Commit c1ecc67a authored by Ben Hutchings's avatar Ben Hutchings

Merge branch 'corsac/linux-hardening-options' into sid

parents 7e358376 1bdb9910
......@@ -284,6 +284,10 @@ linux (4.16.13-1) UNRELEASED; urgency=medium
* [armhf] Enable MFD_AC100 and RTC_DRV_AC100, used in allwinner A80/A83t
systems.
[ Yves-Alexis Perez ]
* hardening: enable FORTIFY_SOURCE, disable HARDENED_USERCOPY_FALLBACK
* [x86] hardening: enable REFCOUNT_FULL
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 30 May 2018 08:41:30 +0200
linux (4.16.12-1) unstable; urgency=medium
......@@ -7118,7 +7118,9 @@ CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_INTEL_TXT is not set
CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_HARDENED_USERCOPY=y
# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_FORTIFY_SOURCE=y
CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
## choice: Default security module
......
......@@ -2,6 +2,7 @@
## file: arch/Kconfig
##
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
CONFIG_REFCOUNT_FULL=y
##
## file: arch/x86/Kconfig
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment