/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.60 - (hide annotations) (download)
Mon Jun 27 21:36:20 2005 UTC (9 years ago) by johnm
Branch: MAIN
Changes since 1.59: +8 -1 lines
Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with grsec redefining curr_ip struct.
(Portage version: 2.0.51.22-r1)

1 method 1.1 # ChangeLog for sys-kernel/hardened-sources
2 tocharian 1.42 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 johnm 1.60 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.59 2005/06/20 06:26:48 solar Exp $
4    
5     *hardened-sources-2.6.11-r15 (27 Jun 2005)
6    
7     27 Jun 2005; John Mylchreest <johnm@gentoo.org>
8     +hardened-sources-2.6.11-r15.ebuild:
9     Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
10     grsec redefining curr_ip struct.
11 solar 1.59
12     *hardened-sources-2.4.31 (20 Jun 2005)
13    
14     20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
15     initial import of 2.4.31 tree
16 johnm 1.58
17     *hardened-sources-2.6.11-r14 (14 Jun 2005)
18    
19     14 Jun 2005; John Mylchreest <johnm@gentoo.org>
20     -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
21     Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
22     naming scheme to abide by genpatches
23 johnm 1.57
24     *hardened-sources-2.6.11-r13 (18 May 2005)
25    
26     18 May 2005; John Mylchreest <johnm@gentoo.org>
27     -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
28     Managed to mangle the Makefile patch from grsec, to miss out the grsec
29     target. sorry about that. Fixes bug #93022
30 johnm 1.56
31     *hardened-sources-2.6.11-r12 (17 May 2005)
32    
33     17 May 2005; John Mylchreest <johnm@gentoo.org>
34     -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
35     +hardened-sources-2.6.11-r12.ebuild:
36     Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
37     merges in genpatches-base
38 johnm 1.55
39     *hardened-sources-2.6.11-r12 (17 May 2005)
40    
41     17 May 2005; John Mylchreest <johnm@gentoo.org>
42     -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
43     +hardened-sources-2.6.11-r12.ebuild:
44     Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
45     merges in genpatches-base
46 solar 1.54
47     29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
48     -files/2.4.27-cmdline-race.patch,
49     -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
50     -files/2.4.28-grsec-binfmt_a.out.patch,
51     -files/2.4.28-grsec-cmdline-race.patch,
52     -files/2.4.28-selinux-binfmt_a.out.patch,
53     -files/2.4.28-selinux-cmdline-race.patch,
54     -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
55     hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
56     - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
57     cleanup..
58 solar 1.53
59     *hardened-sources-2.4.30-r1 (21 Apr 2005)
60    
61     21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
62     - disable aout by default
63 solar 1.52
64     *hardened-sources-2.4.30 (18 Apr 2005)
65    
66     18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
67     - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
68     and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
69     use
70 tocharian 1.50
71 scox 1.51 *hardened-sources-2.4.29 (30 Mar 2005)
72    
73     30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
74     +hardened-sources-2.4.29.ebuild:
75     New hardened-patches-2.4-29.0 patchball.
76     Removed SELinux support, upgraded GRSecurity to 2.1.4.
77    
78     *hardened-sources-2.4.28-r5 (06 Mar 2005)
79    
80     06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
81     +hardened-sources-2.4.28-r5.ebuild:
82     Added a fix for a PaX vulnerability.
83    
84     26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
85 tocharian 1.50 hardened-sources-2.4.28-r4.ebuild:
86     Stable on x86
87 solar 1.49
88     23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
89     hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
90     hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
91     hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
92     - fixed/added RDEPEND= in all kernel-2 ebuilds
93 tocharian 1.48
94     *hardened-sources-2.4.28-r4 (21 Jan 2005)
95    
96     21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
97     +hardened-sources-2.4.28-r4.ebuild:
98     Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
99     backport of neighbour hash updates.
100 tocharian 1.47
101     21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
102     hardened-sources-2.4.28-r3.ebuild:
103     Stable on x86
104 tseng 1.46
105     *hardened-sources-2.6.10-r3 (20 Jan 2005)
106    
107     20 Jan 2005; Brandon Hale <tseng@gentoo.org>
108     +hardened-sources-2.6.10-r3.ebuild:
109     Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
110     in 2005.0
111 tocharian 1.45
112     17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
113     -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
114     hardened-sources-2.4.28-r2.ebuild:
115     Mark stable on x86
116 tocharian 1.44
117     *hardened-sources-2.4.28-r3 (17 Jan 2005)
118    
119     17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
120     +hardened-sources-2.4.28-r3.ebuild:
