[gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released

[gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released

[Christian Heim]

This is an automated email to say that hardened-patches-2.6.17-1
has just been released.

You can find a shortlog, broken out patches and release tarballs at:
http://dev.gentoo.org/~phreak/

Changes since 2.6.17- are as follows:
Initial Import
-- 
gentoo-kernel@gentoo.org mailing list

Re: [gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released

[Christian Heim]

[-- Attachment #1: Type: text/plain, Size: 4304 bytes --]

On Wednesday 16 August 2006 21:08, Christian Heim wrote:
> This is an automated email to say that hardened-patches-2.6.17-1
> has just been released.
>
> You can find a shortlog, broken out patches and release tarballs at:
> http://dev.gentoo.org/~phreak/

Hrm, seems like the script needs some work ... that should have been:
> You can find a shortlog, broken out patches and release tarballs at:
> http://dev.gentoo.org/~phreak/hardened-sources/

>
> Changes since 2.6.17- are as follows:
Changes since 2.6.16-8 are as follows:

r597 (phreak):
  M /hardened/2.6/.release

Updating the .release file

r592 (phreak):
  A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17-2006080121035.patch
  D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-2006080121035.patch

Dropping the EXTRAVERSION from the patchname.

r591 (phreak):
  M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch

Hrm, missed a '0' after renaming the patch.

r590 (phreak):
  M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch

Updating the headers

r581 (phreak):
   M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch

Removing the localversion-grsec for real!

r580 (phreak):
  M /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch

Fixing 4455_linux-2.6.16-reslog.patch to compile with 2.6.17 w/ grsec-2.1.9

r579 (phreak):
  M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch

Removing localversion-grsec from 4450_grsec-2.1.9-2.6.17.7-200608012135.patch; 
Fixing some leading/trainling whitespaces

r578 (phreak):
   D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200607261817.patch
   A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch

Once again updating the grsec patch

r572 (phreak);
   D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607120947.patch
   A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200607261817.patch

Updating the grsecurity patch; Importing the new upstream version 200607261817

r559 (johnm):
   A /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
   D /hardened/2.6/trunk/2.6.17/4455_linux-2.6.17-reslog.patch

redo reslog

r556 (phreak):
   D /hardened/2.6/trunk/2.6.17/6001_systrace-2.6.16.patch
   A /hardened/2.6/trunk/2.6.17/6001_systrace-2.6.17.patch 

Hrm, we're at 2.6.17 now

r555 (phreak):
   M /hardened/2.6/trunk/2.6.17/6001_systrace-2.6.16.patch

Fixing remaining reject in 6001_systrace-2.6.16.patch, thanks dragonheart for 
the headsup

r543 (phreak):
   D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607081115.patch
   A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607120947.patch

Bumping grsecurity patch; Fixing my booting issues

r542 (phreak):
  D /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
  A /hardened/2.6/trunk/2.6.17/4455_linux-2.6.17-reslog.patch

Renaming patch (this is 2.6.17) and making it apply against 2.6.17

r541 (phreak):
   D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.16.19-200606041421.patch
   A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607081115.patch

New upstream grsec version against 2.6.17.4

r540 (phreak):
   D /hardened/2.6/trunk/2.6.17/4110_promise-pdc2037x.patch
   A /hardened/2.6/trunk/2.6.17/4135_promise-pdc2037x.patch

Renaming patch (according to the 0000_README) and making it apply against 
2.6.17

r539 (phreak):
   M /hardened/2.6/trunk/2.6.17/4000_deprecate-sk98lin.patch
   M /hardened/2.6/trunk/2.6.17/4105_dm-bbr.patch
   M /hardened/2.6/trunk/2.6.17/4300_squashfs-3.0.patch
   M /hardened/2.6/trunk/2.6.17/4452_alpha-sysctl-uac-jm.patch
   M /hardened/2.6/trunk/2.6.17/4453_selinux-avc_audit-log-curr_ip-grsec.patch
   M /hardened/2.6/trunk/2.6.17/4454_pax_curr_ip-fixes.patch

Updating to apply against 2.6.17.4

r538 (phreak):
   A /hardened/2.6/trunk/2.6.17 (from /hardened/2.6/trunk/2.6.16:537)
   D /hardened/2.6/trunk/2.6.17/4100_libata-enable-atapi.patch

Removing 4100_libata-enable-atapi.patch, no longer needed in 2.6.17
-- 
Christian Heim <phreak at gentoo.org>
GPG: 9A9F68E6 / AEC4 87B8 32B8 4922 B3A9  DF79 CAE3 556F 9A9F 68E6

Your friendly mobile/kernel/vserver/openvz monkey

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released

[Ned Ludd]

Any chance you could change the font size probably in your .htaccess
file? I've got to do a text zoom of 150% to be able to read the 
text in your ~/

http://dev.gentoo.org/~phreak/hardened-sources/broken-out/2.6.17-1/



On Wed, 2006-08-16 at 21:55 +0200, Christian Heim wrote:
> On Wednesday 16 August 2006 21:08, Christian Heim wrote:
> > This is an automated email to say that hardened-patches-2.6.17-1
> > has just been released.
> >
> > You can find a shortlog, broken out patches and release tarballs at:
> > http://dev.gentoo.org/~phreak/
> 
> Hrm, seems like the script needs some work ... that should have been:
> > You can find a shortlog, broken out patches and release tarballs at:
> > http://dev.gentoo.org/~phreak/hardened-sources/
> 
> >
> > Changes since 2.6.17- are as follows:
> Changes since 2.6.16-8 are as follows:
> 
> r597 (phreak):
>   M /hardened/2.6/.release
> 
> Updating the .release file
> 
> r592 (phreak):
>   A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17-2006080121035.patch
>   D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-2006080121035.patch
> 
> Dropping the EXTRAVERSION from the patchname.
> 
> r591 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Hrm, missed a '0' after renaming the patch.
> 
> r590 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Updating the headers
> 
> r581 (phreak):
>    M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Removing the localversion-grsec for real!
> 
> r580 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
> 
> Fixing 4455_linux-2.6.16-reslog.patch to compile with 2.6.17 w/ grsec-2.1.9
> 
> r579 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Removing localversion-grsec from 4450_grsec-2.1.9-2.6.17.7-200608012135.patch; 
> Fixing some leading/trainling whitespaces
> 
> r578 (phreak):
>    D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200607261817.patch
>    A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Once again updating the grsec patch
> 
> r572 (phreak);
>    D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607120947.patch
>    A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200607261817.patch
> 
> Updating the grsecurity patch; Importing the new upstream version 200607261817
> 
> r559 (johnm):
>    A /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
>    D /hardened/2.6/trunk/2.6.17/4455_linux-2.6.17-reslog.patch
> 
> redo reslog
> 
> r556 (phreak):
>    D /hardened/2.6/trunk/2.6.17/6001_systrace-2.6.16.patch
>    A /hardened/2.6/trunk/2.6.17/6001_systrace-2.6.17.patch 
> 
> Hrm, we're at 2.6.17 now
> 
> r555 (phreak):
>    M /hardened/2.6/trunk/2.6.17/6001_systrace-2.6.16.patch
> 
> Fixing remaining reject in 6001_systrace-2.6.16.patch, thanks dragonheart for 
> the headsup
> 
> r543 (phreak):
>    D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607081115.patch
>    A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607120947.patch
> 
> Bumping grsecurity patch; Fixing my booting issues
> 
> r542 (phreak):
>   D /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
>   A /hardened/2.6/trunk/2.6.17/4455_linux-2.6.17-reslog.patch
> 
> Renaming patch (this is 2.6.17) and making it apply against 2.6.17
> 
> r541 (phreak):
>    D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.16.19-200606041421.patch
>    A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.4-200607081115.patch
> 
> New upstream grsec version against 2.6.17.4
> 
> r540 (phreak):
>    D /hardened/2.6/trunk/2.6.17/4110_promise-pdc2037x.patch
>    A /hardened/2.6/trunk/2.6.17/4135_promise-pdc2037x.patch
> 
> Renaming patch (according to the 0000_README) and making it apply against 
> 2.6.17
> 
> r539 (phreak):
>    M /hardened/2.6/trunk/2.6.17/4000_deprecate-sk98lin.patch
>    M /hardened/2.6/trunk/2.6.17/4105_dm-bbr.patch
>    M /hardened/2.6/trunk/2.6.17/4300_squashfs-3.0.patch
>    M /hardened/2.6/trunk/2.6.17/4452_alpha-sysctl-uac-jm.patch
>    M /hardened/2.6/trunk/2.6.17/4453_selinux-avc_audit-log-curr_ip-grsec.patch
>    M /hardened/2.6/trunk/2.6.17/4454_pax_curr_ip-fixes.patch
> 
> Updating to apply against 2.6.17.4
> 
> r538 (phreak):
>    A /hardened/2.6/trunk/2.6.17 (from /hardened/2.6/trunk/2.6.16:537)
>    D /hardened/2.6/trunk/2.6.17/4100_libata-enable-atapi.patch
> 
> Removing 4100_libata-enable-atapi.patch, no longer needed in 2.6.17
> -- 
> Christian Heim <phreak at gentoo.org>
> GPG: 9A9F68E6 / AEC4 87B8 32B8 4922 B3A9  DF79 CAE3 556F 9A9F 68E6
> 
> Your friendly mobile/kernel/vserver/openvz monkey
-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux

-- 
gentoo-kernel@gentoo.org mailing list

Re: [gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released

[Ned Ludd]

On Wed, 2006-08-16 at 21:55 +0200, Christian Heim wrote:
> On Wednesday 16 August 2006 21:08, Christian Heim wrote:
> > This is an automated email to say that hardened-patches-2.6.17-1
> > has just been released.
> >
> > You can find a shortlog, broken out patches and release tarballs at:
> > http://dev.gentoo.org/~phreak/
> 
> Hrm, seems like the script needs some work ... that should have been:
> > You can find a shortlog, broken out patches and release tarballs at:
> > http://dev.gentoo.org/~phreak/hardened-sources/
> 
> >
> > Changes since 2.6.17- are as follows:
> Changes since 2.6.16-8 are as follows:
> 
> r597 (phreak):
>   M /hardened/2.6/.release
> 
> Updating the .release file
> 
> r592 (phreak):
>   A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17-2006080121035.patch
>   D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-2006080121035.patch
> 
> Dropping the EXTRAVERSION from the patchname.
> 
> r591 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Hrm, missed a '0' after renaming the patch.
> 
> r590 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Updating the headers
> 
> r581 (phreak):
>    M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch
> 
> Removing the localversion-grsec for real!
> 
> r580 (phreak):
>   M /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch

Just talked with spender and he already pushed this patch 
but in a slightly diff way.

notice in hunk #3

int grsec_resource_logging; 
 int grsec_lock;
+int grsec_resource_logging;

The addition of this patch adds the symbol a second time.
And in hunk #4 we would end up with 2 sysctl entries.

#ifdef CONFIG_GRKERNSEC_RESLOG 
        grsec_resource_logging = 1;
 #endif
+#ifdef CONFIG_GRKERNSEC_RELOG
+       grsec_resource_logging = 1;
+#endif


So... This extra patch can simply be dropped.


The systrace stuff can also be dropped as it's known to 
open holes where no holes existed before.


-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux

-- 
gentoo-kernel@gentoo.org mailing list