This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 7617da3bba48d40284c2fd93d0265a0bce64aed0 (commit) via d7174d7c3ae2eb21fef0e832955c6ba9024a7c0e (commit) via b1f24c43538fbe2976c96cf21890fbc8dcdeb9d9 (commit) from 8a86d257cf9e4669786dbef26ecb5071cb7511fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7617da3bba48d40284c2fd93d0265a0bce64aed0 Author: Peter Müller Date: Sun Jun 7 16:57:59 2020 +0000 kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel Fixes: #12366 Cc: Arne Fitzenreiter Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter commit d7174d7c3ae2eb21fef0e832955c6ba9024a7c0e Author: Peter Müller Date: Sun Jun 7 16:40:35 2020 +0000 kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 This is dangerous as it allows replacing the running kernel without rebooting. Kernel Self Protection Project people recommend to keep it disabled. Fixes: #12372 Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter commit b1f24c43538fbe2976c96cf21890fbc8dcdeb9d9 Author: Peter Müller Date: Sun Jun 7 16:32:26 2020 +0000 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 Fixes: #12382 Cc: Arne Fitzenreiter Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter ----------------------------------------------------------------------- Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 2 ++ config/kernel/kernel.config.armv5tel-ipfire-multi | 2 ++ config/kernel/kernel.config.i586-ipfire | 2 -- config/kernel/kernel.config.x86_64-ipfire | 2 -- 4 files changed, 4 insertions(+), 4 deletions(-) Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index dcd21e820..8e4f650a5 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -251,6 +251,7 @@ CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set @@ -524,6 +525,7 @@ CONFIG_HOLES_IN_ZONE=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_SECCOMP=y CONFIG_HZ_100=y # CONFIG_HZ_250 is not set # CONFIG_HZ_300 is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 9c7ecb524..ee63c2392 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -247,6 +247,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set @@ -781,6 +782,7 @@ CONFIG_ARCH_NR_GPIO=512 CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set +CONFIG_SECCOMP=y CONFIG_HZ_FIXED=0 CONFIG_HZ_100=y # CONFIG_HZ_200 is not set diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 0b6e0ca08..578931497 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -633,7 +633,6 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_COMPAT_VDSO is not set # CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # @@ -685,7 +684,6 @@ CONFIG_ACPI_CONTAINER=y CONFIG_ACPI_HOTPLUG_IOAPIC=y CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=y -CONFIG_ACPI_CUSTOM_METHOD=m # CONFIG_ACPI_BGRT is not set # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_HAVE_ACPI_APEI=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 27b073ec7..6a5fbbfe9 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -650,7 +650,6 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_LEGACY_VSYSCALL_EMULATE is not set CONFIG_LEGACY_VSYSCALL_NONE=y # CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH=y # CONFIG_LIVEPATCH is not set CONFIG_ARCH_HAS_ADD_PAGES=y @@ -707,7 +706,6 @@ CONFIG_ACPI_CONTAINER=y CONFIG_ACPI_HOTPLUG_IOAPIC=y CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=y -CONFIG_ACPI_CUSTOM_METHOD=m # CONFIG_ACPI_BGRT is not set # CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set CONFIG_ACPI_NFIT=m hooks/post-receive -- IPFire 2.x development tree