# ChangeLog for sys-kernel/hardened-dev-sources # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-dev-sources/ChangeLog,v 1.57 2005/01/21 00:23:28 tseng Exp $ 20 Jan 2005; Brandon Hale hardened-dev-sources-2.6.10-r3.ebuild: Stable on x86 and amd64. *hardened-dev-sources-2.6.10-r3 (18 Jan 2005) 18 Jan 2005; Brandon Hale +hardened-dev-sources-2.6.10-r3.ebuild: Remove nsa-selinux-update, required an selinux profile update. Add patches from -as2, and update to -ac10. Add minor selinux fixes. 16 Jan 2005; Dylan Carlson hardened-dev-sources-2.6.10-r2.ebuild: Keywords ~amd64. 14 Jan 2005; Adam Mondl hardened-dev-sources-2.6.10-r1.ebuild, hardened-dev-sources-2.6.10.ebuild: Mark stable on x86 *hardened-dev-sources-2.6.10-r2 (14 Jan 2005) 14 Jan 2005; Adam Mondl +hardened-dev-sources-2.6.10-r2.ebuild: Add latest SELinux patch from the NSA. Fixes several security problems and also updates base to -ac9 13 Jan 2005; Adam Mondl hardened-dev-sources-2.6.7-r18.ebuild: Fix mistakes in CAN-2004-0814 patch. *hardened-dev-sources-2.6.7-r16 (12 Jan 2005) 12 Jan 2005; Adam Mondl -hardened-dev-sources-2.6.7-r15.ebuild, -hardened-dev-sources-2.6.7-r16.ebuild, hardened-dev-sources-2.6.7-r18.ebuild: Mark 2.6.7-r18 stable for x86; older ebuilds removed. *hardened-dev-sources-2.6.10-r1 (11 Jan 2005) 11 Jan 2005; Adam Mondl +hardened-dev-sources-2.6.10-r1.ebuild: Rework uselib() exploit patch to allow building under certain .config's. *hardened-dev-sources-2.6.10 (11 Jan 2005) 11 Jan 2005; Adam Mondl +hardened-dev-sources-2.6.10.ebuild: Update the patchset for 2.6.10 to fix several vulnerabilities. Uses -ac8 as the new kernel base. *hardened-dev-sources-2.6.7-r18 (25 Dec 2004) 25 Dec 2004; hardened-dev-sources-2.6.7-r17.ebuild, +hardened-dev-sources-2.6.7-r18.ebuild: Marking -r17 stable. Adding -r18 with more security fixes, thank tocharian for rolling the new patchset... *hardened-dev-sources-2.6.7-r17 (05 Dec 2004) 05 Dec 2004; Brandon Hale +hardened-dev-sources-2.6.7-r17.ebuild: The Battle of Who Could Care Less release. Guest starring Jay Pfeifer. Produced by Adam Mondl. This release merges applicable patches from genpatches-base 7.53 into hardened-patches. There was no effort to make the patch dir pretty, look at your own risk. We'll clean this up later. 01 Dec 2004; Brandon Hale : Version bump for several security fixes, see 0000_README 24 Nov 2004; Joshua Brindle hardened-dev-sources-2.6.7-r10.ebuild, hardened-dev-sources-2.6.7-r13.ebuild, hardened-dev-sources-2.6.7-r14.ebuild, hardened-dev-sources-2.6.7-r7.ebuild, hardened-dev-sources-2.6.7-r8.ebuild, files/hardened-dev-sources-2.6.7-CAN-2004-0814.patch, files/hardened-dev-sources-2.6.7-CAN-2004-0883.patch: added patches for 65877, 68421 *hardened-dev-sources-2.6.7-r14 (23 Nov 2004) 23 Nov 2004; Guillaume Destuynder +files/hardened-dev-sources-2.6.7-ptmx.patch, +hardened-dev-sources-2.6.7-r14.ebuild: Fixed ptmx (#62524) issue (remote DoS) Fixed wrong digests for hds-r7 and r8 24 Nov 2004; Joshua Brindle hardened-dev-sources-2.6.7-r13.ebuild, files/hardened-dev-sources-2.6.7-CAN-2004-0814.patch, files/hardened-dev-sources-2.6.7-CAN-2004-0883.patch: added patches for 65877, 68421 *hardened-dev-sources-2.6.7-r12 (18 Nov 2004) 18 Nov 2004; Joshua Brindle