Commit Graph

988 Commits

Author SHA1 Message Date
Jan Alexander Steffens
738226335f 5.13.12.arch1-1 2021-08-18 21:30:22 +00:00
Jan Alexander Steffens
c21ba89cc1 Set KFENCE_SAMPLE_INTERVAL back to 100
As requested by Levente. The power issues should be solved by now.
2021-08-18 21:30:21 +00:00
Jan Alexander Steffens
fb8eb1c560 Enable RANDOMIZE_KSTACK_OFFSET_DEFAULT
Additional hardening at a minimal cost, as requested by Levente.
2021-08-18 21:30:17 +00:00
Jan Alexander Steffens
2552e0b041 5.13.10.arch1-1 2021-08-12 22:36:23 +00:00
Jan Alexander Steffens
5e6049790e 5.13.9.arch1-1 2021-08-08 12:14:43 +00:00
Jan Alexander Steffens
5e111e91cc 5.13.8.arch1-1 2021-08-04 18:46:16 +00:00
Jan Alexander Steffens
82e02793cb 5.13.7.arch1-1 2021-07-31 23:09:11 +00:00
Jan Alexander Steffens
d352d2e4ff 5.13.6.arch1-1 2021-07-29 00:51:39 +00:00
Jan Alexander Steffens
86779bcfea 5.13.5.arch1-1 2021-07-26 01:55:01 +00:00
Jan Alexander Steffens
11f06f43c4 5.13.4.arch2-1 2021-07-22 21:18:45 +00:00
David Runge
2589876818 Upgrade to 5.13.4.arch1.
PKGBUILD:
Add C7E7849466FE2358343588377258734B41C31549 as additional recognized valid PGP
key, as heftig might not be able to prepare releases and package for a while.

config:
Consolidate with defaults for 5.13.4 based on previous config.
Update CONFIG_LSM to order landlock before lockdown and re-add bpf, as the
issue discussed in https://bugs.archlinux.org/task/71270 seems to have been a
user-error (using obsolete kernel parameters).
2021-07-20 17:34:49 +00:00
Jan Alexander Steffens
fd38ec001c 5.13.1.arch1-1 2021-07-10 00:23:52 +00:00
Jan Alexander Steffens
c156c63575 5.12.15.arch1-1 2021-07-08 06:51:34 +00:00
Jan Alexander Steffens
4aa90295a0 5.12.14.arch1-1 2021-07-01 07:57:45 +00:00
Jan Alexander Steffens
5b763178e4 FS#71392: Install IIO hid-sensors header 2021-07-01 07:57:43 +00:00
Jan Alexander Steffens
e8d31cb4c2 5.12.13.arch1-2 2021-06-25 23:47:17 +00:00
Jan Alexander Steffens
65eddc1dfd FS#71325: Enable SPI_INTEL_SPI again 2021-06-25 23:47:16 +00:00
Jan Alexander Steffens
74cfa2eb0a Revert "Use our git"
This reverts commit 57840eab683583e89ba506800c08ee752937c586.

We're shutting down git.archlinux.org and don't want to move the linux
repo to gitlab due to its size.
2021-06-25 23:47:14 +00:00
Jan Alexander Steffens
9bff7b52e3 5.12.13.arch1-1 2021-06-23 17:14:01 +00:00
Jan Alexander Steffens
38bd62e40b FS#71296: Enable DEBUG_LIST 2021-06-20 19:20:20 +00:00
Jan Alexander Steffens
7403514fbe 5.12.12.arch1-1 2021-06-18 22:59:23 +00:00
Jan Alexander Steffens
e7d5c4d89c 5.12.11.arch1-1 2021-06-16 22:13:35 +00:00
Jan Alexander Steffens
d7bf404c33 FS#71270: Don't enable "bpf" LSM by default
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
2021-06-16 22:13:34 +00:00
Jan Alexander Steffens
3f21513a71 5.12.10.arch1-1 2021-06-10 17:16:45 +00:00
Jan Alexander Steffens
9fe32edb60 5.12.9.arch1-1 2021-06-03 12:11:43 +00:00
Jan Alexander Steffens
b7f14e1a69 5.12.8.arch1-1 2021-05-28 21:05:54 +00:00
Jan Alexander Steffens
99703861e1 FS#69505: Enable MTD_ROM 2021-05-27 19:39:55 +00:00
Jan Alexander Steffens
b72d63df03 5.12.7.arch1-1 2021-05-26 22:45:28 +00:00
Jan Alexander Steffens
1da8e74711 5.12.6.arch1-1 2021-05-23 01:36:16 +00:00
Jan Alexander Steffens
ea7ccabcad 5.12.5.arch1-1 2021-05-19 11:46:27 +00:00
Jan Alexander Steffens
3c493d93c4 5.12.4.arch2-1 2021-05-18 22:29:32 +00:00
Jan Alexander Steffens
04cd0126a3 5.12.4.arch1-2 2021-05-15 21:38:30 +00:00
Jan Alexander Steffens
2a8704f5e1 Set KFENCE_SAMPLE_INTERVAL to 0
Turns off KFENCE by default, as requested by Levente. There are power
use issues, see
https://lore.kernel.org/linux-mm/20210421105132.3965998-1-elver@google.com/
2021-05-15 21:38:29 +00:00
Jan Alexander Steffens
1646eced3b Enable DEBUG_INFO_DWARF4
Required for BTF to work with GCC 11.
