/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1.1.1 - (show annotations) (download) (vendor branch)
Wed Nov 30 09:49:39 2005 UTC (8 years, 4 months ago) by chriswhite
Changes since 1.1: +483 -4 lines
*** empty log message ***

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.66 2005/11/19 22:25:14 kang Exp $
4
5 *hardened-sources-2.4.32 (19 Nov 2005)
6
7 19 Nov 2005; Guillaume Destuynder <kang@gentoo.org>
8 +hardened-sources-2.4.32.ebuild:
9 Bump to 2.4.32, includes RSBAC+PaX patchset with a local 'rsbac' keyword.
10 Add the 'rsbac' USE flag in /etc/portage/package.use for hardened-sources to
11 have RSBAC instead of GrSecurity patchset. (echo sys-kernel/hardened-sources
12 rsbac >> /etc/portage/package.use)
13
14 *hardened-sources-2.6.14 (14 Nov 2005)
15
16 14 Nov 2005; John Mylchreest <johnm@gentoo.org>
17 -hardened-sources-2.6.13-r2.ebuild, +hardened-sources-2.6.14.ebuild:
18 Bumping 2.6 series to 2.6.14.2
19
20 *hardened-sources-2.6.13-r2 (20 Oct 2005)
21
22 20 Oct 2005; John Mylchreest <johnm@gentoo.org>
23 -hardened-sources-2.6.13.ebuild, -hardened-sources-2.6.13-r1.ebuild,
24 +hardened-sources-2.6.13-r2.ebuild:
25 Fixes minor build error in ppc.
26
27 *hardened-sources-2.6.13-r1 (17 Oct 2005)
28
29 17 Oct 2005; John Mylchreest <johnm@gentoo.org>
30 +hardened-sources-2.6.13-r1.ebuild:
31 Updating grsec to latest snapshot. Fixes some minor issues. Updating to
32 2.6.13.4, fixes some major amd64 stability problems.
33
34 *hardened-sources-2.6.13 (16 Sep 2005)
35
36 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
37 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
38 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
39 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
40 users should test this thoroughly.
41
42 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
43 - stable on x86
44
45 *hardened-sources-2.6.11-r15 (27 Jun 2005)
46
47 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
48 +hardened-sources-2.6.11-r15.ebuild:
49 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
50 grsec redefining curr_ip struct.
51
52 *hardened-sources-2.4.31 (20 Jun 2005)
53
54 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
55 initial import of 2.4.31 tree
56
57 *hardened-sources-2.6.11-r14 (14 Jun 2005)
58
59 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
60 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
61 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
62 naming scheme to abide by genpatches
63
64 *hardened-sources-2.6.11-r13 (18 May 2005)
65
66 18 May 2005; John Mylchreest <johnm@gentoo.org>
67 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
68 Managed to mangle the Makefile patch from grsec, to miss out the grsec
69 target. sorry about that. Fixes bug #93022
70
71 *hardened-sources-2.6.11-r12 (17 May 2005)
72
73 17 May 2005; John Mylchreest <johnm@gentoo.org>
74 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
75 +hardened-sources-2.6.11-r12.ebuild:
76 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
77 merges in genpatches-base
78
79 *hardened-sources-2.6.11-r12 (17 May 2005)
80
81 17 May 2005; John Mylchreest <johnm@gentoo.org>
82 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
83 +hardened-sources-2.6.11-r12.ebuild:
84 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
85 merges in genpatches-base
86
87 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
88 -files/2.4.27-cmdline-race.patch,
89 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
90 -files/2.4.28-grsec-binfmt_a.out.patch,
91 -files/2.4.28-grsec-cmdline-race.patch,
92 -files/2.4.28-selinux-binfmt_a.out.patch,
93 -files/2.4.28-selinux-cmdline-race.patch,
94 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
95 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
96 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
97 cleanup..
98
99 *hardened-sources-2.4.30-r1 (21 Apr 2005)
100
101 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
102 - disable aout by default
103
104 *hardened-sources-2.4.30 (18 Apr 2005)
105
106 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
107 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
108 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
109 use
110
111 *hardened-sources-2.4.29 (30 Mar 2005)
112
113 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
114 +hardened-sources-2.4.29.ebuild:
115 New hardened-patches-2.4-29.0 patchball.
116 Removed SELinux support, upgraded GRSecurity to 2.1.4.
117
118 *hardened-sources-2.4.28-r5 (06 Mar 2005)
119
120 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
121 +hardened-sources-2.4.28-r5.ebuild:
122 Added a fix for a PaX vulnerability.
123
124 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
125 hardened-sources-2.4.28-r4.ebuild:
126 Stable on x86
127
128 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
129 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
130 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
131 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
132 - fixed/added RDEPEND= in all kernel-2 ebuilds
133
134 *hardened-sources-2.4.28-r4 (21 Jan 2005)
135
136 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
137 +hardened-sources-2.4.28-r4.ebuild:
138 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
139 backport of neighbour hash updates.
140
141 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
142 hardened-sources-2.4.28-r3.ebuild:
143 Stable on x86
144
145 *hardened-sources-2.6.10-r3 (20 Jan 2005)
146
147 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
148 +hardened-sources-2.6.10-r3.ebuild:
149 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
150 in 2005.0
151
152 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
153 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
154 hardened-sources-2.4.28-r2.ebuild:
155 Mark stable on x86
156
157 *hardened-sources-2.4.28-r3 (17 Jan 2005)
158
159 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
160 +hardened-sources-2.4.28-r3.ebuild:
161 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
162
163 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
164 hardened-sources-2.4.28.ebuild:
165 Mark stable on x86.
166
167 *hardened-sources-2.4.28-r2 (13 Jan 2005)
168
169 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
170 +hardened-sources-2.4.28-r2.ebuild:
171 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
172 Mazinger for grsecurity patches as well.
173
174 *hardened-sources-2.4.28-r1 (23 Dec 2004)
175
176 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
177 Security bump. Thank tocharian for rolling a new patchset...
178
179 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
180 +files/2.4.28-grsec-cmdline-race.patch,
181 +files/2.4.28-selinux-binfmt_a.out.patch,
182 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
183 - Round up remaining security patches that appear to be missing in 2.4.28. -
184 PaX standalone updated to current. hgpv=28.1
185
186 *hardened-sources-2.4.28 (28 Nov 2004)
187
188 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
189 security bump. Thank tocharian for rolling a new patchset
190
191 *hardened-sources-2.4.27-r3 (08 Sep 2004)
192
193 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
194 +hardened-sources-2.4.27-r3.ebuild:
195 Applies the new 2.4-27.2 patchball which updates
196 GRSecurity to the 2.0.1 version.
197
198 *hardened-sources-2.4.27-r2 (31 Aug 2004)
199
200 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
201 +hardened-sources-2.4.27-r2.ebuild:
202 Version bump.
203 This version uses the new 2.4-27.1 patchball which updates
204 both the SELinux PaX hooks patch and the SELinux headers.
205
206 *hardened-sources-2.4.27-r1 (09 Aug 2004)
207
208 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
209 +hardened-sources-2.4.27-r1.ebuild,
210 -hardened-sources-2.4.27.ebuild,
211 +files/2.4.27-cmdline-race.patch:
212 Version bump, fix for cmdline race. See bug #59905.
213
214 *hardened-sources-2.4.26-r6 (09 Aug 2004)
215
216 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
217 +hardened-sources-2.4.26-r6.ebuild,
218 -hardened-sources-2.4.26-r5.ebuild,
219 -hardened-sources-2.4.26-r4.ebuild,
220 +files/2.4.26-cmdline-race.patch:
221 Version bump, fix for cmdline race. See bug #59905.
222
223 *hardened-sources-2.4.27 (08 Aug 2004)
224
225 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
226 +hardened-sources-2.4.27.ebuild,
227 +files/2.4.27-CAN-2004-0394.patch:
228 Ported the patchball to the 2.4.27 kernel version.
229
230 *hardened-sources-2.4.26-r5 (07 Aug 2004)
231
232 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
233 +hardened-sources-2.4.26-r5.ebuild:
234 Updated to use the new hardened-patches-2.4-26.1 patchball.
235 It adds the following features:
236 - Squashfs
237 - Ebtables
238 - Netdev random (core+drivers)
239 - Watchdog Timer (WDT) fix.
