1 |
commit: 2261652e5e3a9a61b7147d6e93282bc54833c734 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jan 9 20:03:10 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 9 20:04:04 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=2261652e |
7 |
|
8 |
Revert "Update Gentoo Distro patch, thanks to gyakovlev" |
9 |
|
10 |
This reverts commit 632cc59cc8462f3f01085d1b76cc304488a06394. |
11 |
|
12 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
13 |
|
14 |
4567_distro-Gentoo-Kconfig.patch | 251 ++++++++++++++++----------------------- |
15 |
1 file changed, 102 insertions(+), 149 deletions(-) |
16 |
|
17 |
diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch |
18 |
index 97665869..24b75095 100644 |
19 |
--- a/4567_distro-Gentoo-Kconfig.patch |
20 |
+++ b/4567_distro-Gentoo-Kconfig.patch |
21 |
@@ -1,19 +1,14 @@ |
22 |
-diff --git a/Kconfig b/Kconfig |
23 |
-index 745bc773f..e306bacea 100644 |
24 |
---- a/Kconfig |
25 |
-+++ b/Kconfig |
26 |
+--- a/Kconfig 2021-06-04 19:03:33.646823432 -0400 |
27 |
++++ b/Kconfig 2021-06-04 19:03:40.508892817 -0400 |
28 |
@@ -30,3 +30,5 @@ source "lib/Kconfig" |
29 |
source "lib/Kconfig.debug" |
30 |
|
31 |
source "Documentation/Kconfig" |
32 |
+ |
33 |
+source "distro/Kconfig" |
34 |
-diff --git a/distro/Kconfig b/distro/Kconfig |
35 |
-new file mode 100644 |
36 |
-index 000000000..94d6e1886 |
37 |
---- /dev/null |
38 |
-+++ b/distro/Kconfig |
39 |
-@@ -0,0 +1,295 @@ |
40 |
+--- /dev/null 2021-12-21 08:57:43.779324794 -0500 |
41 |
++++ b/distro/Kconfig 2021-12-21 14:12:07.964572417 -0500 |
42 |
+@@ -0,0 +1,283 @@ |
43 |
+menu "Gentoo Linux" |
44 |
+ |
45 |
+config GENTOO_LINUX |
46 |
@@ -80,8 +75,9 @@ index 000000000..94d6e1886 |
47 |
+ CGROUPS (required for FEATURES=cgroup) |
48 |
+ IPC_NS (required for FEATURES=ipc-sandbox) |
49 |
+ NET_NS (required for FEATURES=network-sandbox) |
50 |
-+ PID_NS (required for FEATURES=pid-sandbox) |
51 |
++ PID_NS (required for FEATURES=pid-sandbox) |
52 |
+ SYSVIPC (required by IPC_NS) |
53 |
++ |
54 |
+ |
55 |
+ It is highly recommended that you leave this enabled as these FEATURES |
56 |
+ are, or will soon be, enabled by default. |
57 |
@@ -128,7 +124,7 @@ index 000000000..94d6e1886 |
58 |
+ select BPF_SYSCALL |
59 |
+ select CGROUP_BPF |
60 |
+ select CGROUPS |
61 |
-+ select CRYPTO_HMAC |
62 |
++ select CRYPTO_HMAC |
63 |
+ select CRYPTO_SHA256 |
64 |
+ select CRYPTO_USER_API_HASH |
65 |
+ select DEVPTS_MULTIPLE_INSTANCES |
66 |
@@ -170,104 +166,102 @@ index 000000000..94d6e1886 |
67 |
+ |
68 |
+endmenu |
69 |
+ |
70 |
-+menu "Kernel Self Protection Project" |
71 |
-+ visible if GENTOO_LINUX |
72 |
++menuconfig GENTOO_KERNEL_SELF_PROTECTION |
73 |
++ bool "Kernel Self Protection Project" |
74 |
++ depends on GENTOO_LINUX |
75 |
++ help |
76 |
++ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project |
77 |
++ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings |
78 |
++ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due |
79 |
++ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION_COMMON and search for |
80 |
++ GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for dependency information on your |
81 |
++ specific architecture. |
82 |
++ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 |
83 |
++ for X86_64 |