2021-05-15 21:38:27 +00:00
Jan Alexander Steffens
acb9384891 5.12.4.arch1-1 2021-05-14 14:20:31 +00:00
Jan Alexander Steffens
24c6f0d688 5.12.3.arch2-1 2021-05-13 20:01:56 +00:00
Jan Alexander Steffens
4b8cbaa097 5.12.3.arch1-2 2021-05-13 00:02:40 +00:00
Jan Alexander Steffens
1214e4e40a 5.12.3.arch1-1 2021-05-12 18:53:54 +00:00
Jan Alexander Steffens
cc87e6b052 5.12.2.arch1-1 2021-05-07 16:08:11 +00:00
Jan Alexander Steffens
db81b3eea9 FS#70742: Enable MTD_NAND_ECC_* 2021-05-07 16:08:09 +00:00
Jan Alexander Steffens
621ea2d08c 5.12.1.arch1-1 2021-05-02 13:41:41 +00:00
Jan Alexander Steffens
7f6df05917 Turn on KFENCE by default
As requested by Levente.
2021-05-02 13:41:40 +00:00
Jan Alexander Steffens
b03b4f7e6f 5.12.arch1-1 2021-04-26 21:33:26 +00:00
Jan Alexander Steffens
d71e920034 5.11.16.arch1-1 2021-04-21 20:39:28 +00:00
Jan Alexander Steffens
62782a577d FS#69181: Enable FB_UVESA 2021-04-21 20:39:27 +00:00
Jan Alexander Steffens
0d66f76ec1 FS#68698: Enable HID_SENSOR_CUSTOM_SENSOR 2021-04-21 20:39:26 +00:00
Jan Alexander Steffens
6f3f90e76b FS#69505: Enable MTD_RAM 2021-04-21 20:39:22 +00:00
Jan Alexander Steffens
3f3fcefaf5 5.11.15.arch1-2 2021-04-17 00:56:35 +00:00
Jan Alexander Steffens
85750f85be Revert "Enable LOAD_UEFI_KEYS"
It didn't help secure dkms modules like we thought it would.
2021-04-17 00:56:34 +00:00
Jan Alexander Steffens
4e15a9f945 5.11.15.arch1-1 2021-04-16 12:28:14 +00:00
Jan Alexander Steffens
e0674e41ca 5.11.14.arch1-1 2021-04-14 12:48:08 +00:00
Jan Alexander Steffens
0ab80e4b19 5.11.13.arch3-1 2021-04-14 11:11:29 +00:00
Jan Alexander Steffens
47a3ddc4b0 5.11.13.arch2-1 2021-04-12 00:54:06 +00:00
Jan Alexander Steffens
46d00c9794 5.11.13.arch1-1 2021-04-10 21:25:36 +00:00
Jan Alexander Steffens
44305ad48b FS#70375: Disable BT_HS 2021-04-09 18:49:50 +00:00
Jan Alexander Steffens
3272234053 FS#70384: Return atkbd to a module 2021-04-09 14:49:24 +00:00
Jan Alexander Steffens
eac563f39e 5.11.12.arch1-1 2021-04-07 22:37:33 +00:00
Jan Alexander Steffens
56380b3e43 FS#70299: Enable IDLE_PAGE_TRACKING 2021-04-05 12:50:09 +00:00
Jan Alexander Steffens
e74e4210d3 5.11.11.arch1-1 2021-03-30 14:47:29 +00:00
Jan Alexander Steffens
f99611e296 FS#69441: Revert "Disable USB gadget support" 2021-03-30 14:47:28 +00:00
Jan Alexander Steffens
320113849b 5.11.10.arch1-1 2021-03-26 00:56:43 +00:00
Jan Alexander Steffens
ca32941726 5.11.9.arch1-1 2021-03-24 19:28:05 +00:00
Jan Alexander Steffens
d014a88b5b FS#70140: Enable EFI_VARS_PSTORE_DEFAULT_DISABLE 2021-03-24 19:28:03 +00:00
Jan Alexander Steffens
364d5e5432 5.11.8.arch1-1 2021-03-21 02:30:21 +00:00
Jan Alexander Steffens
1cf3662d97 FS#70064: Set SND_HDA_PREALLOC_SIZE to 0
This is also the default in Fedora.
