/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.63 - (show annotations) (download)
Mon Oct 17 16:25:19 2005 UTC (9 years, 1 month ago) by johnm
Branch: MAIN
Changes since 1.62: +8 -1 lines
Updating grsec to latest snapshot. Fixes some minor issues. Updating to 2.6.13.4, fixes some major amd64 stability problems.
(Portage version: 2.0.53_rc5)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.62 2005/09/16 19:47:18 johnm Exp $
4
5 *hardened-sources-2.6.13-r1 (17 Oct 2005)
6
7 17 Oct 2005; John Mylchreest <johnm@gentoo.org>
8 +hardened-sources-2.6.13-r1.ebuild:
9 Updating grsec to latest snapshot. Fixes some minor issues. Updating to
10 2.6.13.4, fixes some major amd64 stability problems.
11
12 *hardened-sources-2.6.13 (16 Sep 2005)
13
14 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
15 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
16 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
17 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
18 users should test this thoroughly.
19
20 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
21 - stable on x86
22
23 *hardened-sources-2.6.11-r15 (27 Jun 2005)
24
25 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
26 +hardened-sources-2.6.11-r15.ebuild:
27 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
28 grsec redefining curr_ip struct.
29
30 *hardened-sources-2.4.31 (20 Jun 2005)
31
32 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
33 initial import of 2.4.31 tree
34
35 *hardened-sources-2.6.11-r14 (14 Jun 2005)
36
37 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
38 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
39 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
40 naming scheme to abide by genpatches
41
42 *hardened-sources-2.6.11-r13 (18 May 2005)
43
44 18 May 2005; John Mylchreest <johnm@gentoo.org>
45 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
46 Managed to mangle the Makefile patch from grsec, to miss out the grsec
47 target. sorry about that. Fixes bug #93022
48
49 *hardened-sources-2.6.11-r12 (17 May 2005)
50
51 17 May 2005; John Mylchreest <johnm@gentoo.org>
52 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
53 +hardened-sources-2.6.11-r12.ebuild:
54 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
55 merges in genpatches-base
56
57 *hardened-sources-2.6.11-r12 (17 May 2005)
58
59 17 May 2005; John Mylchreest <johnm@gentoo.org>
60 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
61 +hardened-sources-2.6.11-r12.ebuild:
62 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
63 merges in genpatches-base
64
65 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
66 -files/2.4.27-cmdline-race.patch,
67 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
68 -files/2.4.28-grsec-binfmt_a.out.patch,
69 -files/2.4.28-grsec-cmdline-race.patch,
70 -files/2.4.28-selinux-binfmt_a.out.patch,
71 -files/2.4.28-selinux-cmdline-race.patch,
72 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
73 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
74 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
75 cleanup..
76
77 *hardened-sources-2.4.30-r1 (21 Apr 2005)
78
79 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
80 - disable aout by default
81
82 *hardened-sources-2.4.30 (18 Apr 2005)
83
84 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
85 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
86 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
87 use
88
89 *hardened-sources-2.4.29 (30 Mar 2005)
90
91 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
92 +hardened-sources-2.4.29.ebuild:
93 New hardened-patches-2.4-29.0 patchball.
94 Removed SELinux support, upgraded GRSecurity to 2.1.4.
95
96 *hardened-sources-2.4.28-r5 (06 Mar 2005)
97
98 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
99 +hardened-sources-2.4.28-r5.ebuild:
100 Added a fix for a PaX vulnerability.
101
102 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
103 hardened-sources-2.4.28-r4.ebuild:
104 Stable on x86
105
106 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
107 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
108 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
109 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
110 - fixed/added RDEPEND= in all kernel-2 ebuilds
111
112 *hardened-sources-2.4.28-r4 (21 Jan 2005)
113
114 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
115 +hardened-sources-2.4.28-r4.ebuild:
116 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
117 backport of neighbour hash updates.
118
119 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
120 hardened-sources-2.4.28-r3.ebuild:
121 Stable on x86
122
123 *hardened-sources-2.6.10-r3 (20 Jan 2005)
124
125 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
126 +hardened-sources-2.6.10-r3.ebuild:
127 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
128 in 2005.0
129
130 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
131 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
132 hardened-sources-2.4.28-r2.ebuild:
133 Mark stable on x86
134
135 *hardened-sources-2.4.28-r3 (17 Jan 2005)
136
137 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
138 +hardened-sources-2.4.28-r3.ebuild:
139 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
140
141 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
142 hardened-sources-2.4.28.ebuild:
143 Mark stable on x86.
144
145 *hardened-sources-2.4.28-r2 (13 Jan 2005)
146
147 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
148 +hardened-sources-2.4.28-r2.ebuild:
149 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
150 Mazinger for grsecurity patches as well.
151
152 *hardened-sources-2.4.28-r1 (23 Dec 2004)
153
154 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
155 Security bump. Thank tocharian for rolling a new patchset...
156
157 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
158 +files/2.4.28-grsec-cmdline-race.patch,
159 +files/2.4.28-selinux-binfmt_a.out.patch,
160 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
161 - Round up remaining security patches that appear to be missing in 2.4.28. -
162 PaX standalone updated to current. hgpv=28.1
163
164 *hardened-sources-2.4.28 (28 Nov 2004)
165
166 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
167 security bump. Thank tocharian for rolling a new patchset
168
169 *hardened-sources-2.4.27-r3 (08 Sep 2004)
170
171 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
172 +hardened-sources-2.4.27-r3.ebuild:
173 Applies the new 2.4-27.2 patchball which updates
174 GRSecurity to the 2.0.1 version.
175
176 *hardened-sources-2.4.27-r2 (31 Aug 2004)
177
178 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
179 +hardened-sources-2.4.27-r2.ebuild:
180 Version bump.
181 This version uses the new 2.4-27.1 patchball which updates
182 both the SELinux PaX hooks patch and the SELinux headers.
183
184 *hardened-sources-2.4.27-r1 (09 Aug 2004)
185
186 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
187 +hardened-sources-2.4.27-r1.ebuild,
188 -hardened-sources-2.4.27.ebuild,
189 +files/2.4.27-cmdline-race.patch:
190 Version bump, fix for cmdline race. See bug #59905.
191
192 *hardened-sources-2.4.26-r6 (09 Aug 2004)
193
194 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
195 +hardened-sources-2.4.26-r6.ebuild,
196 -hardened-sources-2.4.26-r5.ebuild,
197 -hardened-sources-2.4.26-r4.ebuild,
198 +files/2.4.26-cmdline-race.patch:
199 Version bump, fix for cmdline race. See bug #59905.
200
201 *hardened-sources-2.4.27 (08 Aug 2004)
202
203 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
204 +hardened-sources-2.4.27.ebuild,
205 +files/2.4.27-CAN-2004-0394.patch:
206 Ported the patchball to the 2.4.27 kernel version.
207
208 *hardened-sources-2.4.26-r5 (07 Aug 2004)
209
210 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
211 +hardened-sources-2.4.26-r5.ebuild:
212 Updated to use the new hardened-patches-2.4-26.1 patchball.
213 It adds the following features:
214 - Squashfs
215 - Ebtables
216 - Netdev random (core+drivers)
217 - Watchdog Timer (WDT) fix.
