Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57 for the changelog of this version. Since it introduces architecture-dependent rootfile changes due to CPU side-channel mitigations, changes to ARM rootfiles have been omitted due to the lack of hardware.
Supposed hardening changes will be submitted separately.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/rootfiles/common/x86_64/linux | 9 +++++++-- lfs/linux | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 326bc6c6e..f81b5589d 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -6785,6 +6785,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/CC_HAS_INT128 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_KASAN_GENERIC #lib/modules/KVER-ipfire/build/include/config/CC_HAS_NO_PROFILE_FN_ATTR +#lib/modules/KVER-ipfire/build/include/config/CC_HAS_RETURN_THUNK #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SANCOV_TRACE_PC #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SANE_STACKPROTECTOR #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SLS @@ -6877,6 +6878,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/CPU_FREQ_GOV_SCHEDUTIL #lib/modules/KVER-ipfire/build/include/config/CPU_FREQ_GOV_USERSPACE #lib/modules/KVER-ipfire/build/include/config/CPU_FREQ_STAT +#lib/modules/KVER-ipfire/build/include/config/CPU_IBPB_ENTRY +#lib/modules/KVER-ipfire/build/include/config/CPU_IBRS_ENTRY #lib/modules/KVER-ipfire/build/include/config/CPU_IDLE #lib/modules/KVER-ipfire/build/include/config/CPU_IDLE_GOV_HALTPOLL #lib/modules/KVER-ipfire/build/include/config/CPU_IDLE_GOV_LADDER @@ -6889,6 +6892,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/CPU_SUP_HYGON #lib/modules/KVER-ipfire/build/include/config/CPU_SUP_INTEL #lib/modules/KVER-ipfire/build/include/config/CPU_SUP_ZHAOXIN +#lib/modules/KVER-ipfire/build/include/config/CPU_UNRET_ENTRY #lib/modules/KVER-ipfire/build/include/config/CRASH_DUMP #lib/modules/KVER-ipfire/build/include/config/CRC16 #lib/modules/KVER-ipfire/build/include/config/CRC32 @@ -9088,7 +9092,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/NFSD_V4_SECURITY_LABEL #lib/modules/KVER-ipfire/build/include/config/NFS_ACL_SUPPORT #lib/modules/KVER-ipfire/build/include/config/NFS_COMMON -#lib/modules/KVER-ipfire/build/include/config/NFS_DEBUG #lib/modules/KVER-ipfire/build/include/config/NFS_DISABLE_UDP_SUPPORT #lib/modules/KVER-ipfire/build/include/config/NFS_FS #lib/modules/KVER-ipfire/build/include/config/NFS_FSCACHE @@ -9586,6 +9589,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/RELOCATABLE #lib/modules/KVER-ipfire/build/include/config/RENESAS_PHY #lib/modules/KVER-ipfire/build/include/config/RESET_CONTROLLER +#lib/modules/KVER-ipfire/build/include/config/RETHUNK #lib/modules/KVER-ipfire/build/include/config/RETPOLINE #lib/modules/KVER-ipfire/build/include/config/RETU_WATCHDOG #lib/modules/KVER-ipfire/build/include/config/RFKILL @@ -10333,6 +10337,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/SPARSEMEM_VMEMMAP #lib/modules/KVER-ipfire/build/include/config/SPARSEMEM_VMEMMAP_ENABLE #lib/modules/KVER-ipfire/build/include/config/SPARSE_IRQ +#lib/modules/KVER-ipfire/build/include/config/SPECULATION_MITIGATIONS #lib/modules/KVER-ipfire/build/include/config/SPLIT_PTLOCK_CPUS #lib/modules/KVER-ipfire/build/include/config/SPMI #lib/modules/KVER-ipfire/build/include/config/SRCU @@ -10374,7 +10379,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/SUNGEM_PHY #lib/modules/KVER-ipfire/build/include/config/SUNRPC #lib/modules/KVER-ipfire/build/include/config/SUNRPC_BACKCHANNEL -#lib/modules/KVER-ipfire/build/include/config/SUNRPC_DEBUG #lib/modules/KVER-ipfire/build/include/config/SUNRPC_GSS #lib/modules/KVER-ipfire/build/include/config/SURFACE_HOTPLUG #lib/modules/KVER-ipfire/build/include/config/SURFACE_PLATFORMS @@ -13460,6 +13464,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/mmu_context.h #lib/modules/KVER-ipfire/build/include/linux/mmu_notifier.h #lib/modules/KVER-ipfire/build/include/linux/mmzone.h +#lib/modules/KVER-ipfire/build/include/linux/mnt_idmapping.h #lib/modules/KVER-ipfire/build/include/linux/mnt_namespace.h #lib/modules/KVER-ipfire/build/include/linux/mod_devicetable.h #lib/modules/KVER-ipfire/build/include/linux/mod_devicetable.h.orig diff --git a/lfs/linux b/lfs/linux index 384ed9d89..07e838933 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@
include Config
-VER = 5.15.49 +VER = 5.15.57 ARM_PATCHES = 5.15-ipfire5
THISAPP = linux-$(VER) @@ -78,7 +78,7 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_BLAKE2 = 0f78d980b2d6ec189865a85f3bf65e015365034f797ffda88077a77162d3bc30aec5f44a5257aa2aee0a97ee12e4c38b796bc8fddbe9f6ff6067b0c17ff0207e +$(DL_FILE)_BLAKE2 = 9adea6b8ee97ead38ecab39b1ef08b2ee1647eebbb2a8ccd2ba253eeebfd6435c83a03e83e186809473a982a373185874c0082aa0c56f5928d304c7df56dfb86 arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 58a70e757a9121a0aac83604a37aa787ec7ac0ee4970c5a3ac3bcb2dbaca32b00089cae6c0da5cf2fe0a2e156427b5165c6a86e0371a3e896f4c7cdd699c34a0
install : $(TARGET)
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 28 Jul 2022, at 14:24, Peter Müller peter.mueller@ipfire.org wrote:
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57 for the changelog of this version. Since it introduces architecture-dependent rootfile changes due to CPU side-channel mitigations, changes to ARM rootfiles have been omitted due to the lack of hardware.
Supposed hardening changes will be submitted separately.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/common/x86_64/linux | 9 +++++++-- lfs/linux | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 326bc6c6e..f81b5589d 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -6785,6 +6785,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/CC_HAS_INT128 #lib/modules/KVER-ipfire/build/include/config/CC_HAS_KASAN_GENERIC #lib/modules/KVER-ipfire/build/include/config/CC_HAS_NO_PROFILE_FN_ATTR +#lib/modules/KVER-ipfire/build/include/config/CC_HAS_RETURN_THUNK #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SANCOV_TRACE_PC #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SANE_STACKPROTECTOR #lib/modules/KVER-ipfire/build/include/config/CC_HAS_SLS @@ -6877,6 +6878,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/CPU_FREQ_GOV_SCHEDUTIL #lib/modules/KVER-ipfire/build/include/config/CPU_FREQ_GOV_USERSPACE #lib/modules/KVER-ipfire/build/include/config/CPU_FREQ_STAT +#lib/modules/KVER-ipfire/build/include/config/CPU_IBPB_ENTRY +#lib/modules/KVER-ipfire/build/include/config/CPU_IBRS_ENTRY #lib/modules/KVER-ipfire/build/include/config/CPU_IDLE #lib/modules/KVER-ipfire/build/include/config/CPU_IDLE_GOV_HALTPOLL #lib/modules/KVER-ipfire/build/include/config/CPU_IDLE_GOV_LADDER @@ -6889,6 +6892,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/CPU_SUP_HYGON #lib/modules/KVER-ipfire/build/include/config/CPU_SUP_INTEL #lib/modules/KVER-ipfire/build/include/config/CPU_SUP_ZHAOXIN +#lib/modules/KVER-ipfire/build/include/config/CPU_UNRET_ENTRY #lib/modules/KVER-ipfire/build/include/config/CRASH_DUMP #lib/modules/KVER-ipfire/build/include/config/CRC16 #lib/modules/KVER-ipfire/build/include/config/CRC32 @@ -9088,7 +9092,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/NFSD_V4_SECURITY_LABEL #lib/modules/KVER-ipfire/build/include/config/NFS_ACL_SUPPORT #lib/modules/KVER-ipfire/build/include/config/NFS_COMMON -#lib/modules/KVER-ipfire/build/include/config/NFS_DEBUG #lib/modules/KVER-ipfire/build/include/config/NFS_DISABLE_UDP_SUPPORT #lib/modules/KVER-ipfire/build/include/config/NFS_FS #lib/modules/KVER-ipfire/build/include/config/NFS_FSCACHE @@ -9586,6 +9589,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/RELOCATABLE #lib/modules/KVER-ipfire/build/include/config/RENESAS_PHY #lib/modules/KVER-ipfire/build/include/config/RESET_CONTROLLER +#lib/modules/KVER-ipfire/build/include/config/RETHUNK #lib/modules/KVER-ipfire/build/include/config/RETPOLINE #lib/modules/KVER-ipfire/build/include/config/RETU_WATCHDOG #lib/modules/KVER-ipfire/build/include/config/RFKILL @@ -10333,6 +10337,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/SPARSEMEM_VMEMMAP #lib/modules/KVER-ipfire/build/include/config/SPARSEMEM_VMEMMAP_ENABLE #lib/modules/KVER-ipfire/build/include/config/SPARSE_IRQ +#lib/modules/KVER-ipfire/build/include/config/SPECULATION_MITIGATIONS #lib/modules/KVER-ipfire/build/include/config/SPLIT_PTLOCK_CPUS #lib/modules/KVER-ipfire/build/include/config/SPMI #lib/modules/KVER-ipfire/build/include/config/SRCU @@ -10374,7 +10379,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/SUNGEM_PHY #lib/modules/KVER-ipfire/build/include/config/SUNRPC #lib/modules/KVER-ipfire/build/include/config/SUNRPC_BACKCHANNEL -#lib/modules/KVER-ipfire/build/include/config/SUNRPC_DEBUG #lib/modules/KVER-ipfire/build/include/config/SUNRPC_GSS #lib/modules/KVER-ipfire/build/include/config/SURFACE_HOTPLUG #lib/modules/KVER-ipfire/build/include/config/SURFACE_PLATFORMS @@ -13460,6 +13464,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/mmu_context.h #lib/modules/KVER-ipfire/build/include/linux/mmu_notifier.h #lib/modules/KVER-ipfire/build/include/linux/mmzone.h +#lib/modules/KVER-ipfire/build/include/linux/mnt_idmapping.h #lib/modules/KVER-ipfire/build/include/linux/mnt_namespace.h #lib/modules/KVER-ipfire/build/include/linux/mod_devicetable.h #lib/modules/KVER-ipfire/build/include/linux/mod_devicetable.h.orig diff --git a/lfs/linux b/lfs/linux index 384ed9d89..07e838933 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@
include Config
-VER = 5.15.49 +VER = 5.15.57 ARM_PATCHES = 5.15-ipfire5
THISAPP = linux-$(VER) @@ -78,7 +78,7 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_BLAKE2 = 0f78d980b2d6ec189865a85f3bf65e015365034f797ffda88077a77162d3bc30aec5f44a5257aa2aee0a97ee12e4c38b796bc8fddbe9f6ff6067b0c17ff0207e +$(DL_FILE)_BLAKE2 = 9adea6b8ee97ead38ecab39b1ef08b2ee1647eebbb2a8ccd2ba253eeebfd6435c83a03e83e186809473a982a373185874c0082aa0c56f5928d304c7df56dfb86 arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 58a70e757a9121a0aac83604a37aa787ec7ac0ee4970c5a3ac3bcb2dbaca32b00089cae6c0da5cf2fe0a2e156427b5165c6a86e0371a3e896f4c7cdd699c34a0
install : $(TARGET)
2.35.3