Tails

#2 Updated by intrigeri 2017-11-25 10:53:30

• related to Feature #14999: Upgrade to Stretch 9.3 added

#3 Updated by intrigeri 2017-11-25 20:26:14

• Status changed from Confirmed to In Progress
• % Done changed from 0 to 10

Besides new GCC plugins (CONFIG_GCC_PLUGINS is disabled in Debian “Until we work out how to package them”), the only candidate that requires opt-in seems to be CONFIG_SLAB_FREELIST_HARDENED, which “should render blind heap overflow bugs much more difficult to exploit” + adds a naive detection of double free or corruption.

#6 Updated by intrigeri 2017-11-29 09:47:08

• % Done changed from 10 to 50

#8 Updated by intrigeri 2017-12-10 15:06:07

• related to deleted (Feature #14999: Upgrade to Stretch 9.3)

#9 Updated by intrigeri 2017-12-10 15:06:22

• related to Feature #14976: Upgrade the Linux kernel to get KPTI added

#10 Updated by intrigeri 2017-12-24 11:01:55

• Type of work changed from Research to Wait

#11 Updated by intrigeri 2018-01-16 12:59:19

• Target version changed from Tails_3.5 to Tails_3.6

I want to let the src:linux maintainers focus on currently more pressing matters (Meltdown/Spectre and their fallout) so I won’t ping them yet.

#13 Updated by intrigeri 2018-02-13 12:06:18

• blocked by Feature #15309: Upgrade to Linux 4.15 added

#14 Updated by intrigeri 2018-02-19 12:26:26

• Assignee changed from intrigeri to bertagaz
• QA Check set to Ready for QA
• Feature Branch set to feature/15309-linux-4.15
• Type of work changed from Wait to Code

In a Tails built from this branch:

$ grep '^CONFIG_SLAB_FREELIST_HARDENED=' /boot/config-4.15.0-1-amd64 
CONFIG_SLAB_FREELIST_HARDENED=y

#15 Updated by bertagaz 2018-02-21 14:04:21

• Status changed from In Progress to Fix committed
• Assignee deleted (bertagaz)
• % Done changed from 50 to 100
• QA Check changed from Ready for QA to Pass

Everything’s fine here then, and Feature #15309 has been merged, so closing.

#16 Updated by bertagaz 2018-03-14 11:09:44

• Status changed from Fix committed to Resolved