/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.61 - (show annotations) (download)
Sat Jul 2 00:30:56 2005 UTC (9 years, 8 months ago) by solar
Branch: MAIN
Changes since 1.60: +4 -1 lines
- 2.4.31 stable on x86
(Portage version: 2.0.51.22-r1)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.60 2005/06/27 21:36:20 johnm Exp $
4
5 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
6 - stable on x86
7
8 *hardened-sources-2.6.11-r15 (27 Jun 2005)
9
10 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
11 +hardened-sources-2.6.11-r15.ebuild:
12 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
13 grsec redefining curr_ip struct.
14
15 *hardened-sources-2.4.31 (20 Jun 2005)
16
17 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
18 initial import of 2.4.31 tree
19
20 *hardened-sources-2.6.11-r14 (14 Jun 2005)
21
22 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
23 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
24 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
25 naming scheme to abide by genpatches
26
27 *hardened-sources-2.6.11-r13 (18 May 2005)
28
29 18 May 2005; John Mylchreest <johnm@gentoo.org>
30 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
31 Managed to mangle the Makefile patch from grsec, to miss out the grsec
32 target. sorry about that. Fixes bug #93022
33
34 *hardened-sources-2.6.11-r12 (17 May 2005)
35
36 17 May 2005; John Mylchreest <johnm@gentoo.org>
37 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
38 +hardened-sources-2.6.11-r12.ebuild:
39 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
40 merges in genpatches-base
41
42 *hardened-sources-2.6.11-r12 (17 May 2005)
43
44 17 May 2005; John Mylchreest <johnm@gentoo.org>
45 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
46 +hardened-sources-2.6.11-r12.ebuild:
47 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
48 merges in genpatches-base
49
50 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
51 -files/2.4.27-cmdline-race.patch,
52 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
53 -files/2.4.28-grsec-binfmt_a.out.patch,
54 -files/2.4.28-grsec-cmdline-race.patch,
55 -files/2.4.28-selinux-binfmt_a.out.patch,
56 -files/2.4.28-selinux-cmdline-race.patch,
57 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
58 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
59 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
60 cleanup..
61
62 *hardened-sources-2.4.30-r1 (21 Apr 2005)
63
64 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
65 - disable aout by default
66
67 *hardened-sources-2.4.30 (18 Apr 2005)
68
69 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
70 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
71 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
72 use
73
74 *hardened-sources-2.4.29 (30 Mar 2005)
75
76 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
77 +hardened-sources-2.4.29.ebuild:
78 New hardened-patches-2.4-29.0 patchball.
79 Removed SELinux support, upgraded GRSecurity to 2.1.4.
80
81 *hardened-sources-2.4.28-r5 (06 Mar 2005)
82
83 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
84 +hardened-sources-2.4.28-r5.ebuild:
85 Added a fix for a PaX vulnerability.
86
87 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
88 hardened-sources-2.4.28-r4.ebuild:
89 Stable on x86
90
91 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
92 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
93 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
94 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
95 - fixed/added RDEPEND= in all kernel-2 ebuilds
96
97 *hardened-sources-2.4.28-r4 (21 Jan 2005)
98
99 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
100 +hardened-sources-2.4.28-r4.ebuild:
101 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
102 backport of neighbour hash updates.
103
104 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
105 hardened-sources-2.4.28-r3.ebuild:
106 Stable on x86
107
108 *hardened-sources-2.6.10-r3 (20 Jan 2005)
109
110 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
111 +hardened-sources-2.6.10-r3.ebuild:
112 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
113 in 2005.0
114
115 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
116 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
117 hardened-sources-2.4.28-r2.ebuild:
118 Mark stable on x86
119
120 *hardened-sources-2.4.28-r3 (17 Jan 2005)
121
122 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
123 +hardened-sources-2.4.28-r3.ebuild:
124 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
125
126 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
127 hardened-sources-2.4.28.ebuild:
128 Mark stable on x86.
129
130 *hardened-sources-2.4.28-r2 (13 Jan 2005)
131
132 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
133 +hardened-sources-2.4.28-r2.ebuild:
134 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
135 Mazinger for grsecurity patches as well.
136
137 *hardened-sources-2.4.28-r1 (23 Dec 2004)
138
139 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
140 Security bump. Thank tocharian for rolling a new patchset...
141
142 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
143 +files/2.4.28-grsec-cmdline-race.patch,
144 +files/2.4.28-selinux-binfmt_a.out.patch,
145 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
146 - Round up remaining security patches that appear to be missing in 2.4.28. -
147 PaX standalone updated to current. hgpv=28.1
148
149 *hardened-sources-2.4.28 (28 Nov 2004)
150
151 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
152 security bump. Thank tocharian for rolling a new patchset
153
154 *hardened-sources-2.4.27-r3 (08 Sep 2004)
155
156 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
157 +hardened-sources-2.4.27-r3.ebuild:
158 Applies the new 2.4-27.2 patchball which updates
159 GRSecurity to the 2.0.1 version.
160
161 *hardened-sources-2.4.27-r2 (31 Aug 2004)
162
163 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
164 +hardened-sources-2.4.27-r2.ebuild:
165 Version bump.
166 This version uses the new 2.4-27.1 patchball which updates
167 both the SELinux PaX hooks patch and the SELinux headers.