121     Fix SMP page fault handler vuln, and update device-mapper and evms patches.
122 tocharian 1.43
123     14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
124     hardened-sources-2.4.28.ebuild:
125     Mark stable on x86.
126 tocharian 1.42
127     *hardened-sources-2.4.28-r2 (13 Jan 2005)
128    
129     13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
130     +hardened-sources-2.4.28-r2.ebuild:
131     Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
132     Mazinger for grsecurity patches as well.
133 plasmaroo 1.41
134     *hardened-sources-2.4.28-r1 (23 Dec 2004)
135    
136     23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
137     Security bump. Thank tocharian for rolling a new patchset...
138 solar 1.40
139     28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
140     +files/2.4.28-grsec-cmdline-race.patch,
141     +files/2.4.28-selinux-binfmt_a.out.patch,
142     +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
143     - Round up remaining security patches that appear to be missing in 2.4.28. -
144     PaX standalone updated to current. hgpv=28.1
145 solar 1.39
146     *hardened-sources-2.4.28 (28 Nov 2004)
147    
148     28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
149     security bump. Thank tocharian for rolling a new patchset
150 scox 1.31
151 scox 1.38 *hardened-sources-2.4.27-r3 (08 Sep 2004)
152    
153     08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
154     +hardened-sources-2.4.27-r3.ebuild:
155     Applies the new 2.4-27.2 patchball which updates
156     GRSecurity to the 2.0.1 version.
157    
158 scox 1.37 *hardened-sources-2.4.27-r2 (31 Aug 2004)
159    
160     31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
161     +hardened-sources-2.4.27-r2.ebuild:
162     Version bump.
163     This version uses the new 2.4-27.1 patchball which updates
164     both the SELinux PaX hooks patch and the SELinux headers.
165    
166 scox 1.36 *hardened-sources-2.4.27-r1 (09 Aug 2004)
167    
168     09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
169     +hardened-sources-2.4.27-r1.ebuild,
170     -hardened-sources-2.4.27.ebuild,
171     +files/2.4.27-cmdline-race.patch:
172     Version bump, fix for cmdline race. See bug #59905.
173    
174     *hardened-sources-2.4.26-r6 (09 Aug 2004)
175    
176     09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
177     +hardened-sources-2.4.26-r6.ebuild,
178     -hardened-sources-2.4.26-r5.ebuild,
179     -hardened-sources-2.4.26-r4.ebuild,
180     +files/2.4.26-cmdline-race.patch:
181     Version bump, fix for cmdline race. See bug #59905.
182    
183 scox 1.35 *hardened-sources-2.4.27 (08 Aug 2004)
184    
185     08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
186     +hardened-sources-2.4.27.ebuild,
187     +files/2.4.27-CAN-2004-0394.patch:
188     Ported the patchball to the 2.4.27 kernel version.
189    
190 scox 1.34 *hardened-sources-2.4.26-r5 (07 Aug 2004)
191    
192     07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
193     +hardened-sources-2.4.26-r5.ebuild:
194 scox 1.35 Updated to use the new hardened-patches-2.4-26.1 patchball.
195 scox 1.34 It adds the following features:
196     - Squashfs
197     - Ebtables
198     - Netdev random (core+drivers)
199     - Watchdog Timer (WDT) fix.
200    
201 scox 1.33 *hardened-sources-2.4.26-r4 (04 Aug 2004)
202    
203     04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
204     +hardened-sources-2.4.26-r4.ebuild,
205     +files/2.4.26-CAN-2004-0415.patch,
206     -hardened-sources-2.4.26-3:
207     Version bump, fix for CAN 0415, see bug #59378.
208    
209 scox 1.32 *hardened-sources-2.4.26-r3 (22 Jul 2004)
210    
211     22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
212     +hardened-sources-2.4.26-r3.ebuild,
213     +files/2.4.26-CAN-2004-0497.patch,
214     -hardened-sources-2.4.26-r2.ebuild:
