bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 13:32:59 +02:00

Author	SHA1	Message	Date
Vincent Li	e3dff6fb65	kernel: enable BPF/BTF config rebase the kernel config from fedora loongarch kernel 6.12, and enable kernel BTF/BPF feature config Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-20 09:07:23 -08:00
Vincent Li	23ae73dde4	loongarch64: major changes for flash image and iso Initial list of changes required to build iso and flash image successfully: 1 softwares require config.guess and config.stub update with loongarch support 2 no rust build and no suricata which depends on rust 3 comment out python 3.10 lib-dynload and config-3.10-xxxMACHINExxx-linux-gnu 4 lfs/cdrom lfs/Config loongarch seems requiring capital EFI boot image name to boot properly 5 comment out a few softwares that are not needed for now iso can be installed to loongarch PC hard drive, but fail to boot. flash image can be dd to USB drive, then boot loongarch PC from USB drive, then dd from USB drive to loongarch PC hard drive Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-19 11:42:59 -08:00
Arne Fitzenreiter	58b611a6ab	kernel: update to 6.6.63 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-11-25 18:32:27 +01:00
Arne Fitzenreiter	a6fac033ba	kernel: update to 6.6.62 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-11-19 19:19:28 +01:00
Arne Fitzenreiter	ac7c2b8270	kernel: update to 6.6.60 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-11-09 09:46:24 +01:00
Arne Fitzenreiter	d6dc07a1a8	kernel: update to 6.6.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-11-04 18:00:11 +01:00
Arne Fitzenreiter	461de40d1a	kernel: update riscv64 config and rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-10-26 10:06:12 +02:00
Arne Fitzenreiter	37eb2ddd07	kernel: update to 6.6.58 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-10-24 08:22:21 +02:00
Michael Tremer	522632655c	kernel: Enable IO uring This is a feature more and more tools start using now and will help to keep performance of the OS up. This was enabled on riscv64 already. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2024-10-14 09:03:23 +00:00
Arne Fitzenreiter	019f139b20	kernel: update to 6.6.56 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-10-11 13:17:53 +02:00
Arne Fitzenreiter	d1f10f3b15	kernel: update to 6.6.47 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-08-19 17:24:09 +02:00
Arne Fitzenreiter	7e70a93aaa	kernel: update to 6.6.46 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-08-18 15:40:33 +02:00
Arne Fitzenreiter	03de90cc3c	kernel: update to 6.6.32 I hope this fix the problems with ASIX AX99179 USB LAN adaptors Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-27 22:03:14 +02:00
Arne Fitzenreiter	25b6a76646	kernel: update to 6.6.31 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-19 13:26:52 +02:00
Arne Fitzenreiter	b712270fb3	Revert "kernel: update x86_64 rootfile" This reverts commit `7b68ef8515`. I have copied the rootfile over the config...	2024-05-08 13:27:24 +02:00
Arne Fitzenreiter	7b68ef8515	kernel: update x86_64 rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-08 06:19:30 +00:00
Arne Fitzenreiter	ae77ce8707	kernel: update aarch64 config and rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-07 07:03:38 +02:00
Arne Fitzenreiter	2eda35a51e	kernel: update to 6.6.30 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-06 19:59:11 +02:00
Michael Tremer	69dde418f1	kernel: Enable XDP https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/thread/S4GPL3OBFZ6LMA52JNLHIOPMNA5C3V6R/ Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-04 06:43:57 +00:00
Arne Fitzenreiter	8c6dd630eb	kernel: update to 6.6.29 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-05-02 12:35:08 +02:00
Peter Müller	5fea15ef76	linux: Properly load Landlock module Fixes: #13645 Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-29 12:44:31 +00:00
Arne Fitzenreiter	a8e7c5ff86	kernel: update to 6.6.28 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-17 19:39:14 +02:00
Arne Fitzenreiter	4b5d8a37b6	kernel: disable CONFIG_N_GSM this feature should not used by IPFire and there is a possible unfixed race condition that can used for a privilege elevation attack. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-14 14:38:32 +02:00
Arne Fitzenreiter	31a8214d16	kernel: update to 6.6.26 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-11 12:55:25 +02:00
Arne Fitzenreiter	c2eb250ac6	kernel: update riscv64 config and rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-08 10:10:27 +02:00
Arne Fitzenreiter	732199b11b	kernel: enable CPUFREQ for Raspberry Pi Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-06 07:47:42 +00:00