84 |
+ |
85 |
-+config GENTOO_KERNEL_SELF_PROTECTION |
86 |
++if GENTOO_KERNEL_SELF_PROTECTION |
87 |
++config GENTOO_KERNEL_SELF_PROTECTION_COMMON |
88 |
+ bool "Enable Kernel Self Protection Project Recommendations" |
89 |
+ |
90 |
-+ depends on GENTOO_LINUX && EXPERT && !DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !MODIFY_LDT_SYSCALL |
91 |
++ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !DEVKMEM && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS |
92 |
+ |
93 |
+ select BUG |
94 |
-+ select STRICT_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX |
95 |
-+ select DEBUG_FS |
96 |
-+ select DEBUG_WX if ARCH_HAS_DEBUG_WX && MMU |
97 |
-+ select STACKPROTECTOR if HAVE_STACKPROTECTOR |
98 |
-+ select STACKPROTECTOR_STRONG if HAVE_STACKPROTECTOR |
99 |
-+ select STRICT_DEVMEM if DEVMEM=y && (ARCH_HAS_DEVMEM_IS_ALLOWED || GENERIC_LIB_DEVMEM_IS_ALLOWED) |
100 |
-+ select IO_STRICT_DEVMEM if STRICT_DEVMEM |
101 |
-+ select SYN_COOKIES if NET && INET |
102 |
-+ select DEBUG_CREDENTIALS if DEBUG_KERNEL |
103 |
-+ select DEBUG_NOTIFIERS if DEBUG_KERNEL |
104 |
++ select STRICT_KERNEL_RWX |
105 |
++ select DEBUG_WX |
106 |
++ select STACKPROTECTOR |
107 |
++ select STACKPROTECTOR_STRONG |
108 |
++ select STRICT_DEVMEM if DEVMEM=y |
109 |
++ select IO_STRICT_DEVMEM if DEVMEM=y |
110 |
++ select SYN_COOKIES |
111 |
++ select DEBUG_CREDENTIALS |
112 |
++ select DEBUG_NOTIFIERS |
113 |
+ select DEBUG_LIST |
114 |
-+ select DEBUG_SG if DEBUG_KERNEL |
115 |
++ select DEBUG_SG |
116 |
+ select BUG_ON_DATA_CORRUPTION |
117 |
-+ select SCHED_STACK_END_CHECK if DEBUG_KERNEL |
118 |
++ select SCHED_STACK_END_CHECK |
119 |
+ select SECCOMP if HAVE_ARCH_SECCOMP |
120 |
+ select SECCOMP_FILTER if HAVE_ARCH_SECCOMP_FILTER |
121 |
-+ select SECURITY if SYSFS && MULTIUSER |
122 |
-+ select SECURITY_YAMA if SECURITY |
123 |
-+ select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR |
124 |
-+ select SLAB_FREELIST_RANDOM if SLAB || SLUB |
125 |
-+ select SLAB_FREELIST_HARDENED if SLAB || SLUB |
126 |
++ select SECURITY_YAMA |
127 |
++ select SLAB_FREELIST_RANDOM |
128 |
++ select SLAB_FREELIST_HARDENED |
129 |
+ select SHUFFLE_PAGE_ALLOCATOR |
130 |
-+ select SLUB_DEBUG if SLUB && SYSFS |
131 |
-+ select SLUB_DEBUG_ON if SLUB_DEBUG |
132 |
++ select SLUB_DEBUG |
133 |
+ select PAGE_POISONING |
134 |
+ select PAGE_POISONING_NO_SANITY |
135 |
+ select PAGE_POISONING_ZERO |
136 |
+ select INIT_ON_ALLOC_DEFAULT_ON |
137 |
+ select INIT_ON_FREE_DEFAULT_ON |
138 |
-+ select FORTIFY_SOURCE if ARCH_HAS_FORTIFY_SOURCE && !CC_IS_CLANG |
139 |
-+ select SECURITY_DMESG_RESTRICT |
140 |
++ select REFCOUNT_FULL |
141 |
++ select FORTIFY_SOURCE |
142 |
++ select SECURITY_DMESG_RESTRICT |
143 |
+ select PANIC_ON_OOPS |
144 |
-+ select DEBUG_STACKOVERFLOW if DEBUG_KERNEL && HAVE_DEBUG_STACKOVERFLOW |
145 |
-+ select VMAP_STACK if HAVE_ARCH_VMAP_STACK |
146 |
-+ select STRICT_MODULE_RWX if ARCH_HAS_STRICT_MODULE_RWX && ARCH_OPTIONAL_KERNEL_RWX && MODULES |
147 |
-+ select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS |
148 |
-+ select INIT_STACK_ALL_PATTERN if CC_HAS_AUTO_VAR_INIT_PATTERN && !CC_HAS_AUTO_VAR_INIT_ZERO |
149 |
-+ select INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO |
150 |