240
241 *hardened-sources-2.4.26-r4 (04 Aug 2004)
242
243 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
244 +hardened-sources-2.4.26-r4.ebuild,
245 +files/2.4.26-CAN-2004-0415.patch,
246 -hardened-sources-2.4.26-3:
247 Version bump, fix for CAN 0415, see bug #59378.
248
249 *hardened-sources-2.4.26-r3 (22 Jul 2004)
250
251 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
252 +hardened-sources-2.4.26-r3.ebuild,
253 +files/2.4.26-CAN-2004-0497.patch,
254 -hardened-sources-2.4.26-r2.ebuild:
255 Version bump, fixed CAN 0497, see bug #56171.
256
257 *hardened-sources-2.4.26-r2 (29 Jun 2004)
258
259 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
260 +hardened-sources-2.4.26-r2.ebuild,
261 +files/2.4.26-CAN-2004-0495.patch,
262 +files/2.4.26-CAN-2004-0535.patch,
263 -hardened-sources-2.4.26-r1.ebuild:
264 Fixes for both CAN 0495 and 0535, see bug #54976
265
266 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
267 hardened-sources-2.4.26-r1.ebuild:
268 QA - fix use invocation
269
270 *hardened-sources-2.4.26-r1 (22 June 2004)
271
272 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
273 +hardened-sources-2.4.26-r1.ebuild,
274 +files/2.4.26-CAN-2004-0394.patch,
275 +files/2.4.26-signal-race.patch,
276 -hardened-sources-2.4.26.ebuild,
277 -hardened-sources-2.4.24-r3.ebuild:
278 Version bump for the CAN-2004-0394 issue and bug #53804
279 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
280
281
282 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
283 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
284 Masked hardened-sources-2.4.26.ebuild broken for ppc
285
286 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
287 hardened-sources-2.4.24-r3.ebuild:
288 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
289
290 *hardened-sources-2.4.26 (29 May 2004)
291
292 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
293 +hardened-sources-2.4.26.ebuild:
294 Updated hardened-sources for the 2.4.26 kernel
295 Removed broken components, updated almost everything.
296
297 *hardened-sources-2.4.24-r3 (17 Apr 2004)
298
299 17 Apr 2004; <plasmaroo@gentoo.org>
300 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
301 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
302 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
303 +hardened-sources-2.4.24-r3.ebuild:
304 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
305 vulnerabilities. Old revisions removed.
306
307 *hardened-sources-2.4.24-r2 (15 Apr 2004)
308
309 15 Apr 2004; <plasmaroo@gentoo.org>
310 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
311 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
312 Version bump for the CAN-2004-0109 issue; bug #47881.
313
314 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
315 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
316 Add eutils to inherit.
317
318 *hardened-sources-2.4.24-r1 (19 Feb 2004)
319
320 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
321 files/hardened-sources-2.4.24.munmap.patch:
322 Added the patch for the mremap/munmap vulnerability. Bug #42024.
323
324 *hardened-sources-2.4.24 (06 Feb 2004)
325
326 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
327 hardened-sources-2.4.24.ebuild:
328 Version bump, updated most of the components.
329 This release includes the following:
330
331 - Hardened security
332 - Netfilter patch-o-matic 20031219
333 - FreeSWAN 2.04 & x509 1.4.8
334 - EVMS 2.2.2
335 - XFS 1.3.1
336 - cryptoloop jari
337 - grsecurity 2.0-rc4
338 - SELinux
339 - PaX 200402060000
340 - PaX Obscurity 200308302223
341 - Others...
342
343 Neither -ck nor systrace are included anymore.
344
345 *hardened-sources-2.4.22-r2 (05 Jan 2004)
346
347 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
348 hardened-sources-2.4.22-r2.ebuild:
349 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
350
351 *hardened-sources-2.4.22-r1 (02 Dec 2003)
352
353 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
354 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
355
356 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
357 hardened-sources-2.4.22-r1.ebuild:
358 Version bump for the 'do_brk' vulnerability.
359
360 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
361 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
362 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
363 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
364 Fix the 'do_brk' vulnerability.
365
366 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
367 hardened-sources-2.4.22.ebuild:
368 - Removed the src_install() portion for SELinux flask
369 components. These are no longer handled in the kernel
370 so this code was not necessary.
