1 |
commit: 37cbbcacda2762cc7a054330ae8df40dd5ec9e62 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Feb 5 16:40:33 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 5 16:40:33 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=37cbbcac |
7 |
|
8 |
Renumbered patches |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 27 +++++++++++-------- |
12 |
... => 4430_grsec-remove-localversion-grsec.patch} | 0 |
13 |
...rnings.patch => 4435_grsec-mute-warnings.patch} | 0 |
14 |
...tch => 4440_grsec-remove-protected-paths.patch} | 0 |
15 |
...ec.patch => 4445_grsec-pax-without-grsec.patch} | 0 |
16 |
...patch => 4450_grsec-kconfig-default-gids.patch} | 0 |
17 |
...entoo.patch => 4455_grsec-kconfig-gentoo.patch} | 0 |
18 |
...er.patch => 4460-grsec-kconfig-proc-user.patch} | 0 |
19 |
...ch => 4465_selinux-avc_audit-log-curr_ip.patch} | 0 |
20 |
...t_vdso.patch => 4470_disable-compat_vdso.patch} | 0 |
21 |
...heck_ssp_fix.patch => 4475_check_ssp_fix.patch} | 0 |
22 |
3.2.4/0000_README | 21 +++++++++------ |
23 |
... => 4430_grsec-remove-localversion-grsec.patch} | 0 |
24 |
...rnings.patch => 4435_grsec-mute-warnings.patch} | 0 |
25 |
...tch => 4440_grsec-remove-protected-paths.patch} | 0 |
26 |
...ec.patch => 4445_grsec-pax-without-grsec.patch} | 0 |
27 |
...patch => 4450_grsec-kconfig-default-gids.patch} | 0 |
28 |
...entoo.patch => 4455_grsec-kconfig-gentoo.patch} | 0 |
29 |
...er.patch => 4460-grsec-kconfig-proc-user.patch} | 0 |
30 |
...ch => 4465_selinux-avc_audit-log-curr_ip.patch} | 0 |
31 |
...t_vdso.patch => 4470_disable-compat_vdso.patch} | 0 |
32 |
21 files changed, 29 insertions(+), 19 deletions(-) |
33 |
|
34 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
35 |
index f0c7190..ecd453e 100644 |
36 |
--- a/2.6.32/0000_README |
37 |
+++ b/2.6.32/0000_README |
38 |
@@ -22,46 +22,51 @@ Patch: 4420_grsecurity-2.2.2-2.6.32.56-201202032051.patch |
39 |
From: http://www.grsecurity.net |
40 |
Desc: hardened-sources base patch from upstream grsecurity |
41 |
|
42 |
-Patch: 4421_grsec-remove-localversion-grsec.patch |
43 |
+Patch: 4430_grsec-remove-localversion-grsec.patch |
44 |
From: Kerin Millar <kerframil@×××××.com> |
45 |
Desc: Removes grsecurity's localversion-grsec file |
46 |
|
47 |
-Patch: 4422_grsec-mute-warnings.patch |
48 |
+Patch: 4435_grsec-mute-warnings.patch |
49 |
From: Alexander Gabert <gaberta@××××××××.de> |
50 |
Gordon Malm <gengor@g.o> |
51 |
Desc: Removes verbose compile warning settings from grsecurity, restores |
52 |
mainline Linux kernel behavior |
53 |
|
54 |
-Patch: 4423_grsec-remove-protected-paths.patch |
55 |
+Patch: 4440_grsec-remove-protected-paths.patch |
56 |
From: Anthony G. Basile <blueness@g.o> |
57 |
Desc: Removes chmod statements from grsecurity/Makefile |
58 |
|
59 |
-Patch: 4425_grsec-pax-without-grsec.patch |
60 |
+Patch: 4445_grsec-pax-without-grsec.patch |
61 |
From: Gordon Malm <gengor@g.o> |
62 |
Desc: Allows PaX features to be selected without enabling GRKERNSEC |
63 |
|
64 |
-Patch: 4430_grsec-kconfig-default-gids.patch |
65 |
+Patch: 4450_grsec-kconfig-default-gids.patch |
