1 |
# ChangeLog for sys-kernel/hardened-sources |
2 |
# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 |
3 |
# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.76 2006/02/01 00:08:36 johnm Exp $ |
4 |
|
5 |
19 Feb 2006; Michael Hanselmann <hansmi@gentoo.org> |
6 |
hardened-sources-2.6.14-r5.ebuild: |
7 |
Stable on ppc. |
8 |
|
9 |
*hardened-sources-2.6.14-r5 (01 Feb 2006) |
10 |
|
11 |
01 Feb 2006; John Mylchreest <johnm@gentoo.org> |
12 |
+hardened-sources-2.6.14-r5.ebuild: |
13 |
fixing every known exploit |
14 |
|
15 |
*hardened-sources-2.4.32-r2 (26 Jan 2006) |
16 |
|
17 |
26 Jan 2006; <solar@gentoo.org> hardened-sources-2.4.32-r1.ebuild, |
18 |
+hardened-sources-2.4.32-r2.ebuild: |
19 |
- mark 2.4.32-r1 stable. added 2.4.32-r2 with 2.1.8-grsec patch |
20 |
|
21 |
*hardened-sources-2.6.14-r4 (12 Jan 2006) |
22 |
|
23 |
12 Jan 2006; <solar@gentoo.org> +hardened-sources-2.6.14-r4.ebuild: |
24 |
- version bump for new genpatches which fix up a few sec holes |
25 |
|
26 |
*hardened-sources-2.4.32-r1 (05 Jan 2006) |
27 |
|
28 |
05 Jan 2006; <solar@gentoo.org> +hardened-sources-2.4.32-r1.ebuild: |
29 |
- revision bump to add misc vital linux kernel security patches. |
30 |
|
31 |
*hardened-sources-2.6.14-r3 (30 Dec 2005) |
32 |
|
33 |
30 Dec 2005; John Mylchreest <johnm@gentoo.org> |
34 |
-hardened-sources-2.6.14-r2.ebuild, +hardened-sources-2.6.14-r3.ebuild: |
35 |
Marking stable, and bumping for sec vuln. Fixes bugs #117171, #117040 |
36 |
|
37 |
28 Dec 2005; John Mylchreest <johnm@gentoo.org> |
38 |
hardened-sources-2.6.14-r2.ebuild: |
39 |
making x86 & amd64 stable following testing. |
40 |
|
41 |
*hardened-sources-2.6.14-r2 (27 Dec 2005) |
42 |
|
43 |
27 Dec 2005; John Mylchreest <johnm@gentoo.org> |
44 |
-hardened-sources-2.6.14-r1.ebuild, +hardened-sources-2.6.14-r2.ebuild: |
45 |
Fixing bugs 116832 115771 114635, updating grsec, removing selinux/pax |
46 |
network hooks. |
47 |
|
48 |
06 Dec 2005; John Mylchreest <johnm@gentoo.org> |
49 |
hardened-sources-2.6.14-r1.ebuild: |
50 |
bumping to stable early for sec fix on x86 & amd64 |
51 |
|
52 |
*hardened-sources-2.6.14-r1 (05 Dec 2005) |
53 |
|
54 |
05 Dec 2005; John Mylchreest <johnm@gentoo.org> |
55 |
-hardened-sources-2.6.14.ebuild, +hardened-sources-2.6.14-r1.ebuild: |
56 |
bumping to genpatches 2.6.14-5, security fixup. Also bumping grsec patchset. |
57 |
|
58 |
04 Dec 2005; <solar@gentoo.org> hardened-sources-2.4.32.ebuild: |
59 |
- stable on x86 security bug #114227 CAN-2005-3257 |
60 |
|
61 |
*hardened-sources-2.4.32 (19 Nov 2005) |
62 |
|
63 |
19 Nov 2005; Guillaume Destuynder <kang@gentoo.org> |
64 |
+hardened-sources-2.4.32.ebuild: |
65 |
Bump to 2.4.32, includes RSBAC+PaX patchset with a local 'rsbac' keyword. |
66 |
Add the 'rsbac' USE flag in /etc/portage/package.use for hardened-sources to |
67 |
have RSBAC instead of GrSecurity patchset. (echo sys-kernel/hardened-sources |
68 |
rsbac >> /etc/portage/package.use) |
69 |
|
70 |
*hardened-sources-2.6.14 (14 Nov 2005) |
71 |
|
72 |
14 Nov 2005; John Mylchreest <johnm@gentoo.org> |
73 |
-hardened-sources-2.6.13-r2.ebuild, +hardened-sources-2.6.14.ebuild: |
74 |
Bumping 2.6 series to 2.6.14.2 |
75 |
|
76 |
