Date: Tuesday, May 8, 2018 @ 00:25:31 Author: anthraxx Revision: 323465
upgpkg: linux-hardened 4.16.7.b-1 - bpf hardening - always enable kpti, if one trusts the vendor statement, disable it - page poisoning - no kexec file Modified: linux-hardened/trunk/PKGBUILD linux-hardened/trunk/config.x86_64 ---------------+ PKGBUILD | 6 +++--- config.x86_64 | 14 ++++++-------- 2 files changed, 9 insertions(+), 11 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-05-07 22:31:53 UTC (rev 323464) +++ PKGBUILD 2018-05-08 00:25:31 UTC (rev 323465) @@ -6,7 +6,7 @@ pkgbase=linux-hardened _srcname=linux-4.16 _pkgver=4.16.7 -pkgver=${_pkgver}.a +pkgver=${_pkgver}.b pkgrel=1 url='https://github.com/anthraxx/linux-hardened' arch=('x86_64') @@ -32,9 +32,9 @@ 'SKIP' 'f5ef83461054024814846eb816c76eba1b903f7e3e38c3417027b33070b60d91' 'SKIP' - '263b331ee4f18ae9500541265ca2d37764d4b25a2541aa9824e92909456e2285' + '3dc7b94bd1907a4e9381da29b23442c8c418e682b1ed17642258f88b1010a8c5' 'SKIP' - '8e1484d775b378be0cb424674ac66e5e96a0ab1adbde3bb5b4f9ad0be75d5993' + 'fe48716a74a7934d0519194c222fe2d21eaf199fe74fcbc55b1f0b41a514a299' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' Modified: config.x86_64 =================================================================== --- config.x86_64 2018-05-07 22:31:53 UTC (rev 323464) +++ config.x86_64 2018-05-08 00:25:31 UTC (rev 323465) @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.16.6 Kernel Configuration +# Linux/x86 4.16.7 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -274,8 +274,6 @@ CONFIG_SYSTEM_DATA_VERIFICATION=y CONFIG_PROFILING=y CONFIG_TRACEPOINTS=y -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y CONFIG_OPROFILE=m # CONFIG_OPROFILE_EVENT_MULTIPLEX is not set CONFIG_HAVE_OPROFILE=y @@ -680,8 +678,7 @@ CONFIG_HZ=300 CONFIG_SCHED_HRTICK=y # CONFIG_KEXEC is not set -CONFIG_KEXEC_FILE=y -# CONFIG_KEXEC_VERIFY_SIG is not set +# CONFIG_KEXEC_FILE is not set CONFIG_CRASH_DUMP=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y @@ -697,7 +694,7 @@ # CONFIG_LEGACY_VSYSCALL_EMULATE is not set CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_CMDLINE_BOOL=y -CONFIG_CMDLINE="audit=0" +CONFIG_CMDLINE="audit=0 slub_debug=P page_poison=1 slab_nomerge pti=on" # CONFIG_CMDLINE_OVERRIDE is not set # CONFIG_MODIFY_LDT_SYSCALL is not set CONFIG_HAVE_LIVEPATCH=y @@ -8590,7 +8587,6 @@ # # CONFIG_EFI_VARS is not set CONFIG_EFI_ESRT=y -CONFIG_EFI_RUNTIME_MAP=y # CONFIG_EFI_FAKE_MEMMAP is not set CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_EFI_CAPSULE_LOADER=m @@ -8985,7 +8981,9 @@ # # CONFIG_PAGE_EXTENSION is not set # CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_PAGE_POISONING is not set +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POISONING_NO_SANITY=y +CONFIG_PAGE_POISONING_ZERO=y # CONFIG_DEBUG_PAGE_REF is not set # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set