bump 4.17.15 using linux-hardened tree

4 files changed, 34 insertions, 21 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 5e7d8ef3f38d..541e32b30cf5 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,8 @@
 # Generated by mksrcinfo v8
-# Tue Jul 31 21:13:10 UTC 2018
+# Fri Aug 17 01:14:05 UTC 2018
 pkgbase = linux-linode
 	pkgdesc = Kernel for Linode servers
-	pkgver = 4.17.11
+	pkgver = 4.17.15.a
 	pkgrel = 1
 	url = https://github.com/yardenac/linux-linode
 	install = install
@@ -26,8 +26,8 @@ pkgbase = linux-linode
 	backup = boot/grub/menu.lst
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.17.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.17.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.17.11.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.17.11.sign
+	source = https://github.com/anthraxx/linux-hardened/releases/download/4.17.15.a/linux-hardened-4.17.15.a.patch
+	source = https://github.com/anthraxx/linux-hardened/releases/download/4.17.15.a/linux-hardened-4.17.15.a.patch.sig
 	source = config
 	source = 08_linux_linode
 	source = 98-linux-linode.hook
@@ -36,9 +36,9 @@ pkgbase = linux-linode
 	source = preset
 	md5sums = 5bb13a03274b66b56c85b26682e407d7
 	md5sums = SKIP
-	md5sums = d11e0c49f8381d0656f0838310f27a0f
+	md5sums = 75374aab3601eae996162d844d0619a8
 	md5sums = SKIP
-	md5sums = 35ef3de15ad6b81e8bb76b47ca946652
+	md5sums = aaf4606a7ee4bd418569a012070eaeb1
 	md5sums = bc30565cf444b710c252675cf65fb46e
 	md5sums = c52c29a8502f6c75e309208f0afab11f
 	md5sums = 625481f015365febcd65aa136ee555f9
@@ -46,9 +46,9 @@ pkgbase = linux-linode
 	md5sums = e1b5255cfbf5f8ca79b4b4568feec801
 	sha256sums = 9faa1dd896eaea961dc6e886697c0b3301277102e5bc976b2758f9a62d3ccd13
 	sha256sums = SKIP
-	sha256sums = 1345bf04742096c50eff4de6ba2a2c07ba8779e3c46373cd8076475c36f2e7b0
+	sha256sums = 9942ac22490800fada20d8a4d674ad3cd81146f122159fd6e89b921076118b0c
 	sha256sums = SKIP
-	sha256sums = 79ccb076b9957f58e38cd24002db055c7df5605130dd2ed97647ef7ca4323088
+	sha256sums = 75fe99352aeb24158e3270e23d76c4559809148acbd2446ade532d97c25beaa0
 	sha256sums = 7d56a81083d1468d90ebec97a44ec44f80f8cb87bd506ed1918d6664d6309ad5
 	sha256sums = 3efa91fcb4698bde0598678bbf9a4a747c011823af82704eed2c146ed7cd9734
 	sha256sums = 368fb58e7aa465f597e9a72da4b6eea4183c1a85242173412d54ad18d10d8fb3
@@ -56,9 +56,9 @@ pkgbase = linux-linode
 	sha256sums = 29fa2c1ea75f55a61276496507b788b1a8bde1d7c16bee4f525651db34076e46
 	sha512sums = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db
 	sha512sums = SKIP
-	sha512sums = 6cab8f1aecceb0491dca25afa088f9601178c8dfec51551afd34e219600bba54f65f929d9a10948cdb5595e339e096473127b55b1142e6dbe9a818149bec307d
+	sha512sums = fa5d1d4b63f0651489cb2679c0296c83fc1c167e2b399e8a64c8abd9c2aa073c7fb570948cb7100116d712d8aa9df8965502000d55b01a7d6935789a3ca3e1c7
 	sha512sums = SKIP
-	sha512sums = ef4f23087371a7f661d9e052e16412a7062ad0feb7eaafc48a17e7f7c53e133ac7de78d093bc7334da470621091ceea04ff95252f662b2db8fa3f63b5c0ee5ef
+	sha512sums = 8eedd803337f0746ccc712acd868e08a4ef0ae9eaafe878faa25fb06087c5a79ac91874b2c8811b65a0f8b46d2eb04bf54dd7a8de8e9d930be344edec7b73780
