/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.62 - (show annotations) (download)
Fri Sep 16 19:47:18 2005 UTC (9 years ago) by johnm
Branch: MAIN
Changes since 1.61: +9 -1 lines
2.6.13.1 with grsec testing patches. Lots of changes, to name a few big ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC users should test this thoroughly.
(Portage version: 2.0.52-r1)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.61 2005/07/02 00:30:56 solar Exp $
4
5 *hardened-sources-2.6.13 (16 Sep 2005)
6
7 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
8 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
9 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
10 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
11 users should test this thoroughly.
12
13 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
14 - stable on x86
15
16 *hardened-sources-2.6.11-r15 (27 Jun 2005)
17
18 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
19 +hardened-sources-2.6.11-r15.ebuild:
20 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
21 grsec redefining curr_ip struct.
22
23 *hardened-sources-2.4.31 (20 Jun 2005)
24
25 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
26 initial import of 2.4.31 tree
27
28 *hardened-sources-2.6.11-r14 (14 Jun 2005)
29
30 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
31 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
32 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
33 naming scheme to abide by genpatches
34
35 *hardened-sources-2.6.11-r13 (18 May 2005)
36
37 18 May 2005; John Mylchreest <johnm@gentoo.org>
38 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
39 Managed to mangle the Makefile patch from grsec, to miss out the grsec
40 target. sorry about that. Fixes bug #93022
41
42 *hardened-sources-2.6.11-r12 (17 May 2005)
43
44 17 May 2005; John Mylchreest <johnm@gentoo.org>
45 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
46 +hardened-sources-2.6.11-r12.ebuild:
47 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
48 merges in genpatches-base
49
50 *hardened-sources-2.6.11-r12 (17 May 2005)
51
52 17 May 2005; John Mylchreest <johnm@gentoo.org>
53 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
54 +hardened-sources-2.6.11-r12.ebuild:
55 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
56 merges in genpatches-base
57
58 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
59 -files/2.4.27-cmdline-race.patch,
60 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
61 -files/2.4.28-grsec-binfmt_a.out.patch,
62 -files/2.4.28-grsec-cmdline-race.patch,
63 -files/2.4.28-selinux-binfmt_a.out.patch,
64 -files/2.4.28-selinux-cmdline-race.patch,
65 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
66 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
67 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
68 cleanup..
69
70 *hardened-sources-2.4.30-r1 (21 Apr 2005)
71
72 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
73 - disable aout by default
74
75 *hardened-sources-2.4.30 (18 Apr 2005)
76
77 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
78 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
79 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
80 use
81
82 *hardened-sources-2.4.29 (30 Mar 2005)
83
84 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
85 +hardened-sources-2.4.29.ebuild:
86 New hardened-patches-2.4-29.0 patchball.
87 Removed SELinux support, upgraded GRSecurity to 2.1.4.
88
89 *hardened-sources-2.4.28-r5 (06 Mar 2005)
90
91 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
92 +hardened-sources-2.4.28-r5.ebuild:
93 Added a fix for a PaX vulnerability.
94
95 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
96 hardened-sources-2.4.28-r4.ebuild:
97 Stable on x86
98
99 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
100 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
101 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
102 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
103 - fixed/added RDEPEND= in all kernel-2 ebuilds
104
105 *hardened-sources-2.4.28-r4 (21 Jan 2005)
106
107 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
108 +hardened-sources-2.4.28-r4.ebuild:
109 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
110 backport of neighbour hash updates.
111
112 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
113 hardened-sources-2.4.28-r3.ebuild:
114 Stable on x86
115
116 *hardened-sources-2.6.10-r3 (20 Jan 2005)
117
118 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
119 +hardened-sources-2.6.10-r3.ebuild:
120 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
121 in 2005.0
122
123 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
124 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
125 hardened-sources-2.4.28-r2.ebuild:
126 Mark stable on x86
127
128 *hardened-sources-2.4.28-r3 (17 Jan 2005)
129
130 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
131 +hardened-sources-2.4.28-r3.ebuild:
132 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
133
134 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
135 hardened-sources-2.4.28.ebuild:
136 Mark stable on x86.
137
138 *hardened-sources-2.4.28-r2 (13 Jan 2005)
139
140 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
141 +hardened-sources-2.4.28-r2.ebuild:
142 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
143 Mazinger for grsecurity patches as well.
144
145 *hardened-sources-2.4.28-r1 (23 Dec 2004)
146
147 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
148 Security bump. Thank tocharian for rolling a new patchset...
149
150 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
151 +files/2.4.28-grsec-cmdline-race.patch,
152 +files/2.4.28-selinux-binfmt_a.out.patch,
153 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
154 - Round up remaining security patches that appear to be missing in 2.4.28. -
155 PaX standalone updated to current. hgpv=28.1
156
157 *hardened-sources-2.4.28 (28 Nov 2004)
158
159 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
160 security bump. Thank tocharian for rolling a new patchset
161
162 *hardened-sources-2.4.27-r3 (08 Sep 2004)
163
164 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
165 +hardened-sources-2.4.27-r3.ebuild:
166 Applies the new 2.4-27.2 patchball which updates
167 GRSecurity to the 2.0.1 version.
168
169 *hardened-sources-2.4.27-r2 (31 Aug 2004)
170
171 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
172 +hardened-sources-2.4.27-r2.ebuild:
173 Version bump.
174 This version uses the new 2.4-27.1 patchball which updates
175 both the SELinux PaX hooks patch and the SELinux headers.
