/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.132 - (show annotations) (download)
Tue Jan 23 20:51:19 2007 UTC (7 years, 8 months ago) by phreak
Branch: MAIN
Changes since 1.131: +8 -1 lines
Revision bump, closing the recently discovered PaX expand_stack() vulnerability.
(Portage version: 2.1.2-r2)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.131 2007/01/14 05:35:01 phreak Exp $
4
5 *hardened-sources-2.6.19-r5 (23 Jan 2007)
6
7 23 Jan 2007; Christian Heim <phreak@gentoo.org>
8 +hardened-sources-2.6.19-r5.ebuild:
9 Revision bump, closing the recently discovered PaX expand_stack()
10 vulnerability.
11
12 *hardened-sources-2.6.19-r4 (14 Jan 2007)
13
14 14 Jan 2007; Christian Heim <phreak@gentoo.org>
15 +hardened-sources-2.6.19-r4.ebuild:
16 Revision bump, pulling in linux-2.6.19.2 and grsecurity 2.1.10 - thus
17 dropping the randomized PID feature.
18
19 11 Jan 2007; Christian Faulhammer <opfer@gentoo.org>
20 hardened-sources-2.4.33.4.ebuild:
21 stable x86, bug #161171
22
23 *hardened-sources-2.6.19-r3 (27 Dec 2006)
24
25 27 Dec 2006; Christian Heim <phreak@gentoo.org>
26 -hardened-sources-2.6.19-r2.ebuild, +hardened-sources-2.6.19-r3.ebuild:
27 Revision bump for bug #157186 and #158786.
28
29 *hardened-sources-2.6.18-r4 (27 Dec 2006)
30
31 27 Dec 2006; Christian Heim <phreak@gentoo.org>
32 -hardened-sources-2.6.18-r3.ebuild, +hardened-sources-2.6.18-r4.ebuild:
33 Revision bump for bug #157186.
34
35 *hardened-sources-2.6.19-r2 (23 Dec 2006)
36
37 23 Dec 2006; Christian Heim <phreak@gentoo.org>
38 -hardened-sources-2.6.19-r1.ebuild, +hardened-sources-2.6.19-r2.ebuild:
39 Revision bump to pull in genpatches-2.6.19-3 for #157186.
40
41 17 Dec 2006; Christian Heim <phreak@gentoo.org>
42 hardened-sources-2.6.14-r7.ebuild, hardened-sources-2.6.16-r10.ebuild,
43 hardened-sources-2.6.16-r11.ebuild, hardened-sources-2.6.17-r1.ebuild,
44 hardened-sources-2.6.18.ebuild, hardened-sources-2.6.18-r3.ebuild,
45 hardened-sources-2.6.19-r1.ebuild:
46 Adding 4453_grsec-2.1.9-2.6.19-io-kmem-sysctl.patch to UNIPATCH_EXLUDE,
47 adding correct HOMEPAGE and adjusting DESCRIPTION (thanks to Alexander).
48
49 *hardened-sources-2.4.33.4 (17 Dec 2006)
50
51 17 Dec 2006; Alexander Gabert <pappy@gentoo.org>
52 +hardened-sources-2.4.33.4.ebuild:
53 new 2.4.33.4 version including grsec and fixes, thanks to phreak for help
54 and quilting
55
56 *hardened-sources-2.6.19-r1 (14 Dec 2006)
57
58 14 Dec 2006; Christian Heim <phreak@gentoo.org>
59 -hardened-sources-2.6.19.ebuild, +hardened-sources-2.6.19-r1.ebuild:
60 Revision bump, fixing #158107 (thanks to Petre Rodan <kaiowas at gentoo.org>
61 for reporting).
62
63 *hardened-sources-2.6.19 (13 Dec 2006)
64
65 13 Dec 2006; Christian Heim <phreak@gentoo.org>
66 +hardened-sources-2.6.19.ebuild:
67 And finally 2.6.19, thanks to Ned (who prepared the inital patchset) and
68 Brad for providing that prompt update.
69
70 *hardened-sources-2.6.18-r3 (13 Dec 2006)
71
72 13 Dec 2006; Christian Heim <phreak@gentoo.org>
73 -hardened-sources-2.6.18-r1.ebuild, -hardened-sources-2.6.18-r2.ebuild,
74 +hardened-sources-2.6.18-r3.ebuild:
75 Revision bump, excluding the faulty patch. Thanks to Anakim Border and Peter
76 S. Mazinger. Closes #157409 for now. Also removing the previous revisions.
77
78 09 Dec 2006; Christian Heim <phreak@gentoo.org> Manifest:
79 Fixing the metadata.xml Manifest entry (thanks to xaid and ml8128 in #gentoo-hardened).
80
81 08 Dec 2006; nixnut <nixnut@gentoo.org> hardened-sources-2.6.18.ebuild:
82 Stable on ppc wrt bug 157356
83
84 07 Dec 2006; Christian Faulhammer <opfer@gentoo.org>
85 hardened-sources-2.6.18.ebuild:
86 stable x86, bug #157356
87
88 *hardened-sources-2.6.18-r2 (06 Dec 2006)
89
90 06 Dec 2006; Christian Heim <phreak@gentoo.org>
91 +hardened-sources-2.6.18-r2.ebuild:
92 Revision bump, including 2.6.18.5 (via genpatches) and
93 4454_grsec-2.1.9-2.6.18.2-io-kmem-sysctl.patch based on Peter Mazinger and
94 Ned Ludd's original patch. Thanks to Alexander Gabert (pappy) for the
95 redesign.
96
97 06 Dec 2006; Christian Heim <phreak@gentoo.org>
98 hardened-sources-2.6.18.ebuild:
99 Marking hardened-sources-2.6.18 stable on amd64 (see bug #157356, on behalf
100 of Mike Doty).
101
102 *hardened-sources-2.6.18-r1 (23 Nov 2006)
103
104 23 Nov 2006; Christian Heim <phreak@gentoo.org>
105 +hardened-sources-2.6.18-r1.ebuild:
106 Revision bump to genpatches-2.6.18-4 (including 2.6.18.3).
107
108 *hardened-sources-2.6.18 (11 Nov 2006)
109
110 11 Nov 2006; Christian Heim <phreak@gentoo.org>
111 +hardened-sources-2.6.18.ebuild:
112 Version bump, thanks to Alexander Gabert we're finally at 2.6.18.
113
114 18 Oct 2006; <solar@gentoo.org> hardened-sources-2.6.17-r1.ebuild:
115 - mark amd64 stable also. bug #151877
116
117 18 Oct 2006; <solar@gentoo.org> hardened-sources-2.6.17-r1.ebuild:
118 - mark 2.6.17-r1 stable
119
120 27 Aug 2006; Christian Heim <phreak@gentoo.org>
121 -hardened-sources-2.6.17.ebuild, hardened-sources-2.6.17-r1.ebuild:
122 Removing old ebuild, removing unipatch from newer ebuild (need to fix it!).
123
124 *hardened-sources-2.6.17-r1 (26 Aug 2006)
125
126 26 Aug 2006; Christian Heim <phreak@gentoo.org>
127 +hardened-sources-2.6.17-r1.ebuild:
128 Revision bump to genpatches-2.6.17-8 (including .9 and .10) and updating the
129 grsecurity patch.
130
131 *hardened-sources-2.6.17 (17 Aug 2006)
132
133 17 Aug 2006; Christian Heim <phreak@gentoo.org>
134 +hardened-sources-2.6.17.ebuild:
135 Bumping the hardened-sources-2.6 series to 2.6.17, using
136 genpatches-2.6.17-6.base.
137
138 07 Aug 2006; <solar@gentoo.org> hardened-sources-2.6.16-r11.ebuild:
139 - stable on x86 and amd64
140
141 *hardened-sources-2.6.16-r11 (15 Jul 2006)
142
143 15 Jul 2006; <solar@gentoo.org> -hardened-sources-2.4.32-r3.ebuild,
144 -hardened-sources-2.4.32-r4.ebuild, -hardened-sources-2.4.32-r5.ebuild,
145 -hardened-sources-2.6.14-r8.ebuild, -hardened-sources-2.6.16-r7.ebuild,
146 -hardened-sources-2.6.16-r9.ebuild, +hardened-sources-2.6.16-r11.ebuild:
147 - 2.6.16 bumped for CVE-2006-3626 ; digest fix for 2.4.32-r6 ; removed old
148 crusty ebuilds
149
150 14 Jul 2006; John Mylchreest <johnm@gentoo.org>
151 hardened-sources-2.6.16-r10.ebuild:
152 marking stable on x86 and amd64
153
154 13 Jul 2006; <solar@gentoo.org> hardened-sources-2.4.32-r6.ebuild:
155 - 2.4.32-r6 stable on x86. RSBAC state unknown
156
157 *hardened-sources-2.4.32-r7 (10 Jul 2006)
158
159 10 Jul 2006; Guillaume Destuynder <kang@gentoo.org>
160 +hardened-sources-2.4.32-r7.ebuild:
161 Bump PaX for RSBAC to test-17
162
163 *hardened-sources-2.6.16-r9 (03 Jul 2006)
164
165 03 Jul 2006; John Mylchreest <johnm@gentoo.org>
166 -hardened-sources-2.6.16-r6.ebuild, +hardened-sources-2.6.16-r9.ebuild:
167 hardened-sources-2.6.16 bump to latest -base.
168
169 *hardened-sources-2.4.32-r6 (30 Jun 2006)
170
171 30 Jun 2006; <solar@gentoo.org> -hardened-sources-2.4.32-r2.ebuild,
172 hardened-sources-2.4.32-r4.ebuild, +hardened-sources-2.4.32-r6.ebuild:
173 - backport CVE-2006-0039, CVE-2006-1857 and CVE-2006-1858 and new grsecurity
174 sysctl controlable resource logging
175
176 *hardened-sources-2.6.16-r7 (05 Jun 2006)
177
178 05 Jun 2006; John Mylchreest <johnm@gentoo.org>
179 -hardened-sources-2.6.16-r5.ebuild, +hardened-sources-2.6.16-r7.ebuild:
180 push new 2.6.16 release in preparation for stable
181
182 22 May 2006; <solar@gentoo.org> :
183 - redigest bug 134002
184
185 *hardened-sources-2.4.32-r5 (16 May 2006)
186
187 16 May 2006; Guillaume Destuynder <kang@gentoo.org>
188 +hardened-sources-2.4.32-r5.ebuild:
189 Fixes rsbac common patching (new patch in new -r5 patchset)
190
191 *hardened-sources-2.4.32-r4 (13 May 2006)
192
193 13 May 2006; <solar@gentoo.org> hardened-sources-2.4.32-r3.ebuild,
194 +hardened-sources-2.4.32-r4.ebuild:
195 - security bumps
196
197 *hardened-sources-2.6.16-r6 (03 May 2006)
198
199 03 May 2006; John Mylchreest <johnm@gentoo.org>
200 +hardened-sources-2.6.16-r6.ebuild:
201 bump hardened-2.6.16 to 2.6.16.12 and latest grsec snapshot
202
203 28 Apr 2006; John Mylchreest <johnm@gentoo.org>
204 hardened-sources-2.6.14-r8.ebuild:
205 fix x86_64 build problem, this will delay the digest issue again for a short
206 while but it will sort itself out
207
208 28 Apr 2006; John Mylchreest <johnm@gentoo.org>
209 hardened-sources-2.6.14-r8.ebuild:
210 bump hardened patchset
211
212 27 Apr 2006; Alec Warner <antarus@gentoo.org>
213 files/digest-hardened-sources-2.4.32-r2,
214 files/digest-hardened-sources-2.4.32-r3,
215 files/digest-hardened-sources-2.6.14-r8, Manifest:
216 Fixing duff SHA256 digests: Bug # 131293
217
218 *hardened-sources-2.6.16-r5 (27 Apr 2006)
219
220 27 Apr 2006; John Mylchreest <johnm@gentoo.org>
221 -hardened-sources-2.6.14-r6.ebuild, hardened-sources-2.6.14-r8.ebuild,
222 -hardened-sources-2.6.16-r4.ebuild, +hardened-sources-2.6.16-r5.ebuild:
223 stablise 2.6.14-r8 on x86 & amd64, bump 2.6.16 to fix CVE-2006-1863 &
224 cleanup of old uneccessary sources
225
226 20 Apr 2006; John Mylchreest <johnm@gentoo.org> ChangeLog:
227 fix digest
228
229 *hardened-sources-2.6.14-r8 (20 Apr 2006)
230
231 20 Apr 2006; John Mylchreest <johnm@gentoo.org>
232 +hardened-sources-2.6.14-r8.ebuild:
233 fix CVE-2006-1056, CVE-2006-1525, CVE-2006-1524
234
235 20 Apr 2006; John Mylchreest <johnm@gentoo.org> ChangeLog:
236 Turning on gpg-signing again, and recomitting
237
238 *hardened-sources-2.6.16-r4 (20 Apr 2006)
239
240 20 Apr 2006; John Mylchreest <johnm@gentoo.org>
241 -hardened-sources-2.6.16-r2.ebuild, -hardened-sources-2.6.16-r3.ebuild,
242 +hardened-sources-2.6.16-r4.ebuild:
243 Fix numerous security vulns
244
245 *hardened-sources-2.4.32-r3 (16 Apr 2006)
246
247 16 Apr 2006; <solar@gentoo.org> -hardened-sources-2.4.30-r1.ebuild,
248 -hardened-sources-2.4.31.ebuild, -hardened-sources-2.4.32-r1.ebuild,
249 +hardened-sources-2.4.32-r3.ebuild, -hardened-sources-2.4.32.ebuild:
250 - security bump for bug #112791. Removed old ebuilds
251
252 *hardened-sources-2.6.16-r3 (15 Apr 2006)
253
254 15 Apr 2006; John Mylchreest <johnm@gentoo.org>
255 +hardened-sources-2.6.16-r3.ebuild:
256 Removing silly localversion which I missed
257
258 *hardened-sources-2.6.14-r7 (14 Apr 2006)
259
260 14 Apr 2006; John Mylchreest <johnm@gentoo.org>
261 -hardened-sources-2.6.14-r5.ebuild, +hardened-sources-2.6.14-r7.ebuild:
262 Fixes CVE-2006-0744, CVE-2006-0744, CVE-2006-1522, CVE-2006-1242
263
264 *hardened-sources-2.6.16-r2 (13 Apr 2006)
265
266 13 Apr 2006; John Mylchreest <johnm@gentoo.org>
267 -hardened-sources-2.6.16.ebuild, -hardened-sources-2.6.16-r1.ebuild,
268 +hardened-sources-2.6.16-r2.ebuild:
269 Removing vulnerable 2.6.16 kernels. Bumping grsec, re-enabling reiserfs sec
270 labels, dropping USERGROUP define fixes, since these were merged mainstream.
271
272 *hardened-sources-2.6.16-r1 (11 Apr 2006)
273
274 11 Apr 2006; John Mylchreest <johnm@gentoo.org>
275 +hardened-sources-2.6.16-r1.ebuild:
276 Bumping to include ppc build fix and 2.6.16.3
277
278 06 Apr 2006; Joshua Jackson <tsunam@gentoo.org>
279 hardened-sources-2.6.14-r6.ebuild:
280 Stable on x86; bug #127718
281
282 *hardened-sources-2.6.16 (31 Mar 2006)
283
284 31 Mar 2006; John Mylchreest <johnm@gentoo.org>
285 +hardened-sources-2.6.16.ebuild:
286 Bumping to new version of grsec, and kernel base. New squashfs. Based on
287 2.6.16.1
288
289 30 Mar 2006; Marcus D. Hanwell <cryos@gentoo.org>
290 hardened-sources-2.6.14-r6.ebuild:
291 Stable on amd64, bug 127718.
292
293 28 Mar 2006; <nixnut@gentoo.org> hardened-sources-2.6.14-r6.ebuild:
294 Stable on ppc. Bug #127718
295
296 15 Mar 2006; John Mylchreest <johnm@gentoo.org>
297 -hardened-sources-2.6.11-r15.ebuild, -hardened-sources-2.6.14-r3.ebuild,
298 -hardened-sources-2.6.14-r4.ebuild:
299 Cleanup.
300
301 *hardened-sources-2.6.14-r6 (15 Mar 2006)
302
303 15 Mar 2006; John Mylchreest <johnm@gentoo.org>
304 +hardened-sources-2.6.14-r6.ebuild:
305 Fixes grsec policy recreation bug and adds a
306 >=sys-apps/gradm-2.1.8.200601212342-r1 depend.
307
308 02 Mar 2006; <solar@gentoo.org> hardened-sources-2.4.32-r2.ebuild:
309 - stable on x86
310
311 19 Feb 2006; Michael Hanselmann <hansmi@gentoo.org>
312 hardened-sources-2.6.14-r5.ebuild:
313 Stable on ppc.
314
315 *hardened-sources-2.6.14-r5 (01 Feb 2006)
316
317 01 Feb 2006; John Mylchreest <johnm@gentoo.org>
318 +hardened-sources-2.6.14-r5.ebuild:
319 fixing every known exploit
320
321 *hardened-sources-2.4.32-r2 (26 Jan 2006)
322
323 26 Jan 2006; <solar@gentoo.org> hardened-sources-2.4.32-r1.ebuild,
324 +hardened-sources-2.4.32-r2.ebuild:
325 - mark 2.4.32-r1 stable. added 2.4.32-r2 with 2.1.8-grsec patch
326
327 *hardened-sources-2.6.14-r4 (12 Jan 2006)
328
329 12 Jan 2006; <solar@gentoo.org> +hardened-sources-2.6.14-r4.ebuild:
330 - version bump for new genpatches which fix up a few sec holes
331
332 *hardened-sources-2.4.32-r1 (05 Jan 2006)
333
334 05 Jan 2006; <solar@gentoo.org> +hardened-sources-2.4.32-r1.ebuild:
335 - revision bump to add misc vital linux kernel security patches.
336
337 *hardened-sources-2.6.14-r3 (30 Dec 2005)
338
339 30 Dec 2005; John Mylchreest <johnm@gentoo.org>
340 -hardened-sources-2.6.14-r2.ebuild, +hardened-sources-2.6.14-r3.ebuild:
341 Marking stable, and bumping for sec vuln. Fixes bugs #117171, #117040
342
343 28 Dec 2005; John Mylchreest <johnm@gentoo.org>
344 hardened-sources-2.6.14-r2.ebuild:
345 making x86 & amd64 stable following testing.
346
347 *hardened-sources-2.6.14-r2 (27 Dec 2005)
348
349 27 Dec 2005; John Mylchreest <johnm@gentoo.org>
350 -hardened-sources-2.6.14-r1.ebuild, +hardened-sources-2.6.14-r2.ebuild:
351 Fixing bugs 116832 115771 114635, updating grsec, removing selinux/pax
352 network hooks.
353
354 06 Dec 2005; John Mylchreest <johnm@gentoo.org>
355 hardened-sources-2.6.14-r1.ebuild:
356 bumping to stable early for sec fix on x86 & amd64
357
358 *hardened-sources-2.6.14-r1 (05 Dec 2005)
359
360 05 Dec 2005; John Mylchreest <johnm@gentoo.org>
361 -hardened-sources-2.6.14.ebuild, +hardened-sources-2.6.14-r1.ebuild:
362 bumping to genpatches 2.6.14-5, security fixup. Also bumping grsec patchset.
363
364 04 Dec 2005; <solar@gentoo.org> hardened-sources-2.4.32.ebuild:
365 - stable on x86 security bug #114227 CAN-2005-3257
366
367 *hardened-sources-2.4.32 (19 Nov 2005)
368
369 19 Nov 2005; Guillaume Destuynder <kang@gentoo.org>
370 +hardened-sources-2.4.32.ebuild:
371 Bump to 2.4.32, includes RSBAC+PaX patchset with a local 'rsbac' keyword.
372 Add the 'rsbac' USE flag in /etc/portage/package.use for hardened-sources to
373 have RSBAC instead of GrSecurity patchset. (echo sys-kernel/hardened-sources
374 rsbac >> /etc/portage/package.use)
375
376 *hardened-sources-2.6.14 (14 Nov 2005)
377
378 14 Nov 2005; John Mylchreest <johnm@gentoo.org>
379 -hardened-sources-2.6.13-r2.ebuild, +hardened-sources-2.6.14.ebuild:
380 Bumping 2.6 series to 2.6.14.2
381
382 *hardened-sources-2.6.13-r2 (20 Oct 2005)
383
384 20 Oct 2005; John Mylchreest <johnm@gentoo.org>
385 -hardened-sources-2.6.13.ebuild, -hardened-sources-2.6.13-r1.ebuild,
386 +hardened-sources-2.6.13-r2.ebuild:
387 Fixes minor build error in ppc.
388
389 *hardened-sources-2.6.13-r1 (17 Oct 2005)
390
391 17 Oct 2005; John Mylchreest <johnm@gentoo.org>
392 +hardened-sources-2.6.13-r1.ebuild:
393 Updating grsec to latest snapshot. Fixes some minor issues. Updating to
394 2.6.13.4, fixes some major amd64 stability problems.
395
396 *hardened-sources-2.6.13 (16 Sep 2005)
397
398 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
399 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
400 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
401 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
402 users should test this thoroughly.
403
404 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
405 - stable on x86
406
407 *hardened-sources-2.6.11-r15 (27 Jun 2005)
408
409 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
410 +hardened-sources-2.6.11-r15.ebuild:
411 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
412 grsec redefining curr_ip struct.
413
414 *hardened-sources-2.4.31 (20 Jun 2005)
415
416 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
417 initial import of 2.4.31 tree
418
419 *hardened-sources-2.6.11-r14 (14 Jun 2005)
420
421 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
422 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
423 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
424 naming scheme to abide by genpatches
425
426 *hardened-sources-2.6.11-r13 (18 May 2005)
427
428 18 May 2005; John Mylchreest <johnm@gentoo.org>
429 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
430 Managed to mangle the Makefile patch from grsec, to miss out the grsec
431 target. sorry about that. Fixes bug #93022
432
433 *hardened-sources-2.6.11-r12 (17 May 2005)
434
435 17 May 2005; John Mylchreest <johnm@gentoo.org>
436 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
437 +hardened-sources-2.6.11-r12.ebuild:
438 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
439 merges in genpatches-base
440
441 *hardened-sources-2.6.11-r12 (17 May 2005)
442
443 17 May 2005; John Mylchreest <johnm@gentoo.org>
444 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
445 +hardened-sources-2.6.11-r12.ebuild:
446 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
447 merges in genpatches-base
448
449 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
450 -files/2.4.27-cmdline-race.patch,
451 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
452 -files/2.4.28-grsec-binfmt_a.out.patch,
453 -files/2.4.28-grsec-cmdline-race.patch,
454 -files/2.4.28-selinux-binfmt_a.out.patch,
455 -files/2.4.28-selinux-cmdline-race.patch,
456 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
457 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
458 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
459 cleanup..
460
461 *hardened-sources-2.4.30-r1 (21 Apr 2005)
462
463 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
464 - disable aout by default
465
466 *hardened-sources-2.4.30 (18 Apr 2005)
467
468 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
469 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
470 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
471 use
472
473 *hardened-sources-2.4.29 (30 Mar 2005)
474
475 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
476 +hardened-sources-2.4.29.ebuild:
477 New hardened-patches-2.4-29.0 patchball.
478 Removed SELinux support, upgraded GRSecurity to 2.1.4.
479
480 *hardened-sources-2.4.28-r5 (06 Mar 2005)
481
482 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
483 +hardened-sources-2.4.28-r5.ebuild:
484 Added a fix for a PaX vulnerability.
485
486 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
487 hardened-sources-2.4.28-r4.ebuild:
488 Stable on x86
489
490 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
491 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
492 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
493 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
494 - fixed/added RDEPEND= in all kernel-2 ebuilds
495
496 *hardened-sources-2.4.28-r4 (21 Jan 2005)
497
498 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
499 +hardened-sources-2.4.28-r4.ebuild:
500 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
501 backport of neighbour hash updates.
502
503 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
504 hardened-sources-2.4.28-r3.ebuild:
505 Stable on x86
506
507 *hardened-sources-2.6.10-r3 (20 Jan 2005)
508
509 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
510 +hardened-sources-2.6.10-r3.ebuild:
511 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
512 in 2005.0
513
514 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
515 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
516 hardened-sources-2.4.28-r2.ebuild:
517 Mark stable on x86
518
519 *hardened-sources-2.4.28-r3 (17 Jan 2005)
520
521 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
522 +hardened-sources-2.4.28-r3.ebuild:
523 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
524
525 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
526 hardened-sources-2.4.28.ebuild:
527 Mark stable on x86.
528
529 *hardened-sources-2.4.28-r2 (13 Jan 2005)
530
531 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
532 +hardened-sources-2.4.28-r2.ebuild:
533 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
534 Mazinger for grsecurity patches as well.
535
536 *hardened-sources-2.4.28-r1 (23 Dec 2004)
537
538 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
539 Security bump. Thank tocharian for rolling a new patchset...
540
541 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
542 +files/2.4.28-grsec-cmdline-race.patch,
543 +files/2.4.28-selinux-binfmt_a.out.patch,
544 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
545 - Round up remaining security patches that appear to be missing in 2.4.28. -
546 PaX standalone updated to current. hgpv=28.1
547
548 *hardened-sources-2.4.28 (28 Nov 2004)
549
550 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
551 security bump. Thank tocharian for rolling a new patchset
552
553 *hardened-sources-2.4.27-r3 (08 Sep 2004)
554
555 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
556 +hardened-sources-2.4.27-r3.ebuild:
557 Applies the new 2.4-27.2 patchball which updates
558 GRSecurity to the 2.0.1 version.
559
560 *hardened-sources-2.4.27-r2 (31 Aug 2004)
561
562 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
563 +hardened-sources-2.4.27-r2.ebuild:
564 Version bump.
565 This version uses the new 2.4-27.1 patchball which updates
566 both the SELinux PaX hooks patch and the SELinux headers.
567
568 *hardened-sources-2.4.27-r1 (09 Aug 2004)
569
570 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
571 +hardened-sources-2.4.27-r1.ebuild,
572 -hardened-sources-2.4.27.ebuild,
573 +files/2.4.27-cmdline-race.patch:
574 Version bump, fix for cmdline race. See bug #59905.
575
576 *hardened-sources-2.4.26-r6 (09 Aug 2004)
577
578 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
579 +hardened-sources-2.4.26-r6.ebuild,
580 -hardened-sources-2.4.26-r5.ebuild,
581 -hardened-sources-2.4.26-r4.ebuild,
582 +files/2.4.26-cmdline-race.patch:
583 Version bump, fix for cmdline race. See bug #59905.
584
585 *hardened-sources-2.4.27 (08 Aug 2004)
586
587 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
588 +hardened-sources-2.4.27.ebuild,
589 +files/2.4.27-CAN-2004-0394.patch:
590 Ported the patchball to the 2.4.27 kernel version.
591
592 *hardened-sources-2.4.26-r5 (07 Aug 2004)
593
594 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
595 +hardened-sources-2.4.26-r5.ebuild:
596 Updated to use the new hardened-patches-2.4-26.1 patchball.
597 It adds the following features:
598 - Squashfs
599 - Ebtables
600 - Netdev random (core+drivers)
601 - Watchdog Timer (WDT) fix.
602
603 *hardened-sources-2.4.26-r4 (04 Aug 2004)
604
605 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
606 +hardened-sources-2.4.26-r4.ebuild,
607 +files/2.4.26-CAN-2004-0415.patch,
608 -hardened-sources-2.4.26-3:
609 Version bump, fix for CAN 0415, see bug #59378.
610
611 *hardened-sources-2.4.26-r3 (22 Jul 2004)
612
613 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
614 +hardened-sources-2.4.26-r3.ebuild,
615 +files/2.4.26-CAN-2004-0497.patch,
616 -hardened-sources-2.4.26-r2.ebuild:
617 Version bump, fixed CAN 0497, see bug #56171.
618
619 *hardened-sources-2.4.26-r2 (29 Jun 2004)
620
621 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
622 +hardened-sources-2.4.26-r2.ebuild,
623 +files/2.4.26-CAN-2004-0495.patch,
624 +files/2.4.26-CAN-2004-0535.patch,
625 -hardened-sources-2.4.26-r1.ebuild:
626 Fixes for both CAN 0495 and 0535, see bug #54976
627
628 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
629 hardened-sources-2.4.26-r1.ebuild:
630 QA - fix use invocation
631
632 *hardened-sources-2.4.26-r1 (22 June 2004)
633
634 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
635 +hardened-sources-2.4.26-r1.ebuild,
636 +files/2.4.26-CAN-2004-0394.patch,
637 +files/2.4.26-signal-race.patch,
638 -hardened-sources-2.4.26.ebuild,
639 -hardened-sources-2.4.24-r3.ebuild:
640 Version bump for the CAN-2004-0394 issue and bug #53804
641 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
642
643
644 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
645 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
646 Masked hardened-sources-2.4.26.ebuild broken for ppc
647
648 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
649 hardened-sources-2.4.24-r3.ebuild:
650 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
651
652 *hardened-sources-2.4.26 (29 May 2004)
653
654 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
655 +hardened-sources-2.4.26.ebuild:
656 Updated hardened-sources for the 2.4.26 kernel
657 Removed broken components, updated almost everything.
658
659 *hardened-sources-2.4.24-r3 (17 Apr 2004)
660
661 17 Apr 2004; <plasmaroo@gentoo.org>
662 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
663 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
664 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
665 +hardened-sources-2.4.24-r3.ebuild:
666 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
667 vulnerabilities. Old revisions removed.
668
669 *hardened-sources-2.4.24-r2 (15 Apr 2004)
670
671 15 Apr 2004; <plasmaroo@gentoo.org>
672 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
673 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
674 Version bump for the CAN-2004-0109 issue; bug #47881.
675
676 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
677 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
678 Add eutils to inherit.
679
680 *hardened-sources-2.4.24-r1 (19 Feb 2004)
681
682 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
683 files/hardened-sources-2.4.24.munmap.patch:
684 Added the patch for the mremap/munmap vulnerability. Bug #42024.
685
686 *hardened-sources-2.4.24 (06 Feb 2004)
687
688 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
689 hardened-sources-2.4.24.ebuild:
690 Version bump, updated most of the components.
691 This release includes the following:
692
693 - Hardened security
694 - Netfilter patch-o-matic 20031219
695 - FreeSWAN 2.04 & x509 1.4.8
696 - EVMS 2.2.2
697 - XFS 1.3.1
698 - cryptoloop jari
699 - grsecurity 2.0-rc4
700 - SELinux
701 - PaX 200402060000
702 - PaX Obscurity 200308302223
703 - Others...
704
705 Neither -ck nor systrace are included anymore.
706
707 *hardened-sources-2.4.22-r2 (05 Jan 2004)
708
709 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
710 hardened-sources-2.4.22-r2.ebuild:
711 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
712
713 *hardened-sources-2.4.22-r1 (02 Dec 2003)
714
715 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
716 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
717
718 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
719 hardened-sources-2.4.22-r1.ebuild:
720 Version bump for the 'do_brk' vulnerability.
721
722 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
723 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
724 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
725 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
726 Fix the 'do_brk' vulnerability.
727
728 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
729 hardened-sources-2.4.22.ebuild:
730 - Removed the src_install() portion for SELinux flask
731 components. These are no longer handled in the kernel
732 so this code was not necessary.
733
734 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
735 New 2.4.22 based hardened-sources thanks to
736 Phil West <p.west@computer.org>.
737
738 These sources include:
739 - New SELinux API
740 - Updated CK-base
741 - Updated GRSec
742 - Systrace
743 - SuperFreeS/WAN 1.99.8
744 - Propolice kernel build support
745 - EVMS
746 - Other various security related patches
747
748 *hardened-sources-2.4.21 (14 Sep 2003)
749
750 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
751 Updated hardened-sources based on the 2.4.21 Linux kernel.
752 This includes updates to most major components such as:
753 - ck-base-0306300059
754 - selinux-2.4-2003071106
755 - grsecurity-2.0-rc1
756 - Updated IPTables patch-o-matic
757 - Updated SuperFreeS/WAN
758
759 Thanks to Phil West <pwest@computer.org> for his work in getting this
760 updated patch set ready for the 2.4.21 based kernel.
761
762 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
763 Initial import of hardened-sources-2.4.20-r4. This revision
764 includes only a few changes, but one of these is an important
765 security fix. It is recommended all users of hardened-sources
766 upgrade to this release.
767
768 - ioperm bug fix
769 - fixed compilation failure when building without GRSec
770
771 SAL (Secure Auditing for Linux) is NOT included in this revision
772 due to time constraints, but is planned for inclusion in the near
773 future.
774
775 *hardened-sources-2.4.20-r2 (12 Jun 2003)
776
777 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
778 hardened-sources-2.4.20-r3.ebuild:
779 Add Header...
780
781 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
782 hardened-sources-2.4.20-r3.ebuild:
783 Removed warnings from ebuild. This kernel should be safe to
784 use at this point.
785
786 *hardened-sources-2.4.20-r3 (08 Jun 2003)
787
788 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
789 hardened-sources-2.4.20-r3.ebuild:
790 New revision. Includes the following changes over -r2:
791
792 - ck7-base (O(1), preempt, low latency)
793 - Super FreeS/WAN 1.99.7rc2
794 - PaX for the LSM/SELinux branch
795 - GRSecurity 2.0-pre4 (role based access control)
796 - Systrace 1.3
797 - EXT3 fixes
798 - EVMS 2.0.1
799 - GCC 3.1+ compile optimizations
800 - ProPolice kernel build support
801 - Hashing table security fixes
802
803 *hardened-sources-2.4.20-r1 (09 Apr 2003)
804
805 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
806 Initial import of hardened-sources-r2. This new
807 ebuild includes many new performance and security
808 related patches. As in -r1, it will patch in
809 LSM/SELinux if "selinux" is in USE, otherwise it
810 will patch in GRSecurity. The following patches
811 are included in this revision:
812
813 - O(1) Scheduler, Low Latency, and Preempt
814 (pulled from the base CK patch)
815 - ptrace exploit patch for the LSM kernel
816 (the GRSec patch already fixes this)
817 - LSM 2.4-2003040709
818 - SELinux 2.4-2003040709
819 - Systrace v1.2
820 - IPTables patch-o-matic base patches - 20030107
821 - CryptoAPI 2.4.20.1 w/ loop-jari patch
822 - Super FreeS/WAN 1.99.6.1
823 - GRSecurity 1.9.9g
824 - MPPE
825 - EXT3 data journal fix
826 - CIPE 1.5.4
827
828 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
829 hardened-sources-2.4.20-r1.ebuild, manifest:
830 Updated to install flask components correctly for selinux.
831
832 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
833 hardened-sources-2.4.20-r1.ebuild:
834 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
835 is patched in instead. Ptrace patches for selinux have also been added. In
836 either case, systrace support will be patched in as well.
837
838 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
839 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
840 Revision bump for new sources.
841
842 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
843 hardened-sources-2.4.20-r1.ebuild:
844 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
845
846 *hardened-sources-2.4.20 (30 Mar 2003)
847
848 30 Mar 2003; Joshua Brindle <method@gentoo.org>
849 hardened-sources-2.4.20.ebuild:
850 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20