This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 6a005bd9aa17c2f919ef8b2fe94ca00c43b2bedc (commit)
via 7939a65ff83e33a2806b2610c17776670f6aabc7 (commit)
via a211d4523820b48467dddc9af7c6586c2b4cd807 (commit)
from ccd793b3605f7e1693255d537e661db257bad6f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6a005bd9aa17c2f919ef8b2fe94ca00c43b2bedc
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue May 16 16:20:35 2023 +0000
kernel: update to 6.1.28
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7939a65ff83e33a2806b2610c17776670f6aabc7
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue May 16 14:20:20 2023 +0200
checkrootfiles: fix checks on hosts with newer grep
newer grep versions ignore * in --exclude
work around this by excluding all arch specific directories with
--exclude-dir
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a211d4523820b48467dddc9af7c6586c2b4cd807
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue May 16 09:06:06 2023 +0000
dracut: lower ram usage at compression
this lower the compression ratio sligtly (the ramdlisk is 100kb
larger) and use only a single thread now. (it's still faster than
before on a dual core.)
fixes: #13091
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/dracut/ipfire.conf | 2 +-
config/kernel/kernel.config.aarch64-ipfire | 2 +-
config/kernel/kernel.config.x86_64-ipfire | 2 +-
config/rootfiles/common/aarch64/linux | 2 +-
config/rootfiles/common/x86_64/linux | 2 +-
config/rootfiles/core/175/filelists/files | 1 +
lfs/linux | 10 +-
...x86-amd-Fix-pmc-compile-dependency-errors.patch | 63 -----------
...etfilter_nftables_deactivate_anonymus_set.patch | 121 ---------------------
tools/checkrootfiles | 12 +-
10 files changed, 14 insertions(+), 203 deletions(-)
delete mode 100644 src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch
delete mode 100644 src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch
Difference in files:
diff --git a/config/dracut/ipfire.conf b/config/dracut/ipfire.conf
index bab5c8a2e..5a4f0aa7c 100644
--- a/config/dracut/ipfire.conf
+++ b/config/dracut/ipfire.conf
@@ -2,4 +2,4 @@
early_microcode="yes"
# Compress using Zstandard
-compress="zstd"
+compress="zstd -10 -q -T1"
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index 74ff773df..87167cd65 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 6.1.27-ipfire Kernel Configuration
+# Linux/arm64 6.1.28-ipfire Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
CONFIG_CC_IS_GCC=y
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index c8985b482..b30bbd1ec 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 6.1.27-ipfire Kernel Configuration
+# Linux/x86 6.1.28-ipfire Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0"
CONFIG_CC_IS_GCC=y
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux
index 5809aa02b..cfadb4427 100644
--- a/config/rootfiles/common/aarch64/linux
+++ b/config/rootfiles/common/aarch64/linux
@@ -15914,7 +15914,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/sound/ac97/regs.h
#lib/modules/KVER-ipfire/build/include/sound/ac97_codec.h
#lib/modules/KVER-ipfire/build/include/sound/aci.h
-#lib/modules/KVER-ipfire/build/include/sound/acp62_chip_offset_byte.h
+#lib/modules/KVER-ipfire/build/include/sound/acp63_chip_offset_byte.h
#lib/modules/KVER-ipfire/build/include/sound/ad1816a.h
#lib/modules/KVER-ipfire/build/include/sound/ad1843.h
#lib/modules/KVER-ipfire/build/include/sound/adau1373.h
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index 6262f5e57..0300e7779 100644
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -16002,7 +16002,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/sound/ac97/regs.h
#lib/modules/KVER-ipfire/build/include/sound/ac97_codec.h
#lib/modules/KVER-ipfire/build/include/sound/aci.h
-#lib/modules/KVER-ipfire/build/include/sound/acp62_chip_offset_byte.h
+#lib/modules/KVER-ipfire/build/include/sound/acp63_chip_offset_byte.h
#lib/modules/KVER-ipfire/build/include/sound/ad1816a.h
#lib/modules/KVER-ipfire/build/include/sound/ad1843.h
#lib/modules/KVER-ipfire/build/include/sound/adau1373.h
diff --git a/config/rootfiles/core/175/filelists/files b/config/rootfiles/core/175/filelists/files
index d2b3c79f8..13f5605d9 100644
--- a/config/rootfiles/core/175/filelists/files
+++ b/config/rootfiles/core/175/filelists/files
@@ -84,4 +84,5 @@ lib/firmware/rtw88/rtw8822c_fw.bin
lib/firmware/rtw89/rtw8852b_fw-1.bin
srv/web/ipfire/cgi-bin/backup.cgi
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
+usr/lib/dracut/dracut.conf.d/ipfire.conf
usr/lib/firewall/rules.pl
diff --git a/lfs/linux b/lfs/linux
index a95c6aea4..989c51189 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,7 +24,7 @@
include Config
-VER = 6.1.27
+VER = 6.1.28
ARM_PATCHES = 6.1.y-ipfire2
@@ -76,7 +76,7 @@ objects = \
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_BLAKE2 = 5d7ec9a6a2652abbe4afb70174a63f58d495291d522087f9adb33864063ce54e219fd6e426793077a346338ccb4d9d753a60cb76b448146fb592ff17c2618792
+$(DL_FILE)_BLAKE2 = f840274d9e1c5af90292bce6afb8b8b1a81b4f8ef82691a1cf28ca2d6cf680913c2668ddb086e1fa4ba4112e9d8118a674231374c14a06a911ddb3d2cf8ac3fb
arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 = 7afc460562fb24bcd75784fc79de768f9b60780aedd88d1a847927169e31920bbb475b1ac1466c4a224a7876d16bd8d465b96202de12b74f6e2ccbfcec731ad3
install : $(TARGET)
@@ -144,12 +144,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Fix external module compile
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch
- # Fix pmc compile dependency errors
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch
-
- # Patch netfilter CVE-2023-32233
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch
-
ifeq "$(BUILD_ARCH)" "aarch64"
# Apply Arm-multiarch kernel patches.
cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
diff --git a/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch b/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch
deleted file mode 100644
index d890c24c0..000000000
--- a/src/patches/linux/linux-6.0.7-platform-x86-amd-Fix-pmc-compile-dependency-errors.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From: Yupeng Li <liyupeng(a)zbhlos.com>
-To: Shyam-sundar.S-k(a)amd.com, hdegoede(a)redhat.com, markgross(a)kernel.org
-Cc: platform-driver-x86(a)vger.kernel.org, linux-kernel(a)vger.kernel.org,
- caizp2008(a)163.com, Yupeng Li <liyupeng(a)zbhlos.com>
-Subject: [PATCH 1/1] platform/x86/amd: Fix pmc compile dependency errors.
-Date: Wed, 26 Oct 2022 15:25:31 +0800
-
-When disabled CONFIG_SUSPEND and CONFIG_DEBUG_FS, get_metrics_table
-and amd_pmc_idlemask_read is defined under two conditions of this,
-pmc build with implicit declaration of function error.Some build error
-messages are as follows:
-
- CC [M] drivers/platform/x86/amd/pmc.o
-drivers/platform/x86/amd/pmc.c: In function ‘smu_fw_info_show’:
-drivers/platform/x86/amd/pmc.c:436:6: error: implicit declaration of function ‘get_metrics_table’ [-Werror=implicit-function-declaration]
- 436 | if (get_metrics_table(dev, &table))
- | ^~~~~~~~~~~~~~~~~
-drivers/platform/x86/amd/pmc.c: In function ‘amd_pmc_idlemask_show’:
-drivers/platform/x86/amd/pmc.c:508:8: error: implicit declaration of function ‘amd_pmc_idlemask_read’; did you mean ‘amd_pmc_idlemask_show’? [-Werror=implicit-function-declaration]
- 508 | rc = amd_pmc_idlemask_read(dev, NULL, s);
- | ^~~~~~~~~~~~~~~~~~~~~
- | amd_pmc_idlemask_show
-cc1: some warnings being treated as errors
-
-Signed-off-by: Yupeng Li <liyupeng(a)zbhlos.com>
-Reviewed-by: Caicai <caizp2008(a)163.com>
----
- drivers/platform/x86/amd/pmc.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/platform/x86/amd/pmc.c b/drivers/platform/x86/amd/pmc.c
-index ce859b300712..2b08039921b8 100644
---- a/drivers/platform/x86/amd/pmc.c
-+++ b/drivers/platform/x86/amd/pmc.c
-@@ -433,8 +433,10 @@ static int smu_fw_info_show(struct seq_file *s, void *unused)
- struct smu_metrics table;
- int idx;
-
-+#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS)
- if (get_metrics_table(dev, &table))
- return -EINVAL;
-+#endif
-
- seq_puts(s, "\n=== SMU Statistics ===\n");
- seq_printf(s, "Table Version: %d\n", table.table_version);
-@@ -503,11 +505,12 @@ static int amd_pmc_idlemask_show(struct seq_file *s, void *unused)
- if (rc)
- return rc;
- }
--
- if (dev->major > 56 || (dev->major >= 55 && dev->minor >= 37)) {
-+#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS)
- rc = amd_pmc_idlemask_read(dev, NULL, s);
- if (rc)
- return rc;
-+#endif
- } else {
- seq_puts(s, "Unsupported SMU version for Idlemask\n");
- }
---
-2.34.1
-
-
diff --git a/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch b/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch
deleted file mode 100644
index cd75de5c2..000000000
--- a/src/patches/linux/linux-6.3-netfilter_nftables_deactivate_anonymus_set.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From c1592a89942e9678f7d9c8030efa777c0d57edab Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo(a)netfilter.org>
-Date: Tue, 2 May 2023 10:25:24 +0200
-Subject: netfilter: nf_tables: deactivate anonymous set from preparation phase
-
-Toggle deleted anonymous sets as inactive in the next generation, so
-users cannot perform any update on it. Clear the generation bitmask
-in case the transaction is aborted.
-
-The following KASAN splat shows a set element deletion for a bound
-anonymous set that has been already removed in the same transaction.
-
-[ 64.921510] ==================================================================
-[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
-[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
-[ 64.931120] Call Trace:
-[ 64.932699] <TASK>
-[ 64.934292] dump_stack_lvl+0x33/0x50
-[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.937551] kasan_report+0xda/0x120
-[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
-[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
-[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
-[ 64.945710] ? kasan_set_track+0x21/0x30
-[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
-[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
-
-Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
----
- include/net/netfilter/nf_tables.h | 1 +
- net/netfilter/nf_tables_api.c | 12 ++++++++++++
- net/netfilter/nft_dynset.c | 2 +-
- net/netfilter/nft_lookup.c | 2 +-
- net/netfilter/nft_objref.c | 2 +-
- 5 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
-index 3ed21d2d56590..2e24ea1d744c2 100644
---- a/include/net/netfilter/nf_tables.h
-+++ b/include/net/netfilter/nf_tables.h
-@@ -619,6 +619,7 @@ struct nft_set_binding {
- };
-
- enum nft_trans_phase;
-+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);