Arne Fitzenreiter	340f11ccbc	kernel: update to 6.6.25 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-05 22:27:55 +02:00
Arne Fitzenreiter	2fc167d93b	kernel: update to 6.6.24 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-04-04 23:33:01 +02:00
Arne Fitzenreiter	ce30d74893	kernel: update to 6.6.23 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-03-31 10:49:46 +02:00
Arne Fitzenreiter	28796e09e5	kernel: update to 6.6.22 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-03-21 19:10:10 +01:00
Arne Fitzenreiter	d145574673	kernel: update to 6.6.15 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-02-02 07:33:38 +00:00
Arne Fitzenreiter	0722f42ed2	kernel: update to 6.6.13 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-21 19:10:22 +01:00
Peter Müller	bca096b453	linux: Forbid legacy TIOCSTI usage To quote from the kernel documentation: > Historically the kernel has allowed TIOCSTI, which will push > characters into a controlling TTY. This continues to be used > as a malicious privilege escalation mechanism, and provides no > meaningful real-world utility any more. Its use is considered > a dangerous legacy operation, and can be disabled on most > systems. > > Say Y here only if you have confirmed that your system's > userspace depends on this functionality to continue operating > normally. > > Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can > use TIOCSTI even when this is set to N. > > This functionality can be changed at runtime with the > dev.tty.legacy_tiocsti sysctl. This configuration option sets > the default value of the sysctl. This patch therefore proposes to no longer allow legacy TIOCSTI usage in IPFire, given its security implications and the apparent lack of legitimate usage. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2024-01-16 15:46:37 +00:00
Arne Fitzenreiter	a93525c0ca	kernel: update to 6.6.12 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-16 12:41:08 +01:00
Arne Fitzenreiter	19e66d7e2b	kernel: update to 6.6.11 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-11 10:30:13 +01:00
Arne Fitzenreiter	a2af8c7186	kernel: aarch64: enable CONFIG_SHADOW_CALL_STACK Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-10 06:26:25 +00:00
Arne Fitzenreiter	d303f7c154	kernel: update to 6.6.10 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-07 16:08:31 +01:00
Arne Fitzenreiter	3920ba127f	kernel: update to 6.6.9 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2024-01-02 09:54:10 +01:00
Arne Fitzenreiter	bf92e55968	kernel: update to 6.6.8 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-21 13:50:59 +01:00
Arne Fitzenreiter	0108697131	kernel: update to 6.6.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-12 21:12:37 +01:00
Arne Fitzenreiter	5109f8ee7f	kernel: update to 6.6.5 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-08 16:12:17 +01:00
Arne Fitzenreiter	a7c9eca495	kernel: update to 6.6.4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-05 17:17:40 +00:00
Arne Fitzenreiter	941190cb3a	kernel: update to 6.6.3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2023-12-05 17:17:35 +00:00
Arne Fitzenreiter	95f9d9350d	kernel: update to 6.6.2 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2023-12-05 17:15:48 +00:00
Arne Fitzenreiter	8a37e7f0e3	kernel: update to 6.1.61 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-11-03 14:27:58 +00:00
Arne Fitzenreiter	cfe911bab5	kernel: update to 6.1.60 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-27 08:43:35 +00:00
Arne Fitzenreiter	cce398bca5	kernel: update to 6.1.59 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-25 11:01:30 +00:00
Arne Fitzenreiter	2b834ef42a	kernel: update to 6.1.58 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-25 11:01:30 +00:00
Peter Müller	7f8b75f8ba	linux: Set default IOMMU handling to "strict" on 64-bit ARM This has been our default setting on x86_64 for quite some time now, which is why this patch aligns the aarch64 kernel configuration to that value. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-20 08:44:26 +00:00
Peter Müller	447d0bf51e	linux: Disable io_uring This subsystem has been a frequent source of security vulnerabilities affecting the Linux kernel; as a result, Google announced on June 14, 2023, that they would disable it in their environment as widely as possible. IPFire does not depend on the availability of io_uring. Therefore, disable this subsystem as well in order to preemptively cut attack surface. See also: https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2023-10-20 08:44:26 +00:00

1 2 3 4 5 ...

601 Commits