Make Spectre, Meltdown, and L1TF mitigations explicit

- Disable old/unmaintained/insecure filesystems
author: jc_gargma <jc_gargma@iserlohn-fortress.net> 2019-02-18 10:50:45 -0800
committer: jc_gargma <jc_gargma@iserlohn-fortress.net> 2019-02-18 10:50:45 -0800
commit: 58dc215852c09a2ff7357acd0df0f095bf31fd93 (patch)
tree: 7f74e40949769a60ab8e1113e09252c1cf38bc6a
parent: Updated to 4.20.10.a (diff)
download: linux-libre-hardened-ck-58dc215852c09a2ff7357acd0df0f095bf31fd93.tar.xz
2 files changed, 17 insertions, 50 deletions
diff --git a/PKGBUILD b/PKGBUILD
index cba37e8..c5999e6 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -30,7 +30,7 @@ _jcpatchversion=1
 _gcc_more_v='20180509'
 _srcname=linux-${_majver}
 pkgver=${_pkgver}.${_hardenedver}
-pkgrel=1
+pkgrel=4
 url='https://github.com/anthraxx/linux-hardened'
 #url='http://ck.kolivas.org/patches/'
 arch=('x86_64')
@@ -62,7 +62,7 @@ sha256sums=('b80d5c0076dfa11ee8af63ad0b4795569d098b77020d2fffc797b892ba455a1f'
             '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d'
             'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503'
             '0f81d6e4158b7beeb0eb514f1b9401f7e23699cb0f7b0d513e25dae1815daaeb'
-            '602bb69819223506182319df69ca13828b9ef0a436e09903e81987c30cf19dcd'
+            'f44a49012fd648b3d2b27d6aabd995cfb65ff15cde0228fea8d24d89d7ccbfb5'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
diff --git a/config.x86_64 b/config.x86_64
index 75c5adb..3c1219b 100644
--- a/config.x86_64
+++ b/config.x86_64
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.20.10 Kernel Configuration
+# Linux/x86 4.20.10.a Kernel Configuration
 #
 
 #
@@ -474,7 +474,7 @@ CONFIG_HOTPLUG_CPU=y
 # CONFIG_LEGACY_VSYSCALL_EMULATE is not set
 CONFIG_LEGACY_VSYSCALL_NONE=y
 CONFIG_CMDLINE_BOOL=y
-CONFIG_CMDLINE="page_poison=1 slab_nomerge pti=on"
+CONFIG_CMDLINE="page_poison=1 slab_nomerge l1tf=full,force pti=on spec_store_bypass_disable=on spectre_v2=on"
 # CONFIG_CMDLINE_OVERRIDE is not set
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 CONFIG_HAVE_LIVEPATCH=y
@@ -7748,19 +7748,7 @@ CONFIG_MTK_MMC=m
 CONFIG_STAGING_GASKET_FRAMEWORK=m
 CONFIG_STAGING_APEX_DRIVER=m
 CONFIG_XIL_AXIS_FIFO=m
-CONFIG_EROFS_FS=m
-# CONFIG_EROFS_FS_DEBUG is not set
-CONFIG_EROFS_FS_XATTR=y
-CONFIG_EROFS_FS_POSIX_ACL=y
-CONFIG_EROFS_FS_SECURITY=y
-# CONFIG_EROFS_FS_USE_VM_MAP_RAM is not set
-# CONFIG_EROFS_FAULT_INJECTION is not set
-CONFIG_EROFS_FS_IO_MAX_RETRIES=5
-CONFIG_EROFS_FS_ZIP=y
-CONFIG_EROFS_FS_CLUSTER_PAGE_LIMIT=2
-# CONFIG_EROFS_FS_ZIP_NO_CACHE is not set
-# CONFIG_EROFS_FS_ZIP_CACHE_UNIPOLAR is not set
-CONFIG_EROFS_FS_ZIP_CACHE_BIPOLAR=y
+# CONFIG_EROFS_FS is not set
 CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACER_WIRELESS=m
@@ -8635,11 +8623,7 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_REISERFS_FS_XATTR=y
 CONFIG_REISERFS_FS_POSIX_ACL=y
 CONFIG_REISERFS_FS_SECURITY=y
-CONFIG_JFS_FS=m
-CONFIG_JFS_POSIX_ACL=y
-CONFIG_JFS_SECURITY=y
-# CONFIG_JFS_DEBUG is not set
-CONFIG_JFS_STATISTICS=y
+# CONFIG_JFS_FS is not set
 CONFIG_XFS_FS=m
 CONFIG_XFS_QUOTA=y
 CONFIG_XFS_POSIX_ACL=y
@@ -8663,16 +8647,8 @@ CONFIG_BTRFS_FS_POSIX_ACL=y
 # CONFIG_BTRFS_DEBUG is not set
 # CONFIG_BTRFS_ASSERT is not set
 # CONFIG_BTRFS_FS_REF_VERIFY is not set
-CONFIG_NILFS2_FS=m
-CONFIG_F2FS_FS=m
-CONFIG_F2FS_STAT_FS=y
-CONFIG_F2FS_FS_XATTR=y
-CONFIG_F2FS_FS_POSIX_ACL=y
-CONFIG_F2FS_FS_SECURITY=y
-CONFIG_F2FS_CHECK_FS=y
-CONFIG_F2FS_FS_ENCRYPTION=y
-# CONFIG_F2FS_IO_TRACE is not set
-# CONFIG_F2FS_FAULT_INJECTION is not set
+# CONFIG_NILFS2_FS is not set
+# CONFIG_F2FS_FS is not set
 CONFIG_FS_DAX=y
 CONFIG_FS_DAX_PMD=y
 CONFIG_FS_POSIX_ACL=y
@@ -8735,9 +8711,7 @@ CONFIG_VFAT_FS=m
 CONFIG_FAT_DEFAULT_CODEPAGE=437
 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
 CONFIG_FAT_DEFAULT_UTF8=y
-CONFIG_NTFS_FS=m
-# CONFIG_NTFS_DEBUG is not set
-CONFIG_NTFS_RW=y
+# CONFIG_NTFS_FS is not set
 
