linux: Fix for CVE-2022-0847 aka Dirty Pipe

[people/pmueller/ipfire-2.x.git] / lfs / linux

diff --git a/lfs/linux b/lfs/linux
index 114936ad4715099eff88307672145f6c2b2df540..0f8f2c1842859950dff387c320ac6db98b950f79 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,8 +24,8 @@
 
 include Config
 
-VER         = 5.10.45
-ARM_PATCHES = 5.10.45-ipfire0
+VER         = 5.15.23
+ARM_PATCHES = 5.15-ipfire5
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -38,10 +38,6 @@ HEADERS_ARCH  = $(BUILD_PLATFORM)
 KERNEL_ARCH   = $(BUILD_ARCH)
 KERNEL_TARGET = bzImage
 
-ifeq "$(BUILD_ARCH)" "i586"
-       KERNEL_ARCH = i386
-endif
-
 ifeq "$(BUILD_ARCH)" "aarch64"
        HEADERS_ARCH = arm64
        KERNEL_ARCH  = arm64
@@ -77,8 +73,8 @@ objects =$(DL_FILE) \
 $(DL_FILE)                                     = $(URL_IPFIRE)/$(DL_FILE)
 arm-multi-patches-$(ARM_PATCHES).patch.xz      = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
 
-$(DL_FILE)_MD5                                 = 8a66e7447c0388028abb5899961724e6
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5  = 1b66be2d80c102c6c1963e9f601e5099
+$(DL_FILE)_MD5                                 = 5e4405eabbf6b365fd5c9252f666ca60
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5  = 5b588bcdf9d21cc7e8ce57c94b775195
 
 install : $(TARGET)
 
@@ -114,7 +110,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        ln -svf linux-$(VER) $(DIR_SRC)/linux
 
        # Layer7-patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.10-layer7.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-layer7.patch
 
        # DVB Patches
        cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch
@@ -123,9 +119,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch
 
-       # Fix apu1 led detection with newer bios versions
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.10.16-apu1-led-new-bios.patch
-
        # Fix igb and e1000e crash
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch
 
@@ -138,9 +131,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        # fix Boot with enabled usercopy hardening
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch
 
-       # fix gcc plugins with gcc11
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.10.45-fix_gcc_plugins_with_gcc11.patch
-
 ifeq "$(BUILD_ARCH)" "armv6l"
        # Apply Arm-multiarch kernel patches.
        cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
@@ -151,6 +141,9 @@ ifeq "$(BUILD_ARCH)" "aarch64"
 endif
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
 
+       # Fix for CVE-2022-0847 aka Dirty Pipe
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel-5.15-CVE-2022-0847.patch
+
 ifeq "$(KCFG)" "-headers"
        # Install the header files
        cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers