| Age | Commit message (Collapse) | Author |
|
|
|
Replaces 5 caller workflows now superseded by central Mergify rules.
See https://vyos.dev/T8937 for the design + spec + plan.
Advances: T8937
🤖 Generated by [robots](https://vyos.io)
|
|
(#1201)
Replace legacy per-secret caller with uniform stub that uses secrets: inherit
and vars.MIRROR_ENABLED opt-out. No functional change to trigger conditions.
Plan: ~/.claude/plans/2026-05-26-mirror-rollout-1b-revised.md Task 5
🤖 Generated by [robots](https://vyos.io)
|
|
Kernel: T8938: consolidate build time options for amd64 and arm64 WWAN
|
|
|
|
coderabbit: T8851: add .coderabbit.yaml for central-config inheritance
|
|
|
|
Kernel: T8919: Update Linux Kernel to 6.18.33
|
|
The Kernel 6.18.33 now has an upstream fix for the fragnesia vulnerability
|
|
Kernel: T8880: reduce size of Kernel source TAR
|
|
* Kernel: T8846: consolidate config for CPU/Task time and stats accounting
* Kernel: T8879: add config section for hypervisor Virtual Socket Protocol
* Kernel: T8879: add missing Hyper-V drivers after 6.18 upgrade
Add drivers for Hyper-V hypervisor which got lost in transition from 6.6 to
6.18 Kernel upgrade.
|
|
Enable "make mrproper" before packaging kernel source tarball. After enabling
PWRU support in T8496, the auto-generated kernel source tarball grew from under
1 GB to ~4 GB, largely due to intermediate build artifacts (for example,
vmlinuz.o growing from 54 MB to 618 MB with additional debug symbols).
Since the tarball is intended to contain kernel sources and custom patches and
not intermediate objects, we now clean the tree with "make mrproper" before
creating the tarball. This keeps package size down while preserving
rebuildability.
|
|
Kernel: T8871: Update Linux Kernel to 6.18.31
|
|
This fixes the LPE https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
|
|
Kernel: T8871: add a patch for the ptrace vulnerability that allows unprivileged users to read files owned by any other user
|
|
that allows unprivileged users to read files owned by any other user
|
|
T8852: migrate .github/mergify.yml to extends: mergify
|
|
|
|
|
|
Kernel: T8864: add patch for "fragnesia" local privilege escalation
|
|
Fragnesia is a universal Linux local privilege escalation exploit, discovered
with V12 by William Bowling with the V12 team. Fragnesia is a member of the
Dirty Frag vulnerability class. This is a separate bug in the ESP/XFRM from
dirtyfrag which has received its own patch. However, it is in the same surface
and the mitigation is the same as for dirtyfrag.
It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem to achieve
arbitrary byte writes into the kernel page cache of read-only files, without
requiring any race condition.
The technique extends the page-cache write bug class that includes Dirty Pipe:
when a TCP socket transitions to espintcp ULP mode after data has already been
spliced from a file into the receive queue, the kernel processes the queued
file pages as ESP ciphertext. The AES-GCM keystream byte at counter block
position 2, byte 0 is XORed directly into the cached file page. By selecting
the IV nonce to produce a desired keystream byte, any target byte in the file
can be set to any value — one byte per trigger invocation.
From: https://github.com/v12-security/pocs/blob/532994fc003a7/fragnesia/README.md
|
|
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
|
|
|
|
kernel: T8847: Enable PSI metric data
|
|
serial: T8844: fix default config injection leading to invalid boot console
|
|
With all the latest serial interface changes - and the resulting patching of
the default configuration based on the build flavor - the serial console
was always injected by a helper named write-config-file-value.py, even if the
console_type was set to tty instead of ttyS or ttyAMA.
This was a pending issue in the rolling tests for the PROXMOX flavor. It is
applicable to every other flavor using tty as default console.
|
|
T8542: Add functionality to generate SBOM file from ISO image
|
|
Kernel: T6847: update Intel Out-Of-Tree drivers for IGB, IXGBE, I40e, ICE and IAVF
|
|
Enable the kernel [Pressure Stall Information][PSI] accounting feature.
This allows users to gather data on CPU and memory starvation. It's very
useful to help find cases where the system performance is impacted by
overloaded CPUs.
[PSI]: https://docs.kernel.org/accounting/psi.html
Signed-off-by: SuperQ <superq@gmail.com>
|
|
T8612: upgrade to frr 10.6.1
|
|
Kernel: T8846: Update Linux Kernel to 6.18.29
|
|
Stable kernels with Hyunwoo Kim's patch [1] for the second vulnerability
CVE-2026-43500 reported with Dirty Frag and Copy Fail 2.
1: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=aa54b1d27fe0c2b78e664a34fd0fdf7cd1960d71
|
|
The Intel iavf driver (formerly i40evf) is the Linux virtual function driver
for modern Intel Ethernet adapters supporting SR-IOV, including the X700/E800
series.
Renamed to iavf to support future devices, it replaced i40evf entirely by 2019.
The driver facilitates high-performance networking in virtualized environments.
This commit contains custom patches to make the driver build.
|
|
Instead of one build function per driver (ixgbe, i40, ice) which will anyways
result in the same Python code path to be executed - use one common helper
name: build_intel_nic
|
|
The current version of the Intel ice driver does not compile with a recent
LTS Kernel due to missing internal Kernel API adjustments in the Intel driver.
This commit contains custom patches to make the driver build.
|
|
The current version of the Intel i40e driver does not compile with a recent
LTS Kernel due to missing internal Kernel API adjustments in the Intel driver.
This commit contains custom patches to make the driver build.
|
|
|
|
|
|
Kernel: T8828: Update Linux Kernel to 6.18.28
|
|
These kernels contain a partial fix for the Dirty Frag [1] and
Copy Fail 2 [2] security flaws.
1: https://github.com/V4bel/dirtyfrag#dirty-frag-universal-linux-lpe
2: https://www.openwall.com/lists/oss-security/2026/05/07/12
|
|
general: T8595: add AGENTS.md
|
|
|
|
the CDN to prevent a possible supply chain attack
|
|
|
|
Rework BGP-LS megapatch to include all latest work on BGP-LS
Rebase patches:
* 0021-pathd-add-optional-protocol-to-no-mpls-te-import.patch
* 0022-pathd-add-optional-parameters-to-no-index-cmd.patch
Delete patches already merged into 10.6.1:
* 0008-isis-fix-advertise-passive-only-routes-install.patch
* 0009-T7909-eigrp-malformed-update-fix.patch
* 0010-bgp-Support-multiple-labels-in-BGP-LU.patch
* 0011-zebra-add-CLI-no-versions-for-max-bw-and-others.patch
* 0014-Simplify-and-cleanup-mgmtd.patch
|
|
|
|
|
|
T8463: Update GitHub actions to latest versions
|
|
|
|
T8218: removed unqueue from mergify yaml as it is not supported
|