/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.64 - (show annotations) (download)
Thu Oct 20 18:58:32 2005 UTC (8 years, 10 months ago) by johnm
Branch: MAIN
Changes since 1.63: +8 -1 lines
Fixes minor build error in ppc.
(Portage version: 2.0.53_rc6)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.63 2005/10/17 16:25:19 johnm Exp $
4
5 *hardened-sources-2.6.13-r2 (20 Oct 2005)
6
7 20 Oct 2005; John Mylchreest <johnm@gentoo.org>
8 -hardened-sources-2.6.13.ebuild, -hardened-sources-2.6.13-r1.ebuild,
9 +hardened-sources-2.6.13-r2.ebuild:
10 Fixes minor build error in ppc.
11
12 *hardened-sources-2.6.13-r1 (17 Oct 2005)
13
14 17 Oct 2005; John Mylchreest <johnm@gentoo.org>
15 +hardened-sources-2.6.13-r1.ebuild:
16 Updating grsec to latest snapshot. Fixes some minor issues. Updating to
17 2.6.13.4, fixes some major amd64 stability problems.
18
19 *hardened-sources-2.6.13 (16 Sep 2005)
20
21 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
22 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
23 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
24 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
25 users should test this thoroughly.
26
27 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
28 - stable on x86
29
30 *hardened-sources-2.6.11-r15 (27 Jun 2005)
31
32 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
33 +hardened-sources-2.6.11-r15.ebuild:
34 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
35 grsec redefining curr_ip struct.
36
37 *hardened-sources-2.4.31 (20 Jun 2005)
38
39 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
40 initial import of 2.4.31 tree
41
42 *hardened-sources-2.6.11-r14 (14 Jun 2005)
43
44 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
45 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
46 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
47 naming scheme to abide by genpatches
48
49 *hardened-sources-2.6.11-r13 (18 May 2005)
50
51 18 May 2005; John Mylchreest <johnm@gentoo.org>
52 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
53 Managed to mangle the Makefile patch from grsec, to miss out the grsec
54 target. sorry about that. Fixes bug #93022
55
56 *hardened-sources-2.6.11-r12 (17 May 2005)
57
58 17 May 2005; John Mylchreest <johnm@gentoo.org>
59 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
60 +hardened-sources-2.6.11-r12.ebuild:
61 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
62 merges in genpatches-base
63
64 *hardened-sources-2.6.11-r12 (17 May 2005)
65
66 17 May 2005; John Mylchreest <johnm@gentoo.org>
67 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
68 +hardened-sources-2.6.11-r12.ebuild:
69 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
70 merges in genpatches-base
71
72 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
73 -files/2.4.27-cmdline-race.patch,
74 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
75 -files/2.4.28-grsec-binfmt_a.out.patch,
76 -files/2.4.28-grsec-cmdline-race.patch,
77 -files/2.4.28-selinux-binfmt_a.out.patch,
78 -files/2.4.28-selinux-cmdline-race.patch,
79 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
80 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
81 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
82 cleanup..
83
84 *hardened-sources-2.4.30-r1 (21 Apr 2005)
85
86 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
87 - disable aout by default
88
89 *hardened-sources-2.4.30 (18 Apr 2005)
90
91 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
92 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
93 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
94 use
95
96 *hardened-sources-2.4.29 (30 Mar 2005)
97
98 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
99 +hardened-sources-2.4.29.ebuild:
100 New hardened-patches-2.4-29.0 patchball.
101 Removed SELinux support, upgraded GRSecurity to 2.1.4.
102
103 *hardened-sources-2.4.28-r5 (06 Mar 2005)
104
105 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
106 +hardened-sources-2.4.28-r5.ebuild:
107 Added a fix for a PaX vulnerability.
108
109 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
110 hardened-sources-2.4.28-r4.ebuild:
111 Stable on x86
112
113 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
114 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
115 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
116 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
117 - fixed/added RDEPEND= in all kernel-2 ebuilds
118
119 *hardened-sources-2.4.28-r4 (21 Jan 2005)
120
121 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
122 +hardened-sources-2.4.28-r4.ebuild:
123 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
124 backport of neighbour hash updates.