hardened-dev-sources-2.6.7-r12.ebuild, hardened-dev-sources-2.6.7-r13.ebuild, files/hardened-2.6.7-binfmt_elf.patch: replace binfmt_elf patch with a better one *hardened-dev-sources-2.6.7-r11 (10 Nov 2004) 10 Nov 2004; Travis Tilley +files/h-d-s-2.6.7-amd64-kill-vm_force_exec32.patch, +hardened-dev-sources-2.6.7-r11.ebuild: Removed a chunk of code that makes read imply exec for 32bit on amd64. If you get the error "cannot apply additional memory protection after relocation: Permission denied" when running 32bit binaries, this should fix it. Note that there are still bugs in handling 32bit in PaX on amd64, and that 32bit libraries with text relocations simply will not work at all. Also note that this update is -only- important for amd64 users. *hardened-dev-sources-2.6.7-r10 (01 Nov 2004) 01 Nov 2004; Joshua Brindle hardened-dev-sources-2.6.7-r10.ebuild, hardened-dev-sources-2.6.7-r9.ebuild, files/hardened-dev-sources-2.6.7.CAN-2004-0816.patch: Add CAN-2004-0816 iptables patch *hardened-dev-sources-2.6.7-r9 (16 Oct 2004) 16 Oct 2004; Joshua Brindle hardened-dev-sources-2.6.7-r9.ebuild: new revision 05 Sep 2004; Chris PeBenito hardened-dev-sources-2.6.7-r8.ebuild: Mark stable for x86 and PPC. *hardened-dev-sources-2.6.7-r8 (26 Aug 2004) 26 Aug 2004; Brandon Hale +hardened-dev-sources-2.6.7-r8.ebuild: Version bump for new SELinux headers, masked until policy is updated. 09 Aug 2004; Brandon Hale -hardened-dev-sources-2.6.7-r4.ebuild, -hardened-dev-sources-2.6.7-r5.ebuild, -hardened-dev-sources-2.6.7-r6.ebuild: Cleanup. *hardened-dev-sources-2.6.7-r7 (09 Aug 2004) 09 Aug 2004; Brandon Hale +hardened-dev-sources-2.6.7-r7.ebuild: Bump to genpatches-base 7.45 to security bug #59905 and input driver bug #57741 09 Aug 2004; Brandon Hale hardened-dev-sources-2.6.7-r6.ebuild: Stable on x86. *hardened-dev-sources-2.6.7-r6 (08 Aug 2004) 08 Aug 2004; Brandon Hale +hardened-dev-sources-2.6.7-r6.ebuild: -m New hardened-patches, updates to newly released grsecurity patch. This should give a a good solid base to go stable, barring more nasty kernel vulns. 07 Aug 2004; Travis Tilley hardened-dev-sources-2.6.7-r5.ebuild: stable on amd64 *hardened-dev-sources-2.6.7-r5 (06 Aug 2004) 06 Aug 2004; Brandon Hale +hardened-dev-sources-2.6.7-r5.ebuild: Bump genpatches to 7.44 from g-d-s -r12, this fixes a security issue (#59378) and adds some sparc fixes. 24 Jul 2004; Brandon Hale -hardened-dev-sources-2.6.5-r5.ebuild, -hardened-dev-sources-2.6.7-r1.ebuild, -hardened-dev-sources-2.6.7-r2.ebuild, -hardened-dev-sources-2.6.7-r3.ebuild, -hardened-dev-sources-2.6.7.ebuild: Cleanup. *hardened-dev-sources-2.6.7-r4 (24 Jul 2004) 24 Jul 2004; Brandon Hale +files/hardened-dev-sources-2.6.7.CAN-2004-0596.patch, +hardened-dev-sources-2.6.7-r4.ebuild: Fix for CAN-2004-0596, Gentoo bug #57826 *hardened-dev-sources-2.6.7-r3 (13 Jul 2004) 13 Jul 2004; Joshua Brindle hardened-dev-sources-2.6.7-r3.ebuild: grsec update 04 Jul 2004; Brandon Hale -files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch: Remove no longer needed security fix. 04 Jul 2004; Brandon Hale metadata.xml: Remove stray digest, add kernel herd to metadata *hardened-dev-sources-2.6.7-r2 (03 Jul 2004) 03 Jul 2004; Brandon Hale +hardened-dev-sources-2.6.7-r2.ebuild: Update to latest genpatches to close two new security