*hardened-sources-2.6.13-r2 (20 Oct 2005) |
77 |
|
78 |
20 Oct 2005; John Mylchreest <johnm@gentoo.org> |
79 |
-hardened-sources-2.6.13.ebuild, -hardened-sources-2.6.13-r1.ebuild, |
80 |
+hardened-sources-2.6.13-r2.ebuild: |
81 |
Fixes minor build error in ppc. |
82 |
|
83 |
*hardened-sources-2.6.13-r1 (17 Oct 2005) |
84 |
|
85 |
17 Oct 2005; John Mylchreest <johnm@gentoo.org> |
86 |
+hardened-sources-2.6.13-r1.ebuild: |
87 |
Updating grsec to latest snapshot. Fixes some minor issues. Updating to |
88 |
2.6.13.4, fixes some major amd64 stability problems. |
89 |
|
90 |
*hardened-sources-2.6.13 (16 Sep 2005) |
91 |
|
92 |
16 Sep 2005; John Mylchreest <johnm@gentoo.org> |
93 |
-hardened-sources-2.6.11-r14.ebuild, +hardened-sources-2.6.13.ebuild: |
94 |
2.6.13.1 with grsec testing patches. Lots of changes, to name a few big |
95 |
ones: inotify now in kernel, RBAC has moved to chained-hash tables so RBAC |
96 |
users should test this thoroughly. |
97 |
|
98 |
01 Jul 2005; <solar@gentoo.org> hardened-sources-2.4.31.ebuild: |
99 |
- stable on x86 |
100 |
|
101 |
*hardened-sources-2.6.11-r15 (27 Jun 2005) |
102 |
|
103 |
27 Jun 2005; John Mylchreest <johnm@gentoo.org> |
104 |
+hardened-sources-2.6.11-r15.ebuild: |
105 |
Fixes CAN-2005-1763, CAN-2005-1265 & CAN-2005-176. Also fixes problem with |
106 |
grsec redefining curr_ip struct. |
107 |
|
108 |
*hardened-sources-2.4.31 (20 Jun 2005) |
109 |
|
110 |
20 Jun 2005; <solar@gentoo.org> +hardened-sources-2.4.31.ebuild: |
111 |
initial import of 2.4.31 tree |
112 |
|
113 |
*hardened-sources-2.6.11-r14 (14 Jun 2005) |
114 |
|
115 |
14 Jun 2005; John Mylchreest <johnm@gentoo.org> |
116 |
-hardened-sources-2.6.11-r13.ebuild, +hardened-sources-2.6.11-r14.ebuild: |
117 |
Updating inotify, grsec, updating to 11-14 genpatches.base, restructuring |
118 |
naming scheme to abide by genpatches |
119 |
|
120 |
*hardened-sources-2.6.11-r13 (18 May 2005) |
121 |
|
122 |
18 May 2005; John Mylchreest <johnm@gentoo.org> |
123 |
-hardened-sources-2.6.11-r12.ebuild, +hardened-sources-2.6.11-r13.ebuild: |
124 |
Managed to mangle the Makefile patch from grsec, to miss out the grsec |
125 |
target. sorry about that. Fixes bug #93022 |
126 |
|
127 |
*hardened-sources-2.6.11-r12 (17 May 2005) |
128 |
|
129 |
17 May 2005; John Mylchreest <johnm@gentoo.org> |
130 |
-hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild, |
131 |
+hardened-sources-2.6.11-r12.ebuild: |
132 |
Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also |
133 |
merges in genpatches-base |
134 |
|
135 |
*hardened-sources-2.6.11-r12 (17 May 2005) |
136 |
|
137 |
17 May 2005; John Mylchreest <johnm@gentoo.org> |
138 |
-hardened-sources-2.6.10-r3.ebuild, -hardened-sources-2.6.11-r1.ebuild, |
139 |
+hardened-sources-2.6.11-r12.ebuild: |
140 |
Cleanup older sources. Update to 2.6.11.10 - fixes several sec vulns. Also |
141 |
merges in genpatches-base |
142 |
|
143 |
29 Apr 2005; <solar@gentoo.org> -files/2.4.27-CAN-2004-0394.patch, |
144 |
-files/2.4.27-cmdline-race.patch, |
145 |
-files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch, |
146 |
-files/2.4.28-grsec-binfmt_a.out.patch, |
147 |
-files/2.4.28-grsec-cmdline-race.patch, |
148 |
-files/2.4.28-selinux-binfmt_a.out.patch, |
