[arch-commits] Commit in linux-hardened/trunk (PKGBUILD config)

[Levente Polyak]

    Date: Friday, November 20, 2020 @ 00:28:38
  Author: anthraxx
Revision: 401504

upgpkg: linux-hardened 5.9.9.a-1: disable DCCP and SCTP for security

Those protocols were rarely used and seem to case more danger and harm
than benefit. Lets try to disable them.

Modified:
  linux-hardened/trunk/PKGBUILD
  linux-hardened/trunk/config

----------+
 PKGBUILD |    8 ++++----
 config   |   36 ++++--------------------------------
 2 files changed, 8 insertions(+), 36 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-11-20 00:26:39 UTC (rev 401503)
+++ PKGBUILD	2020-11-20 00:28:38 UTC (rev 401504)
@@ -4,7 +4,7 @@
 # Contributor: Thomas Baechler <thomas at archlinux.org>
 
 pkgbase=linux-hardened
-pkgver=5.9.8.a
+pkgver=5.9.9.a
 pkgrel=1
 pkgdesc='Security-Hardened Linux'
 url='https://github.com/anthraxx/linux-hardened'
@@ -28,11 +28,11 @@
   '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A'  # Daniel Micay
   'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
 )
-sha256sums=('7656733b316562662026ac82a7c0be41440e16bbf1bdc5447b119e34ff3b86a6'
+sha256sums=('a302d386af1278e7a8c0c2cd9a3b2119a18620eccc1f069b0f23e405bcf61fad'
             'SKIP'
-            '841ad13232835eb4aee9fea67630210c8d9eb6fa44c8f2b04a043a3f9ace64e9'
+            'c2bff7c5da94832eee7f965982574402b23492e74d8564388394b12c84cea462'
             'SKIP'
-            '3ee9d5a14e9cb46bc4606c5f40fcb968cc68c44e1a9921a858d079e22c320564'
+            '125e7f0b87ac798713eeda01219d315942f1dc88d4668011aced6a573ba470e7'
             '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c')
 
 export KBUILD_BUILD_HOST=archlinux

Modified: config
===================================================================
--- config	2020-11-20 00:26:39 UTC (rev 401503)
+++ config	2020-11-20 00:28:38 UTC (rev 401504)
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.9.8 Kernel Configuration
+# Linux/x86 5.9.9 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0"
 CONFIG_CC_IS_GCC=y
@@ -1542,32 +1542,8 @@
 CONFIG_BRIDGE_EBT_LOG=m
 CONFIG_BRIDGE_EBT_NFLOG=m
 # CONFIG_BPFILTER is not set
-CONFIG_IP_DCCP=m
-CONFIG_INET_DCCP_DIAG=m
-
-#
-# DCCP CCIDs Configuration
-#
-# CONFIG_IP_DCCP_CCID2_DEBUG is not set
-CONFIG_IP_DCCP_CCID3=y
-# CONFIG_IP_DCCP_CCID3_DEBUG is not set
-CONFIG_IP_DCCP_TFRC_LIB=y
-# end of DCCP CCIDs Configuration
-
-#
-# DCCP Kernel Hacking
-#
-# CONFIG_IP_DCCP_DEBUG is not set
-# end of DCCP Kernel Hacking
-
-CONFIG_IP_SCTP=m
-# CONFIG_SCTP_DBG_OBJCNT is not set
-# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5 is not set
-CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1=y
-# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
-CONFIG_SCTP_COOKIE_HMAC_MD5=y
-CONFIG_SCTP_COOKIE_HMAC_SHA1=y
-CONFIG_INET_SCTP_DIAG=m
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
 CONFIG_RDS=m
 CONFIG_RDS_RDMA=m
 CONFIG_RDS_TCP=m
@@ -2875,7 +2851,6 @@
 CONFIG_MD_RAID456=m
 CONFIG_MD_MULTIPATH=m
 CONFIG_MD_FAULTY=m
-CONFIG_MD_CLUSTER=m
 CONFIG_BCACHE=m
 # CONFIG_BCACHE_DEBUG is not set
 # CONFIG_BCACHE_CLOSURES_DEBUG is not set
@@ -9865,10 +9840,8 @@
 # CONFIG_XFS_WARN is not set
 # CONFIG_XFS_DEBUG is not set
 CONFIG_GFS2_FS=m
-CONFIG_GFS2_FS_LOCKING_DLM=y
 CONFIG_OCFS2_FS=m
 CONFIG_OCFS2_FS_O2CB=m
-CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m
 CONFIG_OCFS2_FS_STATS=y
 CONFIG_OCFS2_DEBUG_MASKLOG=y
 # CONFIG_OCFS2_DEBUG_FS is not set
@@ -10210,8 +10183,7 @@
 CONFIG_NLS_MAC_ROMANIAN=m
 CONFIG_NLS_MAC_TURKISH=m
 CONFIG_NLS_UTF8=m
-CONFIG_DLM=m
-# CONFIG_DLM_DEBUG is not set
+# CONFIG_DLM is not set
 CONFIG_UNICODE=y
 # CONFIG_UNICODE_NORMALIZATION_SELFTEST is not set
 CONFIG_IO_WQ=y