/[gentoo-x86]/sys-kernel/hardened-sources/ChangeLog
Gentoo

Contents of /sys-kernel/hardened-sources/ChangeLog

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.65 - (show annotations) (download)
Mon Nov 14 20:18:19 2005 UTC (8 years, 7 months ago) by johnm
Branch: MAIN
Changes since 1.64: +7 -1 lines
Bumping 2.6 series to 2.6.14.2, please be aware of new RBAC changes and a new gradm is required.
(Portage version: 2.0.53_rc7)

1 # ChangeLog for sys-kernel/hardened-sources
2 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
3 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.64 2005/10/20 18:58:32 johnm Exp $
4
5 *hardened-sources-2.6.14 (14 Nov 2005)
6
7 14 Nov 2005; John Mylchreest <johnm@gentoo.org>
8 -hardened-sources-2.6.13-r2.ebuild, +hardened-sources-2.6.14.ebuild:
9 Bumping 2.6 series to 2.6.14.2
10
11 *hardened-sources-2.6.13-r2 (20 Oct 2005)
12
13 20 Oct 2005; John Mylchreest <johnm@gentoo.org>
14 -hardened-sources-2.6.13.ebuild, -hardened-sources-2.6.13-r1.ebuild,
15 +hardened-sources-2.6.13-r2.ebuild:
16 Fixes minor build error in ppc.
17
18 *hardened-sources-2.6.13-r1 (17 Oct 2005)
19
20 17 Oct 2005; John Mylchreest <johnm@gentoo.org>
21 +hardened-sources-2.6.13-r1.ebuild:
22 Updating grsec to latest snapshot. Fixes some minor issues. Updating to
23 2.6.13.4, fixes some major amd64 stability problems.
24
25 *hardened-sources-2.6.13 (16 Sep 2005)
26
27 16 Sep 2005; John Mylchreest <johnm@gentoo.org>
28 -hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild:
29 2.6.13.1 with grsec testing patches. Lots of changes, to name a few big
30 ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC
31 users should test this thoroughly.
32
33 01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild:
34 - stable on x86
35
36 *hardened-sources-2.6.11-r15 (27 Jun 2005)
37
38 27 Jun 2005; John Mylchreest <johnm@gentoo.org>
39 +hardened-sources-2.6.11-r15.ebuild:
40 Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with
41 grsec redefining curr_ip struct.
42
43 *hardened-sources-2.4.31 (20 Jun 2005)
44
45 20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild:
46 initial import of 2.4.31 tree
47
48 *hardened-sources-2.6.11-r14 (14 Jun 2005)
49
50 14 Jun 2005; John Mylchreest <johnm@gentoo.org>
51 -hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild:
52 Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring
53 naming scheme to abide by genpatches
54
55 *hardened-sources-2.6.11-r13 (18 May 2005)
56
57 18 May 2005; John Mylchreest <johnm@gentoo.org>
58 -hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild:
59 Managed to mangle the Makefile patch from grsec, to miss out the grsec
60 target. sorry about that. Fixes bug #93022
61
62 *hardened-sources-2.6.11-r12 (17 May 2005)
63
64 17 May 2005; John Mylchreest <johnm@gentoo.org>
65 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
66 +hardened-sources-2.6.11-r12.ebuild:
67 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
68 merges in genpatches-base
69
70 *hardened-sources-2.6.11-r12 (17 May 2005)
71
72 17 May 2005; John Mylchreest <johnm@gentoo.org>
73 -hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild,
74 +hardened-sources-2.6.11-r12.ebuild:
75 Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also
76 merges in genpatches-base
77
78 29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch,
79 -files/2.4.27-cmdline-race.patch,
80 -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch,
81 -files/2.4.28-grsec-binfmt_a.out.patch,
82 -files/2.4.28-grsec-cmdline-race.patch,
83 -files/2.4.28-selinux-binfmt_a.out.patch,
84 -files/2.4.28-selinux-cmdline-race.patch,
85 -hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild,
86 hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild:
87 - mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir
88 cleanup..
89
90 *hardened-sources-2.4.30-r1 (21 Apr 2005)
91
92 21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild:
93 - disable aout by default
94
95 *hardened-sources-2.4.30 (18 Apr 2005)
96
97 18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild:
98 - 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29
99 and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded
100 use
101
102 *hardened-sources-2.4.29 (30 Mar 2005)
103
104 30 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
105 +hardened-sources-2.4.29.ebuild:
106 New hardened-patches-2.4-29.0 patchball.
107 Removed SELinux support, upgraded GRSecurity to 2.1.4.
108
109 *hardened-sources-2.4.28-r5 (06 Mar 2005)
110
111 06 Mar 2005; Andrea Luzzardi <scox@gentoo.org>
112 +hardened-sources-2.4.28-r5.ebuild:
113 Added a fix for a PaX vulnerability.
114
115 26 Jan 2005; Adam Mondl <tocharian@gentoo.org>
116 hardened-sources-2.4.28-r4.ebuild:
117 Stable on x86
118
119 23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild,
120 hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild,
121 hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild,
122 hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild:
123 - fixed/added RDEPEND= in all kernel-2 ebuilds
124
125 *hardened-sources-2.4.28-r4 (21 Jan 2005)
126
127 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
128 +hardened-sources-2.4.28-r4.ebuild:
129 Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4
130 backport of neighbour hash updates.
131
132 21 Jan 2005; Adam Mondl <tocharian@gentoo.org>
133 hardened-sources-2.4.28-r3.ebuild:
134 Stable on x86
135
136 *hardened-sources-2.6.10-r3 (20 Jan 2005)
137
138 20 Jan 2005; Brandon Hale <tseng@gentoo.org>
139 +hardened-sources-2.6.10-r3.ebuild:
140 Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge
141 in 2005.0
142
143 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
144 -hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild,
145 hardened-sources-2.4.28-r2.ebuild:
146 Mark stable on x86
147
148 *hardened-sources-2.4.28-r3 (17 Jan 2005)
149
150 17 Jan 2005; Adam Mondl <tocharian@gentoo.org>
151 +hardened-sources-2.4.28-r3.ebuild:
152 Fix SMP page fault handler vuln, and update device-mapper and evms patches.
153
154 14 Jan 2005; Adam Mondl <tocharian@gentoo.org>
155 hardened-sources-2.4.28.ebuild:
156 Mark stable on x86.
157
158 *hardened-sources-2.4.28-r2 (13 Jan 2005)
159
160 13 Jan 2005; Adam Mondl <tocharian@gentoo.org>
161 +hardened-sources-2.4.28-r2.ebuild:
162 Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S.
163 Mazinger for grsecurity patches as well.
164
165 *hardened-sources-2.4.28-r1 (23 Dec 2004)
166
167 23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild:
168 Security bump. Thank tocharian for rolling a new patchset...
169
170 28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch,
171 +files/2.4.28-grsec-cmdline-race.patch,
172 +files/2.4.28-selinux-binfmt_a.out.patch,
173 +files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild:
174 - Round up remaining security patches that appear to be missing in 2.4.28. -
175 PaX standalone updated to current. hgpv=28.1
176
177 *hardened-sources-2.4.28 (28 Nov 2004)
178
179 28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild:
180 security bump. Thank tocharian for rolling a new patchset
181
182 *hardened-sources-2.4.27-r3 (08 Sep 2004)
183
184 08 Sep 2004; Andrea Luzzardi <scox@gentoo.org>
185 +hardened-sources-2.4.27-r3.ebuild:
186 Applies the new 2.4-27.2 patchball which updates
187 GRSecurity to the 2.0.1 version.
188
189 *hardened-sources-2.4.27-r2 (31 Aug 2004)
190
191 31 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
192 +hardened-sources-2.4.27-r2.ebuild:
193 Version bump.
194 This version uses the new 2.4-27.1 patchball which updates
195 both the SELinux PaX hooks patch and the SELinux headers.
196
197 *hardened-sources-2.4.27-r1 (09 Aug 2004)
198
199 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
200 +hardened-sources-2.4.27-r1.ebuild,
201 -hardened-sources-2.4.27.ebuild,
202 +files/2.4.27-cmdline-race.patch:
203 Version bump, fix for cmdline race. See bug #59905.
204
205 *hardened-sources-2.4.26-r6 (09 Aug 2004)
206
207 09 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
208 +hardened-sources-2.4.26-r6.ebuild,
209 -hardened-sources-2.4.26-r5.ebuild,
210 -hardened-sources-2.4.26-r4.ebuild,
211 +files/2.4.26-cmdline-race.patch:
212 Version bump, fix for cmdline race. See bug #59905.
213
214 *hardened-sources-2.4.27 (08 Aug 2004)
215
216 08 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
217 +hardened-sources-2.4.27.ebuild,
218 +files/2.4.27-CAN-2004-0394.patch:
219 Ported the patchball to the 2.4.27 kernel version.
220
221 *hardened-sources-2.4.26-r5 (07 Aug 2004)
222
223 07 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
224 +hardened-sources-2.4.26-r5.ebuild:
225 Updated to use the new hardened-patches-2.4-26.1 patchball.
226 It adds the following features:
227 - Squashfs
228 - Ebtables
229 - Netdev random (core+drivers)
230 - Watchdog Timer (WDT) fix.
