Development June 2019

development@lists.ipfire.org

14 participants
77 discussions

[PATCH] kernel: update to 5.0
by Arne Fitzenreiter 15 Jun '19

15 Jun '19

fixes #12028 Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> --- kernel/config-arm-generic | 35 +++++--- kernel/config-arm32-generic | 87 ++++++++++--------- kernel/config-arm64-generic | 71 +++++++++------- kernel/config-generic | 201 ++++++++++++++++++++++++++------------------ kernel/config-x86-generic | 101 ++++++++++++---------- kernel/kernel.nm | 6 +- 6 files changed, 292 insertions(+), 209 deletions(-) diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic index af3ab1a..1a49710 100644 --- a/kernel/config-arm-generic +++ b/kernel/config-arm-generic @@ -33,18 +33,6 @@ CONFIG_ARCH_VEXPRESS=y # CONFIG_ARCH_ZX is not set # -# Bus support -# -CONFIG_PCI_DOMAINS_GENERIC=y -CONFIG_PCI_SYSCALL=y -# CONFIG_PCIEAER_INJECT is not set -# CONFIG_PCIE_ECRC is not set -# CONFIG_PCI_STUB is not set -# CONFIG_PCI_IOV is not set -# CONFIG_PCI_PRI is not set -# CONFIG_PCI_PASID is not set - -# # ARM errata workarounds via the alternatives framework # # CONFIG_CPU_BIG_ENDIAN is not set @@ -89,11 +77,13 @@ CONFIG_ARM_SCMI_POWER_DOMAIN=m CONFIG_ARM_SCPI_PROTOCOL=m CONFIG_ARM_SCPI_POWER_DOMAIN=m # CONFIG_FIRMWARE_MEMMAP is not set +# CONFIG_INTEL_STRATIX10_SERVICE is not set # # Tegra firmware driver # CONFIG_CRYPTO_CHACHA20_NEON=m +CONFIG_CRYPTO_NHPOLY1305_NEON=m # # General architecture-dependent options @@ -110,6 +100,19 @@ CONFIG_CLONE_BACKWARDS=y # Device Drivers # CONFIG_ARM_AMBA=y +CONFIG_PCI_DOMAINS_GENERIC=y +CONFIG_PCI_SYSCALL=y +# CONFIG_PCIEAER_INJECT is not set +# CONFIG_PCIE_ECRC is not set +# CONFIG_PCI_STUB is not set +# CONFIG_PCI_IOV is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set + +# +# PCI switch controller drivers +# +# CONFIG_PCCARD is not set # # Firmware loader @@ -153,6 +156,7 @@ CONFIG_BLK_DEV_RAM_SIZE=4096 # CONFIG_HP_ILO is not set CONFIG_SRAM=y CONFIG_VEXPRESS_SYSCFG=y +# CONFIG_PVPANIC is not set # # SCSI Transports @@ -472,6 +476,7 @@ CONFIG_SND_MESON_AXG_TDMIN=m CONFIG_SND_MESON_AXG_TDMOUT=m CONFIG_SND_MESON_AXG_SOUND_CARD=m CONFIG_SND_MESON_AXG_SPDIFOUT=m +CONFIG_SND_MESON_AXG_SPDIFIN=m CONFIG_SND_MESON_AXG_PDM=m # @@ -490,6 +495,7 @@ CONFIG_SND_SOC_ADAU17X1=m CONFIG_SND_SOC_ADAU1761=m CONFIG_SND_SOC_ADAU1761_I2C=m CONFIG_SND_SOC_ADAU7002=m +CONFIG_SND_SOC_AK4118=m CONFIG_SND_SOC_AK4458=m CONFIG_SND_SOC_AK4554=m CONFIG_SND_SOC_AK4613=m @@ -655,6 +661,7 @@ CONFIG_RTC_DRV_PL031=m # # DMA Devices # +CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y # CONFIG_AMBA_PL08X is not set # CONFIG_PL330_DMA is not set CONFIG_XILINX_DMA=m @@ -702,7 +709,8 @@ CONFIG_IOMMU_DMA=y # # Amlogic SoC drivers # -# CONFIG_MESON_CANVAS is not set +CONFIG_MESON_CANVAS=m +CONFIG_MESON_CLK_MEASURE=y CONFIG_MESON_GX_SOCINFO=y CONFIG_MESON_GX_PM_DOMAINS=y CONFIG_MESON_MX_SOCINFO=y @@ -768,6 +776,7 @@ CONFIG_MESON_MX_EFUSE=m # Library routines # CONFIG_ZLIB_DEFLATE=m +CONFIG_DMA_REMAP=y # # Memory Debugging diff --git a/kernel/config-arm32-generic b/kernel/config-arm32-generic index 9c714b2..28be4dc 100644 --- a/kernel/config-arm32-generic +++ b/kernel/config-arm32-generic @@ -21,7 +21,6 @@ CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y CONFIG_ARM_DMA_USE_IOMMU=y CONFIG_ARM_DMA_IOMMU_ALIGNMENT=8 -CONFIG_MIGHT_HAVE_PCI=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y CONFIG_NO_IOPORT_MAP=y CONFIG_ARCH_HAS_BANDGAP=y @@ -144,6 +143,7 @@ CONFIG_SOC_IMX6SX=y # Cortex-A/Cortex-M asymmetric multiprocessing platforms # # CONFIG_SOC_IMX7D is not set +# CONFIG_SOC_IMX7ULP is not set CONFIG_SOC_VF610=y CONFIG_VF_USE_ARM_GLOBAL_TIMER=y # CONFIG_VF_USE_PIT_TIMER is not set @@ -213,6 +213,7 @@ CONFIG_ARCH_QCOM=y # CONFIG_ARCH_MSM8960 is not set # CONFIG_ARCH_MSM8974 is not set # CONFIG_ARCH_MDM9615 is not set +# CONFIG_ARCH_RDA is not set # CONFIG_ARCH_REALVIEW is not set CONFIG_ARCH_ROCKCHIP=y # CONFIG_ARCH_S5PV210 is not set @@ -315,36 +316,6 @@ CONFIG_ARM_ERRATA_852423=y CONFIG_KRAIT_L2_ACCESSORS=y # -# Cadence PCIe controllers support -# -# CONFIG_PCI_FTPCI100 is not set -CONFIG_PCI_TEGRA=y -CONFIG_PCI_V3_SEMI=y -CONFIG_PCIE_IPROC=m -CONFIG_PCIE_IPROC_PLATFORM=m -# CONFIG_PCIE_IPROC_BCMA is not set -CONFIG_PCIE_IPROC_MSI=y -CONFIG_PCIE_ALTERA=y -CONFIG_PCIE_ALTERA_MSI=y -CONFIG_PCIE_ROCKCHIP=y -CONFIG_PCIE_ROCKCHIP_HOST=m -# CONFIG_PCIE_MEDIATEK is not set - -# -# DesignWare PCI Core Support -# -CONFIG_PCI_IMX6=y -CONFIG_PCI_KEYSTONE=y -CONFIG_PCI_LAYERSCAPE=y -CONFIG_PCIE_QCOM=y -CONFIG_PCIE_HISI_STB=y - -# -# PCI switch controller drivers -# -# CONFIG_PCCARD is not set - -# # Kernel Features # CONFIG_SMP_ON_UP=y @@ -377,6 +348,7 @@ CONFIG_ARM_MODULE_PLTS=y CONFIG_FORCE_MAX_ZONEORDER=12 CONFIG_ALIGNMENT_TRAP=y # CONFIG_UACCESS_WITH_MEMCPY is not set +CONFIG_STACKPROTECTOR_PER_TASK=y # # Boot options @@ -405,6 +377,7 @@ CONFIG_ARM_HIGHBANK_CPUFREQ=m CONFIG_ARM_IMX6Q_CPUFREQ=m CONFIG_ARM_MEDIATEK_CPUFREQ=m CONFIG_ARM_OMAP2PLUS_CPUFREQ=y +CONFIG_ARM_QCOM_CPUFREQ_HW=m CONFIG_ARM_STI_CPUFREQ=m CONFIG_ARM_TEGRA20_CPUFREQ=y CONFIG_ARM_TEGRA124_CPUFREQ=m @@ -477,6 +450,7 @@ CONFIG_ARCH_HAS_PHYS_TO_DMA=y # # GCOV-based kernel profiling # +CONFIG_GCC_PLUGIN_ARM_SSP_PER_TASK=y CONFIG_LBDAF=y # @@ -503,9 +477,35 @@ CONFIG_BOUNCE=y CONFIG_TEGRA_AHB=y # +# Cadence PCIe controllers support +# +# CONFIG_PCI_FTPCI100 is not set +CONFIG_PCI_TEGRA=y +CONFIG_PCI_V3_SEMI=y +CONFIG_PCIE_IPROC=m +CONFIG_PCIE_IPROC_PLATFORM=m +# CONFIG_PCIE_IPROC_BCMA is not set +CONFIG_PCIE_IPROC_MSI=y +CONFIG_PCIE_ALTERA=y +CONFIG_PCIE_ALTERA_MSI=y +CONFIG_PCIE_ROCKCHIP=y +CONFIG_PCIE_ROCKCHIP_HOST=m +# CONFIG_PCIE_MEDIATEK is not set + +# +# DesignWare PCI Core Support +# +CONFIG_PCI_IMX6=y +CONFIG_PCI_KEYSTONE=y +CONFIG_PCI_LAYERSCAPE=y +CONFIG_PCIE_QCOM=y +CONFIG_PCIE_HISI_STB=y + +# # Firmware loader # CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y +CONFIG_REGMAP_SPMI=m # # Bus devices @@ -593,6 +593,7 @@ CONFIG_AX88796=m CONFIG_AX88796_93CX6=y CONFIG_SMC911X=m CONFIG_DWMAC_IPQ806X=m +CONFIG_DWMAC_MEDIATEK=m CONFIG_DWMAC_ROCKCHIP=m CONFIG_DWMAC_STI=m CONFIG_DWMAC_SUNXI=m @@ -815,7 +816,6 @@ CONFIG_PINCTRL_TI_IODELAY=y CONFIG_EINT_MTK=y CONFIG_PINCTRL_MTK=y CONFIG_PINCTRL_MTK_MOORE=y -CONFIG_PINCTRL_MTK_PARIS=y # CONFIG_PINCTRL_MT2701 is not set CONFIG_PINCTRL_MT7623=y CONFIG_PINCTRL_MT8135=y @@ -871,10 +871,6 @@ CONFIG_POWER_RESET_KEYSTONE=y CONFIG_IMX_THERMAL=m CONFIG_ROCKCHIP_THERMAL=m CONFIG_DB8500_THERMAL=y - -# -# ACPI INT340X thermal drivers -# CONFIG_MTK_THERMAL=m # @@ -909,6 +905,7 @@ CONFIG_TEGRA_SOCTHERM=m # Qualcomm thermal drivers # CONFIG_QCOM_TSENS=m +CONFIG_QCOM_SPMI_TEMP_ALARM=m # # Watchdog Device Drivers @@ -926,6 +923,7 @@ CONFIG_TEGRA_WATCHDOG=m CONFIG_QCOM_WDT=m CONFIG_MEDIATEK_WATCHDOG=m CONFIG_ATLAS7_WATCHDOG=m +CONFIG_PM8916_WATCHDOG=m CONFIG_BCM47XX_WDT=m CONFIG_BCM7038_WDT=m @@ -994,6 +992,7 @@ CONFIG_VIDEO_OMAP3=m # CONFIG_VIDEO_QCOM_CAMSS is not set # CONFIG_VIDEO_SAMSUNG_EXYNOS4_IS is not set # CONFIG_VIDEO_AM437X_VPFE is not set +# CONFIG_VIDEO_SUN6I_CSI is not set # CONFIG_VIDEO_TI_CAL is not set # CONFIG_VIDEO_CODA is not set # CONFIG_VIDEO_IMX_PXP is not set @@ -1124,6 +1123,7 @@ CONFIG_DRM_TEGRA=m # Display Interface Bridges # CONFIG_DRM_ANALOGIX_DP=m +CONFIG_DRM_DW_MIPI_DSI=m # CONFIG_DRM_STI is not set # CONFIG_DRM_IMX is not set CONFIG_DRM_V3D=m @@ -1245,6 +1245,7 @@ CONFIG_SND_SUN4I_SPDIF=m CONFIG_SND_SUN8I_ADDA_PR_REGMAP=m CONFIG_SND_SOC_UX500=m CONFIG_SND_SOC_UX500_PLAT_DMA=m +CONFIG_SND_SOC_XILINX_I2S=m CONFIG_SND_SOC_XTFPGA_I2S=m # @@ -1401,6 +1402,7 @@ CONFIG_NBPFAXI_DMA=m CONFIG_ST_FDMA=m # CONFIG_TEGRA20_APB_DMA is not set CONFIG_MTK_HSDMA=m +CONFIG_MTK_CQDMA=m # CONFIG_QCOM_BAM_DMA is not set # CONFIG_TI_CPPI41 is not set # CONFIG_TI_EDMA is not set @@ -1431,6 +1433,7 @@ CONFIG_COMMON_CLK_HI6220=y CONFIG_RESET_HISI=y CONFIG_STUB_CLK_HI6220=y CONFIG_STUB_CLK_HI3660=y +CONFIG_MXC_CLK=y CONFIG_COMMON_CLK_KEYSTONE=y CONFIG_TI_SCI_CLK=m @@ -1451,6 +1454,9 @@ CONFIG_COMMON_CLK_MT7622=y CONFIG_COMMON_CLK_MT7622_ETHSYS=y CONFIG_COMMON_CLK_MT7622_HIFSYS=y CONFIG_COMMON_CLK_MT7622_AUDSYS=y +CONFIG_COMMON_CLK_MT7629=y +CONFIG_COMMON_CLK_MT7629_ETHSYS=y +CONFIG_COMMON_CLK_MT7629_HIFSYS=y CONFIG_COMMON_CLK_MT8135=y CONFIG_COMMON_CLK_MT8173=y CONFIG_COMMON_CLK_MESON8B=y @@ -1483,8 +1489,10 @@ CONFIG_QCS_GCC_404=m CONFIG_SDM_CAMCC_845=m CONFIG_SDM_GCC_660=m CONFIG_SDM_GCC_845=m +CONFIG_SDM_GPUCC_845=m CONFIG_SDM_VIDEOCC_845=m CONFIG_SDM_DISPCC_845=m +CONFIG_SDM_LPASSCC_845=m CONFIG_SPMI_PMIC_CLKDIV=m CONFIG_QCOM_HFPLL=m CONFIG_KPSS_XCC=m @@ -1529,7 +1537,6 @@ CONFIG_CLKSRC_DBX500_PRCMU=y CONFIG_ATLAS7_TIMER=y CONFIG_PRIMA2_TIMER=y CONFIG_KEYSTONE_TIMER=y -CONFIG_CLKSRC_DBX500_PRCMU_SCHED_CLOCK=y CONFIG_CLKSRC_TI_32K=y CONFIG_ARM_GLOBAL_TIMER=y CONFIG_CLKSRC_ARM_GLOBAL_TIMER_SCHED_CLOCK=y @@ -1605,6 +1612,7 @@ CONFIG_FSL_GUTS=y # # MediaTek SoC drivers # +CONFIG_MTK_CMDQ=m CONFIG_MTK_INFRACFG=y # CONFIG_MTK_PMIC_WRAP is not set # CONFIG_MTK_SCPSYS is not set @@ -1675,9 +1683,11 @@ CONFIG_OMAP_GPMC=y # CONFIG_OMAP_GPMC_DEBUG is not set CONFIG_TI_EMIF_SRAM=m CONFIG_MTK_SMI=y +CONFIG_PL353_SMC=y CONFIG_SAMSUNG_MC=y CONFIG_EXYNOS_SROM=y CONFIG_TEGRA_MC=y +CONFIG_TEGRA20_EMC=y CONFIG_TEGRA124_EMC=y # @@ -1728,6 +1738,7 @@ CONFIG_ST_IRQCHIP=y CONFIG_IRQ_CROSSBAR=y # CONFIG_KEYSTONE_IRQ is not set # CONFIG_QCOM_PDC is not set +CONFIG_IMX_IRQSTEER=y CONFIG_ARCH_HAS_RESET_CONTROLLER=y CONFIG_RESET_BERLIN=y CONFIG_RESET_QCOM_AOSS=y @@ -1785,6 +1796,7 @@ CONFIG_PHY_TEGRA_XUSB=m CONFIG_PHY_DM816X_USB=m CONFIG_OMAP_CONTROL_PHY=m CONFIG_TWL4030_USB=m +CONFIG_PHY_TI_GMII_SEL=m # # Android @@ -1873,7 +1885,6 @@ CONFIG_UNWINDER_ARM=y CONFIG_ARM_UNWIND=y # CONFIG_DEBUG_USER is not set # CONFIG_DEBUG_LL is not set -CONFIG_DEBUG_IMX_UART_PORT=1 CONFIG_DEBUG_VF_UART_PORT=1 CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" CONFIG_UNCOMPRESS_INCLUDE="debug/uncompress.h" diff --git a/kernel/config-arm64-generic b/kernel/config-arm64-generic index 7bb595c..0b6b413 100644 --- a/kernel/config-arm64-generic +++ b/kernel/config-arm64-generic @@ -1,11 +1,6 @@ CONFIG_THREAD_INFO_IN_TASK=y # -# IRQ subsystem -# -CONFIG_GENERIC_IRQ_MIGRATION=y - -# # RCU Subsystem # # CONFIG_CONTEXT_TRACKING_FORCE is not set @@ -29,6 +24,7 @@ CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_CSUM=y CONFIG_ZONE_DMA32=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_PROC_KCORE_TEXT=y # @@ -44,6 +40,7 @@ CONFIG_ARCH_PROC_KCORE_TEXT=y # CONFIG_ARCH_LG1K is not set # CONFIG_ARCH_HISI is not set # CONFIG_ARCH_MEDIATEK is not set +# CONFIG_ARCH_MXC is not set # CONFIG_ARCH_QCOM is not set # CONFIG_ARCH_REALTEK is not set # CONFIG_ARCH_ROCKCHIP is not set @@ -58,30 +55,9 @@ CONFIG_ARCH_XGENE=y # CONFIG_ARCH_ZYNQMP is not set # -# Bus support -# -CONFIG_PCI_LABEL=y -CONFIG_HOTPLUG_PCI_ACPI=y -CONFIG_HOTPLUG_PCI_ACPI_IBM=y - -# -# Cadence PCIe controllers support -# -CONFIG_PCI_FTPCI100=y -CONFIG_PCI_XGENE=y -CONFIG_PCI_XGENE_MSI=y -CONFIG_PCI_HOST_THUNDER_PEM=y -CONFIG_PCI_HOST_THUNDER_ECAM=y - -# -# DesignWare PCI Core Support -# -CONFIG_PCI_HISI=y -# CONFIG_PCIE_KIRIN is not set - -# # ARM errata workarounds via the alternatives framework # +CONFIG_ARM64_WORKAROUND_CLEAN_CACHE=y