# ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.55 2005/04/29 12:36:37 solar Exp $ 29 Apr 2005; -files/2.4.26-CAN-2004-0394.patch, -files/2.4.27-cmdline-race.patch, -files/2.4.28-binfmt_a.out.patch, -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch, -files/2.4.28-uselib4pax.patch, -files/2.4.29-CAN-2005-0001.patch, -files/CAN-2004-1016.patch, -files/CAN-2004-1074.patch, -files/CAN-2004-1335.patch, -files/gentoo-sources-2.4.CAN-2004-1137.patch, -grsec-sources-2.4.29.2.1.3.ebuild, -grsec-sources-2.4.29.2.1.4.ebuild: - ebuild and filesdir cleanup. This is the last planned grsec-sources, see http://marc.theaimsgroup.com/?l=gentoo-hardened&m=111419177808622&w=2 for more info 28 Apr 2005; Gustavo Zacarias grsec-sources-2.4.30.2.1.5.ebuild: Sparc stable 22 Apr 2005; grsec-sources-2.4.30.2.1.5.ebuild: - stable x86 *grsec-sources-2.4.30.2.1.5 (12 Apr 2005) 12 Apr 2005; -grsec-sources-2.4.28.2.1.0-r3.ebuild, grsec-sources-2.4.29.2.1.3.ebuild, grsec-sources-2.4.29.2.1.4.ebuild, +grsec-sources-2.4.30.2.1.5.ebuild: - version bump. added CPV/MYPV to every ebuild now due to k2 changes *grsec-sources-2.4.29.2.1.4 (23 Mar 2005) 23 Mar 2005; +grsec-sources-2.4.29.2.1.4.ebuild: - minor version bump 11 Mar 2005; grsec-sources-2.4.29.2.1.3.ebuild: - marking 2.1.3 stable for all supporting arches *grsec-sources-2.4.29.2.1.3 (07 Mar 2005) 07 Mar 2005; +grsec-sources-2.4.29.2.1.3.ebuild: - version bump grsec to 2.4.29.2.1.3 to fix bug in RBAC system *grsec-sources-2.4.28.2.1.0-r3 (05 Mar 2005) 05 Mar 2005; +files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch, -grsec-sources-2.4.28.2.0.2-r3.ebuild, -grsec-sources-2.4.28.2.1.0-r1.ebuild, -grsec-sources-2.4.28.2.1.0-r2.ebuild, +grsec-sources-2.4.28.2.1.0-r3.ebuild, -grsec-sources-2.4.28.2.1.0.ebuild: - security bump for SEGMEXEC/RANDEXEC handling *grsec-sources-2.4.28.2.1.0-r2 (04 Feb 2005) 04 Feb 2005; +files/CAN-2004-1335.patch, grsec-sources-2.4.28.2.1.0-r1.ebuild, +grsec-sources-2.4.28.2.1.0-r2.ebuild: - rev bump for CAN-2004-1335 *grsec-sources-2.4.28.2.1.0-r1 (18 Jan 2005) 18 Jan 2005; +files/2.4.29-CAN-2005-0001.patch, -grsec-sources-2.4.28.2.0.2-r1.ebuild, -grsec-sources-2.4.28.2.0.2-r2.ebuild, +grsec-sources-2.4.28.2.1.0-r1.ebuild: - version bump for security bug #77666 and removed some older unneeded ebuilds. 11 Jan 2005; grsec-sources-2.4.28.2.1.0.ebuild: - marking grsec-sources stable 09 Jan 2005; grsec-sources-2.4.28.2.1.0.ebuild: - removing masking and put ebuild in ~arch 08 Jan 2005; +files/2.4.28-uselib4pax.patch, +files/gentoo-sources-2.4.CAN-2004-1137.patch, grsec-sources-2.4.28.2.1.0.ebuild: - Adds CAN-2004-1137.patch. - Adds 2.4.x uselib patch with extra semaphore locking for PaX enabled kernels. - Adds back 2.4.27-cmdline-race.patch. 08 Jan 2005; : - digest update from plasmaroo for new CAN-2004-0814 patch *grsec-sources-2.4.28.2.1.0 (08 Jan 2005) 08 Jan 2005; +files/linux-2.4.28-random-poolsize.patch, +grsec-sources-2.4.28.2.1.0.ebuild: - Added patch that fixes CAN-2004-0814 - Linux terminal layer races. - Added random poolsize from Brad Spengler. (CAN pending?) *grsec-sources-2.4.28.2.0.2-r3 (25 Dec 2004) 25 Dec 2004; +grsec-sources-2.4.28.2.0.2-r3.ebuild, +files/CAN-2004-1056.patch, +files/CAN-2004-1074.patch: Security bump for bugs #72452 and #74464; please thank tocharian for the ebuild. *grsec-sources-2.4.28.2.0.2-r2 (15 Dec 2004) 15 Dec 2004; +files/CAN-2004-1016.patch, -grsec-sources-2.4.27.2.0.1-r4.ebuild, +grsec-sources-2.4.28.2.0.2-r2.ebuild, -grsec-sources-2.4.28.2.0.2.ebuild: - local kernel DoS CAN-2004-1016 *grsec-sources-2.4.28.2.0.2-r1 (13 Dec 2004) 13 Dec 2004; metadata.xml, +files/2.4.28-binfmt_a.out.patch, +grsec-sources-2.4.28.2.0.2-r1.ebuild: - update from tocharian, adds binfmt_aout patch back to 2.4.28 26 Nov 2004; Daniel Drake -files/2.4.26-pax-binfmt_elf-page-size.patch, -files/2.4.26-signal-race.patch, -files/gentoo-sources-2.4.CAN-2004-0495.patch, -files/gentoo-sources-2.4.CAN-2004-0535.patch, -files/openmosix-sources.CAN-2004-0497.patch, grsec-sources-2.4.27.2.0.1-r4.ebuild, grsec-sources-2.4.28.2.0.2.ebuild: Convert to kernel-2. Clean up. 24 Nov 2004; : redigest *grsec-sources-2.4.28.2.0.2 (23 Nov 2004) 23 Nov 2004; +grsec-sources-2.4.28.2.0.2.ebuild: security bump - Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vulnerability. http://www.securityfocus.com/bid/11715 *grsec-sources-2.4.27.2.0.1-r4 (17 Nov 2004) 17 Nov 2004; -grsec-sources-2.4.27.2.0.1-r2.ebuild, -grsec-sources-2.4.27.2.0.1-r3.ebuild, +grsec-sources-2.4.27.2.0.1-r4.ebuild: last fixes before 2.4.28 - fixes binfmt_elf+JJ and fixes binfmt_aout *grsec-sources-2.4.27.2.0.1-r3 (11 Nov 2004) 11 Nov 2004; +grsec-sources-2.4.27.2.0.1-r3.ebuild: security bump again fixes tty io DoS - CAN-2004-0814 and binfmt_elf (CAN-???) *grsec-sources-2.4.27.2.0.1-r2 (10 Nov 2004) 10 Nov 2004; -grsec-sources-2.4.26.2.0-r7.ebuild, -grsec-sources-2.4.27.2.0.1-r1.ebuild, +grsec-sources-2.4.27.2.0.1-r2.ebuild, -grsec-sources-2.4.27.2.0.1.ebuild: fix for remote denial-of-service in nfs3 xdr handling code. bug #62524 *grsec-sources-2.4.27.2.0.1-r1 (09 Aug 2004) 09 Aug 2004; grsec-sources-2.4.27.2.0.1-r1.ebuild, files/2.4.27-cmdline-race.patch: Potential security issue in /proc/cmdline bug 59905 *grsec-sources-2.4.27.2.0.1 (08 Aug 2004) 08 Aug 2004; grsec-sources-2.4.26.2.0-r3.ebuild, grsec-sources-2.4.26.2.0-r4.ebuild, grsec-sources-2.4.26.2.0-r5.ebuild, grsec-sources-2.4.26.2.0-r6.ebuild, grsec-sources-2.4.27.2.0.1.ebuild, files/2.4.26-i2cproc_bus_read.patch: version bump. Removed all older versions *grsec-sources-2.4.26.2.0-r7 (04 Aug 2004) 04 Aug 2004; grsec-sources-2.4.26.2.0-r7.ebuild: security bump - file offset pointer handling vulnerability - bug 59378 11 Jul 2004; grsec-sources-2.4.26.2.0-r6.ebuild, files/2.4.26-fchown-attr.patch, files/openmosix-sources.CAN-2004-0497.patch: using openmosix-sources.CAN-2004-0497.patch vs the 2.4.26-fchown-attr.patch *grsec-sources-2.4.26.2.0-r6 (11 Jul 2004) 11 Jul 2004; grsec-sources-2.4.26.2.0-r6.ebuild, files/2.4.26-fchown-attr.patch: added modified security patch from bug 56479 *grsec-sources-2.4.26.2.0-r5 (26 Jun 2004) 26 Jun 2004; grsec-sources-2.4.26.2.0-r5.ebuild, files/gentoo-sources-2.4.CAN-2004-0495.patch, files/gentoo-sources-2.4.CAN-2004-0535.patch: Privilege escalation bugs revealed by Sparse tool. bug 54976 17 Jun 2004; grsec-sources-2.4.26.2.0-r4.ebuild: #commented out the i2c-proc_bus_read.patch as it's unneeded as pointed out in the bug. *grsec-sources-2.4.26.2.0-r4 (17 Jun 2004) 17 Jun 2004; grsec-sources-2.4.26.2.0-r2.ebuild, grsec-sources-2.4.26.2.0-r4.ebuild, files/2.4.26-i2cproc_bus_read.patch, files/2.4.26-pax-binfmt_elf-page-size.patch: fix i2c integer overflow vulnerability during the allocation of memory. bug #54164. PaX force randomization to always at least PAGE_SIZE big. Allows glibc to be compiled with binutils-2.15 and USE=hardened *grsec-sources-2.4.26.2.0-r3 (15 Jun 2004) 15 Jun 2004; grsec-sources-2.4.26.2.0-r3.ebuild, files/2.4.26-signal-race.patch: revision bump for security bug 53804 *grsec-sources-2.4.26.2.0-r2 (02 Jun 2004) 02 Jun 2004; grsec-sources-2.4.26.2.0-r1.ebuild, grsec-sources-2.4.26.2.0-r2.ebuild, files/2.4.26-CAN-2004-0394.patch: update to fix format string problem in panic() handler 18 Apr 2004; grsec-sources-2.4.26.2.0.ebuild: upstream fixed an idt_table bug in PaX that effected i386/i586 users without rolling a new patch, so we gentoo fetched new version and bz2 it to avoid md5sum conflicts.. removed old ebuild as well *grsec-sources-2.4.26.2.0 (18 Apr 2004) *grsec-sources-2.4.26.2.0-r1 (18 Apr 2004) 18 Apr 2004; grsec-sources-2.4.24.1.9.13-r1.ebuild, grsec-sources-2.4.24.1.9.13.ebuild, grsec-sources-2.4.25.1.9.14.ebuild, grsec-sources-2.4.25.2.0_rc5.ebuild, grsec-sources-2.4.26.2.0.ebuild, metadata.xml, files/do_brk_fix.patch, files/grsec-sources-2.4.23.CAN-2003-0985.patch, files/grsec-sources-2.4.23.rtc_fix.patch, files/grsec-sources-2.4.24.1.9.13.munmap.patch: grsec2 has gone stable upstream, removing old portage cruft from tree to make life for security@gentoo easier. 11 Mar 2004; grsec-sources-2.4.24.1.9.13-r1.ebuild, grsec-sources-2.4.24.1.9.13.ebuild, grsec-sources-2.4.25.1.9.14.ebuild, grsec-sources-2.4.25.2.0_rc5.ebuild: fix slotting to use KV vs OKV *grsec-sources-2.4.25.1.9.14 (21 Feb 2004) 21 Feb 2004; grsec-sources-2.4.25.1.9.14.ebuild, grsec-sources-2.4.25.2.0_rc5.ebuild: dual headed version bumps to the 2.4.25 series *grsec-sources-2.4.24.1.9.13-r1 (19 Feb 2004) 19 Feb 2004; grsec-sources-2.4.24.1.9.13-r1.ebuild, files/grsec-sources-2.4.24.1.9.13.munmap.patch: Added the patch for the mremap/munmap vulnerability. Bug #42024. *grsec-sources-2.4.24.1.9.13 (11 Jan 2004) 11 Jan 2004; grsec-sources-2.4.24.1.9.13.ebuild, files/2.4.24-x86.config: version bump and a clean up of the src code for dealing with hppa 05 Jan 2004; grsec-sources-2.4.23.1.9.13-r1.ebuild, grsec-sources-2.4.23.2.0_rc4-r1.ebuild, files/grsec-sources-2.4.23.*.patch: Added the 2.4.24 security patches. Please see bugs #37292 and #37317. 05 Jan 2004; grsec-sources-2.4.21.1.9.11.ebuild, grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.1.9.12-r1.ebuild, grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3-r1.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild: Removed old versions of kernels... *grsec-sources-2.4.23.2.0_rc4 (02 Jan 2004) 02 Jan 2004; grsec-sources-2.4.23.2.0_rc4.ebuild: grsecurity II kernel sources version bump 02 Dec 2003; Alexander Gabert grsec-sources-2.4.23.1.9.13.ebuild: Created linux2423grsec1913 patch and added '~hppa' keywords. *grsec-sources-2.4.22.1.9.12-r1 (02 Dec 2003) 02 Dec 2003; Brian Jackson grsec-sources-2.4.22.1.9.12-r1.ebuild, grsec-sources-2.4.22.2.0_rc3-r1.ebuild: Version bump for the 'do_brk' vulnerability. *grsec-sources-2.4.23.1.9.13 (01 Dec 2003) 01 Dec 2003; Brian Jackson grsec-sources-2.4.21.1.9.11.ebuild, grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild, files/do_brk_fix.patch: Fix the 'do_brk' vulnerability. 01 Dec 2003; grsec-sources-2.4.23.1.9.13.ebuild: Performance enhancements, PaX updates including PT_GNU_STACK and PT_GNU_HEAP support, documentation updates, a fix for an initrd problem. 05 Nov 2003; grsec-sources-2.4.21.1.9.11.ebuild, grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild, metadata.xml: Fixed typo pointed out by frogger 17 Sep 2003; Alexander Gabert grsec-sources-2.4.22.1.9.12.ebuild: Added hppa support and custom grsec patch. *grsec-sources-2.4.22.2.0_rc3 (04 Sep 2003) 04 Sep 2003; grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild: Version bumps. *grsec-sources-2.4.21.2.0_rc2 (14 Aug 2003) 14 Aug 2003; grsec-sources-2.4.21.1.9.11.ebuild, grsec-sources-2.4.21.2.0_rc2.ebuild, metadata.xml: Initial import of grsec-sources.