218
219 *hardened-sources-2.4.26-r4 (04 Aug 2004)
220
221 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
222 +hardened-sources-2.4.26-r4.ebuild,
223 +files/2.4.26-CAN-2004-0415.patch,
224 -hardened-sources-2.4.26-3:
225 Version bump, fix for CAN 0415, see bug #59378.
226
227 *hardened-sources-2.4.26-r3 (22 Jul 2004)
228
229 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
230 +hardened-sources-2.4.26-r3.ebuild,
231 +files/2.4.26-CAN-2004-0497.patch,
232 -hardened-sources-2.4.26-r2.ebuild:
233 Version bump, fixed CAN 0497, see bug #56171.
234
235 *hardened-sources-2.4.26-r2 (29 Jun 2004)
236
237 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
238 +hardened-sources-2.4.26-r2.ebuild,
239 +files/2.4.26-CAN-2004-0495.patch,
240 +files/2.4.26-CAN-2004-0535.patch,
241 -hardened-sources-2.4.26-r1.ebuild:
242 Fixes for both CAN 0495 and 0535, see bug #54976
243
244 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
245 hardened-sources-2.4.26-r1.ebuild:
246 QA - fix use invocation
247
248 *hardened-sources-2.4.26-r1 (22 June 2004)
249
250 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
251 +hardened-sources-2.4.26-r1.ebuild,
252 +files/2.4.26-CAN-2004-0394.patch,
253 +files/2.4.26-signal-race.patch,
254 -hardened-sources-2.4.26.ebuild,
255 -hardened-sources-2.4.24-r3.ebuild:
256 Version bump for the CAN-2004-0394 issue and bug #53804
257 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
258
259
260 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
261 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
262 Masked hardened-sources-2.4.26.ebuild broken for ppc
263
264 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
265 hardened-sources-2.4.24-r3.ebuild:
266 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
267
268 *hardened-sources-2.4.26 (29 May 2004)
269
270 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
271 +hardened-sources-2.4.26.ebuild:
272 Updated hardened-sources for the 2.4.26 kernel
273 Removed broken components, updated almost everything.
274
275 *hardened-sources-2.4.24-r3 (17 Apr 2004)
276
277 17 Apr 2004; <plasmaroo@gentoo.org>
278 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
279 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
280 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
281 +hardened-sources-2.4.24-r3.ebuild:
282 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
283 vulnerabilities. Old revisions removed.
284
285 *hardened-sources-2.4.24-r2 (15 Apr 2004)
286
287 15 Apr 2004; <plasmaroo@gentoo.org>
288 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
289 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
290 Version bump for the CAN-2004-0109 issue; bug #47881.
291
292 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
293 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
294 Add eutils to inherit.
295
296 *hardened-sources-2.4.24-r1 (19 Feb 2004)
297
298 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
299 files/hardened-sources-2.4.24.munmap.patch:
300 Added the patch for the mremap/munmap vulnerability. Bug #42024.
301
302 *hardened-sources-2.4.24 (06 Feb 2004)
303
304 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
305 hardened-sources-2.4.24.ebuild:
306 Version bump, updated most of the components.
307 This release includes the following:
308
309 - Hardened security
310 - Netfilter patch-o-matic 20031219
311 - FreeSWAN 2.04 & x509 1.4.8
312 - EVMS 2.2.2
313 - XFS 1.3.1
314 - cryptoloop jari
315 - grsecurity 2.0-rc4
316 - SELinux
317 - PaX 200402060000
318 - PaX Obscurity 200308302223
319 - Others...
320
321 Neither -ck nor systrace are included anymore.
322
323 *hardened-sources-2.4.22-r2 (05 Jan 2004)
324
325 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
326 hardened-sources-2.4.22-r2.ebuild:
327 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
328
329 *hardened-sources-2.4.22-r1 (02 Dec 2003)
330
331 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
332 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
333
334 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
335 hardened-sources-2.4.22-r1.ebuild:
336 Version bump for the 'do_brk' vulnerability.
337
338 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
339 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
340 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
341 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
342 Fix the 'do_brk' vulnerability.
343
344 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
345 hardened-sources-2.4.22.ebuild:
346 - Removed the src_install() portion for SELinux flask
347 components. These are no longer handled in the kernel
348 so this code was not necessary.