149 |
-files/2.4.28-selinux-cmdline-race.patch, |
150 |
-hardened-sources-2.4.28-r5.ebuild, -hardened-sources-2.4.29.ebuild, |
151 |
hardened-sources-2.4.30-r1.ebuild, -hardened-sources-2.4.30.ebuild: |
152 |
- mark .30-r1 stable and remove older vuln ebuilds from the tree. filesdir |
153 |
cleanup.. |
154 |
|
155 |
*hardened-sources-2.4.30-r1 (21 Apr 2005) |
156 |
|
157 |
21 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30-r1.ebuild: |
158 |
- disable aout by default |
159 |
|
160 |
*hardened-sources-2.4.30 (18 Apr 2005) |
161 |
|
162 |
18 Apr 2005; <solar@gentoo.org> +hardened-sources-2.4.30.ebuild: |
163 |
- 2.4.30 version bump. Adds 4008_CAN-2004-1056 back which was lost in 2.4.29 |
164 |
and an optional optimize for size -Os patch with a gcc-3.4 fix for embedded |
165 |
use |
166 |
|
167 |
*hardened-sources-2.4.29 (30 Mar 2005) |
168 |
|
169 |
30 Mar 2005; Andrea Luzzardi <scox@gentoo.org> |
170 |
+hardened-sources-2.4.29.ebuild: |
171 |
New hardened-patches-2.4-29.0 patchball. |
172 |
Removed SELinux support, upgraded GRSecurity to 2.1.4. |
173 |
|
174 |
*hardened-sources-2.4.28-r5 (06 Mar 2005) |
175 |
|
176 |
06 Mar 2005; Andrea Luzzardi <scox@gentoo.org> |
177 |
+hardened-sources-2.4.28-r5.ebuild: |
178 |
Added a fix for a PaX vulnerability. |
179 |
|
180 |
26 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
181 |
hardened-sources-2.4.28-r4.ebuild: |
182 |
Stable on x86 |
183 |
|
184 |
23 Jan 2005; <solar@gentoo.org> hardened-sources-2.4.27-r3.ebuild, |
185 |
hardened-sources-2.4.28-r1.ebuild, hardened-sources-2.4.28-r2.ebuild, |
186 |
hardened-sources-2.4.28-r3.ebuild, hardened-sources-2.4.28-r4.ebuild, |
187 |
hardened-sources-2.4.28.ebuild, hardened-sources-2.6.10-r3.ebuild: |
188 |
- fixed/added RDEPEND= in all kernel-2 ebuilds |
189 |
|
190 |
*hardened-sources-2.4.28-r4 (21 Jan 2005) |
191 |
|
192 |
21 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
193 |
+hardened-sources-2.4.28-r4.ebuild: |
194 |
Fix vc_resize local DoS, ip_options_get memory leak, and ARP bug in 2.4 |
195 |
backport of neighbour hash updates. |
196 |
|
197 |
21 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
198 |
hardened-sources-2.4.28-r3.ebuild: |
199 |
Stable on x86 |
200 |
|
201 |
*hardened-sources-2.6.10-r3 (20 Jan 2005) |
202 |
|
203 |
20 Jan 2005; Brandon Hale <tseng@gentoo.org> |
204 |
+hardened-sources-2.6.10-r3.ebuild: |
205 |
Dual commit hardened-(dev-)sources-2.6.10 to here for the upcoming merge |
206 |
in 2005.0 |
207 |
|
208 |
17 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
209 |
-hardened-sources-2.4.27-r2.ebuild, hardened-sources-2.4.28-r1.ebuild, |
210 |
hardened-sources-2.4.28-r2.ebuild: |
211 |
Mark stable on x86 |
212 |
|
213 |
*hardened-sources-2.4.28-r3 (17 Jan 2005) |
214 |
|
215 |
17 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
216 |
+hardened-sources-2.4.28-r3.ebuild: |
217 |
Fix SMP page fault handler vuln, and update device-mapper and evms patches. |
218 |
|
219 |
14 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
220 |
hardened-sources-2.4.28.ebuild: |
221 |
Mark stable on x86. |
222 |
|
223 |
*hardened-sources-2.4.28-r2 (13 Jan 2005) |
224 |
|
225 |
