/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.140 - (show annotations) (download)
Fri Mar 16 13:49:58 2007 UTC (7 years, 4 months ago) by phreak
Branch: MAIN
Changes since 1.139: +9 -1 lines
Fixing CVE-2007-1000 locally (hardened/), thanks to Tony for pushing. And yes I screwed up, this is tagged as 2.6.18-5 and not 2.6.18-6 as it's supposed to be.
(Portage version: 2.1.2.2)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.139 2007/03/06 11:16:45 phreak Exp $
4
5 *hardened-sources-2.6.18-r6 (16 Mar 2007)
6
7 16 Mar 2007; Christian Heim <phreak@gentoo.org>
8 -hardened-sources-2.6.18-r5.ebuild, +hardened-sources-2.6.18-r6.ebuild:
9 Fixing CVE-2007-1000 locally (hardened/), thanks to Tony for pushing. And
10 yes I screwed up, this is tagged as 2.6.18-5 and not 2.6.18-6 as it's
11 supposed to be.
12
13 06 Mar 2007; Christian Heim <phreak@gentoo.org> ChangeLog:
14 Fixing the Manifest, the previous one was broken (as in still had the
15 deleted ebuild in it).
16
17 06 Mar 2007; Christian Heim <phreak@gentoo.org>
18 -hardened-sources-2.6.16-r10.ebuild, -hardened-sources-2.6.18-r4.ebuild,
19 +hardened-sources-2.6.18-r5.ebuild:
20 Bumping the ~arch'ed 2.6.18 version, pulling in genpatches-2.6.18-10 for
21 Linux 2.6.18.8. Also cleaning up the older version.
22
23 *hardened-sources-2.6.18-r5 (06 Mar 2007)
24
25 06 Mar 2007; Christian Heim <phreak@gentoo.org>
26 -hardened-sources-2.6.16-r10.ebuild, -hardened-sources-2.6.18-r4.ebuild,
27 +hardened-sources-2.6.18-r5.ebuild:
28 Bumping the ~arch'ed 2.6.18 version, pulling in genpatches-2.6.18-10 for
29 Linux 2.6.18.8. Also cleaning up the older version.
30
31 24 Feb 2007; Christian Heim <phreak@gentoo.org>
32 -hardened-sources-2.6.19-r3.ebuild, -hardened-sources-2.6.19-r4.ebuild,
33 -hardened-sources-2.6.19-r5.ebuild:
34 Removing some of the old version, that didn't work.
35
36 *hardened-sources-2.6.19-r6 (12 Feb 2007)
37
38 12 Feb 2007; Christian Heim <phreak@gentoo.org>
39 +hardened-sources-2.6.19-r6.ebuild:
40 Revision bump, including a new grsec version fixing #166235.
41
42 *hardened-sources-2.4.34 (24 Jan 2007)
43
44 24 Jan 2007; Alexander Gabert <pappy@gentoo.org>
45 Manifest:
46 updating Manifest with checksums of new tarball and ebuild
47
48 24 Jan 2007; Alexander Gabert <pappy@gentoo.org>
49 +hardened-sources-2.4.34.ebuild:
50 I added new hardened sources 2.4 update, this is a critical path
51 security bugfix - all users of h-s are strongly advised
52 to update their existing hardened sources to this version.
53 It contains a fix for a kernel vulnerability that is pertaining
54 to the PaX changes to virtual memory management, possibly leading
55 to a local kernel exploit ... see grsecurity.net forums and homepage
56
57 23 Jan 2007; Christian Heim <phreak@gentoo.org>
58 files/digest-hardened-sources-2.6.19-r5, Manifest:
59 Fixing the patch-tarball digest.
60
61 *hardened-sources-2.6.19-r5 (23 Jan 2007)
62
63 23 Jan 2007; Christian Heim <phreak@gentoo.org>
64 +hardened-sources-2.6.19-r5.ebuild:
65 Revision bump, closing the recently discovered PaX expand_stack()
66 vulnerability.
67
68 *hardened-sources-2.6.19-r4 (14 Jan 2007)
69
70 14 Jan 2007; Christian Heim <phreak@gentoo.org>
71 +hardened-sources-2.6.19-r4.ebuild:
72 Revision bump, pulling in linux-2.6.19.2 and grsecurity 2.1.10 - thus
73 dropping the randomized PID feature.
74
75 11 Jan 2007; Christian Faulhammer <opfer@gentoo.org>
76 hardened-sources-2.4.33.4.ebuild:
77 stable x86, bug #161171
78
79 *hardened-sources-2.6.19-r3 (27 Dec 2006)
80
81 27 Dec 2006; Christian Heim <phreak@gentoo.org>
82 -hardened-sources-2.6.19-r2.ebuild, +hardened-sources-2.6.19-r3.ebuild:
83 Revision bump for bug #157186 and #158786.
84
85 *hardened-sources-2.6.18-r4 (27 Dec 2006)
86
87 27 Dec 2006; Christian Heim <phreak@gentoo.org>
88 -hardened-sources-2.6.18-r3.ebuild, +hardened-sources-2.6.18-r4.ebuild:
89 Revision bump for bug #157186.
90
91 *hardened-sources-2.6.19-r2 (23 Dec 2006)
92
93 23 Dec 2006; Christian Heim <phreak@gentoo.org>
94 -hardened-sources-2.6.19-r1.ebuild, +hardened-sources-2.6.19-r2.ebuild:
95 Revision bump to pull in genpatches-2.6.19-3 for #157186.
96
97 17 Dec 2006; Christian Heim <phreak@gentoo.org>
98 hardened-sources-2.6.14-r7.ebuild, hardened-sources-2.6.16-r10.ebuild,
99 hardened-sources-2.6.16-r11.ebuild, hardened-sources-2.6.17-r1.ebuild,
100 hardened-sources-2.6.18.ebuild, hardened-sources-2.6.18-r3.ebuild,
101 hardened-sources-2.6.19-r1.ebuild:
102 Adding 4453_grsec-2.1.9-2.6.19-io-kmem-sysctl.patch to UNIPATCH_EXLUDE,
103 adding correct HOMEPAGE and adjusting DESCRIPTION (thanks to Alexander).
104
105 *hardened-sources-2.4.33.4 (17 Dec 2006)
106
107 17 Dec 2006; Alexander Gabert <pappy@gentoo.org>
108 +hardened-sources-2.4.33.4.ebuild:
109 new 2.4.33.4 version including grsec and fixes, thanks to phreak for help
110 and quilting
111
112 *hardened-sources-2.6.19-r1 (14 Dec 2006)
113
114 14 Dec 2006; Christian Heim <phreak@gentoo.org>
115 -hardened-sources-2.6.19.ebuild, +hardened-sources-2.6.19-r1.ebuild:
116 Revision bump, fixing #158107 (thanks to Petre Rodan <kaiowas at gentoo.org>
117 for reporting).
118
119 *hardened-sources-2.6.19 (13 Dec 2006)
120
121 13 Dec 2006; Christian Heim <phreak@gentoo.org>
122 +hardened-sources-2.6.19.ebuild:
123 And finally 2.6.19, thanks to Ned (who prepared the inital patchset) and
124 Brad for providing that prompt update.
125
126 *hardened-sources-2.6.18-r3 (13 Dec 2006)
127
128 13 Dec 2006; Christian Heim <phreak@gentoo.org>
129 -hardened-sources-2.6.18-r1.ebuild, -hardened-sources-2.6.18-r2.ebuild,
130 +hardened-sources-2.6.18-r3.ebuild:
131 Revision bump, excluding the faulty patch. Thanks to Anakim Border and Peter
132 S. Mazinger. Closes #157409 for now. Also removing the previous revisions.
133
134 09 Dec 2006; Christian Heim <phreak@gentoo.org> Manifest:
135 Fixing the metadata.xml Manifest entry (thanks to xaid and ml8128 in #gentoo-hardened).
136
137 08 Dec 2006; nixnut <nixnut@gentoo.org> hardened-sources-2.6.18.ebuild:
138 Stable on ppc wrt bug 157356
139
140 07 Dec 2006; Christian Faulhammer <opfer@gentoo.org>
141 hardened-sources-2.6.18.ebuild:
142 stable x86, bug #157356
143
144 *hardened-sources-2.6.18-r2 (06 Dec 2006)
145
146 06 Dec 2006; Christian Heim <phreak@gentoo.org>
147 +hardened-sources-2.6.18-r2.ebuild:
148 Revision bump, including 2.6.18.5 (via genpatches) and
149 4454_grsec-2.1.9-2.6.18.2-io-kmem-sysctl.patch based on Peter Mazinger and
150 Ned Ludd's original patch. Thanks to Alexander Gabert (pappy) for the
151 redesign.
152
153 06 Dec 2006; Christian Heim <phreak@gentoo.org>
154 hardened-sources-2.6.18.ebuild:
155 Marking hardened-sources-2.6.18 stable on amd64 (see bug #157356, on behalf
156 of Mike Doty).
157
158 *hardened-sources-2.6.18-r1 (23 Nov 2006)
159
160 23 Nov 2006; Christian Heim <phreak@gentoo.org>
161 +hardened-sources-2.6.18-r1.ebuild:
162 Revision bump to genpatches-2.6.18-4 (including 2.6.18.3).
163
164 *hardened-sources-2.6.18 (11 Nov 2006)
165
166 11 Nov 2006; Christian Heim <phreak@gentoo.org>
167 +hardened-sources-2.6.18.ebuild:
168 Version bump, thanks to Alexander Gabert we're finally at 2.6.18.
169
170 18 Oct 2006; <solar@gentoo.org> hardened-sources-2.6.17-r1.ebuild:
171 - mark amd64 stable also. bug #151877
172
173 18 Oct 2006; <solar@gentoo.org> hardened-sources-2.6.17-r1.ebuild:
174 - mark 2.6.17-r1 stable
175
176 27 Aug 2006; Christian Heim <phreak@gentoo.org>
177 -hardened-sources-2.6.17.ebuild, hardened-sources-2.6.17-r1.ebuild:
178 Removing old ebuild, removing unipatch from newer ebuild (need to fix it!).
179
180 *hardened-sources-2.6.17-r1 (26 Aug 2006)
181
182 26 Aug 2006; Christian Heim <phreak@gentoo.org>
183 +hardened-sources-2.6.17-r1.ebuild:
184 Revision bump to genpatches-2.6.17-8 (including .9 and .10) and updating the
185 grsecurity patch.
186
187 *hardened-sources-2.6.17 (17 Aug 2006)
188
189 17 Aug 2006; Christian Heim <phreak@gentoo.org>
190 +hardened-sources-2.6.17.ebuild:
191 Bumping the hardened-sources-2.6 series to 2.6.17, using
192 genpatches-2.6.17-6.base.
193
194 07 Aug 2006; <solar@gentoo.org> hardened-sources-2.6.16-r11.ebuild:
195 - stable on x86 and amd64
196
197 *hardened-sources-2.6.16-r11 (15 Jul 2006)
198
199 15 Jul 2006; <solar@gentoo.org> -hardened-sources-2.4.32-r3.ebuild,
200 -hardened-sources-2.4.32-r4.ebuild, -hardened-sources-2.4.32-r5.ebuild,
201 -hardened-sources-2.6.14-r8.ebuild, -hardened-sources-2.6.16-r7.ebuild,
202 -hardened-sources-2.6.16-r9.ebuild, +hardened-sources-2.6.16-r11.ebuild:
203 - 2.6.16 bumped for CVE-2006-3626 ; digest fix for 2.4.32-r6 ; removed old
204 crusty ebuilds
205
206 14 Jul 2006; John Mylchreest <johnm@gentoo.org>
207 hardened-sources-2.6.16-r10.ebuild:
208 marking stable on x86 and amd64
209
210 13 Jul 2006; <solar@gentoo.org> hardened-sources-2.4.32-r6.ebuild:
211 - 2.4.32-r6 stable on x86. RSBAC state unknown
212
213 *hardened-sources-2.4.32-r7 (10 Jul 2006)
214
215 10 Jul 2006; Guillaume Destuynder <kang@gentoo.org>
216 +hardened-sources-2.4.32-r7.ebuild:
217 Bump PaX for RSBAC to test-17
218
219 *hardened-sources-2.6.16-r9 (03 Jul 2006)
220
221 03 Jul 2006; John Mylchreest <johnm@gentoo.org>
222 -hardened-sources-2.6.16-r6.ebuild, +hardened-sources-2.6.16-r9.ebuild:
223 hardened-sources-2.6.16 bump to latest -base.
224
225 *hardened-sources-2.4.32-r6 (30 Jun 2006)
226
227 30 Jun 2006; <solar@gentoo.org> -hardened-sources-2.4.32-r2.ebuild,
228 hardened-sources-2.4.32-r4.ebuild, +hardened-sources-2.4.32-r6.ebuild:
229 - backport CVE-2006-0039, CVE-2006-1857 and CVE-2006-1858 and new grsecurity
230 sysctl controlable resource logging
231
232 *hardened-sources-2.6.16-r7 (05 Jun 2006)
233
234 05 Jun 2006; John Mylchreest <johnm@gentoo.org>
235 -hardened-sources-2.6.16-r5.ebuild, +hardened-sources-2.6.16-r7.ebuild:
236 push new 2.6.16 release in preparation for stable
237
238 22 May 2006; <solar@gentoo.org> :
239 - redigest bug 134002
240
241 *hardened-sources-2.4.32-r5 (16 May 2006)
242
243 16 May 2006; Guillaume Destuynder <kang@gentoo.org>
244 +hardened-sources-2.4.32-r5.ebuild:
245 Fixes rsbac common patching (new patch in new -r5 patchset)
246
247 *hardened-sources-2.4.32-r4 (13 May 2006)
248
249 13 May 2006; <solar@gentoo.org> hardened-sources-2.4.32-r3.ebuild,
250 +hardened-sources-2.4.32-r4.ebuild:
251 - security bumps
252
253 *hardened-sources-2.6.16-r6 (03 May 2006)
254
255 03 May 2006; John Mylchreest <johnm@gentoo.org>
256 +hardened-sources-2.6.16-r6.ebuild:
257 bump hardened-2.6.16 to 2.6.16.12 and latest grsec snapshot
258
259 28 Apr 2006; John Mylchreest <johnm@gentoo.org>
260 hardened-sources-2.6.14-r8.ebuild:
261 fix x86_64 build problem, this will delay the digest issue again for a short
262 while but it will sort itself out
263
264 28 Apr 2006; John Mylchreest <johnm@gentoo.org>
265 hardened-sources-2.6.14-r8.ebuild:
266 bump hardened patchset
267
268 27 Apr 2006; Alec Warner <antarus@gentoo.org>
269 files/digest-hardened-sources-2.4.32-r2,
270 files/digest-hardened-sources-2.4.32-r3,
271 files/digest-hardened-sources-2.6.14-r8, Manifest:
272 Fixing duff SHA256 digests: Bug # 131293
273
274 *hardened-sources-2.6.16-r5 (27 Apr 2006)
275
276 27 Apr 2006; John Mylchreest <johnm@gentoo.org>
277 -hardened-sources-2.6.14-r6.ebuild, hardened-sources-2.6.14-r8.ebuild,
278 -hardened-sources-2.6.16-r4.ebuild, +hardened-sources-2.6.16-r5.ebuild:
279 stablise 2.6.14-r8 on x86 & amd64, bump 2.6.16 to fix CVE-2006-1863 &
280 cleanup of old uneccessary sources
281
282 20 Apr 2006; John Mylchreest <johnm@gentoo.org> ChangeLog:
283 fix digest
284
285 *hardened-sources-2.6.14-r8 (20 Apr 2006)
286
287 20 Apr 2006; John Mylchreest <johnm@gentoo.org>
288 +hardened-sources-2.6.14-r8.ebuild:
289 fix CVE-2006-1056, CVE-2006-1525, CVE-2006-1524
290
291 20 Apr 2006; John Mylchreest <johnm@gentoo.org> ChangeLog:
292 Turning on gpg-signing again, and recomitting
293
294 *hardened-sources-2.6.16-r4 (20 Apr 2006)
295
296 20 Apr 2006; John Mylchreest <johnm@gentoo.org>
297 -hardened-sources-2.6.16-r2.ebuild, -hardened-sources-2.6.16-r3.ebuild,
298 +hardened-sources-2.6.16-r4.ebuild:
299 Fix numerous security vulns
300
301 *hardened-sources-2.4.32-r3 (16 Apr 2006)
302
303 16 Apr 2006; <solar@gentoo.org> -hardened-sources-2.4.30-r1.ebuild,
304 -hardened-sources-2.4.31.ebuild, -hardened-sources-2.4.32-r1.ebuild,
305 +hardened-sources-2.4.32-r3.ebuild, -hardened-sources-2.4.32.ebuild:
306 - security bump for bug #112791. Removed old ebuilds
307
308 *hardened-sources-2.6.16-r3 (15 Apr 2006)
309
310 15 Apr 2006; John Mylchreest <johnm@gentoo.org>
311 +hardened-sources-2.6.16-r3.ebuild:
312 Removing silly localversion which I missed
313
314 *hardened-sources-2.6.14-r7 (14 Apr 2006)
315
316 14 Apr 2006; John Mylchreest <johnm@gentoo.org>
317 -hardened-sources-2.6.14-r5.ebuild, +hardened-sources-2.6.14-r7.ebuild:
318 Fixes CVE-2006-0744, CVE-2006-0744, CVE-2006-1522, CVE-2006-1242
319
320 *hardened-sources-2.6.16-r2 (13 Apr 2006)
321
322 13 Apr 2006; John Mylchreest <johnm@gentoo.org>
323 -hardened-sources-2.6.16.ebuild, -hardened-sources-2.6.16-r1.ebuild,
324 +hardened-sources-2.6.16-r2.ebuild:
325 Removing vulnerable 2.6.16 kernels. Bumping grsec, re-enabling reiserfs sec
326 labels, dropping USERGROUP define fixes, since these were merged mainstream.
327
328 *hardened-sources-2.6.16-r1 (11 Apr 2006)
329
330 11 Apr 2006; John Mylchreest <johnm@gentoo.org>
331 +hardened-sources-2.6.16-r1.ebuild:
332 Bumping to include ppc build fix and 2.6.16.3
333
334 06 Apr 2006; Joshua Jackson <tsunam@gentoo.org>
335 hardened-sources-2.6.14-r6.ebuild:
336 Stable on x86; bug #127718
337
338 *hardened-sources-2.6.16 (31 Mar 2006)
339
340 31 Mar 2006; John Mylchreest <johnm@gentoo.org>
341 +hardened-sources-2.6.16.ebuild:
342 Bumping to new version of grsec, and kernel base. New squashfs. Based on
343 2.6.16.1
344
345 30 Mar 2006; Marcus D. Hanwell <cryos@gentoo.org>
346 hardened-sources-2.6.14-r6.ebuild:
347 Stable on amd64, bug 127718.
348
349 28 Mar 2006; <nixnut@gentoo.org> hardened-sources-2.6.14-r6.ebuild:
350 Stable on ppc. Bug #127718
351
352 15 Mar 2006; John Mylchreest <johnm@gentoo.org>
353 -hardened-sources-2.6.11-r15.ebuild, -hardened-sources-2.6.14-r3.ebuild,
354 -hardened-sources-2.6.14-r4.ebuild:
355 Cleanup.
356
357 *hardened-sources-2.6.14-r6 (15 Mar 2006)
358
359 15 Mar 2006; John Mylchreest <johnm@gentoo.org>
360 +hardened-sources-2.6.14-r6.ebuild:
361 Fixes grsec policy recreation bug and adds a
362 >=sys-apps/gradm-2.1.8.200601212342-r1 depend.
363
364 02 Mar 2006; <solar@gentoo.org> hardened-sources-2.4.32-r2.ebuild:
365 - stable on x86
366
367 19 Feb 2006; Michael Hanselmann <hansmi@gentoo.org>
368 hardened-sources-2.6.14-r5.ebuild:
369 Stable on ppc.
370
371 *hardened-sources-2.6.14-r5 (01 Feb 2006)
372
373 01 Feb 2006; John Mylchreest <johnm@gentoo.org>
374 +hardened-sources-2.6.14-r5.ebuild:
375 fixing every known exploit
376
377 *hardened-sources-2.4.32-r2 (26 Jan 2006)
378
379 26 Jan 2006; <solar@gentoo.org> hardened-sources-2.4.32-r1.ebuild,
380 +hardened-sources-2.4.32-r2.ebuild:
381 - mark 2.4.32-r1 stable. added 2.4.32-r2 with 2.1.8-grsec patch
382
383 *hardened-sources-2.6.14-r4 (12 Jan 2006)
384
385 12 Jan 2006; <solar@gentoo.org> +hardened-sources-2.6.14-r4.ebuild:
386 - version bump for new genpatches which fix up a few sec holes
387
388 *hardened-sources-2.4.32-r1 (05 Jan 2006)
389
390 05 Jan 2006; <solar@gentoo.org> +hardened-sources-2.4.32-r1.ebuild:
391 - revision bump to add misc vital linux kernel security patches.
392
393 *hardened-sources-2.6.14-r3 (30 Dec 2005)
394
395 30 Dec 2005; John Mylchreest <johnm@gentoo.org>
396 -hardened-sources-2.6.14-r2.ebuild, +hardened-sources-2.6.14-r3.ebuild:
397 Marking stable, and bumping for sec vuln. Fixes bugs #117171, #117040
398
399 28 Dec 2005; John Mylchreest <johnm@gentoo.org>
400 hardened-sources-2.6.14-r2.ebuild:
401 making x86 & amd64 stable following testing.
402
403 *hardened-sources-2.6.14-r2 (27 Dec 2005)
404
405 27 Dec 2005; John Mylchreest <johnm@gentoo.org>
406 -hardened-sources-2.6.14-r1.ebuild, +hardened-sources-2.6.14-r2.ebuild:
407 Fixing bugs 116832 115771 114635, updating grsec, removing selinux/pax
408 network hooks.
409
410 06 Dec 2005; John Mylchreest <johnm@gentoo.org>
411 hardened-sources-2.6.14-r1.ebuild:
412 bumping to stable early for sec fix on x86 & amd64
413
414 *hardened-sources-2.6.14-r1 (05 Dec 2005)
415
416 05 Dec 2005; John Mylchreest <johnm@gentoo.org>
417 -hardened-sources-2.6.14.ebuild, +hardened-sources-2.6.14-r1.ebuild:
418 bumping to genpatches 2.6.14-5, security fixup. Also bumping grsec patchset.
419
420 04 Dec 2005; <solar@gentoo.org> hardened-sources-2.4.32.ebuild:
421 - stable on x86 security bug #114227 CAN-2005-3257
422
423 *hardened-sources-2.4.32 (19 Nov 2005)
424
425 19 Nov 2005; Guillaume Destuynder <kang@gentoo.org>
426 +hardened-sources-2.4.32.ebuild:
427 Bump to 2.4.32, includes RSBAC+PaX patchset with a local 'rsbac' keyword.
428 Add the 'rsbac' USE flag in /etc/portage/package.use for hardened-sources to
429 have RSBAC instead of GrSecurity patchset. (echo sys-kernel/hardened-sources
430 rsbac >> /etc/portage/package.use)
431
432 *hardened-sources-2.6.14 (14 Nov 2005)
433
434 14 Nov 2005; John Mylchreest <johnm@gentoo.org>
435 -hardened-sources-2.6.13-r2.ebuild, +hardened-sources-2.6.14.ebuild:
436 Bumping 2.6 series to 2.6.14.2
437
438 *hardened-sources-2.6.13-r2 (20 Oct 2005)
439
440 20 Oct 2005; John Mylchreest <johnm@gentoo.org>
441 -hardened-sources-2.6.13.ebuild, -hardened-sources-2.6.13-r1.ebuild,
442 +hardened-sources-2.6.13-r2.ebuild:
443 Fixes minor build error in ppc.
444
445 *hardened-sources-2.6.13-r1 (17 Oct 2005)
446
447 17 Oct 2005; John Mylchreest <johnm@gentoo.org>
448 +hardened-sources-2.6.13-r1.ebuild:
449 Updating grsec to latest snapshot. Fixes some minor issues. Updating to
450 2.6.13.4, fixes some major amd64 stability problems.