 #
 # Pseudo filesystems
@@ -8762,13 +8736,12 @@ CONFIG_EFIVAR_FS=y
 CONFIG_MISC_FILESYSTEMS=y
 CONFIG_ORANGEFS_FS=m
 # CONFIG_ADFS_FS is not set
-CONFIG_AFFS_FS=m
+# CONFIG_AFFS_FS is not set
 CONFIG_ECRYPT_FS=m
 # CONFIG_ECRYPT_FS_MESSAGING is not set
-CONFIG_HFS_FS=m
+# CONFIG_HFS_FS is not set
 CONFIG_HFSPLUS_FS=m
-CONFIG_BEFS_FS=m
-# CONFIG_BEFS_DEBUG is not set
+# CONFIG_BEFS_FS is not set
 # CONFIG_BFS_FS is not set
 # CONFIG_EFS_FS is not set
 CONFIG_JFFS2_FS=m
@@ -8791,9 +8764,7 @@ CONFIG_UBIFS_FS_XATTR=y
 CONFIG_UBIFS_FS_ENCRYPTION=y
 CONFIG_UBIFS_FS_SECURITY=y
 CONFIG_UBIFS_FS_AUTHENTICATION=y
-CONFIG_CRAMFS=m
-CONFIG_CRAMFS_BLOCKDEV=y
-CONFIG_CRAMFS_MTD=y
+# CONFIG_CRAMFS is not set
 CONFIG_SQUASHFS=m
 # CONFIG_SQUASHFS_FILE_CACHE is not set
 CONFIG_SQUASHFS_FILE_DIRECT=y
@@ -8810,8 +8781,8 @@ CONFIG_SQUASHFS_ZSTD=y
 # CONFIG_SQUASHFS_EMBEDDED is not set
 CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
 # CONFIG_VXFS_FS is not set
-CONFIG_MINIX_FS=m
-CONFIG_OMFS_FS=m
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
 # CONFIG_HPFS_FS is not set
 # CONFIG_QNX4FS_FS is not set
 # CONFIG_QNX6FS_FS is not set
@@ -8839,12 +8810,8 @@ CONFIG_PSTORE_COMPRESS_DEFAULT="zstd"
 # CONFIG_PSTORE_FTRACE is not set
 CONFIG_PSTORE_RAM=y
 # CONFIG_SYSV_FS is not set
-CONFIG_UFS_FS=m
-# CONFIG_UFS_FS_WRITE is not set
-# CONFIG_UFS_DEBUG is not set
-CONFIG_EXOFS_FS=m
-# CONFIG_EXOFS_DEBUG is not set
-CONFIG_ORE=m
+# CONFIG_UFS_FS is not set
+# CONFIG_EXOFS_FS is not set
 CONFIG_NETWORK_FILESYSTEMS=y
 CONFIG_NFS_FS=m
 CONFIG_NFS_V2=m
author	jc_gargma <jc_gargma@iserlohn-fortress.net>	2019-02-18 10:50:45 -0800
committer	jc_gargma <jc_gargma@iserlohn-fortress.net>	2019-02-18 10:50:45 -0800
commit	58dc215852c09a2ff7357acd0df0f095bf31fd93 (patch)
tree	7f74e40949769a60ab8e1113e09252c1cf38bc6a
parent	Updated to 4.20.10.a (diff)
download	linux-libre-hardened-ck-58dc215852c09a2ff7357acd0df0f095bf31fd93.tar.xz