/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.57 - (show annotations) (download)
Wed May 18 08:53:59 2005 UTC (9 years, 3 months ago) by johnm
Branch: MAIN
Changes since 1.56: +8 -1 lines
Managed to mangle the Makefile patch from grsec, to miss out the grsec target. sorry about that. Fixes bug #93022

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.56 2005/05/17 19:28:04 johnm Exp $
4
5 *hardened-sources-2.6.11-r13 (18 May 2005)
6
7 18 May 2005; John Mylchreest <johnm@gentoo.org>
8 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
9 Managed to mangle the Makefile patch from grsec, to miss out the grsec
10 target. sorry about that. Fixes bug #93022
11
12 *hardened-sources-2.6.11-r12 (17 May 2005)
13
14 17 May 2005; John Mylchreest <johnm@gentoo.org>
15 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
16 +hardened-sources-2.6.11-r12.ebuild:
17 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
18 merges in genpatches-base
19
20 *hardened-sources-2.6.11-r12 (17 May 2005)
21
22 17 May 2005; John Mylchreest <johnm@gentoo.org>
23 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
24 +hardened-sources-2.6.11-r12.ebuild:
25 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
26 merges in genpatches-base
27
28 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
29 -files/2.4.27-cmdline-race.patch,
30 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
31 -files/2.4.28-grsec-binfmt_a.out.patch,
32 -files/2.4.28-grsec-cmdline-race.patch,
33 -files/2.4.28-selinux-binfmt_a.out.patch,
34 -files/2.4.28-selinux-cmdline-race.patch,
35 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
36 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
37 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
38 cleanup..
39
40 *hardened-sources-2.4.30-r1 (21 Apr 2005)
41
42 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
43 - disable aout by default
44
45 *hardened-sources-2.4.30 (18 Apr 2005)
46
47 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
48 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
49 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
50 use
51
52 *hardened-sources-2.4.29 (30 Mar 2005)
53
54 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
55 +hardened-sources-2.4.29.ebuild:
56 New hardened-patches-2.4-29.0 patchball.
57 Removed SELinux support, upgraded GRSecurity to 2.1.4.
58
59 *hardened-sources-2.4.28-r5 (06 Mar 2005)
60
61 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
62 +hardened-sources-2.4.28-r5.ebuild:
63 Added a fix for a PaX vulnerability.
64
65 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
66 hardened-sources-2.4.28-r4.ebuild:
67 Stable on x86
68
69 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
70 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
71 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
72 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
73 - fixed/added RDEPEND= in all kernel-2 ebuilds
74
75 *hardened-sources-2.4.28-r4 (21 Jan 2005)
76
77 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
78 +hardened-sources-2.4.28-r4.ebuild:
79 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
80 backport of neighbour hash updates.
81
82 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
83 hardened-sources-2.4.28-r3.ebuild:
84 Stable on x86
85
86 *hardened-sources-2.6.10-r3 (20 Jan 2005)
87
88 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
89 +hardened-sources-2.6.10-r3.ebuild:
90 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
91 in 2005.0
92
93 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
94 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
95 hardened-sources-2.4.28-r2.ebuild:
96 Mark stable on x86
97
98 *hardened-sources-2.4.28-r3 (17 Jan 2005)
99
100 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
101 +hardened-sources-2.4.28-r3.ebuild:
102 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
103
104 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
105 hardened-sources-2.4.28.ebuild:
106 Mark stable on x86.
107
108 *hardened-sources-2.4.28-r2 (13 Jan 2005)
109
110 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
111 +hardened-sources-2.4.28-r2.ebuild:
112 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
113 Mazinger for grsecurity patches as well.
114
115 *hardened-sources-2.4.28-r1 (23 Dec 2004)
116
117 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
118 Security bump. Thank tocharian for rolling a new patchset...
119
120 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
121 +files/2.4.28-grsec-cmdline-race.patch,
122 +files/2.4.28-selinux-binfmt_a.out.patch,
123 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
124 - Round up remaining security patches that appear to be missing in 2.4.28. -
125 PaX standalone updated to current. hgpv=28.1
126
127 *hardened-sources-2.4.28 (28 Nov 2004)
128
129 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
130 security bump. Thank tocharian for rolling a new patchset
131
132 *hardened-sources-2.4.27-r3 (08 Sep 2004)
133
134 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
135 +hardened-sources-2.4.27-r3.ebuild:
136 Applies the new 2.4-27.2 patchball which updates
137 GRSecurity to the 2.0.1 version.
138
139 *hardened-sources-2.4.27-r2 (31 Aug 2004)
140
141 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
142 +hardened-sources-2.4.27-r2.ebuild:
143 Version bump.
144 This version uses the new 2.4-27.1 patchball which updates
145 both the SELinux PaX hooks patch and the SELinux headers.
