Gentoo Archives: gentoo-kernel

From: Ned Ludd <solar@g.o>
To: gentoo-kernel@l.g.o
Subject: Re: [gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released
Date: Wed, 16 Aug 2006 20:44:24
Message-Id: 1155760989.24186.8.camel@localhost
In Reply to: Re: [gentoo-kernel] [ANNOUNCE] hardened-patches-2.6.17-1 Released by Christian Heim
On Wed, 2006-08-16 at 21:55 +0200, Christian Heim wrote:
> On Wednesday 16 August 2006 21:08, Christian Heim wrote: > > This is an automated email to say that hardened-patches-2.6.17-1 > > has just been released. > > > > You can find a shortlog, broken out patches and release tarballs at: > > http://dev.gentoo.org/~phreak/ > > Hrm, seems like the script needs some work ... that should have been: > > You can find a shortlog, broken out patches and release tarballs at: > > http://dev.gentoo.org/~phreak/hardened-sources/ > > > > > Changes since 2.6.17- are as follows: > Changes since 2.6.16-8 are as follows: > > r597 (phreak): > M /hardened/2.6/.release > > Updating the .release file > > r592 (phreak): > A /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17-2006080121035.patch > D /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-2006080121035.patch > > Dropping the EXTRAVERSION from the patchname. > > r591 (phreak): > M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch > > Hrm, missed a '0' after renaming the patch. > > r590 (phreak): > M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch > > Updating the headers > > r581 (phreak): > M /hardened/2.6/trunk/2.6.17/4450_grsec-2.1.9-2.6.17.7-200608012135.patch > > Removing the localversion-grsec for real! > > r580 (phreak): > M /hardened/2.6/trunk/2.6.17/4455_linux-2.6.16-reslog.patch
Just talked with spender and he already pushed this patch but in a slightly diff way. notice in hunk #3 int grsec_resource_logging; int grsec_lock; +int grsec_resource_logging; The addition of this patch adds the symbol a second time. And in hunk #4 we would end up with 2 sysctl entries. #ifdef CONFIG_GRKERNSEC_RESLOG grsec_resource_logging = 1; #endif +#ifdef CONFIG_GRKERNSEC_RELOG + grsec_resource_logging = 1; +#endif So... This extra patch can simply be dropped. The systrace stuff can also be dropped as it's known to open holes where no holes existed before. -- Ned Ludd <solar@g.o> Gentoo Linux -- gentoo-kernel@g.o mailing list