-+ select GCC_PLUGINS if HAVE_GCC_PLUGINS && CC_IS_GCC |
151 |
-+ select GCC_PLUGIN_LATENT_ENTROPY if GCC_PLUGINS |
152 |
-+ select GCC_PLUGIN_STRUCTLEAK if GCC_PLUGINS |
153 |
-+ select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if GCC_PLUGINS |
154 |
-+ select GCC_PLUGIN_STRUCTLEAK_VERBOSE if GCC_PLUGINS && GCC_PLUGIN_STRUCTLEAK |
155 |
-+ select GCC_PLUGIN_RANDSTRUCT if GCC_PLUGINS |
156 |
-+ select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE if GCC_PLUGINS && GCC_PLUGIN_RANDSTRUCT |
157 |
-+ select GCC_PLUGIN_STACKLEAK if GCC_PLUGINS && HAVE_ARCH_STACKLEAK |
158 |
++ select GCC_PLUGIN_LATENT_ENTROPY |
159 |
++ select GCC_PLUGIN_STRUCTLEAK |
160 |
++ select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
161 |
++ select GCC_PLUGIN_RANDSTRUCT |
162 |
++ select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE |
163 |
+ |
164 |
+ help |
165 |
-+ Recommended Kernel settings based on the suggestions from the Kernel Self Protection Project |
166 |
-+ See: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings |
167 |
-+ Note, there may be additional settings for which the CONFIG_ setting is invisible in menuconfig due |
168 |
-+ to unmet dependencies. Search for GENTOO_KERNEL_SELF_PROTECTION and search for |
169 |
-+ GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for dependency information on your |
170 |
-+ specific architecture. |
171 |
-+ Note 2: Please see the URL above for numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 |
172 |
-+ for X86_64 |
173 |
++ Search for GENTOO_KERNEL_SELF_PROTECTION_{X86_64, ARM64, X86_32, ARM} for dependency |
174 |
++ information on your specific architecture. Note 2: Please see the URL above for |
175 |
++ numeric settings, e.g. CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 for X86_64 |
176 |
+ |
177 |
+config GENTOO_KERNEL_SELF_PROTECTION_X86_64 |
178 |
-+ bool "X86_64 KSPP Settings" if GENTOO_KERNEL_SELF_PROTECTION |
179 |
-+ |
180 |
-+ depends on X86_64 && GENTOO_KERNEL_SELF_PROTECTION |
181 |
-+ default y if X86_64 && GENTOO_KERNEL_SELF_PROTECTION |
182 |
++ bool "X86_64 KSPP Settings" if GENTOO_KERNEL_SELF_PROTECTION_COMMON |
183 |
+ |
184 |
++ depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION |
185 |
++ default n |
186 |
++ |
187 |
+ select RANDOMIZE_BASE |
188 |
+ select RANDOMIZE_MEMORY |
189 |
+ select RELOCATABLE |
190 |
+ select LEGACY_VSYSCALL_NONE |
191 |
-+ select PAGE_TABLE_ISOLATION |
192 |
++ select PAGE_TABLE_ISOLATION |
193 |
++ select GCC_PLUGIN_STACKLEAK |
194 |
++ select VMAP_STACK |
195 |
+ |
196 |
+ |
197 |
+config GENTOO_KERNEL_SELF_PROTECTION_ARM64 |
198 |
+ bool "ARM64 KSPP Settings" |
199 |
+ |
200 |
-+ depends on ARM64 && GENTOO_KERNEL_SELF_PROTECTION |
201 |
-+ default y if ARM64 && GENTOO_KERNEL_SELF_PROTECTION |
202 |
++ depends on ARM64 |
203 |
++ default n |
204 |
+ |
205 |
+ select RANDOMIZE_BASE |
206 |
+ select RELOCATABLE |
207 |
+ select ARM64_SW_TTBR0_PAN |
208 |
+ select CONFIG_UNMAP_KERNEL_AT_EL0 |
209 |
++ select GCC_PLUGIN_STACKLEAK |
210 |
++ select VMAP_STACK |
211 |
+ |
212 |
+config GENTOO_KERNEL_SELF_PROTECTION_X86_32 |
213 |
+ bool "X86_32 KSPP Settings" |
214 |
+ |
215 |
-+ depends on !X86_MSR && !MODIFY_LDT_SYSCALL && !M486 && X86_32 && GENTOO_KERNEL_SELF_PROTECTION |
216 |
