[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d

public inbox for ipfire-scm@lists.ipfire.org
 help / color / mirror / Atom feed

* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d
@ 2022-08-01 10:20 Peter Müller
  0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2022-08-01 10:20 UTC (permalink / raw)
  To: ipfire-scm

[-- Attachment #1: Type: text/plain, Size: 6579 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d (commit)
       via  67261075a370b0baa62a25d11ba2773569020785 (commit)
       via  7ee2eec3a2fe6aedbdf3b0db952d6cb0fdc3dbce (commit)
      from  1f82d37eae1d938143600b8e8b194f773a2ab8d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Mon Jul 11 15:07:22 2022 +0000

    linux: Give CONFIG_RANDOMIZE_BASE on aarch64 another try
    
    Quoted from https://capsule8.com/blog/kernel-configuration-glossary/:
    
    > Significance: Critical
    >
    > In support of Kernel Address Space Layout Randomization (KASLR) this randomizes
    > the physical address at which the kernel image is decompressed and the virtual
    > address where the kernel image is mapped as a security feature that deters
    > exploit attempts relying on knowledge of the location of kernel code internals.
    
    We tried to enable this back in 2020, and failed. Since then, things
    may have been improved, so let's give this low-hanging fruit another
    try.
    
    Fixes: #12363
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>

commit 67261075a370b0baa62a25d11ba2773569020785
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Mon Aug 1 10:19:46 2022 +0000

    Core Update 170: Ship vulnerabilities.cgi
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>

commit 7ee2eec3a2fe6aedbdf3b0db952d6cb0fdc3dbce
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date:   Mon Aug 1 09:32:51 2022 +0000

    vulnerabilities.cgi: Add Retbleed (CVE-2022-29900, CVE-2022-29901)
    
    Please refer to https://comsec.ethz.ch/research/microarch/retbleed/ for
    further details on this vulnerability.
    
    Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
    Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/kernel/kernel.config.aarch64-ipfire | 2 +-
 config/rootfiles/common/aarch64/linux      | 1 +
 config/rootfiles/core/170/filelists/files  | 1 +
 html/cgi-bin/vulnerabilities.cgi           | 1 +
 langs/de/cgi-bin/de.pl                     | 1 +
 langs/en/cgi-bin/en.pl                     | 1 +
 6 files changed, 6 insertions(+), 1 deletion(-)

Difference in files:
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index 469884b20..9232335ff 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -471,7 +471,7 @@ CONFIG_ARM64_SVE=y
 CONFIG_ARM64_MODULE_PLTS=y
 # CONFIG_ARM64_PSEUDO_NMI is not set
 CONFIG_RELOCATABLE=y
-# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_RANDOMIZE_BASE=y
 CONFIG_CC_HAVE_STACKPROTECTOR_SYSREG=y
 CONFIG_STACKPROTECTOR_PER_TASK=y
 # end of Kernel Features
diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux
index 6de30d1a0..dbd6e8f2f 100644
--- a/config/rootfiles/common/aarch64/linux
+++ b/config/rootfiles/common/aarch64/linux
@@ -9427,6 +9427,7 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/RAID6_PQ
 #lib/modules/KVER-ipfire/build/include/config/RAID6_PQ_BENCHMARK
 #lib/modules/KVER-ipfire/build/include/config/RAID_ATTRS
+#lib/modules/KVER-ipfire/build/include/config/RANDOMIZE_BASE
 #lib/modules/KVER-ipfire/build/include/config/RANDOMIZE_KSTACK_OFFSET_DEFAULT
 #lib/modules/KVER-ipfire/build/include/config/RAS
 #lib/modules/KVER-ipfire/build/include/config/RASPBERRYPI_FIRMWARE
diff --git a/config/rootfiles/core/170/filelists/files b/config/rootfiles/core/170/filelists/files
index 458aba96f..2519119bb 100644
--- a/config/rootfiles/core/170/filelists/files
+++ b/config/rootfiles/core/170/filelists/files
@@ -6,6 +6,7 @@ srv/web/ipfire/cgi-bin/index.cgi
 srv/web/ipfire/cgi-bin/ipblocklist.cgi
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/vulnerabilities.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/ids.dat
 srv/web/ipfire/cgi-bin/logs.cgi/ipblocklists.dat
 srv/web/ipfire/cgi-bin/logs.cgi/log.dat
diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi
index 61b69210e..0edd127d7 100644
--- a/html/cgi-bin/vulnerabilities.cgi
+++ b/html/cgi-bin/vulnerabilities.cgi
@@ -35,6 +35,7 @@ my %VULNERABILITIES = (
 	"mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
 	"meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
 	"mmio_stale_data" => "$Lang::tr{'mmio stale data'} (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166)",
+	"retbleed" => "$Lang::tr{'retbleed'} (CVE-2022-29900, CVE-2022-29901)",
 	"spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
 	"spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
 	"spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 6a5ce1117..d3b4c8687 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2195,6 +2195,7 @@
 'restore defaults' => 'Voreinstellungen wiederherstellen',
 'restore hardware settings' => 'Hardwareeinstellungen wiederherstellen',
 'restore settings' => 'Einstellungen wiederherstellen',
+'retbleed' => 'Retbleed',
 'reverse sort' => 'In umgekehrter chronologischer Reihenfolge sortieren',
 'root' => 'Root',
 'root certificate' => 'Root-Zertifikat',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 73aa4d04a..36f97de38 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2250,6 +2250,7 @@
 'restore defaults' => 'Restore defaults',
 'restore hardware settings' => 'Restore hardware settings',
 'restore settings' => 'Reset Settings',
+'retbleed' => 'Retbleed',
 'reverse sort' => 'Sort in reverse chronological order',
 'root' => 'Root',
 'root certificate' => 'Root Certificate',


hooks/post-receive
--
IPFire 2.x development tree

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-08-01 10:20 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-01 10:20 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7caecf45fbaab7f681d0aa3d5ea87ca660ff4f3d Peter Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox