[arch-commits] Commit in linux-hardened/trunk (PKGBUILD config)
Levente Polyak
anthraxx at archlinux.org
Fri Nov 20 00:28:39 UTC 2020
Date: Friday, November 20, 2020 @ 00:28:38
Author: anthraxx
Revision: 401504
upgpkg: linux-hardened 5.9.9.a-1: disable DCCP and SCTP for security
Those protocols were rarely used and seem to case more danger and harm
than benefit. Lets try to disable them.
Modified:
linux-hardened/trunk/PKGBUILD
linux-hardened/trunk/config
----------+
PKGBUILD | 8 ++++----
config | 36 ++++--------------------------------
2 files changed, 8 insertions(+), 36 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-20 00:26:39 UTC (rev 401503)
+++ PKGBUILD 2020-11-20 00:28:38 UTC (rev 401504)
@@ -4,7 +4,7 @@
# Contributor: Thomas Baechler <thomas at archlinux.org>
pkgbase=linux-hardened
-pkgver=5.9.8.a
+pkgver=5.9.9.a
pkgrel=1
pkgdesc='Security-Hardened Linux'
url='https://github.com/anthraxx/linux-hardened'
@@ -28,11 +28,11 @@
'65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay
'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
)
-sha256sums=('7656733b316562662026ac82a7c0be41440e16bbf1bdc5447b119e34ff3b86a6'
+sha256sums=('a302d386af1278e7a8c0c2cd9a3b2119a18620eccc1f069b0f23e405bcf61fad'
'SKIP'
- '841ad13232835eb4aee9fea67630210c8d9eb6fa44c8f2b04a043a3f9ace64e9'
+ 'c2bff7c5da94832eee7f965982574402b23492e74d8564388394b12c84cea462'
'SKIP'
- '3ee9d5a14e9cb46bc4606c5f40fcb968cc68c44e1a9921a858d079e22c320564'
+ '125e7f0b87ac798713eeda01219d315942f1dc88d4668011aced6a573ba470e7'
'8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c')
export KBUILD_BUILD_HOST=archlinux
Modified: config
===================================================================
--- config 2020-11-20 00:26:39 UTC (rev 401503)
+++ config 2020-11-20 00:28:38 UTC (rev 401504)
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.9.8 Kernel Configuration
+# Linux/x86 5.9.9 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0"
CONFIG_CC_IS_GCC=y
@@ -1542,32 +1542,8 @@
CONFIG_BRIDGE_EBT_LOG=m
CONFIG_BRIDGE_EBT_NFLOG=m
# CONFIG_BPFILTER is not set
-CONFIG_IP_DCCP=m
-CONFIG_INET_DCCP_DIAG=m
-
-#
-# DCCP CCIDs Configuration
-#
-# CONFIG_IP_DCCP_CCID2_DEBUG is not set
-CONFIG_IP_DCCP_CCID3=y
-# CONFIG_IP_DCCP_CCID3_DEBUG is not set
-CONFIG_IP_DCCP_TFRC_LIB=y
-# end of DCCP CCIDs Configuration
-
-#
-# DCCP Kernel Hacking
-#
-# CONFIG_IP_DCCP_DEBUG is not set
-# end of DCCP Kernel Hacking
-
-CONFIG_IP_SCTP=m
-# CONFIG_SCTP_DBG_OBJCNT is not set
-# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5 is not set
-CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1=y
-# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
-CONFIG_SCTP_COOKIE_HMAC_MD5=y
-CONFIG_SCTP_COOKIE_HMAC_SHA1=y
-CONFIG_INET_SCTP_DIAG=m
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
@@ -2875,7 +2851,6 @@
CONFIG_MD_RAID456=m
CONFIG_MD_MULTIPATH=m
CONFIG_MD_FAULTY=m
-CONFIG_MD_CLUSTER=m
CONFIG_BCACHE=m
# CONFIG_BCACHE_DEBUG is not set
# CONFIG_BCACHE_CLOSURES_DEBUG is not set
@@ -9865,10 +9840,8 @@
# CONFIG_XFS_WARN is not set
# CONFIG_XFS_DEBUG is not set
CONFIG_GFS2_FS=m
-CONFIG_GFS2_FS_LOCKING_DLM=y
CONFIG_OCFS2_FS=m
CONFIG_OCFS2_FS_O2CB=m
-CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m
CONFIG_OCFS2_FS_STATS=y
CONFIG_OCFS2_DEBUG_MASKLOG=y
# CONFIG_OCFS2_DEBUG_FS is not set
@@ -10210,8 +10183,7 @@
CONFIG_NLS_MAC_ROMANIAN=m
CONFIG_NLS_MAC_TURKISH=m
CONFIG_NLS_UTF8=m
-CONFIG_DLM=m
-# CONFIG_DLM_DEBUG is not set
+# CONFIG_DLM is not set
CONFIG_UNICODE=y
# CONFIG_UNICODE_NORMALIZATION_SELFTEST is not set
CONFIG_IO_WQ=y
More information about the arch-commits
mailing list