CONFIG_ARM64_ERRATUM_826319=y CONFIG_ARM64_ERRATUM_827319=y CONFIG_ARM64_ERRATUM_824069=y @@ -92,6 +68,7 @@ CONFIG_ARM64_ERRATUM_845719=y CONFIG_ARM64_ERRATUM_843419=y CONFIG_ARM64_ERRATUM_1024718=y CONFIG_ARM64_ERRATUM_1188873=y +CONFIG_ARM64_ERRATUM_1165522=y CONFIG_ARM64_ERRATUM_1286807=y CONFIG_CAVIUM_ERRATUM_22375=y CONFIG_CAVIUM_ERRATUM_23144=y @@ -110,6 +87,7 @@ CONFIG_QCOM_FALKOR_ERRATUM_E1041=y CONFIG_ARM64_64K_PAGES=y CONFIG_ARM64_VA_BITS_42=y # CONFIG_ARM64_VA_BITS_48 is not set +# CONFIG_ARM64_USER_VA_BITS_52 is not set CONFIG_ARM64_VA_BITS=42 CONFIG_ARM64_PA_BITS_48=y # CONFIG_ARM64_PA_BITS_52 is not set @@ -126,11 +104,13 @@ CONFIG_ARCH_SPARSEMEM_DEFAULT=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y CONFIG_SYS_SUPPORTS_HUGETLBFS=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +# CONFIG_KEXEC_FILE is not set # CONFIG_CRASH_DUMP is not set CONFIG_FORCE_MAX_ZONEORDER=11 CONFIG_UNMAP_KERNEL_AT_EL0=y CONFIG_HARDEN_EL2_VECTORS=y CONFIG_ARM64_SSBD=y +CONFIG_RODATA_FULL_DEFAULT_ENABLED=y CONFIG_ARMV8_DEPRECATED=y CONFIG_SWP_EMULATION=y CONFIG_CP15_BARRIER_EMULATION=y @@ -152,6 +132,11 @@ CONFIG_ARM64_UAO=y CONFIG_ARM64_PMEM=y CONFIG_ARM64_RAS_EXTN=y CONFIG_ARM64_CNP=y + +# +# ARMv8.3 architectural features +# +CONFIG_ARM64_PTR_AUTH=y CONFIG_ARM64_SVE=y CONFIG_ARM64_MODULE_PLTS=y CONFIG_RELOCATABLE=y @@ -360,6 +345,7 @@ CONFIG_NEED_MULTIPLE_NODES=y CONFIG_SPARSEMEM_EXTREME=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_SPARSEMEM_VMEMMAP=y +# CONFIG_MEMORY_HOTPLUG is not set CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y # CONFIG_MEMORY_FAILURE is not set @@ -369,6 +355,28 @@ CONFIG_ARCH_HAS_PTE_SPECIAL=y CONFIG_COMPAT_NETLINK_MESSAGES=y # +# Device Drivers +# +CONFIG_PCI_LABEL=y +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_HOTPLUG_PCI_ACPI_IBM=y + +# +# Cadence PCIe controllers support +# +CONFIG_PCI_FTPCI100=y +CONFIG_PCI_XGENE=y +CONFIG_PCI_XGENE_MSI=y +CONFIG_PCI_HOST_THUNDER_PEM=y +CONFIG_PCI_HOST_THUNDER_ECAM=y + +# +# DesignWare PCI Core Support +# +CONFIG_PCI_HISI=y +# CONFIG_PCIE_KIRIN is not set + +# # Firmware loader # # CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set @@ -397,7 +405,6 @@ CONFIG_BLK_DEV_SKD=m # CONFIG_SCSI_HISI_SAS=m CONFIG_SCSI_HISI_SAS_PCI=m -# CONFIG_SCSI_LOWLEVEL_PCMCIA is not set CONFIG_ATA_ACPI=y CONFIG_SATA_ZPODD=y @@ -559,6 +566,11 @@ CONFIG_REGULATOR_HI6421V530=m # CONFIG_IR_NUVOTON is not set # +# Display Engine Configuration +# +# CONFIG_HSA_AMD is not set + +# # Display Interface Bridges # CONFIG_DRM_HISI_KIRIN=m @@ -585,6 +597,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25 # # STMicroelectronics STM32 SOC audio support # +# CONFIG_SND_SOC_XILINX_I2S is not set # CONFIG_SND_SOC_XTFPGA_I2S is not set # @@ -624,7 +637,6 @@ CONFIG_RTC_DRV_XGENE=m # # DMA Devices # -CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y CONFIG_DMA_ACPI=y CONFIG_BCM_SBA_RAID=m CONFIG_MV_XOR_V2=y @@ -777,6 +789,7 @@ CONFIG_ARCH_HAS_SYNC_DMA_FOR_DEVICE=y CONFIG_ARCH_HAS_SYNC_DMA_FOR_CPU=y CONFIG_ARCH_HAS_DMA_COHERENT_TO_PFN=y CONFIG_ARCH_HAS_DMA_MMAP_PGPROT=y +CONFIG_DMA_DIRECT_REMAP=y CONFIG_UCS2_STRING=y CONFIG_SG_SPLIT=y CONFIG_ARCH_HAS_PMEM_API=y diff --git a/kernel/config-generic b/kernel/config-generic index 007d0d2..ed45e1b 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -4,8 +4,9 @@ # # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80300 +CONFIG_GCC_VERSION=80200 CONFIG_CLANG_VERSION=0 +CONFIG_CC_HAS_ASM_GOTO=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y @@ -34,6 +35,7 @@ CONFIG_HAVE_ARCH_AUDITSYSCALL=y CONFIG_GENERIC_IRQ_PROBE=y CONFIG_GENERIC_IRQ_SHOW=y CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_IRQ_MIGRATION=y CONFIG_GENERIC_IRQ_CHIP=y CONFIG_IRQ_DOMAIN=y CONFIG_IRQ_SIM=y @@ -238,6 +240,7 @@ CONFIG_PM_CLK=y CONFIG_PM_GENERIC_DOMAINS=y # CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set CONFIG_PM_GENERIC_DOMAINS_OF=y +# CONFIG_ENERGY_MODEL is not set # # CPU Frequency scaling @@ -279,63 +282,6 @@ CONFIG_CPU_IDLE_GOV_MENU=y # # Bus options (PCI etc.) # -CONFIG_PCI=y -CONFIG_PCI_DOMAINS=y -CONFIG_PCIEPORTBUS=y -CONFIG_HOTPLUG_PCI_PCIE=y -CONFIG_PCIEAER=y -CONFIG_PCIEASPM=y -# CONFIG_PCIEASPM_DEBUG is not set -CONFIG_PCIEASPM_DEFAULT=y -# CONFIG_PCIEASPM_POWERSAVE is not set -# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set -# CONFIG_PCIEASPM_PERFORMANCE is not set -CONFIG_PCIE_PME=y -# CONFIG_PCIE_DPC is not set -# CONFIG_PCIE_PTM is not set -CONFIG_PCI_MSI=y -CONFIG_PCI_MSI_IRQ_DOMAIN=y -CONFIG_PCI_QUIRKS=y -# CONFIG_PCI_DEBUG is not set -CONFIG_PCI_ECAM=y -CONFIG_HOTPLUG_PCI=y -# CONFIG_HOTPLUG_PCI_CPCI is not set -CONFIG_HOTPLUG_PCI_SHPC=y - -# -# PCI controller drivers -# - -# -# Cadence PCIe controllers support -# -CONFIG_PCIE_CADENCE=y -CONFIG_PCIE_CADENCE_HOST=y -CONFIG_PCI_HOST_COMMON=y -CONFIG_PCI_HOST_GENERIC=y -CONFIG_PCIE_XILINX=y - -# -# DesignWare PCI Core Support -# -CONFIG_PCIE_DW=y -CONFIG_PCIE_DW_HOST=y -CONFIG_PCIE_DW_PLAT=y -CONFIG_PCIE_DW_PLAT_HOST=y - -# -# PCI Endpoint -# -# CONFIG_PCI_ENDPOINT is not set - -# -# PCI switch controller drivers -# -# CONFIG_PCI_SW_SWITCHTEC is not set - -# -# PC-card bridges -# # # Binary Emulations @@ -476,14 +422,6 @@ CONFIG_BLK_PM=y # # IO Schedulers # -CONFIG_IOSCHED_NOOP=y -CONFIG_IOSCHED_DEADLINE=y -CONFIG_IOSCHED_CFQ=y -CONFIG_CFQ_GROUP_IOSCHED=y -# CONFIG_DEFAULT_DEADLINE is not set -CONFIG_DEFAULT_CFQ=y -# CONFIG_DEFAULT_NOOP is not set -CONFIG_DEFAULT_IOSCHED="cfq" CONFIG_MQ_IOSCHED_DEADLINE=y CONFIG_MQ_IOSCHED_KYBER=y CONFIG_IOSCHED_BFQ=y @@ -541,6 +479,7 @@ CONFIG_FRAME_VECTOR=y CONFIG_NET=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y +CONFIG_SKB_EXTENSIONS=y # # Networking options @@ -706,9 +645,6 @@ CONFIG_NF_CT_NETLINK_HELPER=m CONFIG_NETFILTER_NETLINK_GLUE_CT=y CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y -CONFIG_NF_NAT_PROTO_DCCP=y -CONFIG_NF_NAT_PROTO_UDPLITE=y -CONFIG_NF_NAT_PROTO_SCTP=y CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_FTP=m CONFIG_NF_NAT_IRC=m @@ -918,7 +854,6 @@ CONFIG_NFT_CHAIN_NAT_IPV4=m CONFIG_NFT_MASQ_IPV4=m CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m -CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m # CONFIG_IP_NF_IPTABLES is not set @@ -983,6 +918,8 @@ CONFIG_NET_DSA_TAG_BRCM_PREPEND=y CONFIG_NET_DSA_TAG_DSA=y CONFIG_NET_DSA_TAG_EDSA=y CONFIG_NET_DSA_TAG_GSWIP=y +CONFIG_NET_DSA_TAG_KSZ=y +CONFIG_NET_DSA_TAG_KSZ9477=y CONFIG_NET_DSA_TAG_LAN9303=y CONFIG_NET_DSA_TAG_MTK=y CONFIG_NET_DSA_TAG_QCA=y @@ -1184,6 +1121,66 @@ CONFIG_HAVE_EBPF_JIT=y # # Device Drivers # +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +CONFIG_PCIEASPM=y +# CONFIG_PCIEASPM_DEBUG is not set +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y +# CONFIG_PCIE_DPC is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +CONFIG_PCI_ECAM=y +CONFIG_HOTPLUG_PCI=y +# CONFIG_HOTPLUG_PCI_CPCI is not set +CONFIG_HOTPLUG_PCI_SHPC=y + +# +# PCI controller drivers +# + +# +# Cadence PCIe controllers support +# +CONFIG_PCIE_CADENCE=y +CONFIG_PCIE_CADENCE_HOST=y +CONFIG_PCI_HOST_COMMON=y +CONFIG_PCI_HOST_GENERIC=y +CONFIG_PCIE_XILINX=y + +# +# DesignWare PCI Core Support +# +CONFIG_PCIE_DW=y +CONFIG_PCIE_DW_HOST=y +CONFIG_PCIE_DW_PLAT=y +CONFIG_PCIE_DW_PLAT_HOST=y +CONFIG_PCI_MESON=y + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set + +# +# PC-card bridges +# +# CONFIG_RAPIDIO is not set # # Generic Driver Options @@ -1210,7 +1207,6 @@ CONFIG_SYS_HYPERVISOR=y CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y -CONFIG_REGMAP_SPMI=m CONFIG_REGMAP_MMIO=y CONFIG_REGMAP_IRQ=y CONFIG_DMA_SHARED_BUFFER=y @@ -1267,10 +1263,12 @@ CONFIG_BLK_DEV_NVME=y CONFIG_NVME_MULTIPATH=y CONFIG_NVME_FABRICS=m CONFIG_NVME_FC=m +CONFIG_NVME_TCP=m CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m +CONFIG_NVME_TARGET_TCP=m # # Misc devices @@ -1351,6 +1349,7 @@ CONFIG_ALTERA_STAPL=m # VOP Driver # # CONFIG_ECHO is not set +CONFIG_MISC_ALCOR_PCI=m # CONFIG_MISC_RTSX_PCI is not set CONFIG_MISC_RTSX_USB=m @@ -1362,7 +1361,6 @@ CONFIG_RAID_ATTRS=m CONFIG_SCSI=y CONFIG_SCSI_DMA=y CONFIG_SCSI_NETLINK=y -# CONFIG_SCSI_MQ_DEFAULT is not set CONFIG_SCSI_PROC_FS=y # @@ -1433,6 +1431,7 @@ CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFSHCD_PCI=m CONFIG_SCSI_UFS_DWC_TC_PCI=m CONFIG_SCSI_UFSHCD_PLATFORM=m +CONFIG_SCSI_UFS_CDNS_PLATFORM=m CONFIG_SCSI_UFS_DWC_TC_PLATFORM=m # CONFIG_SCSI_UFS_BSG is not set CONFIG_SCSI_HPTIOP=m @@ -1680,7 +1679,8 @@ CONFIG_NET_DSA_BCM_SF2=m CONFIG_NET_DSA_LOOP=m CONFIG_NET_DSA_LANTIQ_GSWIP=m CONFIG_NET_DSA_MT7530=m -# CONFIG_MICROCHIP_KSZ is not set +CONFIG_NET_DSA_MICROCHIP_KSZ_COMMON=m +CONFIG_NET_DSA_MICROCHIP_KSZ9477=m CONFIG_NET_DSA_MV88E6XXX=y CONFIG_NET_DSA_MV88E6XXX_GLOBAL2=y CONFIG_NET_DSA_MV88E6XXX_PTP=y @@ -2032,6 +2032,7 @@ CONFIG_USB_IPHETH=m CONFIG_USB_SIERRA_NET=m CONFIG_USB_VL600=m CONFIG_USB_NET_CH9200=m +CONFIG_USB_NET_AQC111=m CONFIG_WLAN=y # CONFIG_WIRELESS_WDS is not set CONFIG_WLAN_VENDOR_ADMTEK=y @@ -2270,9 +2271,10 @@ CONFIG_ZD1211RW=m # CONFIG_ZD1211RW_DEBUG is not set CONFIG_WLAN_VENDOR_QUANTENNA=y CONFIG_QTNFMAC=m -CONFIG_QTNFMAC_PEARL_PCIE=m +CONFIG_QTNFMAC_PCIE=m CONFIG_MAC80211_HWSIM=m CONFIG_USB_NET_RNDIS_WLAN=m +CONFIG_VIRT_WIFI=m # # Enable WiMAX (Networking options) to see the WiMAX drivers @@ -2408,6 +2410,7 @@ CONFIG_SERIO_ALTERA_PS2=m # CONFIG_SERIO_PS2MULT is not set CONFIG_SERIO_ARC_PS2=m CONFIG_SERIO_APBPS2=m +CONFIG_SERIO_OLPC_APSP=m # CONFIG_SERIO_GPIO_PS2 is not set # CONFIG_USERIO is not set # CONFIG_GAMEPORT is not set @@ -2575,6 +2578,9 @@ CONFIG_I2C_SLAVE=y # CONFIG_I2C_DEBUG_CORE is not set # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set +CONFIG_I3C=m +CONFIG_CDNS_I3C_MASTER=m +CONFIG_DW_I3C_MASTER=m # CONFIG_SPI is not set CONFIG_SPMI=m CONFIG_HSI=m @@ -2621,6 +2627,7 @@ CONFIG_PINCTRL_AXP209=m # CONFIG_PINCTRL_SX150X is not set CONFIG_PINCTRL_MAX77620=m CONFIG_PINCTRL_RK805=m +# CONFIG_PINCTRL_OCELOT is not set CONFIG_GPIOLIB=y CONFIG_GPIOLIB_FASTPATH_LIMIT=512 CONFIG_OF_GPIO=y @@ -2634,12 +2641,14 @@ CONFIG_GPIO_GENERIC=y # CONFIG_GPIO_74XX_MMIO=m CONFIG_GPIO_ALTERA=m +CONFIG_GPIO_CADENCE=m CONFIG_GPIO_EXAR=m # CONFIG_GPIO_FTGPIO010 is not set CONFIG_GPIO_GENERIC_PLATFORM=y # CONFIG_GPIO_HLWD is not set CONFIG_GPIO_MB86S7X=m CONFIG_GPIO_MOCKUP=m +CONFIG_GPIO_SAMA5D2_PIOBU=m CONFIG_GPIO_SYSCON=m # @@ -2833,6 +2842,8 @@ CONFIG_SENSORS_NCT6775=m CONFIG_SENSORS_NCT7802=m CONFIG_SENSORS_NCT7904=m CONFIG_SENSORS_NPCM7XX=m +CONFIG_SENSORS_OCC_P8_I2C=m +CONFIG_SENSORS_OCC=y CONFIG_SENSORS_PCF8591=m CONFIG_PMBUS=m CONFIG_SENSORS_PMBUS=m @@ -2927,9 +2938,12 @@ CONFIG_QORIQ_THERMAL=m CONFIG_DA9062_THERMAL=m # +# Intel thermal drivers +# + +# # ACPI INT340X thermal drivers # -CONFIG_QCOM_SPMI_TEMP_ALARM=m CONFIG_GENERIC_ADC_THERMAL=m CONFIG_WATCHDOG=y CONFIG_WATCHDOG_CORE=y @@ -3010,7 +3024,6 @@ CONFIG_MFD_AS3711=y CONFIG_MFD_AS3722=y CONFIG_PMIC_ADP5520=y CONFIG_MFD_AAT2870_CORE=y -# CONFIG_MFD_AT91_USART is not set CONFIG_MFD_ATMEL_FLEXCOM=m CONFIG_MFD_BCM590XX=m CONFIG_MFD_BD9571MWV=m @@ -3148,6 +3161,7 @@ CONFIG_REGULATOR_MAX8998=m CONFIG_REGULATOR_MAX77686=m CONFIG_REGULATOR_MAX77693=m CONFIG_REGULATOR_MAX77802=m +CONFIG_REGULATOR_MCP16502=m CONFIG_REGULATOR_MT6311=m CONFIG_REGULATOR_MT6323=m CONFIG_REGULATOR_MT6397=m @@ -3215,6 +3229,7 @@ CONFIG_IR_GPIO_CIR=m CONFIG_IR_SERIAL=m CONFIG_IR_SERIAL_TRANSMITTER=y CONFIG_IR_SIR=m +CONFIG_RC_XBOX_DVD=m CONFIG_MEDIA_SUPPORT=y # @@ -3234,7 +3249,6 @@ CONFIG_VIDEO_V4L2_SUBDEV_API=y CONFIG_VIDEO_V4L2=y # CONFIG_VIDEO_ADV_DEBUG is not set # CONFIG_VIDEO_FIXED_MINOR_RANGES is not set -# CONFIG_VIDEO_PCI_SKELETON is not set CONFIG_VIDEO_TUNER=m CONFIG_V4L2_MEM2MEM_DEV=m CONFIG_V4L2_FLASH_LED_CLASS=m @@ -3446,6 +3460,7 @@ CONFIG_DVB_SMIPCIE=m CONFIG_V4L_PLATFORM_DRIVERS=y # CONFIG_VIDEO_CAFE_CCIC is not set # CONFIG_VIDEO_CADENCE is not set +# CONFIG_VIDEO_ASPEED is not set # CONFIG_VIDEO_MUX is not set CONFIG_SOC_CAMERA=m CONFIG_SOC_CAMERA_PLATFORM=m @@ -3651,6 +3666,7 @@ CONFIG_DVB_TDA10048=m CONFIG_DVB_AF9013=m CONFIG_DVB_EC100=m CONFIG_DVB_CXD2820R=m +CONFIG_DVB_CXD2841ER=m CONFIG_DVB_RTL2830=m CONFIG_DVB_RTL2832=m CONFIG_DVB_RTL2832_SDR=m @@ -3803,16 +3819,19 @@ CONFIG_DRM_PANEL_SIMPLE=m # CONFIG_DRM_PANEL_ILITEK_ILI9881C is not set CONFIG_DRM_PANEL_INNOLUX_P079ZCA=m CONFIG_DRM_PANEL_JDI_LT070ME05000=m +CONFIG_DRM_PANEL_OLIMEX_LCD_OLINUXINO=m # CONFIG_DRM_PANEL_ORISETECH_OTM8009A is not set CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00=m # CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN is not set # CONFIG_DRM_PANEL_RAYDIUM_RM68200 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6D16D0 is not set CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2=m # CONFIG_DRM_PANEL_SAMSUNG_S6E63J0X03 is not set CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m # CONFIG_DRM_PANEL_SEIKO_43WVF1G is not set CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m CONFIG_DRM_PANEL_SHARP_LS043T1LE01=m +# CONFIG_DRM_PANEL_TRULY_NT35597_WQXGA is not set CONFIG_DRM_BRIDGE=y CONFIG_DRM_PANEL_BRIDGE=y @@ -3863,7 +3882,6 @@ CONFIG_FB_SYS_IMAGEBLIT=m # CONFIG_FB_FOREIGN_ENDIAN is not set CONFIG_FB_SYS_FOPS=m CONFIG_FB_DEFERRED_IO=y -CONFIG_FB_BACKLIGHT=y # CONFIG_FB_MODE_HELPERS is not set CONFIG_FB_TILEBLITTING=y @@ -4458,9 +4476,9 @@ CONFIG_TYPEC_TPS6598X=m # USB Type-C Alternate Mode drivers # CONFIG_TYPEC_DP_ALTMODE=m +CONFIG_USB_ROLE_SWITCH=m CONFIG_USB_LED_TRIG=y CONFIG_USB_ULPI_BUS=m -CONFIG_USB_ROLE_SWITCH=m # CONFIG_UWB is not set CONFIG_MMC=y CONFIG_PWRSEQ_EMMC=y @@ -4483,6 +4501,7 @@ CONFIG_MMC_SDHCI_OF_AT91=m CONFIG_MMC_SDHCI_OF_DWCMSHC=m CONFIG_MMC_SDHCI_CADENCE=m CONFIG_MMC_SDHCI_F_SDH30=m +CONFIG_MMC_ALCOR=m CONFIG_MMC_TIFM_SD=m CONFIG_MMC_CB710=m CONFIG_MMC_VIA_SDMMC=m @@ -4495,6 +4514,7 @@ CONFIG_MMC_TOSHIBA_PCI=m CONFIG_MMC_MTK=m CONFIG_MMC_SDHCI_XENON=m CONFIG_MMC_SDHCI_OMAP=m +CONFIG_MMC_SDHCI_AM654=m # CONFIG_MEMSTICK is not set CONFIG_NEW_LEDS=y CONFIG_LEDS_CLASS=y @@ -4579,6 +4599,7 @@ CONFIG_LEDS_TRIGGER_CAMERA=m CONFIG_LEDS_TRIGGER_PANIC=y CONFIG_LEDS_TRIGGER_NETDEV=m CONFIG_LEDS_TRIGGER_PATTERN=m +CONFIG_LEDS_TRIGGER_AUDIO=m # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set CONFIG_EDAC_SUPPORT=y @@ -4779,6 +4800,7 @@ CONFIG_XEN_PVCALLS_FRONTEND=m # CONFIG_XEN_PVCALLS_BACKEND is not set CONFIG_XEN_PRIVCMD=m CONFIG_XEN_AUTO_XLATE=y +CONFIG_XEN_FRONT_PGDIR_SHBUF=m # CONFIG_STAGING is not set # CONFIG_CHROME_PLATFORMS is not set CONFIG_CLKDEV_LOOKUP=y @@ -4802,6 +4824,7 @@ CONFIG_COMMON_CLK_S2MPS11=m CONFIG_CLK_TWL6040=m CONFIG_COMMON_CLK_PALMAS=m CONFIG_COMMON_CLK_VC5=m +CONFIG_COMMON_CLK_BD718XX=m CONFIG_HWSPINLOCK=y # @@ -4896,6 +4919,7 @@ CONFIG_EXTCON_USB_GPIO=m CONFIG_MEMORY=y CONFIG_IIO=m # CONFIG_IIO_BUFFER is not set +CONFIG_IIO_TRIGGERED_BUFFER=m # CONFIG_IIO_CONFIGFS is not set # CONFIG_IIO_TRIGGER is not set # CONFIG_IIO_SW_DEVICE is not set @@ -5104,6 +5128,7 @@ CONFIG_HID_SENSOR_IIO_COMMON=m # CONFIG_TSL4531 is not set # CONFIG_US5182D is not set # CONFIG_VCNL4000 is not set +# CONFIG_VCNL4035 is not set # CONFIG_VEML6070 is not set # CONFIG_VL6180 is not set # CONFIG_ZOPT2201 is not set @@ -5120,6 +5145,7 @@ CONFIG_HID_SENSOR_IIO_COMMON=m # CONFIG_MMC35240 is not set # CONFIG_IIO_ST_MAGN_3AXIS is not set # CONFIG_SENSORS_HMC5843_I2C is not set +# CONFIG_SENSORS_RM3100_I2C is not set # # Multiplexers @@ -5210,6 +5236,8 @@ CONFIG_RESET_TI_SYSCON=m CONFIG_GENERIC_PHY=y CONFIG_BCM_KONA_USB2_PHY=m CONFIG_PHY_CADENCE_DP=m +CONFIG_PHY_CADENCE_SIERRA=m +CONFIG_PHY_FSL_IMX8MQ_USB=m CONFIG_PHY_PXA_28NM_HSIC=m CONFIG_PHY_PXA_28NM_USB2=m CONFIG_PHY_CPCAP_USB=m @@ -5610,6 +5638,8 @@ CONFIG_CRYPTO_OFB=y # CONFIG_CRYPTO_PCBC is not set CONFIG_CRYPTO_XTS=y CONFIG_CRYPTO_KEYWRAP=m +CONFIG_CRYPTO_NHPOLY1305=m +CONFIG_CRYPTO_ADIANTUM=m # # Hash modes @@ -5638,7 +5668,8 @@ CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_SHA3=m -# CONFIG_CRYPTO_SM3 is not set +CONFIG_CRYPTO_SM3=m +CONFIG_CRYPTO_STREEBOG=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m @@ -5662,7 +5693,7 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_CHACHA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m -# CONFIG_CRYPTO_SM4 is not set +CONFIG_CRYPTO_SM4=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m @@ -5720,6 +5751,7 @@ CONFIG_BINARY_PRINTF=y # Library routines # CONFIG_RAID6_PQ=m +CONFIG_RAID6_PQ_BENCHMARK=y CONFIG_BITREVERSE=y CONFIG_RATIONAL=y CONFIG_GENERIC_STRNCPY_FROM_USER=y @@ -5784,7 +5816,6 @@ CONFIG_HAS_DMA=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y -CONFIG_DMA_DIRECT_OPS=y CONFIG_SWIOTLB=y CONFIG_SGL_ALLOC=y CONFIG_CHECK_SIGNATURE=y @@ -5806,10 +5837,10 @@ CONFIG_FONT_SUPPORT=y CONFIG_FONT_8x8=y CONFIG_FONT_8x16=y CONFIG_SG_POOL=y -CONFIG_ARCH_HAS_SG_CHAIN=y CONFIG_SBITMAP=y CONFIG_PARMAN=m # CONFIG_STRING_SELFTEST is not set +CONFIG_OBJAGG=m # # Kernel hacking @@ -5864,6 +5895,8 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y # CONFIG_DEBUG_VIRTUAL is not set CONFIG_DEBUG_MEMORY_INIT=y # CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_KASAN_STACK=1 CONFIG_ARCH_HAS_KCOV=y CONFIG_CC_HAS_SANCOV_TRACE_PC=y # CONFIG_KCOV is not set @@ -5950,6 +5983,7 @@ CONFIG_STACK_TRACER=y CONFIG_BLK_DEV_IO_TRACE=y CONFIG_UPROBE_EVENTS=y CONFIG_BPF_EVENTS=y +CONFIG_DYNAMIC_EVENTS=y CONFIG_PROBE_EVENTS=y CONFIG_DYNAMIC_FTRACE=y CONFIG_FUNCTION_PROFILER=y @@ -5995,6 +6029,7 @@ CONFIG_RBTREE_TEST=m # CONFIG_TEST_STATIC_KEYS is not set # CONFIG_TEST_KMOD is not set # CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_OBJAGG is not set # CONFIG_MEMTEST is not set # CONFIG_BUG_ON_DATA_CORRUPTION is not set # CONFIG_SAMPLES is not set diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic index 8848a3a..2147e2b 100644 --- a/kernel/config-x86-generic +++ b/kernel/config-x86-generic @@ -14,7 +14,6 @@ CONFIG_KERNEL_XZ=y # IRQ subsystem # CONFIG_GENERIC_PENDING_IRQ=y -CONFIG_GENERIC_IRQ_MIGRATION=y CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y CONFIG_GENERIC_IRQ_RESERVATION_MODE=y CONFIG_CLOCKSOURCE_WATCHDOG=y @@ -74,7 +73,7 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_X2APIC=y CONFIG_X86_MPPARSE=y CONFIG_RETPOLINE=y -# CONFIG_INTEL_RDT is not set +# CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_INTEL_LPSS=y # CONFIG_X86_AMD_PLATFORM_DEVICE is not set @@ -96,6 +95,7 @@ CONFIG_XEN_SAVE_RESTORE=y # CONFIG_XEN_DEBUG_FS is not set # CONFIG_XEN_PVH is not set CONFIG_KVM_GUEST=y +# CONFIG_PVH is not set # CONFIG_KVM_DEBUG_FS is not set CONFIG_PARAVIRT_CLOCK=y # CONFIG_JAILHOUSE_GUEST is not set @@ -306,48 +306,9 @@ CONFIG_PCI_MMCONFIG=y CONFIG_PCI_XEN=y CONFIG_MMCONF_FAM10H=y # CONFIG_PCI_CNB20LE_QUIRK is not set -CONFIG_PCIEAER_INJECT=m -CONFIG_PCIE_ECRC=y -# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set -CONFIG_PCI_STUB=y -CONFIG_PCI_PF_STUB=m -CONFIG_XEN_PCIDEV_FRONTEND=m -CONFIG_PCI_ATS=y -CONFIG_PCI_LOCKLESS_CONFIG=y -CONFIG_PCI_IOV=y -CONFIG_PCI_PRI=y -CONFIG_PCI_PASID=y -CONFIG_PCI_LABEL=y -CONFIG_PCI_HYPERV=m -CONFIG_HOTPLUG_PCI_ACPI=y -CONFIG_HOTPLUG_PCI_ACPI_IBM=m - -# -# Cadence PCIe controllers support -# -CONFIG_PCI_FTPCI100=y -CONFIG_VMD=m - -# -# PCI switch controller drivers -# # CONFIG_ISA_BUS is not set CONFIG_ISA_DMA_API=y CONFIG_AMD_NB=y -CONFIG_PCCARD=m -# CONFIG_PCMCIA is not set -CONFIG_CARDBUS=y - -# -# PC-card bridges -# -CONFIG_YENTA=m -CONFIG_YENTA_O2=y -CONFIG_YENTA_RICOH=y -CONFIG_YENTA_TI=y -CONFIG_YENTA_ENE_TUNE=y -CONFIG_YENTA_TOSHIBA=y -# CONFIG_RAPIDIO is not set # CONFIG_X86_SYSFB is not set # @@ -500,6 +461,49 @@ CONFIG_HYPERV_VSOCKETS=m CONFIG_RFKILL_GPIO=m # +# Device Drivers +# +# CONFIG_EISA is not set +CONFIG_PCIEAER_INJECT=m +CONFIG_PCIE_ECRC=y +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +CONFIG_PCI_STUB=y +CONFIG_PCI_PF_STUB=m +CONFIG_XEN_PCIDEV_FRONTEND=m +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +CONFIG_PCI_IOV=y +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +CONFIG_PCI_LABEL=y +CONFIG_PCI_HYPERV=m +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_HOTPLUG_PCI_ACPI_IBM=m + +# +# Cadence PCIe controllers support +# +CONFIG_PCI_FTPCI100=y +CONFIG_VMD=m + +# +# PCI switch controller drivers +# +CONFIG_PCCARD=m +# CONFIG_PCMCIA is not set +CONFIG_CARDBUS=y + +# +# PC-card bridges +# +CONFIG_YENTA=m +CONFIG_YENTA_O2=y +CONFIG_YENTA_RICOH=y +CONFIG_YENTA_TI=y +CONFIG_YENTA_ENE_TUNE=y +CONFIG_YENTA_TOSHIBA=y + +# # Firmware loader # # CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set @@ -534,6 +538,7 @@ CONFIG_SGI_IOC4=m CONFIG_HP_ILO=m CONFIG_VMWARE_BALLOON=m # CONFIG_SRAM is not set +CONFIG_PVPANIC=m # # Texas Instruments shared transport line discipline @@ -890,6 +895,10 @@ CONFIG_SENSORS_XGENE=m # CONFIG_SENSORS_ACPI_POWER=m CONFIG_SENSORS_ATK0110=m + +# +# Intel thermal drivers +# CONFIG_INTEL_POWERCLAMP=m CONFIG_X86_PKG_TEMP_THERMAL=m CONFIG_INTEL_SOC_DTS_IOSF_CORE=m @@ -933,6 +942,7 @@ CONFIG_NV_TCO=m # CONFIG_CPU5_WDT is not set CONFIG_SMSC_SCH311X_WDT=m # CONFIG_SMSC37B787_WDT is not set +CONFIG_TQMX86_WDT=m CONFIG_VIA_WDT=m CONFIG_W83627HF_WDT=m CONFIG_W83877F_WDT=m @@ -1101,7 +1111,6 @@ CONFIG_DVB_CX22700=m CONFIG_DVB_L64781=m CONFIG_DVB_TDA1004X=m CONFIG_DVB_STV0367=m -CONFIG_DVB_CXD2841ER=m # # DVB-C (cable) frontends @@ -1436,7 +1445,6 @@ CONFIG_SAMSUNG_Q10=m # CONFIG_APPLE_GMUX is not set # CONFIG_INTEL_RST is not set CONFIG_INTEL_SMARTCONNECT=m -CONFIG_PVPANIC=m CONFIG_INTEL_PMC_IPC=m CONFIG_INTEL_BXTWC_PMIC_TMU=m # CONFIG_SURFACE_PRO3_BUTTON is not set @@ -1448,6 +1456,7 @@ CONFIG_INTEL_TURBO_MAX_3=y CONFIG_INTEL_CHTDC_TI_PWRBTN=m # CONFIG_I2C_MULTI_INSTANTIATE is not set CONFIG_INTEL_ATOMISP2_PM=m +CONFIG_HUAWEI_WMI=m CONFIG_PMC_ATOM=y # CONFIG_MELLANOX_PLATFORM is not set @@ -1576,6 +1585,12 @@ CONFIG_CRYPTO_GLUE_HELPER_X86=m # CONFIG_CRYPTO_MORUS1280_AVX2 is not set # +# Block modes +# +CONFIG_CRYPTO_NHPOLY1305_SSE2=m +CONFIG_CRYPTO_NHPOLY1305_AVX2=m + +# # Digest # CONFIG_CRYPTO_CRC32C_INTEL=m diff --git a/kernel/kernel.nm b/kernel/kernel.nm index 3210539..193cf57 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,8 +4,8 @@ ############################################################################### name = kernel -version = 4.20 -release = 15 +version = 5.0 +release = 1 thisapp = linux-%{version} maintainer = Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org> @@ -25,7 +25,7 @@ end localversion = %{release}.%{DISTRO_DISTTAG}.%{DISTRO_ARCH} fullver = %{version}-%{localversion} -source_dl = http://www.kernel.org/pub/linux/kernel/v4.x/ +source_dl = http://www.kernel.org/pub/linux/kernel/v5.x/ sources = %{thisapp}.tar.xz build -- 2.6.3

1 0

PAE-Kernel for Core 132 missing...
by Matthias Fischer 13 Jun '19

13 Jun '19

Hi, it seems, I'm the only one running 32bit? Because today I found by chance that after updating to Core 132, I'm running an SMP kernel. Again... ;-) root@ipfire: /boot # ls -l total 44816 -rw-r--r-- 1 root root 162972 May 3 04:27 config-4.14.113-ipfire-pae -rw-r--r-- 1 root root 163354 May 23 08:02 config-4.14.121-ipfire drwxr-xr-x 5 root root 4096 Jun 9 08:54 grub -rw-r--r-- 1 root root 15165872 Jun 9 08:55 initramfs-4.14.113-ipfire-pae.img -rw-r--r-- 1 root root 15049772 May 23 08:04 initramfs-4.14.121-ipfire.img drwx------ 2 root root 16384 Mar 9 2016 lost+found -rw-r--r-- 1 root root 2732812 May 3 04:27 System.map-4.14.113-ipfire-pae -rw-r--r-- 1 root root 2688754 May 23 08:02 System.map-4.14.121-ipfire -rw-r--r-- 1 root root 4971328 May 3 04:27 vmlinuz-4.14.113-ipfire-pae -rw-r--r-- 1 root root 4922912 May 23 08:02 vmlinuz-4.14.121-ipfire ***SNAP*** Could someone please take a look? Best, Matthias

3 4

[PATCH] tor: Fix tor permissions if presant via update.sh
by Erik Kapfer 12 Jun '19

12 Jun '19

Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> --- config/rootfiles/core/133/update.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh index a05ad0741..3ecb5651b 100644 --- a/config/rootfiles/core/133/update.sh +++ b/config/rootfiles/core/133/update.sh @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi /etc/init.d/squid start /etc/init.d/collectd restart +# Set new permissions for tor +if [ -d "/var/lib/tor" ]; then + chown -R tor:tor /var/lib/tor +fi + # Finish /etc/init.d/fireinfo start sendprofile -- 2.12.2

5 8

[PATCH] wpa_supplicant: Update to 2.8
by Matthias Fischer 11 Jun '19

11 Jun '19

For details see: https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/wpa_supplicant | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant index 887ec6bd5..ad7b45fea 100644 --- a/lfs/wpa_supplicant +++ b/lfs/wpa_supplicant @@ -24,7 +24,7 @@ include Config -VER = 2.7 +VER = 2.8 THISAPP = wpa_supplicant-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a68538fb62766f40f890125026c42c10 +$(DL_FILE)_MD5 = 0af5998c5d924e985cab16b9a1c77904 install : $(TARGET) -- 2.18.0

1 0

[PATCH] OpenVPN: mark CBC ciphers as weak in WebUI
by Peter Müller 11 Jun '19

11 Jun '19

CBC a vulnerable to a bunch of vulnerabilities (MAC-then-encrypt, Padding Oracle, ...) which were considered to be an academic threat. However, research such as https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodl… indicates these issues are more serious. Thereof, this patch marks remaining CBC ciphers (AES-CBC, SEED-CBC and CAMELLIA-CBC) as "weak"; they should be avoided in future. It does not change the default, which is AES-256-CBC for compatibility reasons. Whether this can be changed or not needs to be discussed. Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> Cc: Erik Kapfer <ummeegge(a)ipfire.org> --- html/cgi-bin/ovpnmain.cgi | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 439390228..ae1fe8e77 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -4516,7 +4516,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $selected{'DCIPHER'}{'CAST5-CBC'} = ''; $selected{'DCIPHER'}{'BF-CBC'} = ''; $selected{'DCIPHER'}{'DES-CBC'} = ''; - # If no cipher has been chossen yet, select + # If no cipher has been chosen yet, select # the old default (AES-256-CBC) for compatiblity reasons. if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'AES-256-CBC'; @@ -4668,13 +4668,13 @@ if ($cgiparams{'TYPE'} eq 'net') { <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option> <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option> <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option> - <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> - <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> - <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> - <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option> - <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option> - <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option> - <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option> + <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> + <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> + <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'}, $Lang::tr{'vpn weak'})</option> + <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> + <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> + <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option> @@ -5052,7 +5052,7 @@ END } } -#default setzen +# set default values if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'AES-256-CBC'; } -- 2.16.4

3 5

[PATCH] OpenSSL: lower priority for CBC ciphers in default cipherlist
by Peter Müller 11 Jun '19

11 Jun '19

In order to avoid CBC ciphers as often as possible (they contain some known vulnerabilities), this changes the OpenSSL default ciphersuite to: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 Since TLS servers usually override the clients' preference with their own, this will neither break existing setups nor introduce huge differences in the wild. Unfortunately, CBC ciphers cannot be disabled at all, as they are still used by popular web sites. TLS 1.3 ciphers will be added implicitly and can be omitted in the ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing AES-NI support for the majority of installations reporting to Fireinfo (see https://fireinfo.ipfire.org/processors for details, AES-NI support is 28.22% at the time of writing). Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- lfs/openssl | 2 +- ...t-cipherlist.patch => openssl-1.1.1c-default-cipherlist.patch} | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) rename src/patches/{openssl-1.1.1a-default-cipherlist.patch => openssl-1.1.1c-default-cipherlist.patch} (66%) diff --git a/lfs/openssl b/lfs/openssl index 9f9e7a684..47bd4aff0 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -117,7 +117,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1a-default-cipherlist.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1c-default-cipherlist.patch # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ diff --git a/src/patches/openssl-1.1.1a-default-cipherlist.patch b/src/patches/openssl-1.1.1c-default-cipherlist.patch similarity index 66% rename from src/patches/openssl-1.1.1a-default-cipherlist.patch rename to src/patches/openssl-1.1.1c-default-cipherlist.patch index dfe156bf5..72f6ce3b1 100644 --- a/src/patches/openssl-1.1.1a-default-cipherlist.patch +++ b/src/patches/openssl-1.1.1c-default-cipherlist.patch @@ -1,11 +1,12 @@ ---- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200 -+++ openssl-1.1.1/include/openssl/ssl.h 2018-11-05 16:55:03.935513159 +0100 +diff -Naur openssl-1.1.1c.orig/include/openssl/ssl.h openssl-1.1.1c/include/openssl/ssl.h +--- openssl-1.1.1c.orig/include/openssl/ssl.h 2019-06-10 20:41:21.209140012 +0200 ++++ openssl-1.1.1c/include/openssl/ssl.h 2019-06-10 20:42:26.733973129 +0200 @@ -170,11 +170,11 @@ * an application-defined cipher list string starts with 'DEFAULT'. * This applies to ciphersuites for TLSv1.2 and below. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" -+# define SSL_DEFAULT_CIPHER_LIST "TLSv1.3:CHACHA20:HIGH:+DH:+aRSA:+SHA:+kRSA:!aNULL:!eNULL:!SRP:!PSK:!DSS:!AESCCM" ++# define SSL_DEFAULT_CIPHER_LIST "CHACHA20:HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS" /* This is the default set of TLSv1.3 ciphersuites */ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ @@ -15,4 +16,3 @@ "TLS_AES_128_GCM_SHA256" # else # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ - -- 2.16.4