66 |
From: Kerin Millar <kerframil@×××××.com> |
67 |
Desc: Sets sane(r) default GIDs on various grsecurity group-dependent |
68 |
features |
69 |
|
70 |
-Patch: 4435_grsec-kconfig-gentoo.patch |
71 |
+Patch: 4455_grsec-kconfig-gentoo.patch |
72 |
From: Gordon Malm <gengor@g.o> |
73 |
Kerin Millar <kerframil@×××××.com> |
74 |
Anthony G. Basile <blueness@g.o> |
75 |
-Desc: Adds Hardened Gentoo [server/workstation/virtualization] security levels, |
76 |
- sets Hardened Gentoo [workstation] as default |
77 |
+Desc: Adds Hardened Gentoo [server/workstation/virtualization] security |
78 |
+ levels, sets Hardened Gentoo [workstation] as default |
79 |
|
80 |
-Patch: 4440_selinux-avc_audit-log-curr_ip.patch |
81 |
+Patch: 4460-grsec-kconfig-proc-user.patch |
82 |
+From: Anthony G. Basile <blueness@g.o> |
83 |
+Desc: Make GRKERNSEC_PROC_USER, and GRKERNSEC_PROC_USERGROUP mutually |
84 |
+ exclusive to avoid bug #366019. |
85 |
+ |
86 |
+Patch: 4465_selinux-avc_audit-log-curr_ip.patch |
87 |
From: Gordon Malm <gengor@g.o> |
88 |
Anthony G. Basile <blueness@g.o> |
89 |
Desc: Configurable option to add src IP address to SELinux log messages |
90 |
|
91 |
-Patch: 4445_disable-compat_vdso.patch |
92 |
+Patch: 4470_disable-compat_vdso.patch |
93 |
From: Gordon Malm <gengor@g.o> |
94 |
Kerin Millar <kerframil@×××××.com> |
95 |
Desc: Disables VDSO_COMPAT operation completely |
96 |
|
97 |
-Patch: 4450_check_ssp_fix.patch |
98 |
+Patch: 4475_check_ssp_fix.patch |
99 |
From: Magnus Granberg <zorry@g.o> |
100 |
Desc: Fixes kernel check script for ssp |
101 |
|
102 |
diff --git a/2.6.32/4421_grsec-remove-localversion-grsec.patch b/2.6.32/4430_grsec-remove-localversion-grsec.patch |
103 |
similarity index 100% |
104 |
rename from 2.6.32/4421_grsec-remove-localversion-grsec.patch |
105 |
rename to 2.6.32/4430_grsec-remove-localversion-grsec.patch |
106 |
|
107 |
diff --git a/2.6.32/4422_grsec-mute-warnings.patch b/2.6.32/4435_grsec-mute-warnings.patch |
108 |
similarity index 100% |
109 |
rename from 2.6.32/4422_grsec-mute-warnings.patch |
110 |
rename to 2.6.32/4435_grsec-mute-warnings.patch |
111 |
|
112 |
diff --git a/2.6.32/4423_grsec-remove-protected-paths.patch b/2.6.32/4440_grsec-remove-protected-paths.patch |
113 |
similarity index 100% |
114 |
rename from 2.6.32/4423_grsec-remove-protected-paths.patch |
115 |
rename to 2.6.32/4440_grsec-remove-protected-paths.patch |
116 |
|
117 |
diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4445_grsec-pax-without-grsec.patch |
118 |
similarity index 100% |
119 |
rename from 2.6.32/4425_grsec-pax-without-grsec.patch |
120 |
rename to 2.6.32/4445_grsec-pax-without-grsec.patch |
121 |
|
122 |
diff --git a/2.6.32/4430_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch |
123 |
similarity index 100% |
124 |
rename from 2.6.32/4430_grsec-kconfig-default-gids.patch |
125 |
rename to 2.6.32/4450_grsec-kconfig-default-gids.patch |
126 |
|
127 |
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch |
128 |
similarity index 100% |
129 |
rename from 2.6.32/4435_grsec-kconfig-gentoo.patch |
130 |