2021-03-21 02:30:20 +00:00
Jan Alexander Steffens
1c099ca397 5.11.7.arch1-1 2021-03-17 17:35:35 +00:00
Jan Alexander Steffens
b4a2e977d4 FS#69992: Enable SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC 2021-03-15 16:28:21 +00:00
Jan Alexander Steffens
7e6eb07df5 FS#69479: Disable BCM63XX drivers 2021-03-14 14:40:19 +00:00
Jan Alexander Steffens
fc7f97fc30 FS#33958, FS#35753: Fix tomoyo settings 2021-03-14 14:40:17 +00:00
Jan Alexander Steffens
80415a58a9 5.11.6.arch1-1 2021-03-11 15:05:55 +00:00
Jan Alexander Steffens
44637ec6c7 5.11.5.arch1-1 2021-03-09 20:07:14 +00:00
Jan Alexander Steffens
e280f34fb3 5.11.4.arch1-1 2021-03-07 18:34:36 +00:00
Jan Alexander Steffens
62f6c03f2c 5.11.3.arch1-1 2021-03-04 22:24:21 +00:00
Jan Alexander Steffens
1dca396562 5.11.2.arch1-1 2021-02-26 22:42:58 +00:00
Jan Alexander Steffens
ec11f3e288 5.11.1.arch1-1 2021-02-23 14:47:16 +00:00
Jan Alexander Steffens
ae5ce75f0d 5.11.arch2-1 2021-02-19 00:11:51 +00:00
Jan Alexander Steffens
cc8cce72b9 5.11.arch1-1 2021-02-15 23:56:35 +00:00
Jan Alexander Steffens
c3046f0b81 5.10.16.arch1-1 2021-02-13 21:20:45 +00:00
Jan Alexander Steffens
ce690b2efd 5.10.15.arch1-1 2021-02-10 19:05:11 +00:00
Jan Alexander Steffens
3550611332 5.10.14.arch1-1 2021-02-07 23:17:50 +00:00
Jan Alexander Steffens
d159b9a739 5.10.13.arch1-2 2021-02-06 11:45:09 +00:00
Jan Alexander Steffens
71c2279684 FS#69158: Return psmouse to a module 2021-02-04 19:32:19 +00:00
Jan Alexander Steffens
2630980304 5.10.13.arch1-1 2021-02-04 00:25:58 +00:00
Jan Alexander Steffens
7874717d9d FS#69479: Disable Lantiq and Rockchip drivers 2021-02-04 00:25:57 +00:00
Jan Alexander Steffens
861c5dfd04 Update security config
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
2021-02-04 00:25:55 +00:00
Jan Alexander Steffens
d04972b60c FS#69212: Reenable multimedia test drivers 2021-01-31 01:33:42 +00:00
Jan Alexander Steffens
9d28b37b79 5.10.12.arch1-1 2021-01-31 01:33:39 +00:00
Jan Alexander Steffens
cf0be7beee 5.10.11.arch1-1 2021-01-27 15:42:47 +00:00
Jan Alexander Steffens
66b09ae393 5.10.10.arch1-1 2021-01-24 00:56:16 +00:00
Jan Alexander Steffens
460787f437 5.10.9.arch1-1 2021-01-19 23:33:14 +00:00
Jan Alexander Steffens
732488a858 5.10.8.arch1-1 2021-01-17 23:12:23 +00:00
Jan Alexander Steffens
0007db0e69 5.10.7.arch1-1 2021-01-13 13:01:40 +00:00
Jan Alexander Steffens
c19564ecfa 5.10.6.arch1-1 2021-01-09 19:17:04 +00:00
Jan Alexander Steffens
29ab84e2ba 5.10.5.arch1-1 2021-01-07 12:05:32 +00:00
Jan Alexander Steffens
8ffb940e20 5.10.4.arch2-1 2021-01-01 06:17:42 +00:00
Jan Alexander Steffens
87cfb1a823 Reenable MTD_PHRAM
Can be used with syslinux's memdiskfind to mount a filesystem image.
2021-01-01 06:17:41 +00:00
Jan Alexander Steffens
45857ed86c Enable SECURITY_DMESG_RESTRICT
Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
2020-12-31 01:18:17 +00:00
Jan Alexander Steffens
b54786ee1f 5.10.4.arch1-1 2020-12-31 01:18:16 +00:00
Jan Alexander Steffens
66ead9f4aa 5.10.3.arch1-1 2020-12-27 12:02:15 +00:00
Jan Alexander Steffens
ddeb06b257 Revert two config changes
As requested by Levente.
2020-12-22 01:33:12 +00:00