summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kernels/linux-libre-lts-grsec/PKGBUILD6
-rw-r--r--kernels/linux-libre-lts-grsec/config.i68625
-rw-r--r--kernels/linux-libre-lts-grsec/config.x86_6482
-rw-r--r--kernels/linux-libre-lts-grsec/linux.install2
4 files changed, 39 insertions, 76 deletions
diff --git a/kernels/linux-libre-lts-grsec/PKGBUILD b/kernels/linux-libre-lts-grsec/PKGBUILD
index 83896e814..093cc1744 100644
--- a/kernels/linux-libre-lts-grsec/PKGBUILD
+++ b/kernels/linux-libre-lts-grsec/PKGBUILD
@@ -23,7 +23,7 @@ _replacesoldmodules=() # '%' gets replaced with _kernelname
_srcname=linux-${_pkgbasever%-*}
_archpkgver=${_pkgver%-*}.${_timestamp}
pkgver=${_pkgver//-/_}.${_timestamp}
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64' 'mips64el')
url="https://grsecurity.net/"
license=('GPL2')
@@ -49,8 +49,8 @@ sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b'
'e7344442b842212a93737f8ca274f224abb52e8aa138568f2330143f7fba22a6'
'ac5c311624480651775d6c482a3314edd8f1e1e5730e98f2aa6f648e47e20422'
'SKIP'
- 'f5cbe8ae009a275c4b5b862a2444e989a9e0fd3fc4906fd52bcbc8e9241b04b4'
- 'd23d686686fdeae7dccac7b1499a961b3f30b226ff1e5cef8f35b3899471e60b'
+ '368b79ae205d3d38a03f7c729d28f973c6861e8100a5310f1a95be67ab25b532'
+ '9741a824b5a59a4fe4a096d3ea89e988a2c479540ec1601f7b884f04e8c35329'
'1f4220a5b0e0cf22038a8b53bc6ae5c3dd11f9e19cfae880a7a859d377cd9aa0'
'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c'
'074b67818582874146c389c029bc43648d145891a27e47aa2c5c42d3571f0264'
diff --git a/kernels/linux-libre-lts-grsec/config.i686 b/kernels/linux-libre-lts-grsec/config.i686
index c5629d188..5587cda1b 100644
--- a/kernels/linux-libre-lts-grsec/config.i686
+++ b/kernels/linux-libre-lts-grsec/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.18-gnu-201409082127-1-lts-grsec Kernel Configuration
+# Linux/x86 3.14.18-gnu-201409082127-2-lts-grsec Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -154,7 +154,7 @@ CONFIG_BLK_CGROUP=y
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
-# CONFIG_USER_NS is not set
+CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_SCHED_AUTOGROUP=y
@@ -322,6 +322,7 @@ CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
CONFIG_ASN1=m
CONFIG_UNINLINE_SPIN_UNLOCK=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
CONFIG_MUTEX_SPIN_ON_OWNER=y
CONFIG_FREEZER=y
@@ -410,6 +411,8 @@ CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
CONFIG_VM86=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX32=y
CONFIG_TOSHIBA=m
CONFIG_I8K=m
CONFIG_X86_REBOOTFIXUPS=y
@@ -450,7 +453,7 @@ CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
CONFIG_MMU_NOTIFIER=y
CONFIG_KSM=y
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
CONFIG_MEMORY_FAILURE=y
CONFIG_TRANSPARENT_HUGEPAGE=y
@@ -489,7 +492,8 @@ CONFIG_SCHED_HRTICK=y
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
-# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_RANDOMIZE_BASE=y
+CONFIG_RANDOMIZE_BASE_MAX_OFFSET=0x20000000
CONFIG_X86_NEED_RELOCS=y
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_HOTPLUG_CPU=y
@@ -1632,8 +1636,8 @@ CONFIG_OF_MDIO=m
CONFIG_OF_PCI=y