231
232 *hardened-sources-2.4.26-r4 (04 Aug 2004)
233
234 04 Aug 2004; Andrea Luzzardi <scox@gentoo.org>
235 +hardened-sources-2.4.26-r4.ebuild,
236 +files/2.4.26-CAN-2004-0415.patch,
237 -hardened-sources-2.4.26-3:
238 Version bump, fix for CAN 0415, see bug #59378.
239
240 *hardened-sources-2.4.26-r3 (22 Jul 2004)
241
242 22 Jul 2004; Andrea Luzzardi <scox@gentoo.org>
243 +hardened-sources-2.4.26-r3.ebuild,
244 +files/2.4.26-CAN-2004-0497.patch,
245 -hardened-sources-2.4.26-r2.ebuild:
246 Version bump, fixed CAN 0497, see bug #56171.
247
248 *hardened-sources-2.4.26-r2 (29 Jun 2004)
249
250 29 Jun 2004; Andrea Luzzardi <scox@gentoo.org>
251 +hardened-sources-2.4.26-r2.ebuild,
252 +files/2.4.26-CAN-2004-0495.patch,
253 +files/2.4.26-CAN-2004-0535.patch,
254 -hardened-sources-2.4.26-r1.ebuild:
255 Fixes for both CAN 0495 and 0535, see bug #54976
256
257 23 Jun 2004; Aron Griffis <agriffis@gentoo.org>
258 hardened-sources-2.4.26-r1.ebuild:
259 QA - fix use invocation
260
261 *hardened-sources-2.4.26-r1 (22 June 2004)
262
263 22 June 2004; Andrea Luzzardi <scox@gentoo.org>
264 +hardened-sources-2.4.26-r1.ebuild,
265 +files/2.4.26-CAN-2004-0394.patch,
266 +files/2.4.26-signal-race.patch,
267 -hardened-sources-2.4.26.ebuild,
268 -hardened-sources-2.4.24-r3.ebuild:
269 Version bump for the CAN-2004-0394 issue and bug #53804
270 Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3
271
272
273 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
274 hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild:
275 Masked hardened-sources-2.4.26.ebuild broken for ppc
276
277 31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
278 hardened-sources-2.4.24-r3.ebuild:
279 Masked hardened-sources-2.4.24-r3.ebuild broken for ppc
280
281 *hardened-sources-2.4.26 (29 May 2004)
282
283 29 May 2004; Andrea Luzzardi <scox@gentoo.org>
284 +hardened-sources-2.4.26.ebuild:
285 Updated hardened-sources for the 2.4.26 kernel
286 Removed broken components, updated almost everything.
287
288 *hardened-sources-2.4.24-r3 (17 Apr 2004)
289
290 17 Apr 2004; <plasmaroo@gentoo.org>
291 +files/hardened-sources-2.4.24.CAN-2004-0010.patch,
292 +files/hardened-sources-2.4.24.CAN-2004-0177.patch,
293 +files/hardened-sources-2.4.24.CAN-2004-0178.patch,
294 +hardened-sources-2.4.24-r3.ebuild:
295 Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178
296 vulnerabilities. Old revisions removed.
297
298 *hardened-sources-2.4.24-r2 (15 Apr 2004)
299
300 15 Apr 2004; <plasmaroo@gentoo.org>
301 +files/hardened-sources-2.4.24.CAN-2004-0109.patch,
302 -hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild:
303 Version bump for the CAN-2004-0109 issue; bug #47881.
304
305 12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
306 hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild:
307 Add eutils to inherit.
308
309 *hardened-sources-2.4.24-r1 (19 Feb 2004)
310
311 19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild,
312 files/hardened-sources-2.4.24.munmap.patch:
313 Added the patch for the mremap/munmap vulnerability. Bug #42024.
314
315 *hardened-sources-2.4.24 (06 Feb 2004)
316
317 06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
318 hardened-sources-2.4.24.ebuild:
319 Version bump, updated most of the components.
320 This release includes the following:
321
322 - Hardened security
323 - Netfilter patch-o-matic 20031219
324 - FreeSWAN 2.04 & x509 1.4.8
325 - EVMS 2.2.2
326 - XFS 1.3.1
327 - cryptoloop jari
328 - grsecurity 2.0-rc4
329 - SELinux
330 - PaX 200402060000
331 - PaX Obscurity 200308302223
332 - Others...
333
334 Neither -ck nor systrace are included anymore.
335
336 *hardened-sources-2.4.22-r2 (05 Jan 2004)
337
338 05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
339 hardened-sources-2.4.22-r2.ebuild:
340 Version bump for the 'mremap' and the 'rtc' vulnerabilities.
341
342 *hardened-sources-2.4.22-r1 (02 Dec 2003)
343
344 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
345 hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
346
347 02 Dec 2003; Brian Jackson <iggy@gentoo.org>
348 hardened-sources-2.4.22-r1.ebuild:
349 Version bump for the 'do_brk' vulnerability.
350
351 01 Dec 2003; Brian Jackson <iggy@gentoo.org>
352 hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
353 hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
354 hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
355 Fix the 'do_brk' vulnerability.
356
357 03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
358 hardened-sources-2.4.22.ebuild:
359 - Removed the src_install() portion for SELinux flask
360 components. These are no longer handled in the kernel
361 so this code was not necessary.
362
363 29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
364 New 2.4.22 based hardened-sources thanks to
365 Phil West <p.west@computer.org>.
366
367 These sources include:
368 - New SELinux API
369 - Updated CK-base
370 - Updated GRSec
371 - Systrace
372 - SuperFreeS/WAN 1.99.8
373 - Propolice kernel build support
374 - EVMS
375 - Other various security related patches
376
377 *hardened-sources-2.4.21 (14 Sep 2003)
378
379 14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
380 Updated hardened-sources based on the 2.4.21 Linux kernel.
381 This includes updates to most major components such as:
382 - ck-base-0306300059
383 - selinux-2.4-2003071106
384 - grsecurity-2.0-rc1
385 - Updated IPTables patch-o-matic
386 - Updated SuperFreeS/WAN
387
388 Thanks to Phil West <pwest@computer.org> for his work in getting this
389 updated patch set ready for the 2.4.21 based kernel.
390
391 16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
392 Initial import of hardened-sources-2.4.20-r4. This revision
393 includes only a few changes, but one of these is an important
394 security fix. It is recommended all users of hardened-sources
395 upgrade to this release.
396
397 - ioperm bug fix
398 - fixed compilation failure when building without GRSec
399
400 SAL (Secure Auditing for Linux) is NOT included in this revision
401 due to time constraints, but is planned for inclusion in the near
402 future.
403
404 *hardened-sources-2.4.20-r2 (12 Jun 2003)
405
406 12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
407 hardened-sources-2.4.20-r3.ebuild:
408 Add Header...
409
410 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
411 hardened-sources-2.4.20-r3.ebuild:
412 Removed warnings from ebuild. This kernel should be safe to
413 use at this point.
414
415 *hardened-sources-2.4.20-r3 (08 Jun 2003)
416
417 08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
418 hardened-sources-2.4.20-r3.ebuild:
419 New revision. Includes the following changes over -r2:
420
421 - ck7-base (O(1), preempt, low latency)
422 - Super FreeS/WAN 1.99.7rc2
423 - PaX for the LSM/SELinux branch
424 - GRSecurity 2.0-pre4 (role based access control)
425 - Systrace 1.3
426 - EXT3 fixes
427 - EVMS 2.0.1
428 - GCC 3.1+ compile optimizations
429 - ProPolice kernel build support
430 - Hashing table security fixes
431
432 *hardened-sources-2.4.20-r1 (09 Apr 2003)
433
434 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
435 Initial import of hardened-sources-r2. This new
436 ebuild includes many new performance and security
437 related patches. As in -r1, it will patch in
438 LSM/SELinux if "selinux" is in USE, otherwise it
439 will patch in GRSecurity. The following patches
440 are included in this revision:
441
442 - O(1) Scheduler, Low Latency, and Preempt
443 (pulled from the base CK patch)
444 - ptrace exploit patch for the LSM kernel
445 (the GRSec patch already fixes this)
446 - LSM 2.4-2003040709
447 - SELinux 2.4-2003040709
448 - Systrace v1.2
449 - IPTables patch-o-matic base patches - 20030107
450 - CryptoAPI 2.4.20.1 w/ loop-jari patch
451 - Super FreeS/WAN 1.99.6.1
452 - GRSecurity 1.9.9g
453 - MPPE
454 - EXT3 data journal fix
455 - CIPE 1.5.4
456
457 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
458 hardened-sources-2.4.20-r1.ebuild, manifest:
459 Updated to install flask components correctly for selinux.
460
461 12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
462 hardened-sources-2.4.20-r1.ebuild:
463 LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
464 is patched in instead. Ptrace patches for selinux have also been added. In
465 either case, systrace support will be patched in as well.
466
467 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
468 hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
469 Revision bump for new sources.
470
471 09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
472 hardened-sources-2.4.20-r1.ebuild:
473 Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
474
475 *hardened-sources-2.4.20 (30 Mar 2003)
476
477 30 Mar 2003; Joshua Brindle <method@gentoo.org>
478 hardened-sources-2.4.20.ebuild:
479 Initial import, only has systrace support.

  ViewVC Help
Powered by ViewVC 1.1.20