 	sha512sums = 7a80f858c32a9dd62f43aba0b7119a1196869216117164bcde24ab46022e8a1bbe27821faa26ca690a1633a5a9fe324e98e5cdf14f37591d569cbc71f542482d
 	sha512sums = c57a6c8d9978cb6a1034bed33ba5e06bef9b134f22113761798d4fa46e8091e7b0bd26f3a14d79122ba780b2f7a93ca26850f4da6a654f81b34cc79c242f683f
 	sha512sums = db9080b2548e4dcd61eaaf20cd7d37cbbc8c204ce85a2e3408d0671f6b26010f77a61affd2c77e809768714eca29d3afb64765a3f2099317a2c928eff3feb4cf
diff --git a/.gitignore b/.gitignore
index 04340ad2739b..e89bb5747457 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,8 +4,8 @@
 /*.part
 /linux-*.tar.xz
 /linux-*.tar.sign
-/patch-*.xz
-/patch-*.sign
+/linux-hardened-*.patch
+/linux-hardened-*.patch.sig
 /*.diff
 /*.log
 /*.src.tar.gz
diff --git a/PKGBUILD b/PKGBUILD
index 6fb2ec54ccd2..5cb5950dd868 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,7 +5,9 @@ pkgname=linux-linode
 _basekernel=4.17
 _kernelname=${pkgname#linux}
 _srcname=linux-${_basekernel}
-pkgver=${_basekernel}.11
+_patchname=linux-hardened
+_hardenedver=a
+pkgver=${_basekernel}.15.${_hardenedver}
 pkgrel=1
 arch=('x86_64')
 url="https://github.com/yardenac/linux-linode"
@@ -13,7 +15,7 @@ license=(GPL2)
 makedepends=(xmlto docbook-xsl kmod inetutils bc libelf)
 options=('!strip')
 source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar."{xz,sign}
-        "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}."{xz,sign}
+        "https://github.com/anthraxx/${_patchname}/releases/download/${pkgver}/${_patchname}-${pkgver}.patch"{,.sig}
         'config'
         '08_linux_linode'
         '98-linux-linode.hook'
@@ -21,24 +23,24 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar."{xz,sign}
         'menu.lst'
         'preset')
 sha512sums=('4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db' 'SKIP'
-            '6cab8f1aecceb0491dca25afa088f9601178c8dfec51551afd34e219600bba54f65f929d9a10948cdb5595e339e096473127b55b1142e6dbe9a818149bec307d' 'SKIP'
-            'ef4f23087371a7f661d9e052e16412a7062ad0feb7eaafc48a17e7f7c53e133ac7de78d093bc7334da470621091ceea04ff95252f662b2db8fa3f63b5c0ee5ef'
+            'fa5d1d4b63f0651489cb2679c0296c83fc1c167e2b399e8a64c8abd9c2aa073c7fb570948cb7100116d712d8aa9df8965502000d55b01a7d6935789a3ca3e1c7' 'SKIP'
+            '8eedd803337f0746ccc712acd868e08a4ef0ae9eaafe878faa25fb06087c5a79ac91874b2c8811b65a0f8b46d2eb04bf54dd7a8de8e9d930be344edec7b73780'
             '7a80f858c32a9dd62f43aba0b7119a1196869216117164bcde24ab46022e8a1bbe27821faa26ca690a1633a5a9fe324e98e5cdf14f37591d569cbc71f542482d'
             'c57a6c8d9978cb6a1034bed33ba5e06bef9b134f22113761798d4fa46e8091e7b0bd26f3a14d79122ba780b2f7a93ca26850f4da6a654f81b34cc79c242f683f'
             'db9080b2548e4dcd61eaaf20cd7d37cbbc8c204ce85a2e3408d0671f6b26010f77a61affd2c77e809768714eca29d3afb64765a3f2099317a2c928eff3feb4cf'
             '73cb4c064d8942fddaac48158b7e77d19afc1cb61f83936f21832ba7d7266ccfd3021114252edd5cec5542096204f48cf30544fd6bffff79bc94d96fabe74f52'
             '62870a08f000abfe8eb1f50271afdf04686af108554f7629dc5e1d7610ad14bdc9cd14d2609270b83f9edb745a520b81fa7bfb92ebcc28a146df040c895b549b')
