| 1 |
# ChangeLog for sys-kernel/hardened-sources |
| 2 |
# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 |
| 3 |
# $Header: /home/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.23 2004/04/12 16:36:22 aliz Exp $ |
| 4 |
|
| 5 |
*hardened-sources-2.4.24-r2 (15 Apr 2004) |
| 6 |
|
| 7 |
15 Apr 2004; <plasmaroo@gentoo.org> |
| 8 |
+files/hardened-sources-2.4.24.CAN-2004-0109.patch, |
| 9 |
-hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild: |
| 10 |
Version bump for the CAN-2004-0109 issue; bug #47881. |
| 11 |
|
| 12 |
12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> |
| 13 |
hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild: |
| 14 |
Add eutils to inherit. |
| 15 |
|
| 16 |
*hardened-sources-2.4.24-r1 (19 Feb 2004) |
| 17 |
|
| 18 |
19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild, |
| 19 |
files/hardened-sources-2.4.24.munmap.patch: |
| 20 |
Added the patch for the mremap/munmap vulnerability. Bug #42024. |
| 21 |
|
| 22 |
*hardened-sources-2.4.24 (06 Feb 2004) |
| 23 |
06 Feb 2004; Andrea Luzzardi <scox@gentoo.org> |
| 24 |
hardened-sources-2.4.24.ebuild: |
| 25 |
Version bump, updated most of the components. |
| 26 |
This release includes the following: |
| 27 |
|
| 28 |
- Hardened security |
| 29 |
- Netfilter patch-o-matic 20031219 |
| 30 |
- FreeSWAN 2.04 & x509 1.4.8 |
| 31 |
- EVMS 2.2.2 |
| 32 |
- XFS 1.3.1 |
| 33 |
- cryptoloop jari |
| 34 |
- grsecurity 2.0-rc4 |
| 35 |
- SELinux |
| 36 |
- PaX 200402060000 |
| 37 |
- PaX Obscurity 200308302223 |
| 38 |
- Others... |
| 39 |
|
| 40 |
Neither -ck nor systrace are included anymore. |
| 41 |
|
| 42 |
*hardened-sources-2.4.22-r2 (05 Jan 2004) |
| 43 |
|
| 44 |
05 Jan 2004; Andrea Luzzardi <scox@gentoo.org> |
| 45 |
hardened-sources-2.4.22-r2.ebuild: |
| 46 |
Version bump for the 'mremap' and the 'rtc' vulnerabilities. |
| 47 |
|
| 48 |
*hardened-sources-2.4.22-r1 (02 Dec 2003) |
| 49 |
|
| 50 |
02 Dec 2003; Brian Jackson <iggy@gentoo.org> |
| 51 |
hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier. |
| 52 |
|
| 53 |
02 Dec 2003; Brian Jackson <iggy@gentoo.org> |
| 54 |
hardened-sources-2.4.22-r1.ebuild: |
| 55 |
Version bump for the 'do_brk' vulnerability. |
| 56 |
|
| 57 |
01 Dec 2003; Brian Jackson <iggy@gentoo.org> |
| 58 |
hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild, |
| 59 |
hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild, |
| 60 |
hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch: |
| 61 |
Fix the 'do_brk' vulnerability. |
| 62 |
|
| 63 |
03 Nov 2003; Matthew Rickard <frogger@gentoo.org> |
| 64 |
hardened-sources-2.4.22.ebuild: |
| 65 |
- Removed the src_install() portion for SELinux flask |
| 66 |
components. These are no longer handled in the kernel |
| 67 |
so this code was not necessary. |
| 68 |
|
| 69 |
29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild: |
| 70 |
New 2.4.22 based hardened-sources thanks to |
| 71 |
Phil West <p.west@computer.org>. |
| 72 |
|
| 73 |
These sources include: |
| 74 |
- New SELinux API |
| 75 |
- Updated CK-base |
| 76 |
- Updated GRSec |
| 77 |
- Systrace |
| 78 |
- SuperFreeS/WAN 1.99.8 |
| 79 |
- Propolice kernel build support |
| 80 |
- EVMS |
| 81 |
- Other various security related patches |
| 82 |
|
| 83 |
*hardened-sources-2.4.21 (14 Sep 2003) |
| 84 |
|
| 85 |
14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild: |
| 86 |
Updated hardened-sources based on the 2.4.21 Linux kernel. |
| 87 |
This includes updates to most major components such as: |
| 88 |
- ck-base-0306300059 |
| 89 |
- selinux-2.4-2003071106 |
| 90 |
- grsecurity-2.0-rc1 |
| 91 |
- Updated IPTables patch-o-matic |
| 92 |
- Updated SuperFreeS/WAN |
| 93 |
|
| 94 |
Thanks to Phil West <pwest@computer.org> for his work in getting this |
| 95 |
updated patch set ready for the 2.4.21 based kernel. |
| 96 |
|