215     Version bump, fixed CAN 0497, see bug #56171.
216    
217 scox 1.31 *hardened-sources-2.4.26-r2 (29 Jun 2004)
218    
219     29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
220 scox 1.32 +hardened-sources-2.4.26-r2.ebuild,
221 scox 1.31 +files/2.4.26-CAN-2004-0495.patch,
222     +files/2.4.26-CAN-2004-0535.patch,
223     -hardened-sources-2.4.26-r1.ebuild:
224     Fixes for both CAN 0495 and 0535, see bug #54976
225 pvdabeel 1.27
226 agriffis 1.29 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
227     hardened-sources-2.4.26-r1.ebuild:
228     QA - fix use invocation
229 scox 1.28
230     *hardened-sources-2.4.26-r1 (22 June 2004)
231    
232     22 June 2004; Andrea Luzzardi <scox@gentoo.org>
233     +hardened-sources-2.4.26-r1.ebuild,
234     +files/2.4.26-CAN-2004-0394.patch,
235     +files/2.4.26-signal-race.patch,
236     -hardened-sources-2.4.26.ebuild,
237     -hardened-sources-2.4.24-r3.ebuild:
238     Version bump for the CAN-2004-0394 issue and bug #53804
239     Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
240    
241    
242 pvdabeel 1.27 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
243     hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
244     Masked hardened-sources-2.4.26.ebuild broken for ppc
245    
246     31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
247     hardened-sources-2.4.24-r3.ebuild:
248     Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
249 plasmaroo 1.25
250 scox 1.26 *hardened-sources-2.4.26 (29 May 2004)
251    
252     29 May 2004; Andrea Luzzardi <scox@gentoo.org>
253     +hardened-sources-2.4.26.ebuild:
254     Updated hardened-sources for the 2.4.26 kernel
255     Removed broken components, updated almost everything.
256    
257 plasmaroo 1.25 *hardened-sources-2.4.24-r3 (17 Apr 2004)
258    
259     17 Apr 2004; <plasmaroo@gentoo.org>
260     +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
261     +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
262     +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
263     +hardened-sources-2.4.24-r3.ebuild:
264     Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
265     vulnerabilities. Old revisions removed.
266 plasmaroo 1.24
267     *hardened-sources-2.4.24-r2 (15 Apr 2004)
268    
269     15 Apr 2004; <plasmaroo@gentoo.org>
270     +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
271     -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
272     Version bump for the CAN-2004-0109 issue; bug #47881.
273 aliz 1.23
274     12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
275     hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
276     Add eutils to inherit.
277 plasmaroo 1.22
278     *hardened-sources-2.4.24-r1 (19 Feb 2004)
279    
280     19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
281     files/hardened-sources-2.4.24.munmap.patch:
282     Added the patch for the mremap/munmap vulnerability. Bug #42024.
283 scox 1.19
284 scox 1.21 *hardened-sources-2.4.24 (06 Feb 2004)
285 scox 1.26
286 scox 1.21 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
287     hardened-sources-2.4.24.ebuild:
288     Version bump, updated most of the components.
289     This release includes the following:
290    
291     - Hardened security
292     - Netfilter patch-o-matic 20031219
293     - FreeSWAN 2.04 & x509 1.4.8
294     - EVMS 2.2.2
295     - XFS 1.3.1
296     - cryptoloop jari
297     - grsecurity 2.0-rc4
298     - SELinux
299     - PaX 200402060000
300     - PaX Obscurity 200308302223
301     - Others...
302    
303     Neither -ck nor systrace are included anymore.
304    
305 scox 1.19 *hardened-sources-2.4.22-r2 (05 Jan 2004)
306    
307     05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
308     hardened-sources-2.4.22-r2.ebuild:
309 scox 1.20 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
310 scox 1.19
311     *hardened-sources-2.4.22-r1 (02 Dec 2003)
312 iggy 1.17
313     02 Dec 2003; Brian Jackson <iggy@gentoo.org>
314 plasmaroo 1.18 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
315 iggy 1.16
316     02 Dec 2003; Brian Jackson <iggy@gentoo.org>
317 plasmaroo 1.18 hardened-sources-2.4.22-r1.ebuild:
318     Version bump for the 'do_brk' vulnerability.
319 iggy 1.15
320     01 Dec 2003; Brian Jackson <iggy@gentoo.org>
321     hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
322     hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
323     hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
324 plasmaroo 1.18 Fix the 'do_brk' vulnerability.
325 frogger 1.14
326     03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
327     hardened-sources-2.4.22.ebuild:
328 plasmaroo 1.18 - Removed the src_install() portion for SELinux flask
329     components. These are no longer handled in the kernel
330     so this code was not necessary.