CONFIG_OF_PCI_IRQ=y
CONFIG_OF_MTD=y
-CONFIG_PARPORT=m
CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+CONFIG_PARPORT=m
CONFIG_PARPORT_PC=m
CONFIG_PARPORT_SERIAL=m
# CONFIG_PARPORT_PC_FIFO is not set
@@ -6260,10 +6264,6 @@ CONFIG_TIMER_STATS=y
# CONFIG_RT_MUTEX_TESTER is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_DEBUG_MUTEXES is not set
-# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
-# CONFIG_DEBUG_LOCK_ALLOC is not set
-# CONFIG_PROVE_LOCKING is not set
-# CONFIG_LOCK_STAT is not set
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_STACKTRACE=y
@@ -6430,7 +6430,7 @@ CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_ELFRELOCS is not set
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_KERNEXEC_PLUGIN_METHOD=""
-CONFIG_PAX_KERNEXEC_MODULE_TEXT=4
+CONFIG_PAX_KERNEXEC_MODULE_TEXT=12
#
# Address Space Layout Randomization
@@ -6443,12 +6443,12 @@ CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
-# CONFIG_PAX_MEMORY_SANITIZE is not set
+CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_STACKLEAK=y
CONFIG_PAX_MEMORY_STRUCTLEAK=y
CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
-# CONFIG_PAX_CONSTIFY_PLUGIN is not set
+CONFIG_PAX_CONSTIFY_PLUGIN=y
CONFIG_PAX_USERCOPY=y
# CONFIG_PAX_USERCOPY_DEBUG is not set
CONFIG_PAX_SIZE_OVERFLOW=y
@@ -6536,7 +6536,6 @@ CONFIG_GRKERNSEC_TPE_GID=200
#
# Network Protections
#
-CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
CONFIG_GRKERNSEC_SOCKET=y
diff --git a/kernels/linux-libre-lts-grsec/config.x86_64 b/kernels/linux-libre-lts-grsec/config.x86_64
index df9686d9e..64a078a52 100644
--- a/kernels/linux-libre-lts-grsec/config.x86_64
+++ b/kernels/linux-libre-lts-grsec/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.14.18-gnu-201409082127-1-lts-grsec Kernel Configuration
+# Linux/x86 3.14.18-gnu-201409082127-2-lts-grsec Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -163,7 +163,7 @@ CONFIG_BLK_CGROUP=y
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
-# CONFIG_USER_NS is not set
+CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_SCHED_AUTOGROUP=y
@@ -337,6 +337,7 @@ CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
CONFIG_ASN1=m
CONFIG_UNINLINE_SPIN_UNLOCK=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
CONFIG_MUTEX_SPIN_ON_OWNER=y
CONFIG_FREEZER=y
@@ -355,14 +356,7 @@ CONFIG_HYPERVISOR_GUEST=y
CONFIG_PARAVIRT=y
# CONFIG_PARAVIRT_DEBUG is not set
# CONFIG_PARAVIRT_SPINLOCKS is not set
-CONFIG_XEN=y
-CONFIG_XEN_DOM0=y
-CONFIG_XEN_PRIVILEGED_GUEST=y
-CONFIG_XEN_PVHVM=y
-CONFIG_XEN_MAX_DOMAIN_MEMORY=500
-CONFIG_XEN_SAVE_RESTORE=y
-# CONFIG_XEN_DEBUG_FS is not set
-CONFIG_XEN_PVH=y
+# CONFIG_XEN is not set
CONFIG_KVM_GUEST=y
# CONFIG_KVM_DEBUG_FS is not set
CONFIG_PARAVIRT_TIME_ACCOUNTING=y
@@ -409,6 +403,8 @@ CONFIG_X86_MCE_AMD=y
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
CONFIG_I8K=m
CONFIG_MICROCODE=m
# CONFIG_MICROCODE_INTEL is not set
@@ -455,13 +451,14 @@ CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
CONFIG_BALLOON_COMPACTION=y
CONFIG_COMPACTION=y
CONFIG_MIGRATION=y
+CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