451
452 *hardened-sources-2.6.13 (16 Sep 2005)
453
454 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
455 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
456 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
457 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
458 users should test this thoroughly.
459
460 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
461 - stable on x86
462
463 *hardened-sources-2.6.11-r15 (27 Jun 2005)
464
465 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
466 +hardened-sources-2.6.11-r15.ebuild:
467 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
468 grsec redefining curr_ip struct.
469
470 *hardened-sources-2.4.31 (20 Jun 2005)
471
472 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
473 initial import of 2.4.31 tree
474
475 *hardened-sources-2.6.11-r14 (14 Jun 2005)
476
477 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
478 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
479 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
480 naming scheme to abide by genpatches
481
482 *hardened-sources-2.6.11-r13 (18 May 2005)
483
484 18 May 2005; John Mylchreest <johnm@gentoo.org>
485 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
486 Managed to mangle the Makefile patch from grsec, to miss out the grsec
487 target. sorry about that. Fixes bug #93022
488
489 *hardened-sources-2.6.11-r12 (17 May 2005)
490
491 17 May 2005; John Mylchreest <johnm@gentoo.org>
492 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
493 +hardened-sources-2.6.11-r12.ebuild:
494 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
495 merges in genpatches-base
496
497 *hardened-sources-2.6.11-r12 (17 May 2005)
498
499 17 May 2005; John Mylchreest <johnm@gentoo.org>
500 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
501 +hardened-sources-2.6.11-r12.ebuild:
502 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
503 merges in genpatches-base
504
505 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
506 -files/2.4.27-cmdline-race.patch,
507 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
508 -files/2.4.28-grsec-binfmt_a.out.patch,
509 -files/2.4.28-grsec-cmdline-race.patch,
510 -files/2.4.28-selinux-binfmt_a.out.patch,
511 -files/2.4.28-selinux-cmdline-race.patch,
512 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
513 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
514 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
515 cleanup..
516
517 *hardened-sources-2.4.30-r1 (21 Apr 2005)
518
519 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
520 - disable aout by default
521
522 *hardened-sources-2.4.30 (18 Apr 2005)
523
524 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
525 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
526 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
527 use
528
529 *hardened-sources-2.4.29 (30 Mar 2005)
530
531 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
532 +hardened-sources-2.4.29.ebuild:
533 New hardened-patches-2.4-29.0 patchball.
534 Removed SELinux support, upgraded GRSecurity to 2.1.4.
535
536 *hardened-sources-2.4.28-r5 (06 Mar 2005)
537
538 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
539 +hardened-sources-2.4.28-r5.ebuild:
540 Added a fix for a PaX vulnerability.
541
542 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
543 hardened-sources-2.4.28-r4.ebuild:
544 Stable on x86
545
546 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
547 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
548 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
549 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
550 - fixed/added RDEPEND= in all kernel-2 ebuilds
551
552 *hardened-sources-2.4.28-r4 (21 Jan 2005)
553
554 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
555 +hardened-sources-2.4.28-r4.ebuild:
556 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
557 backport of neighbour hash updates.
558
559 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
560 hardened-sources-2.4.28-r3.ebuild:
561 Stable on x86
562
563 *hardened-sources-2.6.10-r3 (20 Jan 2005)
564
565 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
566 +hardened-sources-2.6.10-r3.ebuild:
567 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
568 in 2005.0
569
570 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
571 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
572 hardened-sources-2.4.28-r2.ebuild:
573 Mark stable on x86
574
575 *hardened-sources-2.4.28-r3 (17 Jan 2005)
576
577 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
578 +hardened-sources-2.4.28-r3.ebuild:
579 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
580
581 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
582 hardened-sources-2.4.28.ebuild:
583 Mark stable on x86.
584
585 *hardened-sources-2.4.28-r2 (13 Jan 2005)
586
587 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
588 +hardened-sources-2.4.28-r2.ebuild:
589 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
590 Mazinger for grsecurity patches as well.
591
592 *hardened-sources-2.4.28-r1 (23 Dec 2004)
593
594 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
595 Security bump. Thank tocharian for rolling a new patchset...
596
597 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
598 +files/2.4.28-grsec-cmdline-race.patch,
599 +files/2.4.28-selinux-binfmt_a.out.patch,
600 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
601 - Round up remaining security patches that appear to be missing in 2.4.28. -
602 PaX standalone updated to current. hgpv=28.1
603
604 *hardened-sources-2.4.28 (28 Nov 2004)
605
606 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
607 security bump. Thank tocharian for rolling a new patchset
608
609 *hardened-sources-2.4.27-r3 (08 Sep 2004)
610
611 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
612 +hardened-sources-2.4.27-r3.ebuild:
613 Applies the new 2.4-27.2 patchball which updates
614 GRSecurity to the 2.0.1 version.
615
616 *hardened-sources-2.4.27-r2 (31 Aug 2004)
617
618 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
619 +hardened-sources-2.4.27-r2.ebuild:
620 Version bump.
621 This version uses the new 2.4-27.1 patchball which updates
622 both the SELinux PaX hooks patch and the SELinux headers.