- void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
- struct nft_set_binding *binding,
- enum nft_trans_phase phase);
-diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index 8b6c61a2196cb..59fb8320ab4d7 100644
---- a/net/netfilter/nf_tables_api.c
-+++ b/net/netfilter/nf_tables_api.c
-@@ -5127,12 +5127,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
- }
- }
-
-+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
-+{
-+ if (nft_set_is_anonymous(set))
-+ nft_clear(ctx->net, set);
-+
-+ set->use++;
-+}
-+EXPORT_SYMBOL_GPL(nf_tables_activate_set);
-+
- void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
- struct nft_set_binding *binding,
- enum nft_trans_phase phase)
- {
- switch (phase) {
- case NFT_TRANS_PREPARE:
-+ if (nft_set_is_anonymous(set))
-+ nft_deactivate_next(ctx->net, set);
-+
- set->use--;
- return;
- case NFT_TRANS_ABORT:
-diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
-index 274579b1696e0..bd19c7aec92ee 100644
---- a/net/netfilter/nft_dynset.c
-+++ b/net/netfilter/nft_dynset.c
-@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx,
- {
- struct nft_dynset *priv = nft_expr_priv(expr);
-
-- priv->set->use++;
-+ nf_tables_activate_set(ctx, priv->set);
- }
-
- static void nft_dynset_destroy(const struct nft_ctx *ctx,
-diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
-index cecf8ab90e58f..03ef4fdaa460b 100644
---- a/net/netfilter/nft_lookup.c
-+++ b/net/netfilter/nft_lookup.c
-@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx,
- {
- struct nft_lookup *priv = nft_expr_priv(expr);
-
-- priv->set->use++;
-+ nf_tables_activate_set(ctx, priv->set);
- }
-
- static void nft_lookup_destroy(const struct nft_ctx *ctx,
-diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
-index cb37169608bab..a48dd5b5d45b1 100644
---- a/net/netfilter/nft_objref.c
-+++ b/net/netfilter/nft_objref.c
-@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx,
- {
- struct nft_objref_map *priv = nft_expr_priv(expr);
-
-- priv->set->use++;
-+ nf_tables_activate_set(ctx, priv->set);
- }
-
- static void nft_objref_map_destroy(const struct nft_ctx *ctx,
---
-cgit
-
diff --git a/tools/checkrootfiles b/tools/checkrootfiles
index a2712808b..05b16f368 100755
--- a/tools/checkrootfiles
+++ b/tools/checkrootfiles
@@ -34,30 +34,30 @@ if [ "${?}" == "0" ]; then
fi
grep -r '/x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \
- --exclude rust-ppv-lite86 --exclude rust-memchr --exclude *linux* \
+ --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \
--exclude update.sh \
--exclude-dir oldcore --exclude-dir x86_64 >/dev/null 2>&1
if [ "${?}" == "0" ]; then
echo "Error! '/x86_64' in rootfiles files found!"
grep -r '/x86_64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \
- --exclude rust-ppv-lite86 --exclude rust-memchr --exclude *linux* \
+ --exclude rust-ppv-lite86 --exclude rust-memchr --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 \
--exclude update.sh \
--exclude-dir oldcore --exclude-dir x86_64
echo "Replace by xxxMACHINExxx !"
fi
-grep -r '/aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude gdb --exclude-dir oldcore --exclude-dir aarch64 >/dev/null 2>&1
+grep -r '/aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude gdb --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1
if [ "${?}" == "0" ]; then
echo "Error! '/aarch64' in rootfiles files found!"
grep -r '/aarch64' ./config/rootfiles/ --exclude gcc --exclude rust-libc \
- --exclude-dir oldcore --exclude-dir aarch64
+ --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64
echo "Replace by xxxMACHINExxx !"
fi
-grep -r '/riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude go --exclude-dir oldcore --exclude-dir riscv64 >/dev/null 2>&1
+grep -r '/riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude gdb --exclude liburcu --exclude go --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64 >/dev/null 2>&1
if [ "${?}" == "0" ]; then
echo "Error! '/riscv64' in rootfiles files found!"
grep -r '/riscv64' ./config/rootfiles/ --exclude gcc --exclude rust-libc --exclude go \
- --exclude-dir oldcore --exclude-dir riscv64
+ --exclude-dir oldcore --exclude-dir aarch64 --exclude-dir riscv64 --exclude-dir x86_64
echo "Replace by xxxMACHINExxx !"
fi
hooks/post-receive
--
IPFire 2.x development tree