| 97 |
16 Jun 2003; Matthew Rickard <frogger@gentoo.org> : |
| 98 |
Initial import of hardened-sources-2.4.20-r4. This revision |
| 99 |
includes only a few changes, but one of these is an important |
| 100 |
security fix. It is recommended all users of hardened-sources |
| 101 |
upgrade to this release. |
| 102 |
|
| 103 |
- ioperm bug fix |
| 104 |
- fixed compilation failure when building without GRSec |
| 105 |
|
| 106 |
SAL (Secure Auditing for Linux) is NOT included in this revision |
| 107 |
due to time constraints, but is planned for inclusion in the near |
| 108 |
future. |
| 109 |
|
| 110 |
*hardened-sources-2.4.20-r2 (12 Jun 2003) |
| 111 |
|
| 112 |
12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild, |
| 113 |
hardened-sources-2.4.20-r3.ebuild: |
| 114 |
Add Header... |
| 115 |
|
| 116 |
08 Jun 2003; Matthew Rickard <frogger@gentoo.org> |
| 117 |
hardened-sources-2.4.20-r3.ebuild: |
| 118 |
Removed warnings from ebuild. This kernel should be safe to |
| 119 |
use at this point. |
| 120 |
|
| 121 |
*hardened-sources-2.4.20-r3 (08 Jun 2003) |
| 122 |
|
| 123 |
08 Jun 2003; Matthew Rickard <frogger@gentoo.org> |
| 124 |
hardened-sources-2.4.20-r3.ebuild: |
| 125 |
New revision. Includes the following changes over -r2: |
| 126 |
|
| 127 |
- ck7-base (O(1), preempt, low latency) |
| 128 |
- Super FreeS/WAN 1.99.7rc2 |
| 129 |
- PaX for the LSM/SELinux branch |
| 130 |
- GRSecurity 2.0-pre4 (role based access control) |
| 131 |
- Systrace 1.3 |
| 132 |
- EXT3 fixes |
| 133 |
- EVMS 2.0.1 |
| 134 |
- GCC 3.1+ compile optimizations |
| 135 |
- ProPolice kernel build support |
| 136 |
- Hashing table security fixes |
| 137 |
|
| 138 |
*hardened-sources-2.4.20-r1 (09 Apr 2003) |
| 139 |
|
| 140 |
23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest: |
| 141 |
Initial import of hardened-sources-r2. This new |
| 142 |
ebuild includes many new performance and security |
| 143 |
related patches. As in -r1, it will patch in |
| 144 |
LSM/SELinux if "selinux" is in USE, otherwise it |
| 145 |
will patch in GRSecurity. The following patches |
| 146 |
are included in this revision: |
| 147 |
|
| 148 |
- O(1) Scheduler, Low Latency, and Preempt |
| 149 |
(pulled from the base CK patch) |
| 150 |
- ptrace exploit patch for the LSM kernel |
| 151 |
(the GRSec patch already fixes this) |
| 152 |
- LSM 2.4-2003040709 |
| 153 |
- SELinux 2.4-2003040709 |
| 154 |
- Systrace v1.2 |
| 155 |
- IPTables patch-o-matic base patches - 20030107 |
| 156 |
- CryptoAPI 2.4.20.1 w/ loop-jari patch |
| 157 |
- Super FreeS/WAN 1.99.6.1 |
| 158 |
- GRSecurity 1.9.9g |
| 159 |
- MPPE |
| 160 |
- EXT3 data journal fix |
| 161 |
- CIPE 1.5.4 |
| 162 |
|
| 163 |
12 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
| 164 |
hardened-sources-2.4.20-r1.ebuild, manifest: |
| 165 |
Updated to install flask components correctly for selinux. |
| 166 |
|
| 167 |
12 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
| 168 |
hardened-sources-2.4.20-r1.ebuild: |
| 169 |
LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity |
| 170 |
is patched in instead. Ptrace patches for selinux have also been added. In |
| 171 |
either case, systrace support will be patched in as well. |
| 172 |
|
| 173 |
09 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
| 174 |
hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest: |
| 175 |
Revision bump for new sources. |
| 176 |
|
| 177 |
09 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
| 178 |
hardened-sources-2.4.20-r1.ebuild: |
| 179 |
Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2. |
| 180 |
|
| 181 |
*hardened-sources-2.4.20 (30 Mar 2003) |
| 182 |
|
| 183 |
30 Mar 2003; Joshua Brindle <method@gentoo.org> |
| 184 |
hardened-sources-2.4.20.ebuild: |
| 185 |
Initial import, only has systrace support. |
Parent Directory
| 
Revision Log