rename to 2.6.32/4455_grsec-kconfig-gentoo.patch |
131 |
|
132 |
diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4460-grsec-kconfig-proc-user.patch |
133 |
similarity index 100% |
134 |
rename from 2.6.32/4437-grsec-kconfig-proc-user.patch |
135 |
rename to 2.6.32/4460-grsec-kconfig-proc-user.patch |
136 |
|
137 |
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch |
138 |
similarity index 100% |
139 |
rename from 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch |
140 |
rename to 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch |
141 |
|
142 |
diff --git a/2.6.32/4445_disable-compat_vdso.patch b/2.6.32/4470_disable-compat_vdso.patch |
143 |
similarity index 100% |
144 |
rename from 2.6.32/4445_disable-compat_vdso.patch |
145 |
rename to 2.6.32/4470_disable-compat_vdso.patch |
146 |
|
147 |
diff --git a/2.6.32/4450_check_ssp_fix.patch b/2.6.32/4475_check_ssp_fix.patch |
148 |
similarity index 100% |
149 |
rename from 2.6.32/4450_check_ssp_fix.patch |
150 |
rename to 2.6.32/4475_check_ssp_fix.patch |
151 |
|
152 |
diff --git a/3.2.4/0000_README b/3.2.4/0000_README |
153 |
index 97fce67..ce0507d 100644 |
154 |
--- a/3.2.4/0000_README |
155 |
+++ b/3.2.4/0000_README |
156 |
@@ -14,42 +14,47 @@ Patch: 4420_grsecurity-2.2.2-3.2.4-201202032052.patch |
157 |
From: http://www.grsecurity.net |
158 |
Desc: hardened-sources base patch from upstream grsecurity |
159 |
|
160 |
-Patch: 4421_grsec-remove-localversion-grsec.patch |
161 |
+Patch: 4430_grsec-remove-localversion-grsec.patch |
162 |
From: Kerin Millar <kerframil@×××××.com> |
163 |
Desc: Removes grsecurity's localversion-grsec file |
164 |
|
165 |
-Patch: 4422_grsec-mute-warnings.patch |
166 |
+Patch: 4435_grsec-mute-warnings.patch |
167 |
From: Alexander Gabert <gaberta@××××××××.de> |
168 |
Gordon Malm <gengor@g.o> |
169 |
Desc: Removes verbose compile warning settings from grsecurity, restores |
170 |
mainline Linux kernel behavior |
171 |
|
172 |
-Patch: 4423_grsec-remove-protected-paths.patch |
173 |
+Patch: 4440_grsec-remove-protected-paths.patch |
174 |
From: Anthony G. Basile <blueness@g.o> |
175 |
Desc: Removes chmod statements from grsecurity/Makefile |
176 |
|
177 |
-Patch: 4425_grsec-pax-without-grsec.patch |
178 |
+Patch: 4445_grsec-pax-without-grsec.patch |
179 |
From: Gordon Malm <gengor@g.o> |
180 |
Desc: Allows PaX features to be selected without enabling GRKERNSEC |
181 |
|
182 |
-Patch: 4430_grsec-kconfig-default-gids.patch |
183 |
+Patch: 4450_grsec-kconfig-default-gids.patch |
184 |
From: Kerin Millar <kerframil@×××××.com> |
185 |
Desc: Sets sane(r) default GIDs on various grsecurity group-dependent |
186 |
features |
187 |
|
188 |
-Patch: 4435_grsec-kconfig-gentoo.patch |
189 |
+Patch: 4455_grsec-kconfig-gentoo.patch |
190 |
From: Gordon Malm <gengor@g.o> |
191 |
Kerin Millar <kerframil@×××××.com> |
192 |
Anthony G. Basile <blueness@g.o> |
193 |
Desc: Adds Hardened Gentoo [server/workstation/virtualization] security levels, |
194 |
sets Hardened Gentoo [workstation] as default |
195 |
|
196 |
-Patch: 4440_selinux-avc_audit-log-curr_ip.patch |
197 |