168
169 *hardened-sources-2.4.27-r1 (09 Aug 2004)
170
171 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
172 +hardened-sources-2.4.27-r1.ebuild,
173 -hardened-sources-2.4.27.ebuild,
174 +files/2.4.27-cmdline-race.patch:
175 Version bump, fix for cmdline race. See bug #59905.
176
177 *hardened-sources-2.4.26-r6 (09 Aug 2004)
178
179 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
180 +hardened-sources-2.4.26-r6.ebuild,
181 -hardened-sources-2.4.26-r5.ebuild,
182 -hardened-sources-2.4.26-r4.ebuild,
183 +files/2.4.26-cmdline-race.patch:
184 Version bump, fix for cmdline race. See bug #59905.
185
186 *hardened-sources-2.4.27 (08 Aug 2004)
187
188 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
189 +hardened-sources-2.4.27.ebuild,
190 +files/2.4.27-CAN-2004-0394.patch:
191 Ported the patchball to the 2.4.27 kernel version.
192
193 *hardened-sources-2.4.26-r5 (07 Aug 2004)
194
195 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
196 +hardened-sources-2.4.26-r5.ebuild:
197 Updated to use the new hardened-patches-2.4-26.1 patchball.
198 It adds the following features:
199 - Squashfs
200 - Ebtables
201 - Netdev random (core+drivers)
202 - Watchdog Timer (WDT) fix.
203
204 *hardened-sources-2.4.26-r4 (04 Aug 2004)
205
206 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
207 +hardened-sources-2.4.26-r4.ebuild,
208 +files/2.4.26-CAN-2004-0415.patch,
209 -hardened-sources-2.4.26-3:
210 Version bump, fix for CAN 0415, see bug #59378.
211
212 *hardened-sources-2.4.26-r3 (22 Jul 2004)
213
214 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
215 +hardened-sources-2.4.26-r3.ebuild,
216 +files/2.4.26-CAN-2004-0497.patch,
217 -hardened-sources-2.4.26-r2.ebuild:
218 Version bump, fixed CAN 0497, see bug #56171.
219
220 *hardened-sources-2.4.26-r2 (29 Jun 2004)
221
222 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
223 +hardened-sources-2.4.26-r2.ebuild,
224 +files/2.4.26-CAN-2004-0495.patch,
225 +files/2.4.26-CAN-2004-0535.patch,
226 -hardened-sources-2.4.26-r1.ebuild:
227 Fixes for both CAN 0495 and 0535, see bug #54976
228
229 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
230 hardened-sources-2.4.26-r1.ebuild:
231 QA - fix use invocation
232
233 *hardened-sources-2.4.26-r1 (22 June 2004)
234
235 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
236 +hardened-sources-2.4.26-r1.ebuild,
237 +files/2.4.26-CAN-2004-0394.patch,
238 +files/2.4.26-signal-race.patch,
239 -hardened-sources-2.4.26.ebuild,
240 -hardened-sources-2.4.24-r3.ebuild:
241 Version bump for the CAN-2004-0394 issue and bug #53804
242 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
243
244
245 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
246 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
247 Masked hardened-sources-2.4.26.ebuild broken for ppc
248
249 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
250 hardened-sources-2.4.24-r3.ebuild:
251 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
252
253 *hardened-sources-2.4.26 (29 May 2004)
254
255 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
256 +hardened-sources-2.4.26.ebuild:
257 Updated hardened-sources for the 2.4.26 kernel
258 Removed broken components, updated almost everything.
259
260 *hardened-sources-2.4.24-r3 (17 Apr 2004)
261
262 17 Apr 2004; <plasmaroo@gentoo.org>
263 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
264 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
265 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
266 +hardened-sources-2.4.24-r3.ebuild:
267 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
268 vulnerabilities. Old revisions removed.
269
270 *hardened-sources-2.4.24-r2 (15 Apr 2004)
271
272 15 Apr 2004; <plasmaroo@gentoo.org>
273 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
274 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
275 Version bump for the CAN-2004-0109 issue; bug #47881.
276
277 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
278 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
279 Add eutils to inherit.
280
281 *hardened-sources-2.4.24-r1 (19 Feb 2004)
282
283 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
284 files/hardened-sources-2.4.24.munmap.patch:
285 Added the patch for the mremap/munmap vulnerability. Bug #42024.
286
287 *hardened-sources-2.4.24 (06 Feb 2004)
288
289 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
290 hardened-sources-2.4.24.ebuild:
291 Version bump, updated most of the components.
292 This release includes the following:
293
294 - Hardened security
295 - Netfilter patch-o-matic 20031219
296 - FreeSWAN 2.04 & x509 1.4.8
297 - EVMS 2.2.2
298 - XFS 1.3.1
299 - cryptoloop jari
300 - grsecurity 2.0-rc4
301 - SELinux
302 - PaX 200402060000
303 - PaX Obscurity 200308302223
304 - Others...