-+ default y if X86_32 && GENTOO_KERNEL_SELF_PROTECTION |
217 |
++ depends on !X86_MSR && !MODIFY_LDT_SYSCALL && !M486 && X86_32 |
218 |
++ default n |
219 |
+ |
220 |
-+ #select HIGHMEM64G |
221 |
-+ #select X86_PAE |
222 |
++ select HIGHMEM64G |
223 |
++ select X86_PAE |
224 |
+ select RANDOMIZE_BASE |
225 |
+ select RELOCATABLE |
226 |
+ select PAGE_TABLE_ISOLATION |
227 |
@@ -275,25 +269,14 @@ index 000000000..94d6e1886 |
228 |
+config GENTOO_KERNEL_SELF_PROTECTION_ARM |
229 |
+ bool "ARM KSPP Settings" |
230 |
+ |
231 |
-+ depends on !OABI_COMPAT && ARM && GENTOO_KERNEL_SELF_PROTECTION |
232 |
-+ default y if ARM && GENTOO_KERNEL_SELF_PROTECTION |
233 |
++ depends on !OABI_COMPAT && ARM |
234 |
++ default n |
235 |
+ |
236 |
+ select VMSPLIT_3G |
237 |
+ select STRICT_MEMORY_RWX |
238 |
+ select CPU_SW_DOMAIN_PAN |
239 |
+ |
240 |
-+config GENTOO_KERNEL_SELF_PROTECTION_PPC |
241 |
-+ bool "PPC KSPP Settings" |
242 |
-+ |
243 |
-+ depends on !SCOM_DEBUGFS && !OPAL_CORE && PPC && GENTOO_KERNEL_SELF_PROTECTION |
244 |
-+ default y if PPC && GENTOO_KERNEL_SELF_PROTECTION |
245 |
-+ |
246 |
-+ select PPC_KUEP if PPC_HAVE_KUEP |
247 |
-+ select PPC_KUAP if PPC_HAVE_KUAP |
248 |
-+ select PPC_MEM_KEYS if PPC_BOOK3S_64 |
249 |
-+ select PPC_SUBPAGE_PROT if PPC_BOOK3S_64 && PPC_64K_PAGES |
250 |
-+ |
251 |
-+endmenu |
252 |
++endif |
253 |
+ |
254 |
+config GENTOO_PRINT_FIRMWARE_INFO |
255 |
+ bool "Print firmware information that the kernel attempts to load" |
256 |
@@ -309,46 +292,45 @@ index 000000000..94d6e1886 |
257 |
+ See the settings that become available for more details and fine-tuning. |
258 |
+ |
259 |
+endmenu |
260 |
-diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig |
261 |
-index 1da360c51..70963ba91 100644 |
262 |
---- a/drivers/acpi/Kconfig |
263 |
-+++ b/drivers/acpi/Kconfig |
264 |
-@@ -445,7 +445,7 @@ config ACPI_HED |
265 |
- |
266 |
- config ACPI_CUSTOM_METHOD |
267 |
- tristate "Allow ACPI methods to be inserted/replaced at run time" |
268 |
-- depends on DEBUG_FS |
269 |
-+ depends on DEBUG_FS && !GENTOO_KERNEL_SELF_PROTECTION |
270 |
- help |
271 |
- This debug facility allows ACPI AML methods to be inserted and/or |
272 |
- replaced without rebooting the system. For details refer to: |
273 |
-diff --git a/init/Kconfig b/init/Kconfig |
274 |
-index 11f8a845f..9f3eff46f 100644 |
275 |
---- a/init/Kconfig |
276 |
-+++ b/init/Kconfig |
277 |
-@@ -1879,6 +1879,7 @@ config SLUB_DEBUG |
278 |
- config COMPAT_BRK |
279 |
- bool "Disable heap randomization" |
280 |
- default y |
281 |
+--- a/security/Kconfig 2021-12-05 18:20:55.655677710 -0500 |
282 |
++++ b/security/Kconfig 2021-12-05 18:23:42.404251618 -0500 |
283 |
+@@ -167,6 +167,7 @@ config HARDENED_USERCOPY_PAGESPAN |
284 |
+ bool "Refuse to copy allocations that span multiple pages" |
285 |
+ depends on HARDENED_USERCOPY |
286 |
+ depends on EXPERT |
287 |
+ depends on !GENTOO_KERNEL_SELF_PROTECTION |
288 |
help |
289 |
- Randomizing heap placement makes heap exploits harder, but it |
290 |
- also breaks ancient binaries (including anything libc5 based). |
291 |
-@@ -1925,7 +1926,9 @@ endchoice |
292 |
- |
293 |
- config SLAB_MERGE_DEFAULT |
294 |
- bool "Allow slab caches to be merged" |
295 |
-+ default n if GENTOO_KERNEL_SELF_PROTECTION |
296 |
- default y |
297 |