125
126 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
127 hardened-sources-2.4.28-r3.ebuild:
128 Stable on x86
129
130 *hardened-sources-2.6.10-r3 (20 Jan 2005)
131
132 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
133 +hardened-sources-2.6.10-r3.ebuild:
134 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
135 in 2005.0
136
137 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
138 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
139 hardened-sources-2.4.28-r2.ebuild:
140 Mark stable on x86
141
142 *hardened-sources-2.4.28-r3 (17 Jan 2005)
143
144 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
145 +hardened-sources-2.4.28-r3.ebuild:
146 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
147
148 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
149 hardened-sources-2.4.28.ebuild:
150 Mark stable on x86.
151
152 *hardened-sources-2.4.28-r2 (13 Jan 2005)
153
154 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
155 +hardened-sources-2.4.28-r2.ebuild:
156 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
157 Mazinger for grsecurity patches as well.
158
159 *hardened-sources-2.4.28-r1 (23 Dec 2004)
160
161 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
162 Security bump. Thank tocharian for rolling a new patchset...
163
164 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
165 +files/2.4.28-grsec-cmdline-race.patch,
166 +files/2.4.28-selinux-binfmt_a.out.patch,
167 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
168 - Round up remaining security patches that appear to be missing in 2.4.28. -
169 PaX standalone updated to current. hgpv=28.1
170
171 *hardened-sources-2.4.28 (28 Nov 2004)
172
173 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
174 security bump. Thank tocharian for rolling a new patchset
175
176 *hardened-sources-2.4.27-r3 (08 Sep 2004)
177
178 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
179 +hardened-sources-2.4.27-r3.ebuild:
180 Applies the new 2.4-27.2 patchball which updates
181 GRSecurity to the 2.0.1 version.
182
183 *hardened-sources-2.4.27-r2 (31 Aug 2004)
184
185 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
186 +hardened-sources-2.4.27-r2.ebuild:
187 Version bump.
188 This version uses the new 2.4-27.1 patchball which updates
189 both the SELinux PaX hooks patch and the SELinux headers.
190
191 *hardened-sources-2.4.27-r1 (09 Aug 2004)
192
193 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
194 +hardened-sources-2.4.27-r1.ebuild,
195 -hardened-sources-2.4.27.ebuild,
196 +files/2.4.27-cmdline-race.patch:
197 Version bump, fix for cmdline race. See bug #59905.
198
199 *hardened-sources-2.4.26-r6 (09 Aug 2004)
200
201 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
202 +hardened-sources-2.4.26-r6.ebuild,
203 -hardened-sources-2.4.26-r5.ebuild,
204 -hardened-sources-2.4.26-r4.ebuild,
205 +files/2.4.26-cmdline-race.patch:
206 Version bump, fix for cmdline race. See bug #59905.
207
208 *hardened-sources-2.4.27 (08 Aug 2004)
209
210 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
211 +hardened-sources-2.4.27.ebuild,
212 +files/2.4.27-CAN-2004-0394.patch:
213 Ported the patchball to the 2.4.27 kernel version.
214
215 *hardened-sources-2.4.26-r5 (07 Aug 2004)
216
217 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
218 +hardened-sources-2.4.26-r5.ebuild:
219 Updated to use the new hardened-patches-2.4-26.1 patchball.
220 It adds the following features:
221 - Squashfs
222 - Ebtables
223 - Netdev random (core+drivers)
224 - Watchdog Timer (WDT) fix.
225
226 *hardened-sources-2.4.26-r4 (04 Aug 2004)
227
228 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
229 +hardened-sources-2.4.26-r4.ebuild,
230 +files/2.4.26-CAN-2004-0415.patch,
231 -hardened-sources-2.4.26-3:
232 Version bump, fix for CAN 0415, see bug #59378.
233
234 *hardened-sources-2.4.26-r3 (22 Jul 2004)
235
236 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
237 +hardened-sources-2.4.26-r3.ebuild,
238 +files/2.4.26-CAN-2004-0497.patch,
239 -hardened-sources-2.4.26-r2.ebuild:
240 Version bump, fixed CAN 0497, see bug #56171.
241
242 *hardened-sources-2.4.26-r2 (29 Jun 2004)
243
244 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
245 +hardened-sources-2.4.26-r2.ebuild,
246 +files/2.4.26-CAN-2004-0495.patch,
247 +files/2.4.26-CAN-2004-0535.patch,
248 -hardened-sources-2.4.26-r1.ebuild:
249 Fixes for both CAN 0495 and 0535, see bug #54976
250
251 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
252 hardened-sources-2.4.26-r1.ebuild:
253 QA - fix use invocation
254
255 *hardened-sources-2.4.26-r1 (22 June 2004)
256
257 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
258 +hardened-sources-2.4.26-r1.ebuild,
259 +files/2.4.26-CAN-2004-0394.patch,
260 +files/2.4.26-signal-race.patch,
261 -hardened-sources-2.4.26.ebuild,
262 -hardened-sources-2.4.24-r3.ebuild:
263 Version bump for the CAN-2004-0394 issue and bug #53804
264 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
265
266
267 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
268 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
269 Masked hardened-sources-2.4.26.ebuild broken for ppc
270
271 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
272 hardened-sources-2.4.24-r3.ebuild:
273 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
274
275 *hardened-sources-2.4.26 (29 May 2004)
276
277 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
278 +hardened-sources-2.4.26.ebuild:
279 Updated hardened-sources for the 2.4.26 kernel
280 Removed broken components, updated almost everything.
281
282 *hardened-sources-2.4.24-r3 (17 Apr 2004)
283
284 17 Apr 2004; <plasmaroo@gentoo.org>
285 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
286 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
287 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
288 +hardened-sources-2.4.24-r3.ebuild:
289 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
290 vulnerabilities. Old revisions removed.
291
292 *hardened-sources-2.4.24-r2 (15 Apr 2004)
293
294 15 Apr 2004; <plasmaroo@gentoo.org>
295 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
296 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
297 Version bump for the CAN-2004-0109 issue; bug #47881.
298
299 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
300 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
301 Add eutils to inherit.
302
303 *hardened-sources-2.4.24-r1 (19 Feb 2004)
304
305 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
306 files/hardened-sources-2.4.24.munmap.patch:
307 Added the patch for the mremap/munmap vulnerability. Bug #42024.
308
309 *hardened-sources-2.4.24 (06 Feb 2004)
310
311 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
312 hardened-sources-2.4.24.ebuild:
313 Version bump, updated most of the components.
314 This release includes the following:
315
316 - Hardened security
317 - Netfilter patch-o-matic 20031219
318 - FreeSWAN 2.04 & x509 1.4.8
319 - EVMS 2.2.2
320 - XFS 1.3.1
321 - cryptoloop jari
322 - grsecurity 2.0-rc4
323 - SELinux
324 - PaX 200402060000
325 - PaX Obscurity 200308302223
326 - Others...
327
328 Neither -ck nor systrace are included anymore.
329
330 *hardened-sources-2.4.22-r2 (05 Jan 2004)
331
332 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
333 hardened-sources-2.4.22-r2.ebuild:
334 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
335
336 *hardened-sources-2.4.22-r1 (02 Dec 2003)
337
338 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
339 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
340
341 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
342 hardened-sources-2.4.22-r1.ebuild:
343 Version bump for the 'do_brk' vulnerability.
344
345 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
346 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
347 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
348 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
349 Fix the 'do_brk' vulnerability.
350
351 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
352 hardened-sources-2.4.22.ebuild:
353 - Removed the src_install() portion for SELinux flask
354 components. These are no longer handled in the kernel
355 so this code was not necessary.
356
357 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
358 New 2.4.22 based hardened-sources thanks to
359 Phil West <p.west@computer.org>.
360
361 These sources include:
362 - New SELinux API
363 - Updated CK-base
364 - Updated GRSec
365 - Systrace
366 - SuperFreeS/WAN 1.99.8
367 - Propolice kernel build support
368 - EVMS
369 - Other various security related patches
370
371 *hardened-sources-2.4.21 (14 Sep 2003)
372
373 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
374 Updated hardened-sources based on the 2.4.21 Linux kernel.
375 This includes updates to most major components such as:
376 - ck-base-0306300059
377 - selinux-2.4-2003071106
378 - grsecurity-2.0-rc1
379 - Updated IPTables patch-o-matic
380 - Updated SuperFreeS/WAN
381
382 Thanks to Phil West <pwest@computer.org> for his work in getting this
383 updated patch set ready for the 2.4.21 based kernel.
384
385 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
386 Initial import of hardened-sources-2.4.20-r4. This revision
387 includes only a few changes, but one of these is an important
388 security fix. It is recommended all users of hardened-sources
389 upgrade to this release.
390
391 - ioperm bug fix
392 - fixed compilation failure when building without GRSec
393
394 SAL (Secure Auditing for Linux) is NOT included in this revision
395 due to time constraints, but is planned for inclusion in the near
396 future.
397
398 *hardened-sources-2.4.20-r2 (12 Jun 2003)
399
400 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
401 hardened-sources-2.4.20-r3.ebuild:
402 Add Header...
403
404 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
405 hardened-sources-2.4.20-r3.ebuild:
406 Removed warnings from ebuild. This kernel should be safe to
407 use at this point.
408
409 *hardened-sources-2.4.20-r3 (08 Jun 2003)
410
411 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
412 hardened-sources-2.4.20-r3.ebuild:
413 New revision. Includes the following changes over -r2:
414
415 - ck7-base (O(1), preempt, low latency)
416 - Super FreeS/WAN 1.99.7rc2
417 - PaX for the LSM/SELinux branch
418 - GRSecurity 2.0-pre4 (role based access control)
419 - Systrace 1.3
420 - EXT3 fixes
421 - EVMS 2.0.1
422 - GCC 3.1+ compile optimizations
423 - ProPolice kernel build support
424 - Hashing table security fixes
425
426 *hardened-sources-2.4.20-r1 (09 Apr 2003)
427
428 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
429 Initial import of hardened-sources-r2. This new
430 ebuild includes many new performance and security
431 related patches. As in -r1, it will patch in
432 LSM/SELinux if "selinux" is in USE, otherwise it
433 will patch in GRSecurity. The following patches
434 are included in this revision:
435
436 - O(1) Scheduler, Low Latency, and Preempt
437 (pulled from the base CK patch)
438 - ptrace exploit patch for the LSM kernel
439 (the GRSec patch already fixes this)
440 - LSM 2.4-2003040709
441 - SELinux 2.4-2003040709
442 - Systrace v1.2
443 - IPTables patch-o-matic base patches - 20030107
444 - CryptoAPI 2.4.20.1 w/ loop-jari patch
445 - Super FreeS/WAN 1.99.6.1
446 - GRSecurity 1.9.9g
447 - MPPE
448 - EXT3 data journal fix
449 - CIPE 1.5.4
450
451 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
452 hardened-sources-2.4.20-r1.ebuild, manifest:
453 Updated to install flask components correctly for selinux.
454
455 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
456 hardened-sources-2.4.20-r1.ebuild:
457 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
458 is patched in instead. Ptrace patches for selinux have also been added. In
459 either case, systrace support will be patched in as well.
460
461 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
462 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
463 Revision bump for new sources.
464
465 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
466 hardened-sources-2.4.20-r1.ebuild:
467 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
468
469 *hardened-sources-2.4.20 (30 Mar 2003)
470
471 30 Mar 2003; Joshua Brindle <method@gentoo.org>
472 hardened-sources-2.4.20.ebuild:
473 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20