331 frogger 1.13
332     29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
333     New 2.4.22 based hardened-sources thanks to
334     Phil West <p.west@computer.org>.
335    
336     These sources include:
337 plasmaroo 1.18 - New SELinux API
338     - Updated CK-base
339     - Updated GRSec
340     - Systrace
341     - SuperFreeS/WAN 1.99.8
342     - Propolice kernel build support
343     - EVMS
344     - Other various security related patches
345 frogger 1.11
346 frogger 1.12 *hardened-sources-2.4.21 (14 Sep 2003)
347    
348     14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
349     Updated hardened-sources based on the 2.4.21 Linux kernel.
350     This includes updates to most major components such as:
351 plasmaroo 1.18 - ck-base-0306300059
352     - selinux-2.4-2003071106
353     - grsecurity-2.0-rc1
354     - Updated IPTables patch-o-matic
355     - Updated SuperFreeS/WAN
356    
357 frogger 1.12 Thanks to Phil West <pwest@computer.org> for his work in getting this
358     updated patch set ready for the 2.4.21 based kernel.
359    
360 frogger 1.11 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
361     Initial import of hardened-sources-2.4.20-r4. This revision
362     includes only a few changes, but one of these is an important
363     security fix. It is recommended all users of hardened-sources
364     upgrade to this release.
365 plasmaroo 1.18
366 frogger 1.11 - ioperm bug fix
367     - fixed compilation failure when building without GRSec
368 plasmaroo 1.18
369 frogger 1.11 SAL (Secure Auditing for Linux) is NOT included in this revision
370     due to time constraints, but is planned for inclusion in the near
371     future.
372 msterret 1.10
373     *hardened-sources-2.4.20-r2 (12 Jun 2003)
374    
375     12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
376     hardened-sources-2.4.20-r3.ebuild:
377 plasmaroo 1.18 Add Header...
378 frogger 1.9
379     08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
380     hardened-sources-2.4.20-r3.ebuild:
381     Removed warnings from ebuild. This kernel should be safe to
382     use at this point.
383 frogger 1.8
384     *hardened-sources-2.4.20-r3 (08 Jun 2003)
385    
386     08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
387     hardened-sources-2.4.20-r3.ebuild:
388     New revision. Includes the following changes over -r2:
389 plasmaroo 1.18
390 frogger 1.8 - ck7-base (O(1), preempt, low latency)
391     - Super FreeS/WAN 1.99.7rc2
392     - PaX for the LSM/SELinux branch
393     - GRSecurity 2.0-pre4 (role based access control)
394     - Systrace 1.3
395     - EXT3 fixes
396     - EVMS 2.0.1
397     - GCC 3.1+ compile optimizations
398     - ProPolice kernel build support
399     - Hashing table security fixes
400 frogger 1.3
401     *hardened-sources-2.4.20-r1 (09 Apr 2003)
402 frogger 1.7
403     23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
404     Initial import of hardened-sources-r2. This new
405     ebuild includes many new performance and security
406     related patches. As in -r1, it will patch in
407     LSM/SELinux if "selinux" is in USE, otherwise it
408     will patch in GRSecurity. The following patches
409     are included in this revision:
410 plasmaroo 1.18
411 frogger 1.7 - O(1) Scheduler, Low Latency, and Preempt
412     (pulled from the base CK patch)
413     - ptrace exploit patch for the LSM kernel
414     (the GRSec patch already fixes this)
415     - LSM 2.4-2003040709
416     - SELinux 2.4-2003040709
417     - Systrace v1.2
418     - IPTables patch-o-matic base patches - 20030107
419     - CryptoAPI 2.4.20.1 w/ loop-jari patch
420     - Super FreeS/WAN 1.99.6.1
421     - GRSecurity 1.9.9g
422     - MPPE
423     - EXT3 data journal fix
424     - CIPE 1.5.4
425 frogger 1.6
426     12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
427     hardened-sources-2.4.20-r1.ebuild, manifest:
428 plasmaroo 1.18 Updated to install flask components correctly for selinux.
429 frogger 1.5
430     12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
431     hardened-sources-2.4.20-r1.ebuild:
432     LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
433     is patched in instead. Ptrace patches for selinux have also been added. In
434     either case, systrace support will be patched in as well.
435 frogger 1.3
436     09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
437     hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
438 plasmaroo 1.18 Revision bump for new sources.
439 frogger 1.4
440 frogger 1.2 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
441 frogger 1.4 hardened-sources-2.4.20-r1.ebuild:
442 plasmaroo 1.18 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
443 method 1.1
444 frogger 1.4 *hardened-sources-2.4.20 (30 Mar 2003)
445    
446 method 1.1 30 Mar 2003; Joshua Brindle <method@gentoo.org>
447     hardened-sources-2.4.20.ebuild:
448 plasmaroo 1.18 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20