146
147 *hardened-sources-2.4.27-r1 (09 Aug 2004)
148
149 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
150 +hardened-sources-2.4.27-r1.ebuild,
151 -hardened-sources-2.4.27.ebuild,
152 +files/2.4.27-cmdline-race.patch:
153 Version bump, fix for cmdline race. See bug #59905.
154
155 *hardened-sources-2.4.26-r6 (09 Aug 2004)
156
157 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
158 +hardened-sources-2.4.26-r6.ebuild,
159 -hardened-sources-2.4.26-r5.ebuild,
160 -hardened-sources-2.4.26-r4.ebuild,
161 +files/2.4.26-cmdline-race.patch:
162 Version bump, fix for cmdline race. See bug #59905.
163
164 *hardened-sources-2.4.27 (08 Aug 2004)
165
166 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
167 +hardened-sources-2.4.27.ebuild,
168 +files/2.4.27-CAN-2004-0394.patch:
169 Ported the patchball to the 2.4.27 kernel version.
170
171 *hardened-sources-2.4.26-r5 (07 Aug 2004)
172
173 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
174 +hardened-sources-2.4.26-r5.ebuild:
175 Updated to use the new hardened-patches-2.4-26.1 patchball.
176 It adds the following features:
177 - Squashfs
178 - Ebtables
179 - Netdev random (core+drivers)
180 - Watchdog Timer (WDT) fix.
181
182 *hardened-sources-2.4.26-r4 (04 Aug 2004)
183
184 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
185 +hardened-sources-2.4.26-r4.ebuild,
186 +files/2.4.26-CAN-2004-0415.patch,
187 -hardened-sources-2.4.26-3:
188 Version bump, fix for CAN 0415, see bug #59378.
189
190 *hardened-sources-2.4.26-r3 (22 Jul 2004)
191
192 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
193 +hardened-sources-2.4.26-r3.ebuild,
194 +files/2.4.26-CAN-2004-0497.patch,
195 -hardened-sources-2.4.26-r2.ebuild:
196 Version bump, fixed CAN 0497, see bug #56171.
197
198 *hardened-sources-2.4.26-r2 (29 Jun 2004)
199
200 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
201 +hardened-sources-2.4.26-r2.ebuild,
202 +files/2.4.26-CAN-2004-0495.patch,
203 +files/2.4.26-CAN-2004-0535.patch,
204 -hardened-sources-2.4.26-r1.ebuild:
205 Fixes for both CAN 0495 and 0535, see bug #54976
206
207 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
208 hardened-sources-2.4.26-r1.ebuild:
209 QA - fix use invocation
210
211 *hardened-sources-2.4.26-r1 (22 June 2004)
212
213 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
214 +hardened-sources-2.4.26-r1.ebuild,
215 +files/2.4.26-CAN-2004-0394.patch,
216 +files/2.4.26-signal-race.patch,
217 -hardened-sources-2.4.26.ebuild,
218 -hardened-sources-2.4.24-r3.ebuild:
219 Version bump for the CAN-2004-0394 issue and bug #53804
220 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
221
222
223 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
224 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
225 Masked hardened-sources-2.4.26.ebuild broken for ppc
226
227 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
228 hardened-sources-2.4.24-r3.ebuild:
229 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
230
231 *hardened-sources-2.4.26 (29 May 2004)
232
233 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
234 +hardened-sources-2.4.26.ebuild:
235 Updated hardened-sources for the 2.4.26 kernel
236 Removed broken components, updated almost everything.
237
238 *hardened-sources-2.4.24-r3 (17 Apr 2004)
239
240 17 Apr 2004; <plasmaroo@gentoo.org>
241 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
242 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
243 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
244 +hardened-sources-2.4.24-r3.ebuild:
245 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
246 vulnerabilities. Old revisions removed.
247
248 *hardened-sources-2.4.24-r2 (15 Apr 2004)
249
250 15 Apr 2004; <plasmaroo@gentoo.org>
251 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
252 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
253 Version bump for the CAN-2004-0109 issue; bug #47881.
254
255 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
256 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
257 Add eutils to inherit.
258
259 *hardened-sources-2.4.24-r1 (19 Feb 2004)
260
261 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
262 files/hardened-sources-2.4.24.munmap.patch:
263 Added the patch for the mremap/munmap vulnerability. Bug #42024.
264
265 *hardened-sources-2.4.24 (06 Feb 2004)
266
267 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
268 hardened-sources-2.4.24.ebuild:
269 Version bump, updated most of the components.
270 This release includes the following:
271
272 - Hardened security
273 - Netfilter patch-o-matic 20031219
274 - FreeSWAN 2.04 & x509 1.4.8
275 - EVMS 2.2.2
276 - XFS 1.3.1
277 - cryptoloop jari
278 - grsecurity 2.0-rc4
279 - SELinux
280 - PaX 200402060000
281 - PaX Obscurity 200308302223
282 - Others...
