From mboxrd@z Thu Jan 1 00:00:00 1970
From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
7617da3bba48d40284c2fd93d0265a0bce64aed0
Date: Mon, 08 Jun 2020 21:23:04 +0000
Message-ID: <49gmSS71ytz2xWV@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8401089909348587733=="
List-Id: <ipfire-scm.lists.ipfire.org>
--===============8401089909348587733==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 7617da3bba48d40284c2fd93d0265a0bce64aed0 (commit)
via d7174d7c3ae2eb21fef0e832955c6ba9024a7c0e (commit)
via b1f24c43538fbe2976c96cf21890fbc8dcdeb9d9 (commit)
from 8a86d257cf9e4669786dbef26ecb5071cb7511fb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7617da3bba48d40284c2fd93d0265a0bce64aed0
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Sun Jun 7 16:57:59 2020 +0000
kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel
=20
Fixes: #12366
=20
Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d7174d7c3ae2eb21fef0e832955c6ba9024a7c0e
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Sun Jun 7 16:40:35 2020 +0000
kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586
=20
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.
=20
Fixes: #12372
=20
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b1f24c43538fbe2976c96cf21890fbc8dcdeb9d9
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date: Sun Jun 7 16:32:26 2020 +0000
kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64
=20
Fixes: #12382
=20
Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/kernel/kernel.config.aarch64-ipfire | 2 ++
config/kernel/kernel.config.armv5tel-ipfire-multi | 2 ++
config/kernel/kernel.config.i586-ipfire | 2 --
config/kernel/kernel.config.x86_64-ipfire | 2 --
4 files changed, 4 insertions(+), 4 deletions(-)
Difference in files:
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne=
l.config.aarch64-ipfire
index dcd21e820..8e4f650a5 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -251,6 +251,7 @@ CONFIG_HAVE_CMPXCHG_LOCAL=3Dy
CONFIG_HAVE_CMPXCHG_DOUBLE=3Dy
CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=3Dy
CONFIG_HAVE_ARCH_SECCOMP_FILTER=3Dy
+CONFIG_SECCOMP_FILTER=3Dy
CONFIG_HAVE_GCC_PLUGINS=3Dy
CONFIG_GCC_PLUGINS=3Dy
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
@@ -524,6 +525,7 @@ CONFIG_HOLES_IN_ZONE=3Dy
CONFIG_PREEMPT_NONE=3Dy
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
+CONFIG_SECCOMP=3Dy
CONFIG_HZ_100=3Dy
# CONFIG_HZ_250 is not set
# CONFIG_HZ_300 is not set
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kerne=
l/kernel.config.armv5tel-ipfire-multi
index 9c7ecb524..ee63c2392 100644
--- a/config/kernel/kernel.config.armv5tel-ipfire-multi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
@@ -247,6 +247,7 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=3Dy
CONFIG_HAVE_ARCH_JUMP_LABEL=3Dy
CONFIG_ARCH_WANT_IPC_PARSE_VERSION=3Dy
CONFIG_HAVE_ARCH_SECCOMP_FILTER=3Dy
+CONFIG_SECCOMP_FILTER=3Dy
CONFIG_HAVE_GCC_PLUGINS=3Dy
CONFIG_GCC_PLUGINS=3Dy
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
@@ -781,6 +782,7 @@ CONFIG_ARCH_NR_GPIO=3D512
CONFIG_PREEMPT_NONE=3Dy
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
+CONFIG_SECCOMP=3Dy
CONFIG_HZ_FIXED=3D0
CONFIG_HZ_100=3Dy
# CONFIG_HZ_200 is not set
diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.c=
onfig.i586-ipfire
index 0b6e0ca08..578931497 100644
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -633,7 +633,6 @@ CONFIG_HOTPLUG_CPU=3Dy
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
# CONFIG_COMPAT_VDSO is not set
# CONFIG_CMDLINE_BOOL is not set
-CONFIG_MODIFY_LDT_SYSCALL=3Dy
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=3Dy
=20
#
@@ -685,7 +684,6 @@ CONFIG_ACPI_CONTAINER=3Dy
CONFIG_ACPI_HOTPLUG_IOAPIC=3Dy
CONFIG_ACPI_SBS=3Dm
CONFIG_ACPI_HED=3Dy
-CONFIG_ACPI_CUSTOM_METHOD=3Dm
# CONFIG_ACPI_BGRT is not set
# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
CONFIG_HAVE_ACPI_APEI=3Dy
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel=
.config.x86_64-ipfire
index 27b073ec7..6a5fbbfe9 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -650,7 +650,6 @@ CONFIG_HOTPLUG_CPU=3Dy
# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
CONFIG_LEGACY_VSYSCALL_NONE=3Dy
# CONFIG_CMDLINE_BOOL is not set
-CONFIG_MODIFY_LDT_SYSCALL=3Dy
CONFIG_HAVE_LIVEPATCH=3Dy
# CONFIG_LIVEPATCH is not set
CONFIG_ARCH_HAS_ADD_PAGES=3Dy
@@ -707,7 +706,6 @@ CONFIG_ACPI_CONTAINER=3Dy
CONFIG_ACPI_HOTPLUG_IOAPIC=3Dy
CONFIG_ACPI_SBS=3Dm
CONFIG_ACPI_HED=3Dy
-CONFIG_ACPI_CUSTOM_METHOD=3Dm
# CONFIG_ACPI_BGRT is not set
# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set
CONFIG_ACPI_NFIT=3Dm
hooks/post-receive
--
IPFire 2.x development tree
--===============8401089909348587733==--