This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 7617da3bba48d40284c2fd93d0265a0bce64aed0 (commit) via d7174d7c3ae2eb21fef0e832955c6ba9024a7c0e (commit) via b1f24c43538fbe2976c96cf21890fbc8dcdeb9d9 (commit) from 8a86d257cf9e4669786dbef26ecb5071cb7511fb (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7617da3bba48d40284c2fd93d0265a0bce64aed0 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jun 7 16:57:59 2020 +0000
kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel
Fixes: #12366
Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d7174d7c3ae2eb21fef0e832955c6ba9024a7c0e Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jun 7 16:40:35 2020 +0000
kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586
This is dangerous as it allows replacing the running kernel without rebooting. Kernel Self Protection Project people recommend to keep it disabled.
Fixes: #12372
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b1f24c43538fbe2976c96cf21890fbc8dcdeb9d9 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jun 7 16:32:26 2020 +0000
kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64
Fixes: #12382
Cc: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 2 ++ config/kernel/kernel.config.armv5tel-ipfire-multi | 2 ++ config/kernel/kernel.config.i586-ipfire | 2 -- config/kernel/kernel.config.x86_64-ipfire | 2 -- 4 files changed, 4 insertions(+), 4 deletions(-)
Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index dcd21e820..8e4f650a5 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -251,6 +251,7 @@ CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set @@ -524,6 +525,7 @@ CONFIG_HOLES_IN_ZONE=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_SECCOMP=y CONFIG_HZ_100=y # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 9c7ecb524..ee63c2392 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -247,6 +247,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set @@ -781,6 +782,7 @@ CONFIG_ARCH_NR_GPIO=512 CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_SECCOMP=y CONFIG_HZ_FIXED=0 CONFIG_HZ_100=y # CONFIG_HZ_200 is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 0b6e0ca08..578931497 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -633,7 +633,6 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_COMPAT_VDSO is not set # CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
# @@ -685,7 +684,6 @@ CONFIG_ACPI_CONTAINER=y CONFIG_ACPI_HOTPLUG_IOAPIC=y CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=y -CONFIG_ACPI_CUSTOM_METHOD=m # CONFIG_ACPI_BGRT is not set # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_HAVE_ACPI_APEI=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 27b073ec7..6a5fbbfe9 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -650,7 +650,6 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_LEGACY_VSYSCALL_EMULATE is not set CONFIG_LEGACY_VSYSCALL_NONE=y # CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH=y # CONFIG_LIVEPATCH is not set CONFIG_ARCH_HAS_ADD_PAGES=y @@ -707,7 +706,6 @@ CONFIG_ACPI_CONTAINER=y CONFIG_ACPI_HOTPLUG_IOAPIC=y CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=y -CONFIG_ACPI_CUSTOM_METHOD=m # CONFIG_ACPI_BGRT is not set # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_ACPI_NFIT=m
hooks/post-receive -- IPFire 2.x development tree