This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 699381b6993b9428e99a0055dae03e7a222ea9f9 (commit) via 9c7adf49f341d61f4bf14b3a39c719e3630c504f (commit) via bf671bb2ae7d631f3c5c5d7402ae47c6f5b45d98 (commit) via 6fb52ca1e56bfa23e9d766160f861019dc3cdb68 (commit) via b1dc936cc60e651773095ceaadbfcbeed2666f84 (commit) via b0f2208425d62bd86729161c498c2de3215a558a (commit) from e603fd28b9485202326ec1ee2452538a4304f4a2 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 699381b6993b9428e99a0055dae03e7a222ea9f9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Nov 15 06:10:37 2019 +0000
core138: insert emergency core update for new intel vulnarabilities.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9c7adf49f341d61f4bf14b3a39c719e3630c504f Author: Peter Müller peter.mueller@ipfire.org Date: Wed Nov 13 19:18:00 2019 +0000
intel-microcode: update to 20191112
For release notes, refer to: - https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform... - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bf671bb2ae7d631f3c5c5d7402ae47c6f5b45d98 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 22:12:12 2019 +0100
kernel: update to 4.14.154
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6fb52ca1e56bfa23e9d766160f861019dc3cdb68 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 22:10:04 2019 +0100
vulnearabilities.cgi: add tsx async abort and itlb_multihit
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b1dc936cc60e651773095ceaadbfcbeed2666f84 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 17:28:38 2019 +0000
rename core138 -> core139 to insert a emergency core update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b0f2208425d62bd86729161c498c2de3215a558a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 01:55:46 2019 +0000
intel-microcode: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 4 +++- .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 3 ++- config/kernel/kernel.config.armv5tel-ipfire-multi | 3 ++- config/kernel/kernel.config.i586-ipfire | 6 +++++- config/kernel/kernel.config.i586-ipfire-pae | 6 +++++- config/kernel/kernel.config.x86_64-ipfire | 6 +++++- config/rootfiles/common/aarch64/linux | 2 ++ config/rootfiles/common/armv5tel/linux-kirkwood | 2 ++ config/rootfiles/common/armv5tel/linux-multi | 2 ++ config/rootfiles/common/i586/linux | 10 +++++----- config/rootfiles/common/x86_64/intel-microcode | 8 +++++++- config/rootfiles/common/x86_64/linux | 10 +++++----- config/rootfiles/core/137/filelists/IO-Socket-SSL | 1 - config/rootfiles/core/137/filelists/Net_SSLeay | 1 - config/rootfiles/core/137/filelists/bind | 1 - config/rootfiles/core/137/filelists/collectd | 1 - config/rootfiles/core/137/filelists/dhcpcd | 1 - config/rootfiles/core/137/filelists/files | 22 ---------------------- config/rootfiles/core/137/filelists/iproute2 | 1 - config/rootfiles/core/137/filelists/ipset | 1 - config/rootfiles/core/137/filelists/iptables | 1 - config/rootfiles/core/137/filelists/knot | 1 - config/rootfiles/core/137/filelists/libhtp | 1 - .../core/137/filelists/libnetfilter_queue | 1 - config/rootfiles/core/137/filelists/libpcap | 1 - config/rootfiles/core/137/filelists/libssh | 1 - config/rootfiles/core/137/filelists/pcre | 1 - config/rootfiles/core/137/filelists/strongswan | 1 - config/rootfiles/core/137/filelists/suricata | 1 - config/rootfiles/core/137/filelists/tzdata | 1 - config/rootfiles/core/137/filelists/unbound | 1 - config/rootfiles/core/137/filelists/wpa_supplicant | 1 - config/rootfiles/core/{137 => 138}/exclude | 0 .../core/{137 => 138}/filelists/aarch64/linux | 0 .../{137 => 138}/filelists/aarch64/linux-initrd | 0 .../filelists/armv5tel/linux-initrd-kirkwood | 0 .../filelists/armv5tel/linux-initrd-multi | 0 .../{137 => 138}/filelists/armv5tel/linux-kirkwood | 0 .../{137 => 138}/filelists/armv5tel/linux-multi | 0 config/rootfiles/core/138/filelists/files | 5 +++++ .../138}/filelists/i586/intel-microcode | 0 .../core/{137 => 138}/filelists/i586/linux | 0 .../core/{137 => 138}/filelists/i586/linux-initrd | 0 .../138}/filelists/x86_64/intel-microcode | 0 .../core/{137 => 138}/filelists/x86_64/linux | 0 .../{137 => 138}/filelists/x86_64/linux-initrd | 0 config/rootfiles/core/{137 => 138}/update.sh | 16 ++++------------ config/rootfiles/core/{137 => 139}/exclude | 0 .../{oldcore/66 => core/139}/filelists/bash | 0 .../121 => core/139}/filelists/ca-certificates | 0 .../{oldcore/104 => core/139}/filelists/ddns | 0 config/rootfiles/core/139/filelists/files | 16 ++++++++++++++++ .../139}/filelists/i586/intel-microcode | 0 .../100 => core/139}/filelists/i586/openssl-sse2 | 0 .../{oldcore/111 => core/139}/filelists/logwatch | 0 .../{oldcore/118 => core/139}/filelists/lz4 | 0 .../{oldcore/100 => core/139}/filelists/openssl | 0 .../{oldcore/100 => core/139}/filelists/openvpn | 0 .../{oldcore/66 => core/139}/filelists/readline | 0 .../66 => core/139}/filelists/readline-compat | 0 .../{oldcore/100 => core/139}/filelists/squid | 0 .../139}/filelists/x86_64/intel-microcode | 0 .../rootfiles/{oldcore/130 => core/139}/update.sh | 18 ++++++++++++++---- config/rootfiles/packages/linux-pae | 10 +++++----- html/cgi-bin/vulnerabilities.cgi | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ lfs/intel-microcode | 6 +++--- lfs/linux | 10 +++++----- make.sh | 4 ++-- 69 files changed, 103 insertions(+), 89 deletions(-) delete mode 120000 config/rootfiles/core/137/filelists/IO-Socket-SSL delete mode 120000 config/rootfiles/core/137/filelists/Net_SSLeay delete mode 120000 config/rootfiles/core/137/filelists/bind delete mode 120000 config/rootfiles/core/137/filelists/collectd delete mode 120000 config/rootfiles/core/137/filelists/dhcpcd delete mode 100644 config/rootfiles/core/137/filelists/files delete mode 120000 config/rootfiles/core/137/filelists/iproute2 delete mode 120000 config/rootfiles/core/137/filelists/ipset delete mode 120000 config/rootfiles/core/137/filelists/iptables delete mode 120000 config/rootfiles/core/137/filelists/knot delete mode 120000 config/rootfiles/core/137/filelists/libhtp delete mode 120000 config/rootfiles/core/137/filelists/libnetfilter_queue delete mode 120000 config/rootfiles/core/137/filelists/libpcap delete mode 120000 config/rootfiles/core/137/filelists/libssh delete mode 120000 config/rootfiles/core/137/filelists/pcre delete mode 120000 config/rootfiles/core/137/filelists/strongswan delete mode 120000 config/rootfiles/core/137/filelists/suricata delete mode 120000 config/rootfiles/core/137/filelists/tzdata delete mode 120000 config/rootfiles/core/137/filelists/unbound delete mode 120000 config/rootfiles/core/137/filelists/wpa_supplicant copy config/rootfiles/core/{137 => 138}/exclude (100%) rename config/rootfiles/core/{137 => 138}/filelists/aarch64/linux (100%) rename config/rootfiles/core/{137 => 138}/filelists/aarch64/linux-initrd (100%) rename config/rootfiles/core/{137 => 138}/filelists/armv5tel/linux-initrd-kirkwood (100%) rename config/rootfiles/core/{137 => 138}/filelists/armv5tel/linux-initrd-multi (100%) rename config/rootfiles/core/{137 => 138}/filelists/armv5tel/linux-kirkwood (100%) rename config/rootfiles/core/{137 => 138}/filelists/armv5tel/linux-multi (100%) create mode 100644 config/rootfiles/core/138/filelists/files copy config/rootfiles/{oldcore/121 => core/138}/filelists/i586/intel-microcode (100%) rename config/rootfiles/core/{137 => 138}/filelists/i586/linux (100%) rename config/rootfiles/core/{137 => 138}/filelists/i586/linux-initrd (100%) copy config/rootfiles/{oldcore/121 => core/138}/filelists/x86_64/intel-microcode (100%) rename config/rootfiles/core/{137 => 138}/filelists/x86_64/linux (100%) rename config/rootfiles/core/{137 => 138}/filelists/x86_64/linux-initrd (100%) rename config/rootfiles/core/{137 => 138}/update.sh (94%) rename config/rootfiles/core/{137 => 139}/exclude (100%) copy config/rootfiles/{oldcore/66 => core/139}/filelists/bash (100%) copy config/rootfiles/{oldcore/121 => core/139}/filelists/ca-certificates (100%) copy config/rootfiles/{oldcore/104 => core/139}/filelists/ddns (100%) create mode 100644 config/rootfiles/core/139/filelists/files copy config/rootfiles/{oldcore/121 => core/139}/filelists/i586/intel-microcode (100%) copy config/rootfiles/{oldcore/100 => core/139}/filelists/i586/openssl-sse2 (100%) copy config/rootfiles/{oldcore/111 => core/139}/filelists/logwatch (100%) copy config/rootfiles/{oldcore/118 => core/139}/filelists/lz4 (100%) copy config/rootfiles/{oldcore/100 => core/139}/filelists/openssl (100%) copy config/rootfiles/{oldcore/100 => core/139}/filelists/openvpn (100%) copy config/rootfiles/{oldcore/66 => core/139}/filelists/readline (100%) copy config/rootfiles/{oldcore/66 => core/139}/filelists/readline-compat (100%) copy config/rootfiles/{oldcore/100 => core/139}/filelists/squid (100%) copy config/rootfiles/{oldcore/121 => core/139}/filelists/x86_64/intel-microcode (100%) copy config/rootfiles/{oldcore/130 => core/139}/update.sh (89%)
Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 778b05a9a..e79403bc7 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.14.150-ipfire Kernel Configuration +# Linux/arm64 4.14.154-ipfire Kernel Configuration # CONFIG_ARM64=y CONFIG_64BIT=y @@ -1456,6 +1456,7 @@ CONFIG_DEV_COREDUMP=y # CONFIG_SYS_HYPERVISOR is not set # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_SOC_BUS=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y @@ -6822,6 +6823,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CPU_RMAP=y diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index fcbac3bcd..2bfb7ff36 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.150-ipfire-kirkwood Kernel Configuration +# Linux/arm 4.14.154-ipfire-kirkwood Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -6235,6 +6235,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_DQL=y diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index fc74eb142..7e9de39ea 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.150-ipfire-multi Kernel Configuration +# Linux/arm 4.14.154-ipfire-multi Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -7318,6 +7318,7 @@ CONFIG_TEXTSEARCH_FSM=m CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CPU_RMAP=y diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 4eaae6f74..2732bba42 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.150-ipfire Kernel Configuration +# Linux/x86 