623
624 *hardened-sources-2.4.27-r1 (09 Aug 2004)
625
626 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
627 +hardened-sources-2.4.27-r1.ebuild,
628 -hardened-sources-2.4.27.ebuild,
629 +files/2.4.27-cmdline-race.patch:
630 Version bump, fix for cmdline race. See bug #59905.
631
632 *hardened-sources-2.4.26-r6 (09 Aug 2004)
633
634 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
635 +hardened-sources-2.4.26-r6.ebuild,
636 -hardened-sources-2.4.26-r5.ebuild,
637 -hardened-sources-2.4.26-r4.ebuild,
638 +files/2.4.26-cmdline-race.patch:
639 Version bump, fix for cmdline race. See bug #59905.
640
641 *hardened-sources-2.4.27 (08 Aug 2004)
642
643 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
644 +hardened-sources-2.4.27.ebuild,
645 +files/2.4.27-CAN-2004-0394.patch:
646 Ported the patchball to the 2.4.27 kernel version.
647
648 *hardened-sources-2.4.26-r5 (07 Aug 2004)
649
650 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
651 +hardened-sources-2.4.26-r5.ebuild:
652 Updated to use the new hardened-patches-2.4-26.1 patchball.
653 It adds the following features:
654 - Squashfs
655 - Ebtables
656 - Netdev random (core+drivers)
657 - Watchdog Timer (WDT) fix.
658
659 *hardened-sources-2.4.26-r4 (04 Aug 2004)
660
661 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
662 +hardened-sources-2.4.26-r4.ebuild,
663 +files/2.4.26-CAN-2004-0415.patch,
664 -hardened-sources-2.4.26-3:
665 Version bump, fix for CAN 0415, see bug #59378.
666
667 *hardened-sources-2.4.26-r3 (22 Jul 2004)
668
669 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
670 +hardened-sources-2.4.26-r3.ebuild,
671 +files/2.4.26-CAN-2004-0497.patch,
672 -hardened-sources-2.4.26-r2.ebuild:
673 Version bump, fixed CAN 0497, see bug #56171.
674
675 *hardened-sources-2.4.26-r2 (29 Jun 2004)
676
677 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
678 +hardened-sources-2.4.26-r2.ebuild,
679 +files/2.4.26-CAN-2004-0495.patch,
680 +files/2.4.26-CAN-2004-0535.patch,
681 -hardened-sources-2.4.26-r1.ebuild:
682 Fixes for both CAN 0495 and 0535, see bug #54976
683
684 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
685 hardened-sources-2.4.26-r1.ebuild:
686 QA - fix use invocation
687
688 *hardened-sources-2.4.26-r1 (22 June 2004)
689
690 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
691 +hardened-sources-2.4.26-r1.ebuild,
692 +files/2.4.26-CAN-2004-0394.patch,
693 +files/2.4.26-signal-race.patch,
694 -hardened-sources-2.4.26.ebuild,
695 -hardened-sources-2.4.24-r3.ebuild:
696 Version bump for the CAN-2004-0394 issue and bug #53804
697 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
698
699
700 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
701 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
702 Masked hardened-sources-2.4.26.ebuild broken for ppc
703
704 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
705 hardened-sources-2.4.24-r3.ebuild:
706 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
707
708 *hardened-sources-2.4.26 (29 May 2004)
709
710 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
711 +hardened-sources-2.4.26.ebuild:
712 Updated hardened-sources for the 2.4.26 kernel
713 Removed broken components, updated almost everything.
714
715 *hardened-sources-2.4.24-r3 (17 Apr 2004)
716
717 17 Apr 2004; <plasmaroo@gentoo.org>
718 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
719 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
720 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
721 +hardened-sources-2.4.24-r3.ebuild:
722 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
723 vulnerabilities. Old revisions removed.
724
725 *hardened-sources-2.4.24-r2 (15 Apr 2004)
726
727 15 Apr 2004; <plasmaroo@gentoo.org>
728 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
729 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
730 Version bump for the CAN-2004-0109 issue; bug #47881.
731
732 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
733 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
734 Add eutils to inherit.
735
736 *hardened-sources-2.4.24-r1 (19 Feb 2004)
737
738 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
739 files/hardened-sources-2.4.24.munmap.patch:
740 Added the patch for the mremap/munmap vulnerability. Bug #42024.
741
742 *hardened-sources-2.4.24 (06 Feb 2004)
743
744 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
745 hardened-sources-2.4.24.ebuild:
746 Version bump, updated most of the components.
747 This release includes the following:
748
749 - Hardened security
750 - Netfilter patch-o-matic 20031219
751 - FreeSWAN 2.04 & x509 1.4.8
752 - EVMS 2.2.2
753 - XFS 1.3.1
754 - cryptoloop jari
755 - grsecurity 2.0-rc4
756 - SELinux
757 - PaX 200402060000
758 - PaX Obscurity 200308302223
759 - Others...
