Date: Friday, November 20, 2020 @ 00:28:38 Author: anthraxx Revision: 401504
upgpkg: linux-hardened 5.9.9.a-1: disable DCCP and SCTP for security Those protocols were rarely used and seem to case more danger and harm than benefit. Lets try to disable them. Modified: linux-hardened/trunk/PKGBUILD linux-hardened/trunk/config ----------+ PKGBUILD | 8 ++++---- config | 36 ++++-------------------------------- 2 files changed, 8 insertions(+), 36 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-11-20 00:26:39 UTC (rev 401503) +++ PKGBUILD 2020-11-20 00:28:38 UTC (rev 401504) @@ -4,7 +4,7 @@ # Contributor: Thomas Baechler <[email protected]> pkgbase=linux-hardened -pkgver=5.9.8.a +pkgver=5.9.9.a pkgrel=1 pkgdesc='Security-Hardened Linux' url='https://github.com/anthraxx/linux-hardened' @@ -28,11 +28,11 @@ '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay 'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak ) -sha256sums=('7656733b316562662026ac82a7c0be41440e16bbf1bdc5447b119e34ff3b86a6' +sha256sums=('a302d386af1278e7a8c0c2cd9a3b2119a18620eccc1f069b0f23e405bcf61fad' 'SKIP' - '841ad13232835eb4aee9fea67630210c8d9eb6fa44c8f2b04a043a3f9ace64e9' + 'c2bff7c5da94832eee7f965982574402b23492e74d8564388394b12c84cea462' 'SKIP' - '3ee9d5a14e9cb46bc4606c5f40fcb968cc68c44e1a9921a858d079e22c320564' + '125e7f0b87ac798713eeda01219d315942f1dc88d4668011aced6a573ba470e7' '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c') export KBUILD_BUILD_HOST=archlinux Modified: config =================================================================== --- config 2020-11-20 00:26:39 UTC (rev 401503) +++ config 2020-11-20 00:28:38 UTC (rev 401504) @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.9.8 Kernel Configuration +# Linux/x86 5.9.9 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0" CONFIG_CC_IS_GCC=y @@ -1542,32 +1542,8 @@ CONFIG_BRIDGE_EBT_LOG=m CONFIG_BRIDGE_EBT_NFLOG=m # CONFIG_BPFILTER is not set -CONFIG_IP_DCCP=m -CONFIG_INET_DCCP_DIAG=m - -# -# DCCP CCIDs Configuration -# -# CONFIG_IP_DCCP_CCID2_DEBUG is not set -CONFIG_IP_DCCP_CCID3=y -# CONFIG_IP_DCCP_CCID3_DEBUG is not set -CONFIG_IP_DCCP_TFRC_LIB=y -# end of DCCP CCIDs Configuration - -# -# DCCP Kernel Hacking -# -# CONFIG_IP_DCCP_DEBUG is not set -# end of DCCP Kernel Hacking - -CONFIG_IP_SCTP=m -# CONFIG_SCTP_DBG_OBJCNT is not set -# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5 is not set -CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1=y -# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set -CONFIG_SCTP_COOKIE_HMAC_MD5=y -CONFIG_SCTP_COOKIE_HMAC_SHA1=y -CONFIG_INET_SCTP_DIAG=m +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set CONFIG_RDS=m CONFIG_RDS_RDMA=m CONFIG_RDS_TCP=m @@ -2875,7 +2851,6 @@ CONFIG_MD_RAID456=m CONFIG_MD_MULTIPATH=m CONFIG_MD_FAULTY=m -CONFIG_MD_CLUSTER=m CONFIG_BCACHE=m # CONFIG_BCACHE_DEBUG is not set # CONFIG_BCACHE_CLOSURES_DEBUG is not set @@ -9865,10 +9840,8 @@ # CONFIG_XFS_WARN is not set # CONFIG_XFS_DEBUG is not set CONFIG_GFS2_FS=m -CONFIG_GFS2_FS_LOCKING_DLM=y CONFIG_OCFS2_FS=m CONFIG_OCFS2_FS_O2CB=m -CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m CONFIG_OCFS2_FS_STATS=y CONFIG_OCFS2_DEBUG_MASKLOG=y # CONFIG_OCFS2_DEBUG_FS is not set @@ -10210,8 +10183,7 @@ CONFIG_NLS_MAC_ROMANIAN=m CONFIG_NLS_MAC_TURKISH=m CONFIG_NLS_UTF8=m -CONFIG_DLM=m -# CONFIG_DLM_DEBUG is not set +# CONFIG_DLM is not set CONFIG_UNICODE=y # CONFIG_UNICODE_NORMALIZATION_SELFTEST is not set CONFIG_IO_WQ=y
