###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 5.15.23
-ARM_PATCHES = 5.15-ipfire5
+VER = 6.6.15
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
KERNEL_TARGET = Image
endif
-ifeq "$(BUILD_ARCH)" "armv6l"
- KERNEL_ARCH = arm
- KERNEL_TARGET = zImage
-endif
-
ifeq "$(BUILD_ARCH)" "riscv64"
KERNEL_ARCH = riscv
KERNEL_TARGET = Image.gz
###############################################################################
# Top-level Rules
###############################################################################
-objects =$(DL_FILE) \
- arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
-arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
+objects = \
+ $(DL_FILE)
+
+$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5e4405eabbf6b365fd5c9252f666ca60
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 5b588bcdf9d21cc7e8ce57c94b775195
+$(DL_FILE)_BLAKE2 = a630bc7b2463bdc312f8936210a54e92bbe4136fc78995c18d0ccafbcdb27cce5b7b0d4a6ba10c378e14e86855ee7e76e355acc0580f7441e4df64e7dbd8a4b7
install : $(TARGET)
download :$(patsubst %,$(DIR_DL)/%,$(objects))
-md5 : $(subst %,%_MD5,$(objects))
+b2 : $(subst %,%_BLAKE2,$(objects))
dist:
@$(PAK)
+
###############################################################################
-# Downloading, checking, md5sum
+# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
+$(subst %,%_BLAKE2,$(objects)) :
+ @$(B2SUM)
###############################################################################
# Installation Details
ln -svf linux-$(VER) $(DIR_SRC)/linux
# Layer7-patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-layer7.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.6-layer7.patch
# DVB Patches
cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch
# Fix igb and e1000e crash
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch
- # cs5535audio spams syslog if no ac97 was present (geos router)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8_cs5535audio_fix_logspam_on_geos.patch
-
# Fix uevent PHYSDEVDRIVER
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch
# fix Boot with enabled usercopy hardening
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch
-ifeq "$(BUILD_ARCH)" "armv6l"
- # Apply Arm-multiarch kernel patches.
- cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
-endif
+ # Patch performance monitoring restrictions to allow further hardening
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch
+
+ # https://bugzilla.ipfire.org/show_bug.cgi?id=12760
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
+
+ # Fix external module compile
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch
+
ifeq "$(BUILD_ARCH)" "aarch64"
- # Apply Arm-multiarch kernel patches.
- cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
+ # Apply Arm kernel patches.
+ cd $(DIR_APP) && cat patch $(DIR_SRC)/src/patches/linux/aarch64/* | patch -Np1
endif
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
- # Fix for CVE-2022-0847 aka Dirty Pipe
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/kernel-5.15-CVE-2022-0847.patch
-
ifeq "$(KCFG)" "-headers"
# Install the header files
cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers
cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && make $(MAKETUNING) modules_install
-ifeq "$(BUILD_PLATFORM)" "arm"
+ifneq "$(BUILD_PLATFORM)" "x86"
cd $(DIR_APP) && make $(MAKETUNING) dtbs
mkdir -p /boot/dtb-$(VER)-$(VERSUFIX)
cd $(DIR_APP)/arch/$(KERNEL_ARCH)/boot/dts && for f in $$(find -name "*.dtb"); do \