4.14.154-ipfire-pae Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -601,6 +601,9 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_SECCOMP=y @@ -7024,6 +7027,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CHECK_SIGNATURE=y diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index 526adbbcb..9b53ab35c 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.150-ipfire-pae Kernel Configuration +# Linux/x86 4.14.154-ipfire-pae Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -619,6 +619,9 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_SECCOMP=y @@ -7029,6 +7032,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CHECK_SIGNATURE=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index c9563234e..2fcf1e589 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.150-ipfire Kernel Configuration +# Linux/x86 4.14.154-ipfire Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -611,6 +611,9 @@ CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y # CONFIG_X86_INTEL_MPX is not set CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y @@ -6909,6 +6912,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CHECK_SIGNATURE=y diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index d8e93542d..f9dc8555b 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -9821,6 +9821,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sg/pool.h #lib/modules/KVER-ipfire/build/include/config/sgetmask #lib/modules/KVER-ipfire/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire/build/include/config/sgl +#lib/modules/KVER-ipfire/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire/build/include/config/shmem.h #lib/modules/KVER-ipfire/build/include/config/signalfd.h #lib/modules/KVER-ipfire/build/include/config/simple diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 2269896d8..9ccc006b9 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -9329,6 +9329,8 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/sg/pool.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/sgetmask #lib/modules/KVER-ipfire-kirkwood/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire-kirkwood/build/include/config/sgl +#lib/modules/KVER-ipfire-kirkwood/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/shmem.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/signalfd.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/simple diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 1e7a090d9..890e3be21 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -10752,6 +10752,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/sg/pool.h #lib/modules/KVER-ipfire-multi/build/include/config/sgetmask #lib/modules/KVER-ipfire-multi/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire-multi/build/include/config/sgl +#lib/modules/KVER-ipfire-multi/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire-multi/build/include/config/shmem.h #lib/modules/KVER-ipfire-multi/build/include/config/signalfd.h #lib/modules/KVER-ipfire-multi/build/include/config/simple diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1fe01233f..684dbe07b 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -10838,6 +10838,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sg/pool.h #lib/modules/KVER-ipfire/build/include/config/sgetmask #lib/modules/KVER-ipfire/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire/build/include/config/sgl +#lib/modules/KVER-ipfire/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire/build/include/config/shmem.h #lib/modules/KVER-ipfire/build/include/config/signalfd.h #lib/modules/KVER-ipfire/build/include/config/sis190.h @@ -12164,6 +12166,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/x86/intel/mid.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/pstate.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/quark.h +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode/off.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/usercopy.h #lib/modules/KVER-ipfire/build/include/config/x86/internode #lib/modules/KVER-ipfire/build/include/config/x86/internode/cache @@ -14027,7 +14032,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/net.h #lib/modules/KVER-ipfire/build/include/linux/netdev_features.h #lib/modules/KVER-ipfire/build/include/linux/netdevice.h -#lib/modules/KVER-ipfire/build/include/linux/netdevice.h.orig #lib/modules/KVER-ipfire/build/include/linux/netfilter #lib/modules/KVER-ipfire/build/include/linux/netfilter.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/ipset @@ -14773,7 +14777,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/sizes.h #lib/modules/KVER-ipfire/build/include/linux/skb_array.h #lib/modules/KVER-ipfire/build/include/linux/skbuff.h -#lib/modules/KVER-ipfire/build/include/linux/skbuff.h.orig #lib/modules/KVER-ipfire/build/include/linux/slab.h #lib/modules/KVER-ipfire/build/include/linux/slab_def.h #lib/modules/KVER-ipfire/build/include/linux/slub_def.h @@ -15587,7 +15590,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/net/route.h #lib/modules/KVER-ipfire/build/include/net/rtnetlink.h #lib/modules/KVER-ipfire/build/include/net/sch_generic.h -#lib/modules/KVER-ipfire/build/include/net/sch_generic.h.orig #lib/modules/KVER-ipfire/build/include/net/scm.h #lib/modules/KVER-ipfire/build/include/net/sctp #lib/modules/KVER-ipfire/build/include/net/sctp/auth.h @@ -17242,9 +17244,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/net/ncsi/Makefile #lib/modules/KVER-ipfire/build/net/netfilter #lib/modules/KVER-ipfire/build/net/netfilter/Kconfig -#lib/modules/KVER-ipfire/build/net/netfilter/Kconfig.orig #lib/modules/KVER-ipfire/build/net/netfilter/Makefile -#lib/modules/KVER-ipfire/build/net/netfilter/Makefile.orig #lib/modules/KVER-ipfire/build/net/netfilter/ipset #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Kconfig #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Makefile diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode index df05c2de5..2aa6f9301 100644 --- a/config/rootfiles/common/x86_64/intel-microcode +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -63,8 +63,11 @@ lib/firmware/intel-ucode/06-46-01 lib/firmware/intel-ucode/06-47-01 lib/firmware/intel-ucode/06-4c-03 lib/firmware/intel-ucode/06-4c-04 +lib/firmware/intel-ucode/06-4d-08 lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-55-03 lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-55-06 lib/firmware/intel-ucode/06-55-07 lib/firmware/intel-ucode/06-56-02 lib/firmware/intel-ucode/06-56-03 @@ -75,7 +78,10 @@ lib/firmware/intel-ucode/06-5c-09 lib/firmware/intel-ucode/06-5c-0a lib/firmware/intel-ucode/06-5e-03 lib/firmware/intel-ucode/06-5f-01 +lib/firmware/intel-ucode/06-66-03 lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-7a-08 +lib/firmware/intel-ucode/06-7e-05 lib/firmware/intel-ucode/06-8e-09 lib/firmware/intel-ucode/06-8e-0a lib/firmware/intel-ucode/06-8e-0b @@ -83,8 +89,8 @@ lib/firmware/intel-ucode/06-8e-0c lib/firmware/intel-ucode/06-9e-09 lib/firmware/intel-ucode/06-9e-0a lib/firmware/intel-ucode/06-9e-0b -lib/firmware/intel-ucode/06-9e-0c lib/firmware/intel-ucode/06-9e-0d +lib/firmware/intel-ucode/06-a6-00 lib/firmware/intel-ucode/0f-00-07 lib/firmware/intel-ucode/0f-00-0a lib/firmware/intel-ucode/0f-01-02 diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 68f907faa..f44266e52 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -10850,6 +10850,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sg/pool.h #lib/modules/KVER-ipfire/build/include/config/sgetmask #lib/modules/KVER-ipfire/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire/build/include/config/sgl +#lib/modules/KVER-ipfire/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire/build/include/config/shmem.h #lib/modules/KVER-ipfire/build/include/config/signalfd.h #lib/modules/KVER-ipfire/build/include/config/sis190.h @@ -12122,6 +12124,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/x86/intel/memory/protection #lib/modules/KVER-ipfire/build/include/config/x86/intel/memory/protection/keys.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/pstate.h +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode/auto.h #lib/modules/KVER-ipfire/build/include/config/x86/internode #lib/modules/KVER-ipfire/build/include/config/x86/internode/cache #lib/modules/KVER-ipfire/build/include/config/x86/internode/cache/shift.h @@ -14042,7 +14047,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/net.h #lib/modules/KVER-ipfire/build/include/linux/netdev_features.h #lib/modules/KVER-ipfire/build/include/linux/netdevice.h -#lib/modules/KVER-ipfire/build/include/linux/netdevice.h.orig #lib/modules/KVER-ipfire/build/include/linux/netfilter #lib/modules/KVER-ipfire/build/include/linux/netfilter.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/ipset @@ -14788,7 +14792,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/sizes.h #lib/modules/KVER-ipfire/build/include/linux/skb_array.h #lib/modules/KVER-ipfire/build/include/linux/skbuff.h -#lib/modules/KVER-ipfire/build/include/linux/skbuff.h.orig #lib/modules/KVER-ipfire/build/include/linux/slab.h #lib/modules/KVER-ipfire/build/include/linux/slab_def.h #lib/modules/KVER-ipfire/build/include/linux/slub_def.h @@ -15602,7 +15605,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/net/route.h #lib/modules/KVER-ipfire/build/include/net/rtnetlink.h #lib/modules/KVER-ipfire/build/include/net/sch_generic.h -#lib/modules/KVER-ipfire/build/include/net/sch_generic.h.orig #lib/modules/KVER-ipfire/build/include/net/scm.h #lib/modules/KVER-ipfire/build/include/net/sctp #lib/modules/KVER-ipfire/build/include/net/sctp/auth.h @@ -17257,9 +17259,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/net/ncsi/Makefile #lib/modules/KVER-ipfire/build/net/netfilter #lib/modules/KVER-ipfire/build/net/netfilter/Kconfig -#lib/modules/KVER-ipfire/build/net/netfilter/Kconfig.orig #lib/modules/KVER-ipfire/build/net/netfilter/Makefile -#lib/modules/KVER-ipfire/build/net/netfilter/Makefile.orig #lib/modules/KVER-ipfire/build/net/netfilter/ipset #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Kconfig #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Makefile diff --git a/config/rootfiles/core/137/filelists/IO-Socket-SSL b/config/rootfiles/core/137/filelists/IO-Socket-SSL deleted file mode 120000 index d24492371..000000000 --- a/config/rootfiles/core/137/filelists/IO-Socket-SSL +++ /dev/null @@ -1 +0,0 @@ -../../../common/IO-Socket-SSL \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/Net_SSLeay b/config/rootfiles/core/137/filelists/Net_SSLeay deleted file mode 120000 index 13fe0560c..000000000 --- a/config/rootfiles/core/137/filelists/Net_SSLeay +++ /dev/null @@ -1 +0,0 @@ -../../../common/Net_SSLeay \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/bind b/config/rootfiles/core/137/filelists/bind deleted file mode 120000 index 48a0ebaef..000000000 --- a/config/rootfiles/core/137/filelists/bind +++ /dev/null @@ -1 +0,0 @@ -../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/collectd b/config/rootfiles/core/137/filelists/collectd deleted file mode 120000 index 871b32f14..000000000 --- a/config/rootfiles/core/137/filelists/collectd +++ /dev/null @@ -1 +0,0 @@ -../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/dhcpcd b/config/rootfiles/core/137/filelists/dhcpcd deleted file mode 120000 index 1e799dabb..000000000 --- a/config/rootfiles/core/137/filelists/dhcpcd +++ /dev/null @@ -1 +0,0 @@ -../../../common/dhcpcd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/core/137/filelists/files deleted file mode 100644 index 3b7c8d23b..000000000 --- a/config/rootfiles/core/137/filelists/files +++ /dev/null @@ -1,22 +0,0 @@ -etc/system-release -etc/issue -srv/web/ipfire/cgi-bin/credits.cgi -usr/lib/firewall/rules.pl -usr/sbin/firewall-policy -var/ipfire/langs -etc/logrotate.conf -etc/rc.d/init.d/firewall -etc/rc.d/init.d/unbound -etc/rc.d/init.d/networking/red.up/99-geoip-database -etc/sysctl.conf -srv/web/ipfire/cgi-bin/dns.cgi -srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/cgi-bin/qos.cgi -srv/web/ipfire/cgi-bin/vpnmain.cgi -usr/lib/firewall/rules.pl -usr/sbin/firewall-policy -usr/local/bin/xt_geoip_update -var/ipfire/backup/bin/backup.pl -var/ipfire/qos/bin/makeqosscripts.pl -var/ipfire/suricata/ruleset-sources -srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/137/filelists/iproute2 b/config/rootfiles/core/137/filelists/iproute2 deleted file mode 120000 index 05f0f71fb..000000000 --- a/config/rootfiles/core/137/filelists/iproute2 +++ /dev/null @@ -1 +0,0 @@ -../../../common/iproute2 \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/ipset b/config/rootfiles/core/137/filelists/ipset deleted file mode 120000 index 2b43691f2..000000000 --- a/config/rootfiles/core/137/filelists/ipset +++ /dev/null @@ -1 +0,0 @@ -../../../common/ipset \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/iptables b/config/rootfiles/core/137/filelists/iptables deleted file mode 120000 index 8caf12bcc..000000000 --- a/config/rootfiles/core/137/filelists/iptables +++ /dev/null @@ -1 +0,0 @@ -../../../common/iptables \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/knot b/config/rootfiles/core/137/filelists/knot deleted file mode 120000 index 28e96f878..000000000 --- a/config/rootfiles/core/137/filelists/knot +++ /dev/null @@ -1 +0,0 @@ -../../../common/knot \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libhtp b/config/rootfiles/core/137/filelists/libhtp deleted file mode 120000 index 676e2c5e8..000000000 --- a/config/rootfiles/core/137/filelists/libhtp +++ /dev/null @@ -1 +0,0 @@ -../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libnetfilter_queue b/config/rootfiles/core/137/filelists/libnetfilter_queue deleted file mode 120000 index 9344b04bf..000000000 --- a/config/rootfiles/core/137/filelists/libnetfilter_queue +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnetfilter_queue \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libpcap b/config/rootfiles/core/137/filelists/libpcap deleted file mode 120000 index c7f9f52a8..000000000 --- a/config/rootfiles/core/137/filelists/libpcap +++ /dev/null @@ -1 +0,0 @@ -../../../common/libpcap \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libssh b/config/rootfiles/core/137/filelists/libssh deleted file mode 120000 index ecbb67053..000000000 --- a/config/rootfiles/core/137/filelists/libssh +++ /dev/null @@ -1 +0,0 @@ -../../../common/libssh \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/pcre b/config/rootfiles/core/137/filelists/pcre deleted file mode 120000 index b390d9a36..000000000 --- a/config/rootfiles/core/137/filelists/pcre +++ /dev/null @@ -1 +0,0 @@ -../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/strongswan b/config/rootfiles/core/137/filelists/strongswan deleted file mode 120000 index 90c727e26..000000000 --- a/config/rootfiles/core/137/filelists/strongswan +++ /dev/null @@ -1 +0,0 @@ -../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/suricata b/config/rootfiles/core/137/filelists/suricata deleted file mode 120000 index f671f6993..000000000 --- a/config/rootfiles/core/137/filelists/suricata +++ /dev/null @@ -1 +0,0 @@ -../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/tzdata b/config/rootfiles/core/137/filelists/tzdata deleted file mode 120000 index 5a6e3252f..000000000 --- a/config/rootfiles/core/137/filelists/tzdata +++ /dev/null @@ -1 +0,0 @@ -../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/unbound b/config/rootfiles/core/137/filelists/unbound deleted file mode 120000 index 66adf0924..000000000 --- a/config/rootfiles/core/137/filelists/unbound +++ /dev/null @@ -1 +0,0 @@ -../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/wpa_supplicant b/config/rootfiles/core/137/filelists/wpa_supplicant deleted file mode 120000 index 1d04c03c0..000000000 --- a/config/rootfiles/core/137/filelists/wpa_supplicant +++ /dev/null @@ -1 +0,0 @@ -../../../common/wpa_supplicant \ No newline at end of file diff --git a/config/rootfiles/core/137/exclude b/config/rootfiles/core/138/exclude similarity index 100% rename from config/rootfiles/core/137/exclude rename to config/rootfiles/core/138/exclude diff --git a/config/rootfiles/core/137/filelists/aarch64/linux b/config/rootfiles/core/138/filelists/aarch64/linux similarity index 100% rename from config/rootfiles/core/137/filelists/aarch64/linux rename to config/rootfiles/core/138/filelists/aarch64/linux diff --git a/config/rootfiles/core/137/filelists/aarch64/linux-initrd b/config/rootfiles/core/138/filelists/aarch64/linux-initrd similarity index 100% rename from config/rootfiles/core/137/filelists/aarch64/linux-initrd rename to config/rootfiles/core/138/filelists/aarch64/linux-initrd diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-kirkwood similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood rename to config/rootfiles/core/138/filelists/armv5tel/linux-initrd-kirkwood diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-multi similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi rename to config/rootfiles/core/138/filelists/armv5tel/linux-initrd-multi diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/138/filelists/armv5tel/linux-kirkwood similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood rename to config/rootfiles/core/138/filelists/armv5tel/linux-kirkwood diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-multi b/config/rootfiles/core/138/filelists/armv5tel/linux-multi similarity index 100% rename from config/rootfiles/core/137/filelists/armv5tel/linux-multi rename to config/rootfiles/core/138/filelists/armv5tel/linux-multi diff --git a/config/rootfiles/core/138/filelists/files b/config/rootfiles/core/138/filelists/files new file mode 100644 index 000000000..393ad7227 --- /dev/null +++ b/config/rootfiles/core/138/filelists/files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs +srv/web/ipfire/cgi-bin/vulnerabilities.cgi diff --git a/config/rootfiles/core/138/filelists/i586/intel-microcode b/config/rootfiles/core/138/filelists/i586/intel-microcode new file mode 120000 index 000000000..f03e84778 --- /dev/null +++ b/config/rootfiles/core/138/filelists/i586/intel-microcode @@ -0,0 +1 @@ +../../../../common/i586/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/i586/linux b/config/rootfiles/core/138/filelists/i586/linux similarity index 100% rename from config/rootfiles/core/137/filelists/i586/linux rename to config/rootfiles/core/138/filelists/i586/linux diff --git a/config/rootfiles/core/137/filelists/i586/linux-initrd b/config/rootfiles/core/138/filelists/i586/linux-initrd similarity index 100% rename from config/rootfiles/core/137/filelists/i586/linux-initrd rename to config/rootfiles/core/138/filelists/i586/linux-initrd diff --git a/config/rootfiles/core/138/filelists/x86_64/intel-microcode b/config/rootfiles/core/138/filelists/x86_64/intel-microcode new file mode 120000 index 000000000..d5ac074e2 --- /dev/null +++ b/config/rootfiles/core/138/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/x86_64/linux b/config/rootfiles/core/138/filelists/x86_64/linux similarity index 100% rename from config/rootfiles/core/137/filelists/x86_64/linux rename to config/rootfiles/core/138/filelists/x86_64/linux diff --git a/config/rootfiles/core/137/filelists/x86_64/linux-initrd b/config/rootfiles/core/138/filelists/x86_64/linux-initrd similarity index 100% rename from config/rootfiles/core/137/filelists/x86_64/linux-initrd rename to config/rootfiles/core/138/filelists/x86_64/linux-initrd diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/138/update.sh similarity index 94% rename from config/rootfiles/core/137/update.sh rename to config/rootfiles/core/138/update.sh index f2e83fc77..e65955501 100644 --- a/config/rootfiles/core/137/update.sh +++ b/config/rootfiles/core/138/update.sh @@ -24,7 +24,7 @@ . /opt/pakfire/lib/functions.sh /usr/local/bin/backupctrl exclude >/dev/null 2>&1
-core=137 +core=138
exit_with_error() { # Set last succesfull installed core. @@ -77,6 +77,7 @@ rm -rf /boot/zImage-*-ipfire-* rm -rf /boot/uInit-*-ipfire-* rm -rf /boot/dtb-*-ipfire-* rm -rf /lib/modules +rm -f /etc/sysconfig/lm_sensors
# Remove files
@@ -85,6 +86,8 @@ rm -rf /lib/modules # Extract files extract_files
+# update dhcpcd.conf + # update linker config ldconfig
@@ -92,17 +95,6 @@ ldconfig /usr/local/bin/update-lang-cache
# Start services -/usr/local/bin/ipsecctrl S -/etc/init.d/suricata restart -/etc/init.d/unbound restart -/etc/init.d/collectd restart - -# remove lm_sensor config after collectd was started -# to reserch sensors at next boot with updated kernel -rm -f /etc/sysconfig/lm_sensors - -# generate new qos script -/usr/local/bin/qosctrl generate
# Search sensors again after reboot into the new kernel rm -f /etc/sysconfig/lm_sensors diff --git a/config/rootfiles/core/139/exclude b/config/rootfiles/core/139/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/core/139/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/139/filelists/bash b/config/rootfiles/core/139/filelists/bash new file mode 120000 index 000000000..de970cb1d --- /dev/null +++ b/config/rootfiles/core/139/filelists/bash @@ -0,0 +1 @@ +../../../common/bash \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/ca-certificates b/config/rootfiles/core/139/filelists/ca-certificates new file mode 120000 index 000000000..320fea8f4 --- /dev/null +++ b/config/rootfiles/core/139/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/ddns b/config/rootfiles/core/139/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/139/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/files b/config/rootfiles/core/139/filelists/files new file mode 100644 index 000000000..d22fb8314 --- /dev/null +++ b/config/rootfiles/core/139/filelists/files @@ -0,0 +1,16 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs +etc/httpd/conf/vhosts.d/ipfire-interface.conf +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/rc.d/init.d/functions +etc/rc.d/init.d/networking/red.up/23-suricata +etc/rc.d/init.d/unbound +etc/suricata/suricata.yaml +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/mail.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +usr/sbin/convert-snort +usr/lib/firewall/firewall-lib.pl +var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/139/filelists/i586/intel-microcode b/config/rootfiles/core/139/filelists/i586/intel-microcode new file mode 120000 index 000000000..f03e84778 --- /dev/null +++ b/config/rootfiles/core/139/filelists/i586/intel-microcode @@ -0,0 +1 @@ +../../../../common/i586/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/i586/openssl-sse2 b/config/rootfiles/core/139/filelists/i586/openssl-sse2 new file mode 120000 index 000000000..f424713d6 --- /dev/null +++ b/config/rootfiles/core/139/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/logwatch b/config/rootfiles/core/139/filelists/logwatch new file mode 120000 index 000000000..f14eabda9 --- /dev/null +++ b/config/rootfiles/core/139/filelists/logwatch @@ -0,0 +1 @@ +../../../common/logwatch \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/lz4 b/config/rootfiles/core/139/filelists/lz4 new file mode 120000 index 000000000..65c31802e --- /dev/null +++ b/config/rootfiles/core/139/filelists/lz4 @@ -0,0 +1 @@ +../../../common/lz4 \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/openssl b/config/rootfiles/core/139/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/139/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/openvpn b/config/rootfiles/core/139/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/139/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/readline b/config/rootfiles/core/139/filelists/readline new file mode 120000 index 000000000..84209f189 --- /dev/null +++ b/config/rootfiles/core/139/filelists/readline @@ -0,0 +1 @@ +../../../common/readline \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/readline-compat b/config/rootfiles/core/139/filelists/readline-compat new file mode 120000 index 000000000..f96bc808c --- /dev/null +++ b/config/rootfiles/core/139/filelists/readline-compat @@ -0,0 +1 @@ +../../../common/readline-compat \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/squid b/config/rootfiles/core/139/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/139/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/x86_64/intel-microcode b/config/rootfiles/core/139/filelists/x86_64/intel-microcode new file mode 120000 index 000000000..d5ac074e2 --- /dev/null +++ b/config/rootfiles/core/139/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/139/update.sh b/config/rootfiles/core/139/update.sh new file mode 100644 index 000000000..fb3105aa0 --- /dev/null +++ b/config/rootfiles/core/139/update.sh @@ -0,0 +1,75 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2019 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=139 + +exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + # don't start pakfire again at error + killall -KILL pak_update + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Start services + +# This update needs a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index f3966ce75..c0894cd1f 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -10836,6 +10836,8 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/sg/pool.h #lib/modules/KVER-ipfire-pae/build/include/config/sgetmask #lib/modules/KVER-ipfire-pae/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire-pae/build/include/config/sgl +#lib/modules/KVER-ipfire-pae/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire-pae/build/include/config/shmem.h #lib/modules/KVER-ipfire-pae/build/include/config/signalfd.h #lib/modules/KVER-ipfire-pae/build/include/config/sis190.h @@ -12164,6 +12166,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/lpss.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/pstate.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/quark.h +#lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/tsx +#lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/tsx/mode +#lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/tsx/mode/off.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/usercopy.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/internode #lib/modules/KVER-ipfire-pae/build/include/config/x86/internode/cache @@ -14097,7 +14102,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/net.h #lib/modules/KVER-ipfire-pae/build/include/linux/netdev_features.h #lib/modules/KVER-ipfire-pae/build/include/linux/netdevice.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netdevice.h.orig #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/ipset @@ -14843,7 +14847,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/sizes.h #lib/modules/KVER-ipfire-pae/build/include/linux/skb_array.h #lib/modules/KVER-ipfire-pae/build/include/linux/skbuff.h -#lib/modules/KVER-ipfire-pae/build/include/linux/skbuff.h.orig #lib/modules/KVER-ipfire-pae/build/include/linux/slab.h #lib/modules/KVER-ipfire-pae/build/include/linux/slab_def.h #lib/modules/KVER-ipfire-pae/build/include/linux/slub_def.h @@ -15657,7 +15660,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/net/route.h #lib/modules/KVER-ipfire-pae/build/include/net/rtnetlink.h #lib/modules/KVER-ipfire-pae/build/include/net/sch_generic.h -#lib/modules/KVER-ipfire-pae/build/include/net/sch_generic.h.orig #lib/modules/KVER-ipfire-pae/build/include/net/scm.h #lib/modules/KVER-ipfire-pae/build/include/net/sctp #lib/modules/KVER-ipfire-pae/build/include/net/sctp/auth.h @@ -17312,9 +17314,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/net/ncsi/Makefile #lib/modules/KVER-ipfire-pae/build/net/netfilter #lib/modules/KVER-ipfire-pae/build/net/netfilter/Kconfig -#lib/modules/KVER-ipfire-pae/build/net/netfilter/Kconfig.orig #lib/modules/KVER-ipfire-pae/build/net/netfilter/Makefile -#lib/modules/KVER-ipfire-pae/build/net/netfilter/Makefile.orig #lib/modules/KVER-ipfire-pae/build/net/netfilter/ipset #lib/modules/KVER-ipfire-pae/build/net/netfilter/ipset/Kconfig #lib/modules/KVER-ipfire-pae/build/net/netfilter/ipset/Makefile diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi index a8746c30c..333b03399 100644 --- a/html/cgi-bin/vulnerabilities.cgi +++ b/html/cgi-bin/vulnerabilities.cgi @@ -30,12 +30,14 @@ require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl";
my %VULNERABILITIES = ( + "itlb_multihit" => "$Lang::tr{'itlb multihit'} (CVE-2018-12207)", "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)", "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)", "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)", "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)", "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)", "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)", + "tsx_async_abort" => "$Lang::tr{'taa zombieload2'} (CVE-2019-11135)", );
my $errormessage = ""; diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8b7e63cb8..b40ef9390 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1542,6 +1542,7 @@ 'isdn settings' => 'Additional ISDN settings:', 'isdn1' => 'Single ISDN', 'isdn2' => 'Dual ISDN', +'itlb multihit' => 'iTLB MultiHit', 'january' => 'January', 'javascript menu error1' => 'If the drop down menus aren't working, disable javascript on the', 'javascript menu error2' => 'page.', @@ -2322,6 +2323,7 @@ 'system logs' => 'System Logs', 'system status information' => 'System Status Information', 'ta key' => 'TLS-Authentification-Key', +'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (more reliable)', 'telephone not set' => 'Telephone not set.', 'template' => 'Preset', diff --git a/lfs/intel-microcode b/lfs/intel-microcode index e01ea9934..c50e73d11 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -24,10 +24,10 @@
include Config
-VER = 20190618 +VER = 20191112
THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) -DL_FILE = $(THISAPP).tar.xz +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 18af9bd8b6c7164f0cd917080a387244 +$(DL_FILE)_MD5 = b215c5a8fd438afd867d8a42d01e27f6
install : $(TARGET)
diff --git a/lfs/linux b/lfs/linux index c8bcdbb97..aac2c4868 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,8 +24,8 @@
include Config
-VER = 4.14.150 -ARM_PATCHES = 4.14.150-ipfire0 +VER = 4.14.154 +ARM_PATCHES = 4.14.154-ipfire0
THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -34,7 +34,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS =
-PAK_VER = 88 +PAK_VER = 89 DEPS = ""
HEADERS_ARCH = $(BUILD_PLATFORM) @@ -82,8 +82,8 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = 61358e7be9bfc17adb4c418355d957db -arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = e4931541ffe21dd29ca2447620de6693 +$(DL_FILE)_MD5 = d6cf4b51c1cd10bc48bac50f4557a0d9 +arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 539737e07e5634565b3f4f1b932c269b
install : $(TARGET)
diff --git a/make.sh b/make.sh index 170b16504..2377c40ce 100755 --- a/make.sh +++ b/make.sh @@ -26,8 +26,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.23" # Version number -CORE="137" # Core Level (Filename) -PAKFIRE_CORE="137" # Core Level (PAKFIRE) +CORE="138" # Core Level (Filename) +PAKFIRE_CORE="138" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir
hooks/post-receive -- IPFire 2.x development tree