176
177 *hardened-sources-2.4.27-r1 (09 Aug 2004)
178
179 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
180 +hardened-sources-2.4.27-r1.ebuild,
181 -hardened-sources-2.4.27.ebuild,
182 +files/2.4.27-cmdline-race.patch:
183 Version bump, fix for cmdline race. See bug #59905.
184
185 *hardened-sources-2.4.26-r6 (09 Aug 2004)
186
187 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
188 +hardened-sources-2.4.26-r6.ebuild,
189 -hardened-sources-2.4.26-r5.ebuild,
190 -hardened-sources-2.4.26-r4.ebuild,
191 +files/2.4.26-cmdline-race.patch:
192 Version bump, fix for cmdline race. See bug #59905.
193
194 *hardened-sources-2.4.27 (08 Aug 2004)
195
196 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
197 +hardened-sources-2.4.27.ebuild,
198 +files/2.4.27-CAN-2004-0394.patch:
199 Ported the patchball to the 2.4.27 kernel version.
200
201 *hardened-sources-2.4.26-r5 (07 Aug 2004)
202
203 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
204 +hardened-sources-2.4.26-r5.ebuild:
205 Updated to use the new hardened-patches-2.4-26.1 patchball.
206 It adds the following features:
207 - Squashfs
208 - Ebtables
209 - Netdev random (core+drivers)
210 - Watchdog Timer (WDT) fix.
211
212 *hardened-sources-2.4.26-r4 (04 Aug 2004)
213
214 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
215 +hardened-sources-2.4.26-r4.ebuild,
216 +files/2.4.26-CAN-2004-0415.patch,
217 -hardened-sources-2.4.26-3:
218 Version bump, fix for CAN 0415, see bug #59378.
219
220 *hardened-sources-2.4.26-r3 (22 Jul 2004)
221
222 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
223 +hardened-sources-2.4.26-r3.ebuild,
224 +files/2.4.26-CAN-2004-0497.patch,
225 -hardened-sources-2.4.26-r2.ebuild:
226 Version bump, fixed CAN 0497, see bug #56171.
227
228 *hardened-sources-2.4.26-r2 (29 Jun 2004)
229
230 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
231 +hardened-sources-2.4.26-r2.ebuild,
232 +files/2.4.26-CAN-2004-0495.patch,
233 +files/2.4.26-CAN-2004-0535.patch,
234 -hardened-sources-2.4.26-r1.ebuild:
235 Fixes for both CAN 0495 and 0535, see bug #54976
236
237 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
238 hardened-sources-2.4.26-r1.ebuild:
239 QA - fix use invocation
240
241 *hardened-sources-2.4.26-r1 (22 June 2004)
242
243 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
244 +hardened-sources-2.4.26-r1.ebuild,
245 +files/2.4.26-CAN-2004-0394.patch,
246 +files/2.4.26-signal-race.patch,
247 -hardened-sources-2.4.26.ebuild,
248 -hardened-sources-2.4.24-r3.ebuild:
249 Version bump for the CAN-2004-0394 issue and bug #53804
250 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
251
252
253 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
254 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
255 Masked hardened-sources-2.4.26.ebuild broken for ppc
256
257 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
258 hardened-sources-2.4.24-r3.ebuild:
259 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
260
261 *hardened-sources-2.4.26 (29 May 2004)
262
263 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
264 +hardened-sources-2.4.26.ebuild:
265 Updated hardened-sources for the 2.4.26 kernel
266 Removed broken components, updated almost everything.
267
268 *hardened-sources-2.4.24-r3 (17 Apr 2004)
269
270 17 Apr 2004; <plasmaroo@gentoo.org>
271 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
272 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
273 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
274 +hardened-sources-2.4.24-r3.ebuild:
275 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
276 vulnerabilities. Old revisions removed.
277
278 *hardened-sources-2.4.24-r2 (15 Apr 2004)
279
280 15 Apr 2004; <plasmaroo@gentoo.org>
281 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
282 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
283 Version bump for the CAN-2004-0109 issue; bug #47881.
284
285 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
286 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
287 Add eutils to inherit.
288
289 *hardened-sources-2.4.24-r1 (19 Feb 2004)
290
291 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
292 files/hardened-sources-2.4.24.munmap.patch:
293 Added the patch for the mremap/munmap vulnerability. Bug #42024.
294
295 *hardened-sources-2.4.24 (06 Feb 2004)
296
297 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
298 hardened-sources-2.4.24.ebuild:
299 Version bump, updated most of the components.
300 This release includes the following:
301
302 - Hardened security
303 - Netfilter patch-o-matic 20031219
304 - FreeSWAN 2.04 & x509 1.4.8
305 - EVMS 2.2.2
306 - XFS 1.3.1
307 - cryptoloop jari
308 - grsecurity 2.0-rc4
309 - SELinux
310 - PaX 200402060000
311 - PaX Obscurity 200308302223
312 - Others...