305
306 Neither -ck nor systrace are included anymore.
307
308 *hardened-sources-2.4.22-r2 (05 Jan 2004)
309
310 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
311 hardened-sources-2.4.22-r2.ebuild:
312 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
313
314 *hardened-sources-2.4.22-r1 (02 Dec 2003)
315
316 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
317 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
318
319 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
320 hardened-sources-2.4.22-r1.ebuild:
321 Version bump for the 'do_brk' vulnerability.
322
323 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
324 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
325 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
326 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
327 Fix the 'do_brk' vulnerability.
328
329 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
330 hardened-sources-2.4.22.ebuild:
331 - Removed the src_install() portion for SELinux flask
332 components. These are no longer handled in the kernel
333 so this code was not necessary.
334
335 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
336 New 2.4.22 based hardened-sources thanks to
337 Phil West <p.west@computer.org>.
338
339 These sources include:
340 - New SELinux API
341 - Updated CK-base
342 - Updated GRSec
343 - Systrace
344 - SuperFreeS/WAN 1.99.8
345 - Propolice kernel build support
346 - EVMS
347 - Other various security related patches
348
349 *hardened-sources-2.4.21 (14 Sep 2003)
350
351 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
352 Updated hardened-sources based on the 2.4.21 Linux kernel.
353 This includes updates to most major components such as:
354 - ck-base-0306300059
355 - selinux-2.4-2003071106
356 - grsecurity-2.0-rc1
357 - Updated IPTables patch-o-matic
358 - Updated SuperFreeS/WAN
359
360 Thanks to Phil West <pwest@computer.org> for his work in getting this
361 updated patch set ready for the 2.4.21 based kernel.
362
363 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
364 Initial import of hardened-sources-2.4.20-r4. This revision
365 includes only a few changes, but one of these is an important
366 security fix. It is recommended all users of hardened-sources
367 upgrade to this release.
368
369 - ioperm bug fix
370 - fixed compilation failure when building without GRSec
371
372 SAL (Secure Auditing for Linux) is NOT included in this revision
373 due to time constraints, but is planned for inclusion in the near
374 future.
375
376 *hardened-sources-2.4.20-r2 (12 Jun 2003)
377
378 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
379 hardened-sources-2.4.20-r3.ebuild:
380 Add Header...
381
382 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
383 hardened-sources-2.4.20-r3.ebuild:
384 Removed warnings from ebuild. This kernel should be safe to
385 use at this point.
386
387 *hardened-sources-2.4.20-r3 (08 Jun 2003)
388
389 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
390 hardened-sources-2.4.20-r3.ebuild:
391 New revision. Includes the following changes over -r2:
392
393 - ck7-base (O(1), preempt, low latency)
394 - Super FreeS/WAN 1.99.7rc2
395 - PaX for the LSM/SELinux branch
396 - GRSecurity 2.0-pre4 (role based access control)
397 - Systrace 1.3
398 - EXT3 fixes
399 - EVMS 2.0.1
400 - GCC 3.1+ compile optimizations
401 - ProPolice kernel build support
402 - Hashing table security fixes
403
404 *hardened-sources-2.4.20-r1 (09 Apr 2003)
405
406 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
407 Initial import of hardened-sources-r2. This new
408 ebuild includes many new performance and security
409 related patches. As in -r1, it will patch in
410 LSM/SELinux if "selinux" is in USE, otherwise it
411 will patch in GRSecurity. The following patches
412 are included in this revision:
413
414 - O(1) Scheduler, Low Latency, and Preempt
415 (pulled from the base CK patch)
416 - ptrace exploit patch for the LSM kernel
417 (the GRSec patch already fixes this)
418 - LSM 2.4-2003040709
419 - SELinux 2.4-2003040709
420 - Systrace v1.2
421 - IPTables patch-o-matic base patches - 20030107
422 - CryptoAPI 2.4.20.1 w/ loop-jari patch
423 - Super FreeS/WAN 1.99.6.1
424 - GRSecurity 1.9.9g
425 - MPPE
426 - EXT3 data journal fix
427 - CIPE 1.5.4
428
429 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
430 hardened-sources-2.4.20-r1.ebuild, manifest:
431 Updated to install flask components correctly for selinux.
432
433 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
434 hardened-sources-2.4.20-r1.ebuild:
435 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
436 is patched in instead. Ptrace patches for selinux have also been added. In
437 either case, systrace support will be patched in as well.
438
439 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
440 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
441 Revision bump for new sources.
442
443 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
444 hardened-sources-2.4.20-r1.ebuild:
445 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
446
447 *hardened-sources-2.4.20 (30 Mar 2003)
448
449 30 Mar 2003; Joshua Brindle <method@gentoo.org>
450 hardened-sources-2.4.20.ebuild:
451 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20