, that they would disable it in their environment as widely as possible. IPFire does not depend on the availability of io_uring. Therefore, disable this subsystem as well in order to preemptively cut attack surface. See also: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-20 08:44:26 +00:00
Arne Fitzenreiter	554e339b9e	kernel: update to 6.1.57 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-13 08:13:12 +00:00
Arne Fitzenreiter	e275a07b67	kernel: update to 6.1.56 this also builds the dtb files on riscv64 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-09 08:13:02 +00:00
Arne Fitzenreiter	e5ad33d9ee	kernel: update 6.1.53 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-09-28 09:29:29 +00:00
Arne Fitzenreiter	14bd32221e	kernel: update to 6.1.52 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-09-28 09:29:23 +00:00
Arne Fitzenreiter	cd78363404	Merge remote-tracking branch 'origin/master' into next Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-08-12 16:48:54 +02:00
Arne Fitzenreiter	162a068448	kernel: update to 6.1.45 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-08-11 23:25:37 +02:00
Arne Fitzenreiter	57ae9ba587	kernel: update config for riscv64 i had disabled CONFIG_GCC_PLUGIN_LATENT_ENTROPY because this fails to compile on riscv64. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-08-10 06:35:11 +00:00
Arne Fitzenreiter	6084fa89bf	kernel: update to 6.1.42 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-07-28 16:34:59 +00:00
Arne Fitzenreiter	50c07b4938	kernel: update to 6.1.41 fix for CVE-2023-20593 (Zenbleed) Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-07-26 16:01:20 +00:00
Arne Fitzenreiter	719864d37e	kernel: update to 6.1.40 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-07-25 10:39:22 +00:00

1 2 3 4 5 ...

591 Commits