349
350 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
351 New 2.4.22 based hardened-sources thanks to
352 Phil West <p.west@computer.org>.
353
354 These sources include:
355 - New SELinux API
356 - Updated CK-base
357 - Updated GRSec
358 - Systrace
359 - SuperFreeS/WAN 1.99.8
360 - Propolice kernel build support
361 - EVMS
362 - Other various security related patches
363
364 *hardened-sources-2.4.21 (14 Sep 2003)
365
366 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
367 Updated hardened-sources based on the 2.4.21 Linux kernel.
368 This includes updates to most major components such as:
369 - ck-base-0306300059
370 - selinux-2.4-2003071106
371 - grsecurity-2.0-rc1
372 - Updated IPTables patch-o-matic
373 - Updated SuperFreeS/WAN
374
375 Thanks to Phil West <pwest@computer.org> for his work in getting this
376 updated patch set ready for the 2.4.21 based kernel.
377
378 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
379 Initial import of hardened-sources-2.4.20-r4. This revision
380 includes only a few changes, but one of these is an important
381 security fix. It is recommended all users of hardened-sources
382 upgrade to this release.
383
384 - ioperm bug fix
385 - fixed compilation failure when building without GRSec
386
387 SAL (Secure Auditing for Linux) is NOT included in this revision
388 due to time constraints, but is planned for inclusion in the near
389 future.
390
391 *hardened-sources-2.4.20-r2 (12 Jun 2003)
392
393 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
394 hardened-sources-2.4.20-r3.ebuild:
395 Add Header...
396
397 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
398 hardened-sources-2.4.20-r3.ebuild:
399 Removed warnings from ebuild. This kernel should be safe to
400 use at this point.
401
402 *hardened-sources-2.4.20-r3 (08 Jun 2003)
403
404 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
405 hardened-sources-2.4.20-r3.ebuild:
406 New revision. Includes the following changes over -r2:
407
408 - ck7-base (O(1), preempt, low latency)
409 - Super FreeS/WAN 1.99.7rc2
410 - PaX for the LSM/SELinux branch
411 - GRSecurity 2.0-pre4 (role based access control)
412 - Systrace 1.3
413 - EXT3 fixes
414 - EVMS 2.0.1
415 - GCC 3.1+ compile optimizations
416 - ProPolice kernel build support
417 - Hashing table security fixes
418
419 *hardened-sources-2.4.20-r1 (09 Apr 2003)
420
421 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
422 Initial import of hardened-sources-r2. This new
423 ebuild includes many new performance and security
424 related patches. As in -r1, it will patch in
425 LSM/SELinux if "selinux" is in USE, otherwise it
426 will patch in GRSecurity. The following patches
427 are included in this revision:
428
429 - O(1) Scheduler, Low Latency, and Preempt
430 (pulled from the base CK patch)
431 - ptrace exploit patch for the LSM kernel
432 (the GRSec patch already fixes this)
433 - LSM 2.4-2003040709
434 - SELinux 2.4-2003040709
435 - Systrace v1.2
436 - IPTables patch-o-matic base patches - 20030107
437 - CryptoAPI 2.4.20.1 w/ loop-jari patch
438 - Super FreeS/WAN 1.99.6.1
439 - GRSecurity 1.9.9g
440 - MPPE
441 - EXT3 data journal fix
442 - CIPE 1.5.4
443
444 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
445 hardened-sources-2.4.20-r1.ebuild, manifest:
446 Updated to install flask components correctly for selinux.
447
448 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
449 hardened-sources-2.4.20-r1.ebuild:
450 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
451 is patched in instead. Ptrace patches for selinux have also been added. In
452 either case, systrace support will be patched in as well.
453
454 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
455 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
456 Revision bump for new sources.
457
458 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
459 hardened-sources-2.4.20-r1.ebuild:
460 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
461
462 *hardened-sources-2.4.20 (30 Mar 2003)
463
464 30 Mar 2003; Joshua Brindle <method@gentoo.org>
465 hardened-sources-2.4.20.ebuild:
466 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20