vulns. *hardened-dev-sources-2.6.7-r1 (01 Jul 2004) 01 Jul 2004; Brandon Hale +hardened-dev-sources-2.6.7-r1.ebuild: Version bump, header fix for iptables and fix for iptables remote DoS. 30 Jun 2004; Brandon Hale hardened-dev-sources-2.6.7.ebuild: Commit first public revision for 2.6.7 *hardened-dev-sources-2.6.7 (28 Jun 2004) 28 Jun 2004; Brandon Hale +hardened-dev-sources-2.6.7.ebuild: Add 2.6.7 sources for wider testing, -* for now. This has a pre-release of grsec. *hardened-dev-sources-2.6.5-r5 (16 Jun 2004) 16 Jun 2004; Brandon Hale +hardened-dev-sources-2.6.5-r5.ebuild: Another rev bump to fix a local DoS vuln in PaX, thanks to x1bncwn for producing a patch. 15 Jun 2004; Brandon Hale -hardened-dev-sources-2.6.4-r4.ebuild, -hardened-dev-sources-2.6.5-r3.ebuild: Cleanup old ebuilds. *hardened-dev-sources-2.6.5-r4 (15 Jun 2004) 15 Jun 2004; Brandon Hale +hardened-dev-sources-2.6.5-r4.ebuild: Added patches to close multiple vulnerabilities, bug #47881. 20 May 2004; Travis Tilley hardened-dev-sources-2.6.4-r4.ebuild, hardened-dev-sources-2.6.5-r3.ebuild: added amd64 keyword 07 May 2004; Brandon Hale hardened-dev-sources-2.6.4-r4.ebuild: Added IUSE= 24 Apr 2004; Chris PeBenito hardened-dev-sources-2.6.5-r3.ebuild: Mark ~ppc. 18 Apr 2004; Joshua Brindle hardened-dev-sources-2.6.4-r1.ebuild, hardened-dev-sources-2.6.4-r2.ebuild, hardened-dev-sources-2.6.4-r3.ebuild, hardened-dev-sources-2.6.4.ebuild: remove old versions *hardened-dev-sources-2.6.5-r3 (18 Apr 2004) 18 Apr 2004; Joshua Brindle hardened-dev-sources-2.6.5-r2.ebuild, hardened-dev-sources-2.6.5-r3.ebuild, hardened-dev-sources-2.6.5.ebuild: bump for pax fix and remove old faulty versions 18 Apr 2004; Joshua Brindle : added ramfs-xattr to hardened-patches *hardened-dev-sources-2.6.5-r2 (18 Apr 2004) 18 Apr 2004; Joshua Brindle hardened-dev-sources-2.6.5-r2.ebuild, hardened-dev-sources-2.6.5.ebuild: change keywords to ~x86, updated grsec to final in -r2, added selinux nfs support *hardened-dev-sources-2.6.5 (16 Apr 2004) 16 Apr 2004; Joshua Brindle hardened-dev-sources-2.6.5.ebuild: commit 2.6.5 *hardened-dev-sources-2.6.4-r4 (15 Apr 2004) 15 Apr 2004; Brandon Hale +files/hardened-dev-sources-2.6.5.CAN-2004-0109.patch, +hardened-dev-sources-2.6.4-r4.ebuild: Apply fix for CAN-2004-0109, ISO vuln. 14 Apr 2004; Daniel Ahlberg hardened-dev-sources-2.6.4.ebuild: Added IUSE=. *hardened-dev-sources-2.6.4-r3 (29 Mar 2004) 29 Mar 2004; Brandon Hale hardened-dev-sources-2.6.4-r3.ebuild: Version bump, free nmap blocking in every box. 24 Mar 2004; Brandon Hale hardened-dev-sources-2.6.4-r2.ebuild: Mask -r2 for now, a few different things turned out to be broken. *hardened-dev-sources-2.6.4-r2 (23 Mar 2004) 23 Mar 2004; Brandon Hale hardened-dev-sources-2.6.4-r2.ebuild: Version bump. 20 Mar 2004; : digest fix *hardened-dev-sources-2.6.4-r1 (20 Mar 2004) 20 Mar 2004; Brandon Hale hardened-dev-sources-2.6.4-r1.ebuild: Version bump, includes grsec test2 and support for disabling module loading. 15 Mar 2004; hardened-dev-sources-2.6.4.ebuild: unmasked -r0 after alot of testing from hardened users.. now lets hope nobodys boxes catch afire *hardened-dev-sources-2.6.4 (14 Mar 2004) 14 Mar 2004; hardened-dev-sources-2.6.4.ebuild, metadata.xml: initial hardened base. all masked for now