+ When a multi-page allocation is done without __GFP_COMP, |
298 |
+ hardened usercopy will reject attempts to copy it. There are, |
299 |
+diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig |
300 |
+index 9e921fc72..f29bc13fa 100644 |
301 |
+--- a/security/selinux/Kconfig |
302 |
++++ b/security/selinux/Kconfig |
303 |
+@@ -26,6 +26,7 @@ config SECURITY_SELINUX_BOOTPARAM |
304 |
+ config SECURITY_SELINUX_DISABLE |
305 |
+ bool "NSA SELinux runtime disable" |
306 |
+ depends on SECURITY_SELINUX |
307 |
+ depends on !GENTOO_KERNEL_SELF_PROTECTION |
308 |
+ select SECURITY_WRITABLE_HOOKS |
309 |
+ default n |
310 |
help |
311 |
- For reduced kernel memory fragmentation, slab caches can be |
312 |
- merged when they share the same size and other characteristics. |
313 |
+-- |
314 |
+2.31.1 |
315 |
+ |
316 |
+From bd3ff0b16792c18c0614c2b95e148943209f460a Mon Sep 17 00:00:00 2001 |
317 |
+From: Georgy Yakovlev <gyakovlev@g.o> |
318 |
+Date: Tue, 8 Jun 2021 13:59:57 -0700 |
319 |
+Subject: [PATCH 2/2] set DEFAULT_MMAP_MIN_ADDR by default |
320 |
+ |
321 |
+--- |
322 |
+ mm/Kconfig | 2 ++ |
323 |
+ 1 file changed, 2 insertions(+) |
324 |
+ |
325 |
diff --git a/mm/Kconfig b/mm/Kconfig |
326 |
-index c048dea7e..81a1dfd69 100644 |
327 |
+index 24c045b24..e13fc740c 100644 |
328 |
--- a/mm/Kconfig |
329 |
+++ b/mm/Kconfig |
330 |
-@@ -305,6 +305,8 @@ config KSM |
331 |
+@@ -321,6 +321,8 @@ config KSM |
332 |
config DEFAULT_MMAP_MIN_ADDR |
333 |
int "Low address space to protect from user allocation" |
334 |
depends on MMU |
335 |
@@ -357,35 +339,6 @@ index c048dea7e..81a1dfd69 100644 |
336 |
default 4096 |
337 |
help |
338 |
This is the portion of low virtual memory which should be protected |
339 |
-diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening |
340 |
-index 90cbaff86..7b48339e8 100644 |
341 |
---- a/security/Kconfig.hardening |
342 |
-+++ b/security/Kconfig.hardening |
343 |
-@@ -30,6 +30,7 @@ choice |
344 |
- default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS |
345 |
- default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN |
346 |
- default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN |
347 |
-+ default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if GENTOO_KERNEL_SELF_PROTECTION && GCC_PLUGINS |
348 |
- default INIT_STACK_NONE |
349 |
- help |
350 |
- This option enables initialization of stack variables at |
351 |
-@@ -45,6 +46,7 @@ choice |
352 |
- |
353 |
- config INIT_STACK_NONE |
354 |
- bool "no automatic stack variable initialization (weakest)" |
355 |
-+ depends on !GENTOO_KERNEL_SELF_PROTECTION |
356 |
- help |
357 |
- Disable automatic stack variable initialization. |
358 |
- This leaves the kernel vulnerable to the standard |
359 |
-diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig |
360 |
-index 9e921fc72..f29bc13fa 100644 |
361 |
---- a/security/selinux/Kconfig |
362 |
-+++ b/security/selinux/Kconfig |
363 |
-@@ -26,6 +26,7 @@ config SECURITY_SELINUX_BOOTPARAM |
364 |
- config SECURITY_SELINUX_DISABLE |
365 |
- bool "NSA SELinux runtime disable" |
366 |
- depends on SECURITY_SELINUX |
367 |
-+ depends on !GENTOO_KERNEL_SELF_PROTECTION |
368 |
- select SECURITY_WRITABLE_HOOKS |
369 |
- default n |
370 |
- help |
371 |
+-- |
372 |
+2.31.1 |
373 |
+``` |