1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
# ChangeLog for sys-kernel/hardened-sources
# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.21 2004/02/07 02:43:20 scox Exp $
*hardened-sources-2.4.24 (06 Feb 2004)
06 Feb 2004; Andrea Luzzardi <scox@gentoo.org>
hardened-sources-2.4.24.ebuild:
Version bump, updated most of the components.
This release includes the following:
- Hardened security
- Netfilter patch-o-matic 20031219
- FreeSWAN 2.04 & x509 1.4.8
- EVMS 2.2.2
- XFS 1.3.1
- cryptoloop jari
- grsecurity 2.0-rc4
- SELinux
- PaX 200402060000
- PaX Obscurity 200308302223
- Others...
Neither -ck nor systrace are included anymore.
*hardened-sources-2.4.22-r2 (05 Jan 2004)
05 Jan 2004; Andrea Luzzardi <scox@gentoo.org>
hardened-sources-2.4.22-r2.ebuild:
Version bump for the 'mremap' and the 'rtc' vulnerabilities.
*hardened-sources-2.4.22-r1 (02 Dec 2003)
02 Dec 2003; Brian Jackson <iggy@gentoo.org>
hardened-sources-2.4.22-r1.ebuild: Fix up a little booboo from earlier.
02 Dec 2003; Brian Jackson <iggy@gentoo.org>
hardened-sources-2.4.22-r1.ebuild:
Version bump for the 'do_brk' vulnerability.
01 Dec 2003; Brian Jackson <iggy@gentoo.org>
hardened-sources-2.4.20-r2.ebuild, hardened-sources-2.4.20-r3.ebuild,
hardened-sources-2.4.20-r4.ebuild, hardened-sources-2.4.21.ebuild,
hardened-sources-2.4.22.ebuild, files/do_brk_fix.patch:
Fix the 'do_brk' vulnerability.
03 Nov 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.22.ebuild:
- Removed the src_install() portion for SELinux flask
components. These are no longer handled in the kernel
so this code was not necessary.
29 Oct 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.22.ebuild:
New 2.4.22 based hardened-sources thanks to
Phil West <p.west@computer.org>.
These sources include:
- New SELinux API
- Updated CK-base
- Updated GRSec
- Systrace
- SuperFreeS/WAN 1.99.8
- Propolice kernel build support
- EVMS
- Other various security related patches
*hardened-sources-2.4.21 (14 Sep 2003)
14 Sep 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.21.ebuild:
Updated hardened-sources based on the 2.4.21 Linux kernel.
This includes updates to most major components such as:
- ck-base-0306300059
- selinux-2.4-2003071106
- grsecurity-2.0-rc1
- Updated IPTables patch-o-matic
- Updated SuperFreeS/WAN
Thanks to Phil West <pwest@computer.org> for his work in getting this
updated patch set ready for the 2.4.21 based kernel.
16 Jun 2003; Matthew Rickard <frogger@gentoo.org> :
Initial import of hardened-sources-2.4.20-r4. This revision
includes only a few changes, but one of these is an important
security fix. It is recommended all users of hardened-sources
upgrade to this release.
- ioperm bug fix
- fixed compilation failure when building without GRSec
SAL (Secure Auditing for Linux) is NOT included in this revision
due to time constraints, but is planned for inclusion in the near
future.
*hardened-sources-2.4.20-r2 (12 Jun 2003)
12 Jun 2003; <msterret@gentoo.org> hardened-sources-2.4.20-r2.ebuild,
hardened-sources-2.4.20-r3.ebuild:
Add Header...
08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.20-r3.ebuild:
Removed warnings from ebuild. This kernel should be safe to
use at this point.
*hardened-sources-2.4.20-r3 (08 Jun 2003)
08 Jun 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.20-r3.ebuild:
New revision. Includes the following changes over -r2:
- ck7-base (O(1), preempt, low latency)
- Super FreeS/WAN 1.99.7rc2
- PaX for the LSM/SELinux branch
- GRSecurity 2.0-pre4 (role based access control)
- Systrace 1.3
- EXT3 fixes
- EVMS 2.0.1
- GCC 3.1+ compile optimizations
- ProPolice kernel build support
- Hashing table security fixes
*hardened-sources-2.4.20-r1 (09 Apr 2003)
23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest:
Initial import of hardened-sources-r2. This new
ebuild includes many new performance and security
related patches. As in -r1, it will patch in
LSM/SELinux if "selinux" is in USE, otherwise it
will patch in GRSecurity. The following patches
are included in this revision:
- O(1) Scheduler, Low Latency, and Preempt
(pulled from the base CK patch)
- ptrace exploit patch for the LSM kernel
(the GRSec patch already fixes this)
- LSM 2.4-2003040709
- SELinux 2.4-2003040709
- Systrace v1.2
- IPTables patch-o-matic base patches - 20030107
- CryptoAPI 2.4.20.1 w/ loop-jari patch
- Super FreeS/WAN 1.99.6.1
- GRSecurity 1.9.9g
- MPPE
- EXT3 data journal fix
- CIPE 1.5.4
12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.20-r1.ebuild, manifest:
Updated to install flask components correctly for selinux.
12 Apr 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.20-r1.ebuild:
LSM/SELinux is now patched in when "selinux" is in USE. Otherwise, GRSecurity
is patched in instead. Ptrace patches for selinux have also been added. In
either case, systrace support will be patched in as well.
09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.20-r1.ebuild, hardened-sources-2.4.20.ebuild, manifest:
Revision bump for new sources.
09 Apr 2003; Matthew Rickard <frogger@gentoo.org>
hardened-sources-2.4.20-r1.ebuild:
Now includes LSM1, GRSec-2.0-pre1, and systrace-v1.2.
*hardened-sources-2.4.20 (30 Mar 2003)
30 Mar 2003; Joshua Brindle <method@gentoo.org>
hardened-sources-2.4.20.ebuild:
Initial import, only has systrace support.
|
GitWeb