blob: 40c05c04df551c02bbd6498d2f5673943b27b7ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
Patch: 4420_grsecurity-3.1-4.9.21-201704091948.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
Patch: 1020_linux-4.9.21.patch
From: http://www.kernel.org
Desc: Linux 4.9.21
Patch: 4425_grsec_remove_EI_PAX.patch
From: Anthony G. Basile <blueness@gentoo.org>
Desc: Remove EI_PAX option and force off
Patch: 4426_default_XATTR_PAX_FLAGS.patch
From: Anthony G. Basile <blueness@gentoo.org>
Desc: Defalut PT_PAX_FLAGS off and XATTR_PAX_FLAGS on
Patch: 4427_force_XATTR_PAX_tmpfs.patch
From: Anthony G. Basile <blueness@gentoo.org>
Desc: Force XATTR_PAX on tmpfs
Patch: 4430_grsec-remove-localversion-grsec.patch
From: Kerin Millar <kerframil@gmail.com>
Desc: Removes grsecurity's localversion-grsec file
Patch: 4435_grsec-mute-warnings.patch
From: Alexander Gabert <gaberta@fh-trier.de>
Gordon Malm <gengor@gentoo.org>
Desc: Removes verbose compile warning settings from grsecurity, restores
mainline Linux kernel behavior
Patch: 4440_grsec-remove-protected-paths.patch
From: Anthony G. Basile <blueness@gentoo.org>
Desc: Removes chmod statements from grsecurity/Makefile
Patch: 4450_grsec-kconfig-default-gids.patch
From: Kerin Millar <kerframil@gmail.com>
Desc: Sets sane(r) default GIDs on various grsecurity group-dependent
features
Patch: 4465_selinux-avc_audit-log-curr_ip.patch
From: Gordon Malm <gengor@gentoo.org>
Anthony G. Basile <blueness@gentoo.org>
Desc: Configurable option to add src IP address to SELinux log messages
Patch: 4470_disable-compat_vdso.patch
From: Gordon Malm <gengor@gentoo.org>
Kerin Millar <kerframil@gmail.com>
Desc: Disables VDSO_COMPAT operation completely
Patch: 4475_emutramp_default_on.patch
From: Anthony G. Basile <blueness@gentoo.org>
Desc: Set PAX_EMUTRAMP default on for libffi, bugs #329499 and #457194
|