13 Jan 2005; Adam Mondl <tocharian@gentoo.org> |
226 |
+hardened-sources-2.4.28-r2.ebuild: |
227 |
Updates security fixes and adds squashfs 2.1 support. Thanks to Peter S. |
228 |
Mazinger for grsecurity patches as well. |
229 |
|
230 |
*hardened-sources-2.4.28-r1 (23 Dec 2004) |
231 |
|
232 |
23 Dec 2004; <plasmaroo@gentoo.org> +hardened-sources-2.4.28-r1.ebuild: |
233 |
Security bump. Thank tocharian for rolling a new patchset... |
234 |
|
235 |
28 Nov 2004; <solar@gentoo.org> +files/2.4.28-grsec-binfmt_a.out.patch, |
236 |
+files/2.4.28-grsec-cmdline-race.patch, |
237 |
+files/2.4.28-selinux-binfmt_a.out.patch, |
238 |
+files/2.4.28-selinux-cmdline-race.patch, hardened-sources-2.4.28.ebuild: |
239 |
- Round up remaining security patches that appear to be missing in 2.4.28. - |
240 |
PaX standalone updated to current. hgpv=28.1 |
241 |
|
242 |
*hardened-sources-2.4.28 (28 Nov 2004) |
243 |
|
244 |
28 Nov 2004; <solar@gentoo.org> +hardened-sources-2.4.28.ebuild: |
245 |
security bump. Thank tocharian for rolling a new patchset |
246 |
|
247 |
*hardened-sources-2.4.27-r3 (08 Sep 2004) |
248 |
|
249 |
08 Sep 2004; Andrea Luzzardi <scox@gentoo.org> |
250 |
+hardened-sources-2.4.27-r3.ebuild: |
251 |
Applies the new 2.4-27.2 patchball which updates |
252 |
GRSecurity to the 2.0.1 version. |
253 |
|
254 |
*hardened-sources-2.4.27-r2 (31 Aug 2004) |
255 |
|
256 |
31 Aug 2004; Andrea Luzzardi <scox@gentoo.org> |
257 |
+hardened-sources-2.4.27-r2.ebuild: |
258 |
Version bump. |
259 |
This version uses the new 2.4-27.1 patchball which updates |
260 |
both the SELinux PaX hooks patch and the SELinux headers. |
261 |
|
262 |
*hardened-sources-2.4.27-r1 (09 Aug 2004) |
263 |
|
264 |
09 Aug 2004; Andrea Luzzardi <scox@gentoo.org> |
265 |
+hardened-sources-2.4.27-r1.ebuild, |
266 |
-hardened-sources-2.4.27.ebuild, |
267 |
+files/2.4.27-cmdline-race.patch: |
268 |
Version bump, fix for cmdline race. See bug #59905. |
269 |
|
270 |
*hardened-sources-2.4.26-r6 (09 Aug 2004) |
271 |
|
272 |
09 Aug 2004; Andrea Luzzardi <scox@gentoo.org> |
273 |
+hardened-sources-2.4.26-r6.ebuild, |
274 |
-hardened-sources-2.4.26-r5.ebuild, |
275 |
-hardened-sources-2.4.26-r4.ebuild, |
276 |
+files/2.4.26-cmdline-race.patch: |
277 |
Version bump, fix for cmdline race. See bug #59905. |
278 |
|
279 |
*hardened-sources-2.4.27 (08 Aug 2004) |
280 |
|
281 |
08 Aug 2004; Andrea Luzzardi <scox@gentoo.org> |
282 |
+hardened-sources-2.4.27.ebuild, |
283 |
+files/2.4.27-CAN-2004-0394.patch: |
284 |
Ported the patchball to the 2.4.27 kernel version. |
285 |
|
286 |
*hardened-sources-2.4.26-r5 (07 Aug 2004) |
287 |
|
288 |
07 Aug 2004; Andrea Luzzardi <scox@gentoo.org> |
289 |
+hardened-sources-2.4.26-r5.ebuild: |
290 |
Updated to use the new hardened-patches-2.4-26.1 patchball. |
291 |
It adds the following features: |
292 |
- Squashfs |
293 |
- Ebtables |
294 |
- Netdev random (core+drivers) |
295 |
- Watchdog Timer (WDT) fix. |
296 |
|
297 |
*hardened-sources-2.4.26-r4 (04 Aug 2004) |
298 |
|
299 |
04 Aug 2004; Andrea Luzzardi <scox@gentoo.org> |
300 |
+hardened-sources-2.4.26-r4.ebuild, |
301 |
+files/2.4.26-CAN-2004-0415.patch, |
302 |
-hardened-sources-2.4.26-3: |
303 |
Version bump, fix for CAN 0415, see bug #59378. |