760
761 Neither -ck nor systrace are included anymore.
762
763 *hardened-sources-2.4.22-r2 (05 Jan 2004)
764
765 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
766 hardened-sources-2.4.22-r2.ebuild:
767 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
768
769 *hardened-sources-2.4.22-r1 (02 Dec 2003)
770
771 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
772 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
773
774 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
775 hardened-sources-2.4.22-r1.ebuild:
776 Version bump for the 'do_brk' vulnerability.
777
778 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
779 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
780 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
781 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
782 Fix the 'do_brk' vulnerability.
783
784 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
785 hardened-sources-2.4.22.ebuild:
786 - Removed the src_install() portion for SELinux flask
787 components. These are no longer handled in the kernel
788 so this code was not necessary.
789
790 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
791 New 2.4.22 based hardened-sources thanks to
792 Phil West <p.west@computer.org>.
793
794 These sources include:
795 - New SELinux API
796 - Updated CK-base
797 - Updated GRSec
798 - Systrace
799 - SuperFreeS/WAN 1.99.8
800 - Propolice kernel build support
801 - EVMS
802 - Other various security related patches
803
804 *hardened-sources-2.4.21 (14 Sep 2003)
805
806 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
807 Updated hardened-sources based on the 2.4.21 Linux kernel.
808 This includes updates to most major components such as:
809 - ck-base-0306300059
810 - selinux-2.4-2003071106
811 - grsecurity-2.0-rc1
812 - Updated IPTables patch-o-matic
813 - Updated SuperFreeS/WAN
814
815 Thanks to Phil West <pwest@computer.org> for his work in getting this
816 updated patch set ready for the 2.4.21 based kernel.
817
818 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
819 Initial import of hardened-sources-2.4.20-r4. This revision
820 includes only a few changes, but one of these is an important
821 security fix. It is recommended all users of hardened-sources
822 upgrade to this release.
823
824 - ioperm bug fix
825 - fixed compilation failure when building without GRSec
826
827 SAL (Secure Auditing for Linux) is NOT included in this revision
828 due to time constraints, but is planned for inclusion in the near
829 future.
830
831 *hardened-sources-2.4.20-r2 (12 Jun 2003)
832
833 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
834 hardened-sources-2.4.20-r3.ebuild:
835 Add Header...
836
837 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
838 hardened-sources-2.4.20-r3.ebuild:
839 Removed warnings from ebuild. This kernel should be safe to
840 use at this point.
841
842 *hardened-sources-2.4.20-r3 (08 Jun 2003)
843
844 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
845 hardened-sources-2.4.20-r3.ebuild:
846 New revision. Includes the following changes over -r2:
847
848 - ck7-base (O(1), preempt, low latency)
849 - Super FreeS/WAN 1.99.7rc2
850 - PaX for the LSM/SELinux branch
851 - GRSecurity 2.0-pre4 (role based access control)
852 - Systrace 1.3
853 - EXT3 fixes
854 - EVMS 2.0.1
855 - GCC 3.1+ compile optimizations
856 - ProPolice kernel build support
857 - Hashing table security fixes
858
859 *hardened-sources-2.4.20-r1 (09 Apr 2003)
860
861 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
862 Initial import of hardened-sources-r2. This new
863 ebuild includes many new performance and security
864 related patches. As in -r1, it will patch in
865 LSM/SELinux if "selinux" is in USE, otherwise it
866 will patch in GRSecurity. The following patches
867 are included in this revision:
868
869 - O(1) Scheduler, Low Latency, and Preempt
870 (pulled from the base CK patch)
871 - ptrace exploit patch for the LSM kernel
872 (the GRSec patch already fixes this)
873 - LSM 2.4-2003040709
874 - SELinux 2.4-2003040709
875 - Systrace v1.2
876 - IPTables patch-o-matic base patches - 20030107
877 - CryptoAPI 2.4.20.1 w/ loop-jari patch
878 - Super FreeS/WAN 1.99.6.1
879 - GRSecurity 1.9.9g
880 - MPPE
881 - EXT3 data journal fix
882 - CIPE 1.5.4
883
884 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
885 hardened-sources-2.4.20-r1.ebuild, manifest:
886 Updated to install flask components correctly for selinux.
887
888 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
889 hardened-sources-2.4.20-r1.ebuild:
890 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
891 is patched in instead. Ptrace patches for selinux have also been added. In
892 either case, systrace support will be patched in as well.
893
894 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
895 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
896 Revision bump for new sources.
897
898 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
899 hardened-sources-2.4.20-r1.ebuild:
900 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
901
902 *hardened-sources-2.4.20 (30 Mar 2003)
903
904 30 Mar 2003; Joshua Brindle <method@gentoo.org>
905 hardened-sources-2.4.20.ebuild:
906 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20