webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 20:16:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,702 Commits 2 Branches 1 Tag
e694bbd17fc39e2dc4d7cbce8bf990941ed5c360
Commit Graph

379 Commits

Author SHA1 Message Date
Peter Müller
e694bbd17f kernel: enable CONFIG_RANDOMIZE_BASE on armv5tel 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:20:26 +00:00
Peter Müller
8379ab44b8 kernel: enable CONFIG_RANDOMIZE_BASE on aarch64 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:19:50 +00:00
Peter Müller
e4d1f96869 kernel: enable CONFIG_HARDENED_USERCOPY on aarch64 and armv5tel 
Fixes: #12365

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 15:37:33 +00:00
Peter Müller
7617da3bba kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel 
Fixes: #12366

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:44 +00:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Arne Fitzenreiter
83d5892a86 kernel: drop extra i586-pae kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 18:34:44 +02:00
Peter Müller
e6514b3af8 kernel: disable CONFIG_DEBUG_LIST on i586(-pae) 
Fixes: #12378

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:51 +00:00
Peter Müller
4264e41a61 kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64 
> This option checks for a stack overrun on calls to schedule(). If the stack
> end location is found to be over written always panic as the content of the
> corrupted region can no longer be trusted. This is to ensure no erroneous
> behaviour occurs which could result in data corruption or a sporadic crash at a
> later stage once the region is examined. The runtime overhead introduced is
> minimal.

Fixes: #12376

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:34 +00:00
Peter Müller
c2749c1bed kernel: disable CONFIG_USELIB on x86_64 and i586(-pae) 
> This option enables the uselib syscall a system call used in the dynamic
> linker from libc5 and earlier. glibc does not use this system call. If you
> intend to run programs built on libc5 or earlier you may need to enable this
> syscall. Current systems running glibc can safely disable this.

In my point of view, the last sentence matches our situation.

Fixes: #12379

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:13 +00:00
Peter Müller
b5e1ccaee2 kernel: enable CONFIG_DEBUG_WX on aarch64 
Since this is described as 'Generate a warning if any W+X mappings are
found at boot.', it most likely does not break anything and can be
safely enabled.

Fixes: #12373

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:14:50 +00:00
Peter Müller
efd508e9f6 kernel: enable page poisoning on x86_64 
This is already active on i586 and prevents information leaks from freed
data.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:14:15 +00:00
Peter Müller
442a7f5ea2 Kernel: drop Memstick support 
These are not needed anymore since Sony announced EOL in 2010 and there
is no legitimate use case for such hardware on a firewall system.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:13:14 +00:00
Peter Müller
90ecad4f66 Kernel: drop bluetooth support 
The bluetooth addon was recently removed by commit
592be1d206, which is why we do not need to
carry the corresponding kernel modules around anymore.

The second version of this patch correctly updates kernel configuration
files via "make oldconfig" as requested by Arne.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:12:58 +00:00
Arne Fitzenreiter
831ff05d89 kernel: enable and enforce signed kernel modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-06 15:09:52 +01:00
Arne Fitzenreiter
57b17167eb kernel: drop kirkwood kernel 
perl 5.30 will not work on kirkwood platform and firewinfo reports less than 10 users so we will drop the support for the platform.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-02-03 17:44:49 +00:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:23:08 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 23:07:44 +02:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Arne Fitzenreiter
69cf4f3065 kernel: update to 4.14.146 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-09-21 20:44:52 +02:00
Arne Fitzenreiter
3b415347bb kernel: update to 4.14.137 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-07 20:38:25 +00:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Arne Fitzenreiter
716f00b116 kernel: update to 4.14.121 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:42:51 +02:00
Arne Fitzenreiter
16cb73d901 kernel: update to 4.14.120 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-17 07:10:52 +02:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Arne Fitzenreiter
f2afd5e70d kernel: update to 4.14.111 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:23 +02:00
Arne Fitzenreiter
aa20f1b277 kernel: update to 4.14.110 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-05 07:46:34 +02:00
Michael Tremer
48d3cde9ce kernel: Disable some debugging in expactation to increase performance 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 21:58:23 +01:00
Michael Tremer
474a6a5978 kernel: Enable strict checks for /dev/mem 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-01 21:55:03 +01:00
Michael Tremer
30c33cb318 kernel: Enable debugging for Atheros drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Michael Tremer
62bf7bd2b2 kernel: Enable DFS support for ath*k drivers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-16 12:36:03 +00:00
Matthias Fischer
256070e92f Added 'CONFIG_X86_MSR=y for 'powertop' to i586 and x86_64 builds for fixing #11997 
Triggered by:
https://forum.ipfire.org/viewtopic.php?f=69&t=22274

This - probably - fixes Bug #11997.

Needs testing on 64bit installations!

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-17 13:03:56 +00:00
Arne Fitzenreiter
2caca41217 kernel: enable PCA953X GPIO extender for ClearFog boards 
fixes: #12000

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-16 21:44:52 +01:00
Arne Fitzenreiter
329788dee5 kernel: update to 4.14.97 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-03 12:45:52 +01:00
Arne Fitzenreiter
ec7d630b62 kernel: x86_64 encrease NR_CPUS to 64 
fixes #11963

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-22 07:46:08 +01:00
Arne Fitzenreiter
503a6f155b kernel: update to 4.14.94 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-22 07:41:18 +01:00
Arne Fitzenreiter
67640833a2 kernel: arm32 bit fix config and update rootfile 
Some drivers was disabled by oldconfig because i had
arm multiarch patchsed. This commit reenable it.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 20:24:43 +01:00
Alexander Rudolf Gruber
4684118009 kernel: enable HW of clearfog 
clearfog base need MARVELL Phy and SDHCI Xenon enabled.
 2018-11-18 17:36:44 +01:00
Arne Fitzenreiter
5ed864857a kernel: disable FW_LOADER_USER_HELPER_FALLBACK 
newer (e)udev has dropped the support for this.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 14:33:45 +01:00
Arne Fitzenreiter
16c18024bb kernel: compress kernel modules with xz 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-11-18 14:30:14 +01:00
Arne Fitzenreiter
bdf9df742c kernel: update to 4.14.71 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-20 19:51:43 +02:00
Arne Fitzenreiter
a834285d1b kernel: arm: enable chacha poly 
fixes: #11855
todo: add rootfiles for arm 32-bit

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-15 15:58:13 +02:00
Arne Fitzenreiter
924b48c789 kernel: update to 4.14.69 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-09-12 21:04:07 +02:00
Arne Fitzenreiter
f8f4ef0795 Merge branch 'next' into efi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

Conflicts:
	config/kernel/kernel.config.aarch64-ipfire
 2018-07-20 12:24:31 +01:00
Arne Fitzenreiter
413149f80d kernel: aarch64: enable virtio drivers 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-07-19 13:26:06 +01:00
Michael Tremer
37dc79434a kernel: Enable EFI on aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 14:05:09 +01:00