283
284 Neither -ck nor systrace are included anymore.
285
286 *hardened-sources-2.4.22-r2 (05 Jan 2004)
287
288 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
289 hardened-sources-2.4.22-r2.ebuild:
290 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
291
292 *hardened-sources-2.4.22-r1 (02 Dec 2003)
293
294 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
295 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
296
297 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
298 hardened-sources-2.4.22-r1.ebuild:
299 Version bump for the 'do_brk' vulnerability.
300
301 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
302 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
303 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
304 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
305 Fix the 'do_brk' vulnerability.
306
307 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
308 hardened-sources-2.4.22.ebuild:
309 - Removed the src_install() portion for SELinux flask
310 components. These are no longer handled in the kernel
311 so this code was not necessary.
312
313 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
314 New 2.4.22 based hardened-sources thanks to
315 Phil West <p.west@computer.org>.
316
317 These sources include:
318 - New SELinux API
319 - Updated CK-base
320 - Updated GRSec
321 - Systrace
322 - SuperFreeS/WAN 1.99.8
323 - Propolice kernel build support
324 - EVMS
325 - Other various security related patches
326
327 *hardened-sources-2.4.21 (14 Sep 2003)
328
329 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
330 Updated hardened-sources based on the 2.4.21 Linux kernel.
331 This includes updates to most major components such as:
332 - ck-base-0306300059
333 - selinux-2.4-2003071106
334 - grsecurity-2.0-rc1
335 - Updated IPTables patch-o-matic
336 - Updated SuperFreeS/WAN
337
338 Thanks to Phil West <pwest@computer.org> for his work in getting this
339 updated patch set ready for the 2.4.21 based kernel.
340
341 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
342 Initial import of hardened-sources-2.4.20-r4. This revision
343 includes only a few changes, but one of these is an important
344 security fix. It is recommended all users of hardened-sources
345 upgrade to this release.
346
347 - ioperm bug fix
348 - fixed compilation failure when building without GRSec
349
350 SAL (Secure Auditing for Linux) is NOT included in this revision
351 due to time constraints, but is planned for inclusion in the near
352 future.
353
354 *hardened-sources-2.4.20-r2 (12 Jun 2003)
355
356 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
357 hardened-sources-2.4.20-r3.ebuild:
358 Add Header...
359
360 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
361 hardened-sources-2.4.20-r3.ebuild:
362 Removed warnings from ebuild. This kernel should be safe to
363 use at this point.
364
365 *hardened-sources-2.4.20-r3 (08 Jun 2003)
366
367 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
368 hardened-sources-2.4.20-r3.ebuild:
369 New revision. Includes the following changes over -r2:
370
371 - ck7-base (O(1), preempt, low latency)
372 - Super FreeS/WAN 1.99.7rc2
373 - PaX for the LSM/SELinux branch
374 - GRSecurity 2.0-pre4 (role based access control)
375 - Systrace 1.3
376 - EXT3 fixes
377 - EVMS 2.0.1
378 - GCC 3.1+ compile optimizations
379 - ProPolice kernel build support
380 - Hashing table security fixes
381
382 *hardened-sources-2.4.20-r1 (09 Apr 2003)
383
384 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
385 Initial import of hardened-sources-r2. This new
386 ebuild includes many new performance and security
387 related patches. As in -r1, it will patch in
388 LSM/SELinux if "selinux" is in USE, otherwise it
389 will patch in GRSecurity. The following patches
390 are included in this revision:
391
392 - O(1) Scheduler, Low Latency, and Preempt
393 (pulled from the base CK patch)
394 - ptrace exploit patch for the LSM kernel
395 (the GRSec patch already fixes this)
396 - LSM 2.4-2003040709
397 - SELinux 2.4-2003040709
398 - Systrace v1.2
399 - IPTables patch-o-matic base patches - 20030107
400 - CryptoAPI 2.4.20.1 w/ loop-jari patch
401 - Super FreeS/WAN 1.99.6.1
402 - GRSecurity 1.9.9g
403 - MPPE
404 - EXT3 data journal fix
405 - CIPE 1.5.4
406
407 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
408 hardened-sources-2.4.20-r1.ebuild, manifest:
409 Updated to install flask components correctly for selinux.
410
411 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
412 hardened-sources-2.4.20-r1.ebuild:
413 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
414 is patched in instead. Ptrace patches for selinux have also been added. In
415 either case, systrace support will be patched in as well.
416
417 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
418 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
419 Revision bump for new sources.
420
421 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
422 hardened-sources-2.4.20-r1.ebuild:
423 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
424
425 *hardened-sources-2.4.20 (30 Mar 2003)
426
427 30 Mar 2003; Joshua Brindle <method@gentoo.org>
428 hardened-sources-2.4.20.ebuild:
429 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20