CONFIG_MMU_NOTIFIER=y
CONFIG_KSM=y
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
CONFIG_MEMORY_FAILURE=y
CONFIG_TRANSPARENT_HUGEPAGE=y
@@ -498,7 +495,9 @@ CONFIG_SCHED_HRTICK=y
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
-# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_RANDOMIZE_BASE=y
+CONFIG_RANDOMIZE_BASE_MAX_OFFSET=0x40000000
+CONFIG_X86_NEED_RELOCS=y
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_HOTPLUG_CPU=y
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
@@ -513,7 +512,6 @@ CONFIG_USE_PERCPU_NUMA_NODE_ID=y
#
CONFIG_SUSPEND=y
CONFIG_SUSPEND_FREEZER=y
-CONFIG_HIBERNATE_CALLBACKS=y
CONFIG_PM_SLEEP=y
CONFIG_PM_SLEEP_SMP=y
CONFIG_PM_AUTOSLEEP=y
@@ -624,7 +622,6 @@ CONFIG_I7300_IDLE=m
CONFIG_PCI=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
-CONFIG_PCI_XEN=y
CONFIG_PCI_DOMAINS=y
CONFIG_PCIEPORTBUS=y
CONFIG_HOTPLUG_PCI_PCIE=y
@@ -641,7 +638,6 @@ CONFIG_PCI_MSI=y
# CONFIG_PCI_DEBUG is not set
CONFIG_PCI_REALLOC_ENABLE_AUTO=y
CONFIG_PCI_STUB=m
-CONFIG_XEN_PCIDEV_FRONTEND=m
CONFIG_HT_IRQ=y
CONFIG_PCI_ATS=y
CONFIG_PCI_IOV=y
@@ -1462,7 +1458,7 @@ CONFIG_EXTRA_FIRMWARE=""
CONFIG_FW_LOADER_USER_HELPER=y
# CONFIG_DEBUG_DRIVER is not set
# CONFIG_DEBUG_DEVRES is not set
-CONFIG_SYS_HYPERVISOR=y
+# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_GENERIC_CPU_DEVICES is not set
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
@@ -1599,8 +1595,8 @@ CONFIG_MTD_UBI_WL_THRESHOLD=4096
CONFIG_MTD_UBI_BEB_LIMIT=20
# CONFIG_MTD_UBI_FASTMAP is not set
# CONFIG_MTD_UBI_GLUEBI is not set
-CONFIG_PARPORT=m
CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+CONFIG_PARPORT=m
CONFIG_PARPORT_PC=m
CONFIG_PARPORT_SERIAL=m
# CONFIG_PARPORT_PC_FIFO is not set
@@ -1647,8 +1643,6 @@ CONFIG_CDROM_PKTCDVD=m
CONFIG_CDROM_PKTCDVD_BUFFERS=8
# CONFIG_CDROM_PKTCDVD_WCACHE is not set
CONFIG_ATA_OVER_ETH=m
-CONFIG_XEN_BLKDEV_FRONTEND=m
-CONFIG_XEN_BLKDEV_BACKEND=m
CONFIG_VIRTIO_BLK=m
# CONFIG_BLK_DEV_HD is not set
CONFIG_BLK_DEV_RBD=m
@@ -2191,6 +2185,7 @@ CONFIG_CHELSIO_T4=m
CONFIG_CHELSIO_T4VF=m
CONFIG_NET_VENDOR_CISCO=y
CONFIG_ENIC=m
+CONFIG_CX_ECAT=m
CONFIG_DNET=m
CONFIG_NET_VENDOR_DEC=y
CONFIG_NET_TULIP=y
@@ -2642,8 +2637,6 @@ CONFIG_IEEE802154_FAKEHARD=m
CONFIG_IEEE802154_FAKELB=m
CONFIG_IEEE802154_AT86RF230=m
# CONFIG_IEEE802154_MRF24J40 is not set
-CONFIG_XEN_NETDEV_FRONTEND=m
-CONFIG_XEN_NETDEV_BACKEND=m
CONFIG_VMXNET3=m
CONFIG_HYPERV_NET=m
CONFIG_ISDN=y
@@ -2983,7 +2976,6 @@ CONFIG_INPUT_ADXL34X_SPI=m
# CONFIG_INPUT_IMS_PCU is not set
CONFIG_INPUT_CMA3000=m
CONFIG_INPUT_CMA3000_I2C=m
-CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m
CONFIG_INPUT_IDEAPAD_SLIDEBAR=m
#
@@ -3080,9 +3072,6 @@ CONFIG_PRINTER=m
# CONFIG_LP_CONSOLE is not set
CONFIG_PPDEV=m
CONFIG_HVC_DRIVER=y
-CONFIG_HVC_IRQ=y
-CONFIG_HVC_XEN=y
-CONFIG_HVC_XEN_FRONTEND=y
CONFIG_VIRTIO_CONSOLE=m
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
@@ -3126,7 +3115,6 @@ CONFIG_TCG_NSC=m
CONFIG_TCG_ATMEL=m
CONFIG_TCG_INFINEON=m
CONFIG_TCG_ST33_I2C=m
-CONFIG_TCG_XEN=m
CONFIG_TELCLOCK=m
CONFIG_I2C=m
CONFIG_I2C_BOARDINFO=y
@@ -3569,7 +3557,6 @@ CONFIG_W83977F_WDT=m
CONFIG_MACHZ_WDT=m