 sha256sums=('9faa1dd896eaea961dc6e886697c0b3301277102e5bc976b2758f9a62d3ccd13' 'SKIP'
-            '1345bf04742096c50eff4de6ba2a2c07ba8779e3c46373cd8076475c36f2e7b0' 'SKIP'
-            '79ccb076b9957f58e38cd24002db055c7df5605130dd2ed97647ef7ca4323088'
+            '9942ac22490800fada20d8a4d674ad3cd81146f122159fd6e89b921076118b0c' 'SKIP'
+            '75fe99352aeb24158e3270e23d76c4559809148acbd2446ade532d97c25beaa0'
             '7d56a81083d1468d90ebec97a44ec44f80f8cb87bd506ed1918d6664d6309ad5'
             '3efa91fcb4698bde0598678bbf9a4a747c011823af82704eed2c146ed7cd9734'
             '368fb58e7aa465f597e9a72da4b6eea4183c1a85242173412d54ad18d10d8fb3'
             'a055b6005a324240b35c416d9d08fba21c5f614eefb46f244035d04bf085224f'
             '29fa2c1ea75f55a61276496507b788b1a8bde1d7c16bee4f525651db34076e46')
 md5sums=('5bb13a03274b66b56c85b26682e407d7' 'SKIP'
-         'd11e0c49f8381d0656f0838310f27a0f' 'SKIP'
-         '35ef3de15ad6b81e8bb76b47ca946652'
+         '75374aab3601eae996162d844d0619a8' 'SKIP'
+         'aaf4606a7ee4bd418569a012070eaeb1'
          'bc30565cf444b710c252675cf65fb46e'
          'c52c29a8502f6c75e309208f0afab11f'
          '625481f015365febcd65aa136ee555f9'
@@ -47,6 +49,7 @@ md5sums=('5bb13a03274b66b56c85b26682e407d7' 'SKIP'
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linux Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
+              'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
 )
 pkgdesc="Kernel for Linode servers"
 depends=('coreutils' 'linux-firmware' 'kmod' 'mkinitcpio>=0.7' 'grub')
@@ -57,7 +60,7 @@ install=install
 
 prepare() {
   cd "${srcdir}/${_srcname}"
-  patch -p1 -i "${srcdir}/patch-${pkgver}"
+  patch -p1 -i "${srcdir}/${_patchname}-${pkgver}.patch"
   cat "${srcdir}/config" - > ./.config <<-EOF
 	CONFIG_LOCALVERSION="${_kernelname}"
 	CONFIG_LOCALVERSION_AUTO=n
diff --git a/config b/config
index 8d176cf9bd57..2d661730b366 100644
--- a/config
+++ b/config
@@ -187,6 +187,7 @@ CONFIG_RD_LZO=y
 CONFIG_RD_LZ4=y
 # CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_LOCAL_INIT=y
 CONFIG_SYSCTL=y
 CONFIG_ANON_INODES=y
 CONFIG_HAVE_UID16=y
@@ -244,6 +245,10 @@ CONFIG_SLUB=y
 # CONFIG_SLAB_MERGE_DEFAULT is not set
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
+CONFIG_SLAB_HARDENED=y
+CONFIG_SLAB_CANARY=y
+CONFIG_SLAB_SANITIZE=y
+CONFIG_SLAB_SANITIZE_VERIFY=y
 CONFIG_SLUB_CPU_PARTIAL=y
 # CONFIG_PROFILING is not set
 CONFIG_CRASH_CORE=y
@@ -2942,6 +2947,8 @@ CONFIG_KEYS_COMPAT=y
 CONFIG_ENCRYPTED_KEYS=y
 # CONFIG_KEY_DH_OPERATIONS is not set
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
+CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
+CONFIG_SECURITY_TIOCSTI_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITYFS=y
 CONFIG_SECURITY_NETWORK=y
@@ -2953,6 +2960,9 @@ CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_FORTIFY_SOURCE=y
+# CONFIG_FORTIFY_SOURCE_STRICT_STRING is not set
+CONFIG_PAGE_SANITIZE=y
+CONFIG_PAGE_SANITIZE_VERIFY=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 # CONFIG_SECURITY_SELINUX is not set
 # CONFIG_SECURITY_SMACK is not set