304 |
|
305 |
*hardened-sources-2.4.26-r3 (22 Jul 2004) |
306 |
|
307 |
22 Jul 2004; Andrea Luzzardi <scox@gentoo.org> |
308 |
+hardened-sources-2.4.26-r3.ebuild, |
309 |
+files/2.4.26-CAN-2004-0497.patch, |
310 |
-hardened-sources-2.4.26-r2.ebuild: |
311 |
Version bump, fixed CAN 0497, see bug #56171. |
312 |
|
313 |
*hardened-sources-2.4.26-r2 (29 Jun 2004) |
314 |
|
315 |
29 Jun 2004; Andrea Luzzardi <scox@gentoo.org> |
316 |
+hardened-sources-2.4.26-r2.ebuild, |
317 |
+files/2.4.26-CAN-2004-0495.patch, |
318 |
+files/2.4.26-CAN-2004-0535.patch, |
319 |
-hardened-sources-2.4.26-r1.ebuild: |
320 |
Fixes for both CAN 0495 and 0535, see bug #54976 |
321 |
|
322 |
23 Jun 2004; Aron Griffis <agriffis@gentoo.org> |
323 |
hardened-sources-2.4.26-r1.ebuild: |
324 |
QA - fix use invocation |
325 |
|
326 |
*hardened-sources-2.4.26-r1 (22 June 2004) |
327 |
|
328 |
22 June 2004; Andrea Luzzardi <scox@gentoo.org> |
329 |
+hardened-sources-2.4.26-r1.ebuild, |
330 |
+files/2.4.26-CAN-2004-0394.patch, |
331 |
+files/2.4.26-signal-race.patch, |
332 |
-hardened-sources-2.4.26.ebuild, |
333 |
-hardened-sources-2.4.24-r3.ebuild: |
334 |
Version bump for the CAN-2004-0394 issue and bug #53804 |
335 |
Marked 2.4.26-r1 as stable, removed 2.4.26 and 2.4.24-r3 |
336 |
|
337 |
|
338 |
31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org> |
339 |
hardened-sources-2.4.24-r3.ebuild, hardened-sources-2.4.26.ebuild: |
340 |
Masked hardened-sources-2.4.26.ebuild broken for ppc |
341 |
|
342 |
31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org> |
343 |
hardened-sources-2.4.24-r3.ebuild: |
344 |
Masked hardened-sources-2.4.24-r3.ebuild broken for ppc |
345 |
|
346 |
*hardened-sources-2.4.26 (29 May 2004) |
347 |
|
348 |
29 May 2004; Andrea Luzzardi <scox@gentoo.org> |
349 |
+hardened-sources-2.4.26.ebuild: |
350 |
Updated hardened-sources for the 2.4.26 kernel |
351 |
Removed broken components, updated almost everything. |
352 |
|
353 |
*hardened-sources-2.4.24-r3 (17 Apr 2004) |
354 |
|
355 |
17 Apr 2004; <plasmaroo@gentoo.org> |
356 |
+files/hardened-sources-2.4.24.CAN-2004-0010.patch, |
357 |
+files/hardened-sources-2.4.24.CAN-2004-0177.patch, |
358 |
+files/hardened-sources-2.4.24.CAN-2004-0178.patch, |
359 |
+hardened-sources-2.4.24-r3.ebuild: |
360 |
Added patches for the CAN-2004-0010, CAN-2004-0177 and CAN-2004-0178 |
361 |
vulnerabilities. Old revisions removed. |
362 |
|
363 |
*hardened-sources-2.4.24-r2 (15 Apr 2004) |
364 |
|
365 |
15 Apr 2004; <plasmaroo@gentoo.org> |
366 |
+files/hardened-sources-2.4.24.CAN-2004-0109.patch, |
367 |
-hardened-sources-2.4.24-r1.ebuild, +hardened-sources-2.4.24-r2.ebuild: |
368 |
Version bump for the CAN-2004-0109 issue; bug #47881. |
369 |
|
370 |
12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> |
371 |
hardened-sources-2.4.22-r2.ebuild, hardened-sources-2.4.24-r1.ebuild: |
372 |
Add eutils to inherit. |
373 |
|
374 |
*hardened-sources-2.4.24-r1 (19 Feb 2004) |
375 |
|
376 |
19 Feb 2004; <plasmaroo@gentoo.org> hardened-sources-2.4.24-r1.ebuild, |
377 |
files/hardened-sources-2.4.24.munmap.patch: |
378 |
Added the patch for the mremap/munmap vulnerability. Bug #42024. |
379 |
|
380 |
*hardened-sources-2.4.24 (06 Feb 2004) |
381 |
|
382 |
06 Feb 2004; Andrea Luzzardi <scox@gentoo.org> |
383 |
hardened-sources-2.4.24.ebuild: |
384 |
Version bump, updated most of the components. |
385 |
This release includes the following: |
386 |
|
387 |
- Hardened security |
388 |
- Netfilter patch-o-matic 20031219 |
389 |
- FreeSWAN 2.04 & x509 1.4.8 |
390 |
- EVMS 2.2.2 |
391 |
- XFS 1.3.1 |
392 |
- cryptoloop jari |
393 |
- grsecurity 2.0-rc4 |
394 |
- SELinux |
395 |
- PaX 200402060000 |
396 |
- PaX Obscurity 200308302223 |
397 |
- Others... |
398 |
|
399 |
Neither -ck nor systrace are included anymore. |
400 |
|
401 |
*hardened-sources-2.4.22-r2 (05 Jan 2004) |
402 |
|
403 |
05 Jan 2004; Andrea Luzzardi <scox@gentoo.org> |
404 |
hardened-sources-2.4.22-r2.ebuild: |
405 |
Version bump for the 'mremap' and the 'rtc' vulnerabilities. |
406 |
|
407 |
*hardened-sources-2.4.22-r1 (02 Dec 2003) |
408 |
|
409 |
02 Dec 2003; Brian Jackson <iggy@gentoo.org> |
410 |
hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier. |
411 |
|
412 |
02 Dec 2003; Brian Jackson <iggy@gentoo.org> |
413 |
hardened-sources-2.4.22-r1.ebuild: |
414 |
Version bump for the 'do_brk' vulnerability. |
415 |
|
416 |
01 Dec 2003; Brian Jackson <iggy@gentoo.org> |
417 |
hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild, |
418 |
hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild, |
419 |
hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch: |
420 |
Fix the 'do_brk' vulnerability. |
421 |
|
422 |
03 Nov 2003; Matthew Rickard <frogger@gentoo.org> |
423 |
hardened-sources-2.4.22.ebuild: |
424 |
- Removed the src_install() portion for SELinux flask |
425 |
components. These are no longer handled in the kernel |
426 |
so this code was not necessary. |
427 |
|
428 |
29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild: |
429 |
New 2.4.22 based hardened-sources thanks to |
430 |
Phil West <p.west@computer.org>. |
431 |
|
432 |
These sources include: |
433 |
- New SELinux API |
434 |
- Updated CK-base |
435 |
- Updated GRSec |
436 |
- Systrace |
437 |
- SuperFreeS/WAN 1.99.8 |
438 |
- Propolice kernel build support |
439 |
- EVMS |
440 |
- Other various security related patches |
441 |
|
442 |
*hardened-sources-2.4.21 (14 Sep 2003) |
443 |
|
444 |
14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild: |
445 |
Updated hardened-sources based on the 2.4.21 Linux kernel. |
446 |
This includes updates to most major components such as: |
447 |
- ck-base-0306300059 |
448 |
- selinux-2.4-2003071106 |
449 |
- grsecurity-2.0-rc1 |
450 |
- Updated IPTables patch-o-matic |
451 |
- Updated SuperFreeS/WAN |
452 |
|
453 |
Thanks to Phil West <pwest@computer.org> for his work in getting this |
454 |
updated patch set ready for the 2.4.21 based kernel. |
455 |
|
456 |
16 Jun 2003; Matthew Rickard <frogger@gentoo.org> : |
457 |
Initial import of hardened-sources-2.4.20-r4. This revision |
458 |
includes only a few changes, but one of these is an important |
459 |
security fix. It is recommended all users of hardened-sources |
460 |
upgrade to this release. |
461 |
|
462 |
- ioperm bug fix |
463 |
- fixed compilation failure when building without GRSec |
464 |
|
465 |