371
372 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
373 New 2.4.22 based hardened-sources thanks to
374 Phil West <p.west@computer.org>.
375
376 These sources include:
377 - New SELinux API
378 - Updated CK-base
379 - Updated GRSec
380 - Systrace
381 - SuperFreeS/WAN 1.99.8
382 - Propolice kernel build support
383 - EVMS
384 - Other various security related patches
385
386 *hardened-sources-2.4.21 (14 Sep 2003)
387
388 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
389 Updated hardened-sources based on the 2.4.21 Linux kernel.
390 This includes updates to most major components such as:
391 - ck-base-0306300059
392 - selinux-2.4-2003071106
393 - grsecurity-2.0-rc1
394 - Updated IPTables patch-o-matic
395 - Updated SuperFreeS/WAN
396
397 Thanks to Phil West <pwest@computer.org> for his work in getting this
398 updated patch set ready for the 2.4.21 based kernel.
399
400 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
401 Initial import of hardened-sources-2.4.20-r4. This revision
402 includes only a few changes, but one of these is an important
403 security fix. It is recommended all users of hardened-sources
404 upgrade to this release.
405
406 - ioperm bug fix
407 - fixed compilation failure when building without GRSec
408
409 SAL (Secure Auditing for Linux) is NOT included in this revision
410 due to time constraints, but is planned for inclusion in the near
411 future.
412
413 *hardened-sources-2.4.20-r2 (12 Jun 2003)
414
415 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
416 hardened-sources-2.4.20-r3.ebuild:
417 Add Header...
418
419 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
420 hardened-sources-2.4.20-r3.ebuild:
421 Removed warnings from ebuild. This kernel should be safe to
422 use at this point.
423
424 *hardened-sources-2.4.20-r3 (08 Jun 2003)
425
426 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
427 hardened-sources-2.4.20-r3.ebuild:
428 New revision. Includes the following changes over -r2:
429
430 - ck7-base (O(1), preempt, low latency)
431 - Super FreeS/WAN 1.99.7rc2
432 - PaX for the LSM/SELinux branch
433 - GRSecurity 2.0-pre4 (role based access control)
434 - Systrace 1.3
435 - EXT3 fixes
436 - EVMS 2.0.1
437 - GCC 3.1+ compile optimizations
438 - ProPolice kernel build support
439 - Hashing table security fixes
440
441 *hardened-sources-2.4.20-r1 (09 Apr 2003)
442
443 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
444 Initial import of hardened-sources-r2. This new
445 ebuild includes many new performance and security
446 related patches. As in -r1, it will patch in
447 LSM/SELinux if "selinux" is in USE, otherwise it
448 will patch in GRSecurity. The following patches
449 are included in this revision:
450
451 - O(1) Scheduler, Low Latency, and Preempt
452 (pulled from the base CK patch)
453 - ptrace exploit patch for the LSM kernel
454 (the GRSec patch already fixes this)
455 - LSM 2.4-2003040709
456 - SELinux 2.4-2003040709
457 - Systrace v1.2
458 - IPTables patch-o-matic base patches - 20030107
459 - CryptoAPI 2.4.20.1 w/ loop-jari patch
460 - Super FreeS/WAN 1.99.6.1
461 - GRSecurity 1.9.9g
462 - MPPE
463 - EXT3 data journal fix
464 - CIPE 1.5.4
465
466 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
467 hardened-sources-2.4.20-r1.ebuild, manifest:
468 Updated to install flask components correctly for selinux.
469
470 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
471 hardened-sources-2.4.20-r1.ebuild:
472 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
473 is patched in instead. Ptrace patches for selinux have also been added. In
474 either case, systrace support will be patched in as well.
475
476 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
477 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
478 Revision bump for new sources.
479
480 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
481 hardened-sources-2.4.20-r1.ebuild:
482 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
483
484 *hardened-sources-2.4.20 (30 Mar 2003)
485
486 30 Mar 2003; Joshua Brindle <method@gentoo.org>
487 hardened-sources-2.4.20.ebuild:
488 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20