CONFIG_SBC_EPX_C3_WATCHDOG=m
CONFIG_MEN_A21_WDT=m
-CONFIG_XEN_WDT=m
#
# PCI-based Watchdog Cards
@@ -4384,7 +4371,6 @@ CONFIG_FB_VT8623=m
CONFIG_FB_UDL=m
# CONFIG_FB_GOLDFISH is not set
CONFIG_FB_VIRTUAL=m
-CONFIG_XEN_FBDEV_FRONTEND=m
# CONFIG_FB_METRONOME is not set
# CONFIG_FB_MB862XX is not set
# CONFIG_FB_BROADSHEET is not set
@@ -5277,29 +5263,6 @@ CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
CONFIG_HYPERV=m
CONFIG_HYPERV_UTILS=m
CONFIG_HYPERV_BALLOON=m
-
-#
-# Xen driver support
-#
-CONFIG_XEN_BALLOON=y
-# CONFIG_XEN_SELFBALLOONING is not set
-CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y
-CONFIG_XEN_SCRUB_PAGES=y
-CONFIG_XEN_DEV_EVTCHN=m
-CONFIG_XEN_BACKEND=y
-CONFIG_XENFS=m
-CONFIG_XEN_COMPAT_XENFS=y
-CONFIG_XEN_SYS_HYPERVISOR=y
-CONFIG_XEN_XENBUS_FRONTEND=y
-CONFIG_XEN_GNTDEV=m
-CONFIG_XEN_GRANT_DEV_ALLOC=m
-CONFIG_SWIOTLB_XEN=y
-CONFIG_XEN_TMEM=m
-CONFIG_XEN_PCIDEV_BACKEND=m
-CONFIG_XEN_PRIVCMD=m
-CONFIG_XEN_ACPI_PROCESSOR=m
-# CONFIG_XEN_MCE_LOG is not set
-CONFIG_XEN_HAVE_PVMMU=y
CONFIG_STAGING=y
CONFIG_ET131X=m
CONFIG_SLICOSS=m
@@ -6040,10 +6003,6 @@ CONFIG_TIMER_STATS=y
# CONFIG_RT_MUTEX_TESTER is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_DEBUG_MUTEXES is not set
-# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
-# CONFIG_DEBUG_LOCK_ALLOC is not set
-# CONFIG_PROVE_LOCKING is not set
-# CONFIG_LOCK_STAT is not set
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_STACKTRACE=y
@@ -6172,7 +6131,9 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
#
# Grsecurity
#
-CONFIG_TASK_SIZE_MAX_SHIFT=47
+CONFIG_PAX_KERNEXEC_PLUGIN=y
+CONFIG_PAX_PER_CPU_PGD=y
+CONFIG_TASK_SIZE_MAX_SHIFT=42
CONFIG_PAX_USERCOPY_SLABS=y
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
@@ -6209,7 +6170,9 @@ CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_MPROTECT_COMPAT is not set
# CONFIG_PAX_ELFRELOCS is not set
-CONFIG_PAX_KERNEXEC_PLUGIN_METHOD=""
+CONFIG_PAX_KERNEXEC=y
+CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y
+CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts"
#
# Address Space Layout Randomization
@@ -6222,10 +6185,12 @@ CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
-# CONFIG_PAX_MEMORY_SANITIZE is not set
+CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_MEMORY_STACKLEAK=y
CONFIG_PAX_MEMORY_STRUCTLEAK=y
+CONFIG_PAX_MEMORY_UDEREF=y
CONFIG_PAX_REFCOUNT=y
+CONFIG_PAX_CONSTIFY_PLUGIN=y
CONFIG_PAX_USERCOPY=y
# CONFIG_PAX_USERCOPY_DEBUG is not set
CONFIG_PAX_SIZE_OVERFLOW=y
@@ -6314,7 +6279,6 @@ CONFIG_GRKERNSEC_TPE_GID=200
#
# Network Protections
#
-CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y
CONFIG_GRKERNSEC_SOCKET=y
diff --git a/kernels/linux-libre-lts-grsec/linux.install b/kernels/linux-libre-lts-grsec/linux.install
index 406ab9ae9..19b161976 100644
--- a/kernels/linux-libre-lts-grsec/linux.install
+++ b/kernels/linux-libre-lts-grsec/linux.install
@@ -46,7 +46,7 @@ post_upgrade() {
echo ">>> include the 'keyboard' hook in your mkinitcpio.conf."
fi
- if [[ $(vercmp $2 3.15.6.201407232200-2) -lt 0 ]]; then
+ if [[ $(vercmp $2 3.14.18_gnu.201409082127-2) -lt 0 ]]; then
_uderef_warning
fi
}