2 3

[PATCH] vulnerabilities.cgi: Use orange instead of blue for mitigated issues
by Peter Müller 11 Jun '19

11 Jun '19

A mitigated (CPU) vulnerability is still present and might be just harder to exploit. Using blue as colour for them does not illustrate their dangerousness - orange is a better choice as far as I am concerned. Scaring people away from Intel processors will be a completely unintended side effect. :-) Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- html/cgi-bin/vulnerabilities.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi index a8746c30c..21d963618 100644 --- a/html/cgi-bin/vulnerabilities.cgi +++ b/html/cgi-bin/vulnerabilities.cgi @@ -129,7 +129,7 @@ for my $vuln (sort keys %VULNERABILITIES) { } elsif ($status eq "Mitigation") { $status_message = $Lang::tr{'mitigated'}; $colour = "white"; - $bgcolour = ${Header::colourblue}; + $bgcolour = ${Header::colourorange}; # Unknown report from kernel } else { -- 2.16.4

2 1

[PATCH] ship language files in Core Update 133
by Peter Müller 10 Jun '19

10 Jun '19

These were missing in Core Update 132, and some strings (especially on the "CPU vulnerabilities" page) missed translations. Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- config/rootfiles/core/133/filelists/files | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/133/filelists/files b/config/rootfiles/core/133/filelists/files index 7998df231..212211dd7 100644 --- a/config/rootfiles/core/133/filelists/files +++ b/config/rootfiles/core/133/filelists/files @@ -11,3 +11,4 @@ usr/local/bin/update-ids-ruleset usr/sbin/convert-ids-modifysids-file usr/sbin/convert-snort var/ipfire/ids-functions.pl +var/ipfire/langs -- 2.16.4

3 3

suricata: error in 'convert-ids-modifysids-file' -
by Matthias Fischer 10 Jun '19

10 Jun '19

Hi, being curious I tested the latest changes for 'suricata' from current 'next' and ran into the following error: ***SNIP*** root@ipfire: /usr # /usr/sbin/convert-ids-modifysids-file Global symbol "%idssettings" requires explicit package name at /usr/sbin/convert-ids-modifysids-file line 57. Execution of /usr/sbin/convert-ids-modifysids-file aborted due to compilation errors. ***SNAP*** Adding "my %idssettings=();" in line 27 seemed to fix this. Could someone please check and confirm? Best, Matthias

3 3

[PATCH] hostapd: Update to 2.8
by Matthias Fischer 10 Jun '19

10 Jun '19

For details see: https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- lfs/hostapd | 10 ++-- ...hostapd-2.8-increase_EAPOL-timeouts.patch} | 8 +-- ...-noscan.patch => hostapd-2.8-noscan.patch} | 50 +++++++++---------- 3 files changed, 34 insertions(+), 34 deletions(-) rename src/patches/hostapd/{hostapd-2.7-increase_EAPOL-timeouts.patch => hostapd-2.8-increase_EAPOL-timeouts.patch} (77%) rename src/patches/hostapd/{hostapd-2.7-noscan.patch => hostapd-2.8-noscan.patch} (64%) diff --git a/lfs/hostapd b/lfs/hostapd index ce399df75..9dabc3b5b 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -24,7 +24,7 @@ include Config -VER = 2.7 +VER = 2.8 THISAPP = hostapd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 47 +PAK_VER = 48 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 8d3799f3a3c247cff47d41503698721b +$(DL_FILE)_MD5 = ed2c254e5f400838cb9d8e7b6e43b86c install : $(TARGET) @@ -78,8 +78,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.7-increase_EAPOL-timeouts.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.7-noscan.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.8-increase_EAPOL-timeouts.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.8-noscan.patch cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr@g" -i Makefile diff --git a/src/patches/hostapd/hostapd-2.7-increase_EAPOL-timeouts.patch b/src/patches/hostapd/hostapd-2.8-increase_EAPOL-timeouts.patch similarity index 77% rename from src/patches/hostapd/hostapd-2.7-increase_EAPOL-timeouts.patch rename to src/patches/hostapd/hostapd-2.8-increase_EAPOL-timeouts.patch index 285b54c61..4be4cd526 100644 --- a/src/patches/hostapd/hostapd-2.7-increase_EAPOL-timeouts.patch +++ b/src/patches/hostapd/hostapd-2.8-increase_EAPOL-timeouts.patch @@ -1,7 +1,7 @@ -diff U3 a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c ---- a/src/ap/wpa_auth.c Sun Dec 2 20:34:59 2018 -+++ b/src/ap/wpa_auth.c Mon Mar 4 15:47:26 2019 -@@ -63,9 +63,9 @@ +diff U3 src/ap/wpa_auth.c src/ap/wpa_auth.c +--- a/src/ap/wpa_auth.c Sun Apr 21 09:10:22 2019 ++++ b/src/ap/wpa_auth.c Sun Jun 9 01:05:24 2019 +@@ -65,9 +65,9 @@ struct wpa_group *group); static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos); diff --git a/src/patches/hostapd/hostapd-2.7-noscan.patch b/src/patches/hostapd/hostapd-2.8-noscan.patch similarity index 64% rename from src/patches/hostapd/hostapd-2.7-noscan.patch rename to src/patches/hostapd/hostapd-2.8-noscan.patch index 31219c8c5..a323aab47 100644 --- a/src/patches/hostapd/hostapd-2.7-noscan.patch +++ b/src/patches/hostapd/hostapd-2.8-noscan.patch @@ -1,21 +1,9 @@ -diff U3 a/src/ap/ap_config.h b/src/ap/ap_config.h ---- a/src/ap/ap_config.h Sun Dec 2 20:34:59 2018 -+++ b/src/ap/ap_config.h Mon Mar 4 15:58:05 2019 -@@ -779,6 +779,8 @@ - - int ht_op_mode_fixed; - u16 ht_capab; -+ int noscan; -+ int no_ht_coex; - int ieee80211n; - int secondary_channel; - int no_pri_sec_switch; -diff U3 a/hostapd/config_file.c b/hostapd/config_file.c ---- a/hostapd/config_file.c Sun Dec 2 20:34:59 2018 -+++ b/hostapd/config_file.c Mon Mar 4 15:56:51 2019 -@@ -3317,6 +3317,10 @@ - } - #endif /* CONFIG_IEEE80211W */ +diff U3 hostapd/config_file.c hostapd/config_file.c +--- a/hostapd/config_file.c Sun Apr 21 09:10:22 2019 ++++ b/hostapd/config_file.c Sun Jun 9 01:08:21 2019 +@@ -3390,6 +3390,10 @@ + bss->ieee80211w = 1; + #endif /* CONFIG_OCV */ #ifdef CONFIG_IEEE80211N + } else if (os_strcmp(buf, "noscan") == 0) { + conf->noscan = atoi(pos); @@ -24,10 +12,22 @@ diff U3 a/hostapd/config_file.c b/hostapd/config_file.c } else if (os_strcmp(buf, "ieee80211n") == 0) { conf->ieee80211n = atoi(pos); } else if (os_strcmp(buf, "ht_capab") == 0) { -diff U3 a/src/ap/hw_features.c b/src/ap/hw_features.c ---- a/src/ap/hw_features.c Sun Dec 2 20:34:59 2018 -+++ b/src/ap/hw_features.c Mon Mar 4 15:59:08 2019 -@@ -480,7 +480,8 @@ +diff U3 src/ap/ap_config.h src/ap/ap_config.h +--- a/src/ap/ap_config.h Sun Apr 21 09:10:22 2019 ++++ b/src/ap/ap_config.h Sun Jun 9 01:06:42 2019 +@@ -801,6 +801,8 @@ + + int ht_op_mode_fixed; + u16 ht_capab; ++ int noscan; ++ int no_ht_coex; + int ieee80211n; + int secondary_channel; + int no_pri_sec_switch; +diff U3 src/ap/hw_features.c src/ap/hw_features.c +--- a/src/ap/hw_features.c Sun Apr 21 09:10:22 2019 ++++ b/src/ap/hw_features.c Sun Jun 9 01:09:41 2019 +@@ -477,7 +477,8 @@ int ret; /* Check that HT40 is used and PRI / SEC switch is allowed */ @@ -37,9 +37,9 @@ diff U3 a/src/ap/hw_features.c b/src/ap/hw_features.c return 0; hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); -diff U3 a/src/ap/ieee802_11_ht.c b/src/ap/ieee802_11_ht.c ---- a/src/ap/ieee802_11_ht.c Sun Dec 2 20:34:59 2018 -+++ b/src/ap/ieee802_11_ht.c Mon Mar 4 16:02:13 2019 +diff U3 src/ap/ieee802_11_ht.c src/ap/ieee802_11_ht.c +--- a/src/ap/ieee802_11_ht.c Sun Apr 21 09:10:22 2019 ++++ b/src/ap/ieee802_11_ht.c Sun Jun 9 01:13:09 2019 @@ -252,6 +252,9 @@ return; } -- 2.18.0

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development June 2019