+Patch: 4460-grsec-kconfig-proc-user.patch |
198 |
+From: Anthony G. Basile <blueness@g.o> |
199 |
+Desc: Make GRKERNSEC_PROC_USER, and GRKERNSEC_PROC_USERGROUP mutually |
200 |
+ exclusive to avoid bug #366019. |
201 |
+ |
202 |
+Patch: 4465_selinux-avc_audit-log-curr_ip.patch |
203 |
From: Gordon Malm <gengor@g.o> |
204 |
Anthony G. Basile <blueness@g.o> |
205 |
Desc: Configurable option to add src IP address to SELinux log messages |
206 |
|
207 |
-Patch: 4445_disable-compat_vdso.patch |
208 |
+Patch: 4470_disable-compat_vdso.patch |
209 |
From: Gordon Malm <gengor@g.o> |
210 |
Kerin Millar <kerframil@×××××.com> |
211 |
Desc: Disables VDSO_COMPAT operation completely |
212 |
|
213 |
diff --git a/3.2.4/4421_grsec-remove-localversion-grsec.patch b/3.2.4/4430_grsec-remove-localversion-grsec.patch |
214 |
similarity index 100% |
215 |
rename from 3.2.4/4421_grsec-remove-localversion-grsec.patch |
216 |
rename to 3.2.4/4430_grsec-remove-localversion-grsec.patch |
217 |
|
218 |
diff --git a/3.2.4/4422_grsec-mute-warnings.patch b/3.2.4/4435_grsec-mute-warnings.patch |
219 |
similarity index 100% |
220 |
rename from 3.2.4/4422_grsec-mute-warnings.patch |
221 |
rename to 3.2.4/4435_grsec-mute-warnings.patch |
222 |
|
223 |
diff --git a/3.2.4/4423_grsec-remove-protected-paths.patch b/3.2.4/4440_grsec-remove-protected-paths.patch |
224 |
similarity index 100% |
225 |
rename from 3.2.4/4423_grsec-remove-protected-paths.patch |
226 |
rename to 3.2.4/4440_grsec-remove-protected-paths.patch |
227 |
|
228 |
diff --git a/3.2.4/4425_grsec-pax-without-grsec.patch b/3.2.4/4445_grsec-pax-without-grsec.patch |
229 |
similarity index 100% |
230 |
rename from 3.2.4/4425_grsec-pax-without-grsec.patch |
231 |
rename to 3.2.4/4445_grsec-pax-without-grsec.patch |
232 |
|
233 |
diff --git a/3.2.4/4430_grsec-kconfig-default-gids.patch b/3.2.4/4450_grsec-kconfig-default-gids.patch |
234 |
similarity index 100% |
235 |
rename from 3.2.4/4430_grsec-kconfig-default-gids.patch |
236 |
rename to 3.2.4/4450_grsec-kconfig-default-gids.patch |
237 |
|
238 |
diff --git a/3.2.4/4435_grsec-kconfig-gentoo.patch b/3.2.4/4455_grsec-kconfig-gentoo.patch |
239 |
similarity index 100% |
240 |
rename from 3.2.4/4435_grsec-kconfig-gentoo.patch |
241 |
rename to 3.2.4/4455_grsec-kconfig-gentoo.patch |
242 |
|
243 |
diff --git a/3.2.4/4437-grsec-kconfig-proc-user.patch b/3.2.4/4460-grsec-kconfig-proc-user.patch |
244 |
similarity index 100% |
245 |
rename from 3.2.4/4437-grsec-kconfig-proc-user.patch |
246 |
rename to 3.2.4/4460-grsec-kconfig-proc-user.patch |
247 |
|
248 |
diff --git a/3.2.4/4440_selinux-avc_audit-log-curr_ip.patch b/3.2.4/4465_selinux-avc_audit-log-curr_ip.patch |
249 |
similarity index 100% |
250 |
rename from 3.2.4/4440_selinux-avc_audit-log-curr_ip.patch |
251 |
rename to 3.2.4/4465_selinux-avc_audit-log-curr_ip.patch |
252 |
|
253 |
diff --git a/3.2.4/4445_disable-compat_vdso.patch b/3.2.4/4470_disable-compat_vdso.patch |
254 |
similarity index 100% |
255 |
rename from 3.2.4/4445_disable-compat_vdso.patch |
256 |
rename to 3.2.4/4470_disable-compat_vdso.patch |