SAL (Secure Auditing for Linux) is NOT included in this revision |
466 |
due to time constraints, but is planned for inclusion in the near |
467 |
future. |
468 |
|
469 |
*hardened-sources-2.4.20-r2 (12 Jun 2003) |
470 |
|
471 |
12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild, |
472 |
hardened-sources-2.4.20-r3.ebuild: |
473 |
Add Header... |
474 |
|
475 |
08 Jun 2003; Matthew Rickard <frogger@gentoo.org> |
476 |
hardened-sources-2.4.20-r3.ebuild: |
477 |
Removed warnings from ebuild. This kernel should be safe to |
478 |
use at this point. |
479 |
|
480 |
*hardened-sources-2.4.20-r3 (08 Jun 2003) |
481 |
|
482 |
08 Jun 2003; Matthew Rickard <frogger@gentoo.org> |
483 |
hardened-sources-2.4.20-r3.ebuild: |
484 |
New revision. Includes the following changes over -r2: |
485 |
|
486 |
- ck7-base (O(1), preempt, low latency) |
487 |
- Super FreeS/WAN 1.99.7rc2 |
488 |
- PaX for the LSM/SELinux branch |
489 |
- GRSecurity 2.0-pre4 (role based access control) |
490 |
- Systrace 1.3 |
491 |
- EXT3 fixes |
492 |
- EVMS 2.0.1 |
493 |
- GCC 3.1+ compile optimizations |
494 |
- ProPolice kernel build support |
495 |
- Hashing table security fixes |
496 |
|
497 |
*hardened-sources-2.4.20-r1 (09 Apr 2003) |
498 |
|
499 |
23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest: |
500 |
Initial import of hardened-sources-r2. This new |
501 |
ebuild includes many new performance and security |
502 |
related patches. As in -r1, it will patch in |
503 |
LSM/SELinux if "selinux" is in USE, otherwise it |
504 |
will patch in GRSecurity. The following patches |
505 |
are included in this revision: |
506 |
|
507 |
- O(1) Scheduler, Low Latency, and Preempt |
508 |
(pulled from the base CK patch) |
509 |
- ptrace exploit patch for the LSM kernel |
510 |
(the GRSec patch already fixes this) |
511 |
- LSM 2.4-2003040709 |
512 |
- SELinux 2.4-2003040709 |
513 |
- Systrace v1.2 |
514 |
- IPTables patch-o-matic base patches - 20030107 |
515 |
- CryptoAPI 2.4.20.1 w/ loop-jari patch |
516 |
- Super FreeS/WAN 1.99.6.1 |
517 |
- GRSecurity 1.9.9g |
518 |
- MPPE |
519 |
- EXT3 data journal fix |
520 |
- CIPE 1.5.4 |
521 |
|
522 |
12 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
523 |
hardened-sources-2.4.20-r1.ebuild, manifest: |
524 |
Updated to install flask components correctly for selinux. |
525 |
|
526 |
12 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
527 |
hardened-sources-2.4.20-r1.ebuild: |
528 |
LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity |
529 |
is patched in instead. Ptrace patches for selinux have also been added. In |
530 |
either case, systrace support will be patched in as well. |
531 |
|
532 |
09 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
533 |
hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest: |
534 |
Revision bump for new sources. |
535 |
|
536 |
09 Apr 2003; Matthew Rickard <frogger@gentoo.org> |
537 |
hardened-sources-2.4.20-r1.ebuild: |
538 |
Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2. |
539 |
|
540 |
*hardened-sources-2.4.20 (30 Mar 2003) |
541 |
|
542 |
30 Mar 2003; Joshua Brindle <method@gentoo.org> |
543 |
hardened-sources-2.4.20.ebuild: |
544 |
Initial import, only has systrace support. |