313
314 Neither -ck nor systrace are included anymore.
315
316 *hardened-sources-2.4.22-r2 (05 Jan 2004)
317
318 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
319 hardened-sources-2.4.22-r2.ebuild:
320 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
321
322 *hardened-sources-2.4.22-r1 (02 Dec 2003)
323
324 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
325 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
326
327 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
328 hardened-sources-2.4.22-r1.ebuild:
329 Version bump for the 'do_brk' vulnerability.
330
331 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
332 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
333 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
334 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
335 Fix the 'do_brk' vulnerability.
336
337 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
338 hardened-sources-2.4.22.ebuild:
339 - Removed the src_install() portion for SELinux flask
340 components. These are no longer handled in the kernel
341 so this code was not necessary.
342
343 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
344 New 2.4.22 based hardened-sources thanks to
345 Phil West <p.west@computer.org>.
346
347 These sources include:
348 - New SELinux API
349 - Updated CK-base
350 - Updated GRSec
351 - Systrace
352 - SuperFreeS/WAN 1.99.8
353 - Propolice kernel build support
354 - EVMS
355 - Other various security related patches
356
357 *hardened-sources-2.4.21 (14 Sep 2003)
358
359 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
360 Updated hardened-sources based on the 2.4.21 Linux kernel.
361 This includes updates to most major components such as:
362 - ck-base-0306300059
363 - selinux-2.4-2003071106
364 - grsecurity-2.0-rc1
365 - Updated IPTables patch-o-matic
366 - Updated SuperFreeS/WAN
367
368 Thanks to Phil West <pwest@computer.org> for his work in getting this
369 updated patch set ready for the 2.4.21 based kernel.
370
371 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
372 Initial import of hardened-sources-2.4.20-r4. This revision
373 includes only a few changes, but one of these is an important
374 security fix. It is recommended all users of hardened-sources
375 upgrade to this release.
376
377 - ioperm bug fix
378 - fixed compilation failure when building without GRSec
379
380 SAL (Secure Auditing for Linux) is NOT included in this revision
381 due to time constraints, but is planned for inclusion in the near
382 future.
383
384 *hardened-sources-2.4.20-r2 (12 Jun 2003)
385
386 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
387 hardened-sources-2.4.20-r3.ebuild:
388 Add Header...
389
390 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
391 hardened-sources-2.4.20-r3.ebuild:
392 Removed warnings from ebuild. This kernel should be safe to
393 use at this point.
394
395 *hardened-sources-2.4.20-r3 (08 Jun 2003)
396
397 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
398 hardened-sources-2.4.20-r3.ebuild:
399 New revision. Includes the following changes over -r2:
400
401 - ck7-base (O(1), preempt, low latency)
402 - Super FreeS/WAN 1.99.7rc2
403 - PaX for the LSM/SELinux branch
404 - GRSecurity 2.0-pre4 (role based access control)
405 - Systrace 1.3
406 - EXT3 fixes
407 - EVMS 2.0.1
408 - GCC 3.1+ compile optimizations
409 - ProPolice kernel build support
410 - Hashing table security fixes
411
412 *hardened-sources-2.4.20-r1 (09 Apr 2003)
413
414 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
415 Initial import of hardened-sources-r2. This new
416 ebuild includes many new performance and security
417 related patches. As in -r1, it will patch in
418 LSM/SELinux if "selinux" is in USE, otherwise it
419 will patch in GRSecurity. The following patches
420 are included in this revision:
421
422 - O(1) Scheduler, Low Latency, and Preempt
423 (pulled from the base CK patch)
424 - ptrace exploit patch for the LSM kernel
425 (the GRSec patch already fixes this)
426 - LSM 2.4-2003040709
427 - SELinux 2.4-2003040709
428 - Systrace v1.2
429 - IPTables patch-o-matic base patches - 20030107
430 - CryptoAPI 2.4.20.1 w/ loop-jari patch
431 - Super FreeS/WAN 1.99.6.1
432 - GRSecurity 1.9.9g
433 - MPPE
434 - EXT3 data journal fix
435 - CIPE 1.5.4
436
437 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
438 hardened-sources-2.4.20-r1.ebuild, manifest:
439 Updated to install flask components correctly for selinux.
440
441 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
442 hardened-sources-2.4.20-r1.ebuild:
443 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
444 is patched in instead. Ptrace patches for selinux have also been added. In
445 either case, systrace support will be patched in as well.
446
447 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
448 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
449 Revision bump for new sources.
450
451 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
452 hardened-sources-2.4.20-r1.ebuild:
453 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
454
455 *hardened-sources-2.4.20 (30 Mar 2003)
456
457 30 Mar 2003; Joshua Brindle <method@gentoo.org>
458 hardened-sources-2.4.20.ebuild:
459 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20