diff options
author | Ned Ludd <solar@gentoo.org> | 2005-08-05 22:44:33 +0000 |
---|---|---|
committer | Ned Ludd <solar@gentoo.org> | 2005-08-05 22:44:33 +0000 |
commit | d2f844b670153533a2020040fa93569714e0c3ae (patch) | |
tree | 2ef16af58807ed4ed75770dcd826a2f3f7311314 /sys-kernel | |
parent | Merge soft-float support by Yuri Vasilevski #75585. (diff) | |
download | historical-d2f844b670153533a2020040fa93569714e0c3ae.tar.gz historical-d2f844b670153533a2020040fa93569714e0c3ae.tar.bz2 historical-d2f844b670153533a2020040fa93569714e0c3ae.zip |
- removing obsolete package from the tree. bug 101437
Diffstat (limited to 'sys-kernel')
-rw-r--r-- | sys-kernel/grsec-sources/ChangeLog | 305 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/Manifest | 19 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/2.4.24-x86.config | 107 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/CAN-2004-1056.patch | 321 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.30.2.1.5 | 3 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/linux-2.4.28-random-poolsize.patch | 12 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/metadata.xml | 14 |
7 files changed, 0 insertions, 781 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog deleted file mode 100644 index 1d6efbb98c2b..000000000000 --- a/sys-kernel/grsec-sources/ChangeLog +++ /dev/null @@ -1,305 +0,0 @@ -# ChangeLog for sys-kernel/grsec-sources -# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.55 2005/04/29 12:36:37 solar Exp $ - - 29 Apr 2005; <solar@gentoo.org> -files/2.4.26-CAN-2004-0394.patch, - -files/2.4.27-cmdline-race.patch, -files/2.4.28-binfmt_a.out.patch, - -files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch, - -files/2.4.28-uselib4pax.patch, -files/2.4.29-CAN-2005-0001.patch, - -files/CAN-2004-1016.patch, -files/CAN-2004-1074.patch, - -files/CAN-2004-1335.patch, -files/gentoo-sources-2.4.CAN-2004-1137.patch, - -grsec-sources-2.4.29.2.1.3.ebuild, -grsec-sources-2.4.29.2.1.4.ebuild: - - ebuild and filesdir cleanup. This is the last planned grsec-sources, see - http://marc.theaimsgroup.com/?l=gentoo-hardened&m=111419177808622&w=2 for more - info - - 28 Apr 2005; Gustavo Zacarias <gustavoz@gentoo.org> - grsec-sources-2.4.30.2.1.5.ebuild: - Sparc stable - - 22 Apr 2005; <solar@gentoo.org> grsec-sources-2.4.30.2.1.5.ebuild: - - stable x86 - -*grsec-sources-2.4.30.2.1.5 (12 Apr 2005) - - 12 Apr 2005; <solar@gentoo.org> -grsec-sources-2.4.28.2.1.0-r3.ebuild, - grsec-sources-2.4.29.2.1.3.ebuild, grsec-sources-2.4.29.2.1.4.ebuild, - +grsec-sources-2.4.30.2.1.5.ebuild: - - version bump. added CPV/MYPV to every ebuild now due to k2 changes - -*grsec-sources-2.4.29.2.1.4 (23 Mar 2005) - - 23 Mar 2005; <solar@gentoo.org> +grsec-sources-2.4.29.2.1.4.ebuild: - - minor version bump - - 11 Mar 2005; <solar@gentoo.org> grsec-sources-2.4.29.2.1.3.ebuild: - - marking 2.1.3 stable for all supporting arches - -*grsec-sources-2.4.29.2.1.3 (07 Mar 2005) - - 07 Mar 2005; <solar@gentoo.org> +grsec-sources-2.4.29.2.1.3.ebuild: - - version bump grsec to 2.4.29.2.1.3 to fix bug in RBAC system - -*grsec-sources-2.4.28.2.1.0-r3 (05 Mar 2005) - - 05 Mar 2005; <solar@gentoo.org> - +files/2.4.28-grsec-2.1.0-pax-mmap-pgtables.patch, - -grsec-sources-2.4.28.2.0.2-r3.ebuild, - -grsec-sources-2.4.28.2.1.0-r1.ebuild, - -grsec-sources-2.4.28.2.1.0-r2.ebuild, - +grsec-sources-2.4.28.2.1.0-r3.ebuild, -grsec-sources-2.4.28.2.1.0.ebuild: - - security bump for SEGMEXEC/RANDEXEC handling - -*grsec-sources-2.4.28.2.1.0-r2 (04 Feb 2005) - - 04 Feb 2005; <solar@gentoo.org> +files/CAN-2004-1335.patch, - grsec-sources-2.4.28.2.1.0-r1.ebuild, +grsec-sources-2.4.28.2.1.0-r2.ebuild: - - rev bump for CAN-2004-1335 - -*grsec-sources-2.4.28.2.1.0-r1 (18 Jan 2005) - - 18 Jan 2005; <solar@gentoo.org> +files/2.4.29-CAN-2005-0001.patch, - -grsec-sources-2.4.28.2.0.2-r1.ebuild, - -grsec-sources-2.4.28.2.0.2-r2.ebuild, - +grsec-sources-2.4.28.2.1.0-r1.ebuild: - - version bump for security bug #77666 and removed some older unneeded ebuilds. - - 11 Jan 2005; <solar@gentoo.org> grsec-sources-2.4.28.2.1.0.ebuild: - - marking grsec-sources stable - - 09 Jan 2005; <solar@gentoo.org> grsec-sources-2.4.28.2.1.0.ebuild: - - removing masking and put ebuild in ~arch - - 08 Jan 2005; <solar@gentoo.org> +files/2.4.28-uselib4pax.patch, - +files/gentoo-sources-2.4.CAN-2004-1137.patch, - grsec-sources-2.4.28.2.1.0.ebuild: - - Adds CAN-2004-1137.patch. - - Adds 2.4.x uselib patch with extra semaphore locking for PaX enabled kernels. - - Adds back 2.4.27-cmdline-race.patch. - - 08 Jan 2005; <solar@gentoo.org> : - - digest update from plasmaroo for new CAN-2004-0814 patch - -*grsec-sources-2.4.28.2.1.0 (08 Jan 2005) - - 08 Jan 2005; <solar@gentoo.org> +files/linux-2.4.28-random-poolsize.patch, - +grsec-sources-2.4.28.2.1.0.ebuild: - - Added patch that fixes CAN-2004-0814 - Linux terminal layer races. - - Added random poolsize from Brad Spengler. (CAN pending?) - -*grsec-sources-2.4.28.2.0.2-r3 (25 Dec 2004) - - 25 Dec 2004; <plasmaroo@gentoo.org> +grsec-sources-2.4.28.2.0.2-r3.ebuild, - +files/CAN-2004-1056.patch, +files/CAN-2004-1074.patch: - Security bump for bugs #72452 and #74464; please thank tocharian for the - ebuild. - -*grsec-sources-2.4.28.2.0.2-r2 (15 Dec 2004) - - 15 Dec 2004; <solar@gentoo.org> +files/CAN-2004-1016.patch, - -grsec-sources-2.4.27.2.0.1-r4.ebuild, - +grsec-sources-2.4.28.2.0.2-r2.ebuild, -grsec-sources-2.4.28.2.0.2.ebuild: - - local kernel DoS CAN-2004-1016 - -*grsec-sources-2.4.28.2.0.2-r1 (13 Dec 2004) - - 13 Dec 2004; <solar@gentoo.org> metadata.xml, - +files/2.4.28-binfmt_a.out.patch, +grsec-sources-2.4.28.2.0.2-r1.ebuild: - - update from tocharian, adds binfmt_aout patch back to 2.4.28 - - 26 Nov 2004; Daniel Drake <dsd@gentoo.org> - -files/2.4.26-pax-binfmt_elf-page-size.patch, - -files/2.4.26-signal-race.patch, - -files/gentoo-sources-2.4.CAN-2004-0495.patch, - -files/gentoo-sources-2.4.CAN-2004-0535.patch, - -files/openmosix-sources.CAN-2004-0497.patch, - grsec-sources-2.4.27.2.0.1-r4.ebuild, grsec-sources-2.4.28.2.0.2.ebuild: - Convert to kernel-2. Clean up. - - 24 Nov 2004; <solar@gentoo.org> : - redigest - -*grsec-sources-2.4.28.2.0.2 (23 Nov 2004) - - 23 Nov 2004; <solar@gentoo.org> +grsec-sources-2.4.28.2.0.2.ebuild: - security bump - Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification - Vulnerability. http://www.securityfocus.com/bid/11715 - -*grsec-sources-2.4.27.2.0.1-r4 (17 Nov 2004) - - 17 Nov 2004; <solar@gentoo.org> -grsec-sources-2.4.27.2.0.1-r2.ebuild, - -grsec-sources-2.4.27.2.0.1-r3.ebuild, - +grsec-sources-2.4.27.2.0.1-r4.ebuild: - last fixes before 2.4.28 - fixes binfmt_elf+JJ and fixes binfmt_aout - -*grsec-sources-2.4.27.2.0.1-r3 (11 Nov 2004) - - 11 Nov 2004; <solar@gentoo.org> +grsec-sources-2.4.27.2.0.1-r3.ebuild: - security bump again fixes tty io DoS - CAN-2004-0814 and binfmt_elf (CAN-???) - -*grsec-sources-2.4.27.2.0.1-r2 (10 Nov 2004) - - 10 Nov 2004; <solar@gentoo.org> -grsec-sources-2.4.26.2.0-r7.ebuild, - -grsec-sources-2.4.27.2.0.1-r1.ebuild, - +grsec-sources-2.4.27.2.0.1-r2.ebuild, -grsec-sources-2.4.27.2.0.1.ebuild: - fix for remote denial-of-service in nfs3 xdr handling code. bug #62524 - -*grsec-sources-2.4.27.2.0.1-r1 (09 Aug 2004) - - 09 Aug 2004; <solar@gentoo.org> grsec-sources-2.4.27.2.0.1-r1.ebuild, - files/2.4.27-cmdline-race.patch: - Potential security issue in /proc/cmdline bug 59905 - -*grsec-sources-2.4.27.2.0.1 (08 Aug 2004) - - 08 Aug 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r3.ebuild, - grsec-sources-2.4.26.2.0-r4.ebuild, grsec-sources-2.4.26.2.0-r5.ebuild, - grsec-sources-2.4.26.2.0-r6.ebuild, grsec-sources-2.4.27.2.0.1.ebuild, - files/2.4.26-i2cproc_bus_read.patch: - version bump. Removed all older versions - -*grsec-sources-2.4.26.2.0-r7 (04 Aug 2004) - - 04 Aug 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r7.ebuild: - security bump - file offset pointer handling vulnerability - bug 59378 - - 11 Jul 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r6.ebuild, - files/2.4.26-fchown-attr.patch, files/openmosix-sources.CAN-2004-0497.patch: - using openmosix-sources.CAN-2004-0497.patch vs the 2.4.26-fchown-attr.patch - -*grsec-sources-2.4.26.2.0-r6 (11 Jul 2004) - - 11 Jul 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r6.ebuild, - files/2.4.26-fchown-attr.patch: - added modified security patch from bug 56479 - -*grsec-sources-2.4.26.2.0-r5 (26 Jun 2004) - - 26 Jun 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r5.ebuild, - files/gentoo-sources-2.4.CAN-2004-0495.patch, - files/gentoo-sources-2.4.CAN-2004-0535.patch: - Privilege escalation bugs revealed by Sparse tool. bug 54976 - - 17 Jun 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r4.ebuild: - #commented out the i2c-proc_bus_read.patch as it's unneeded as pointed out in - the bug. - -*grsec-sources-2.4.26.2.0-r4 (17 Jun 2004) - - 17 Jun 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r2.ebuild, - grsec-sources-2.4.26.2.0-r4.ebuild, files/2.4.26-i2cproc_bus_read.patch, - files/2.4.26-pax-binfmt_elf-page-size.patch: - fix i2c integer overflow vulnerability during the allocation of memory. bug - #54164. PaX force randomization to always at least PAGE_SIZE big. Allows glibc - to be compiled with binutils-2.15 and USE=hardened - -*grsec-sources-2.4.26.2.0-r3 (15 Jun 2004) - - 15 Jun 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r3.ebuild, - files/2.4.26-signal-race.patch: - revision bump for security bug 53804 - -*grsec-sources-2.4.26.2.0-r2 (02 Jun 2004) - - 02 Jun 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0-r1.ebuild, - grsec-sources-2.4.26.2.0-r2.ebuild, files/2.4.26-CAN-2004-0394.patch: - update to fix format string problem in panic() handler - - 18 Apr 2004; <solar@gentoo.org> grsec-sources-2.4.26.2.0.ebuild: - upstream fixed an idt_table bug in PaX that effected i386/i586 users without - rolling a new patch, so we gentoo fetched new version and bz2 it to avoid - md5sum conflicts.. removed old ebuild as well - -*grsec-sources-2.4.26.2.0 (18 Apr 2004) -*grsec-sources-2.4.26.2.0-r1 (18 Apr 2004) - - 18 Apr 2004; <solar@gentoo.org> grsec-sources-2.4.24.1.9.13-r1.ebuild, - grsec-sources-2.4.24.1.9.13.ebuild, grsec-sources-2.4.25.1.9.14.ebuild, - grsec-sources-2.4.25.2.0_rc5.ebuild, grsec-sources-2.4.26.2.0.ebuild, - metadata.xml, files/do_brk_fix.patch, - files/grsec-sources-2.4.23.CAN-2003-0985.patch, - files/grsec-sources-2.4.23.rtc_fix.patch, - files/grsec-sources-2.4.24.1.9.13.munmap.patch: - grsec2 has gone stable upstream, removing old portage cruft from tree to make - life for security@gentoo easier. - - 11 Mar 2004; <solar@gentoo.org> grsec-sources-2.4.24.1.9.13-r1.ebuild, - grsec-sources-2.4.24.1.9.13.ebuild, grsec-sources-2.4.25.1.9.14.ebuild, - grsec-sources-2.4.25.2.0_rc5.ebuild: - fix slotting to use KV vs OKV - -*grsec-sources-2.4.25.1.9.14 (21 Feb 2004) - - 21 Feb 2004; <solar@gentoo.org> grsec-sources-2.4.25.1.9.14.ebuild, - grsec-sources-2.4.25.2.0_rc5.ebuild: - dual headed version bumps to the 2.4.25 series - -*grsec-sources-2.4.24.1.9.13-r1 (19 Feb 2004) - - 19 Feb 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.24.1.9.13-r1.ebuild, - files/grsec-sources-2.4.24.1.9.13.munmap.patch: - Added the patch for the mremap/munmap vulnerability. Bug #42024. - -*grsec-sources-2.4.24.1.9.13 (11 Jan 2004) - - 11 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.24.1.9.13.ebuild, - files/2.4.24-x86.config: - version bump and a clean up of the src code for dealing with hppa - - 05 Jan 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.23.1.9.13-r1.ebuild, - grsec-sources-2.4.23.2.0_rc4-r1.ebuild, files/grsec-sources-2.4.23.*.patch: - Added the 2.4.24 security patches. Please see bugs #37292 and #37317. - - 05 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.21.1.9.11.ebuild, - grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.1.9.12-r1.ebuild, - grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3-r1.ebuild, - grsec-sources-2.4.22.2.0_rc3.ebuild: - Removed old versions of kernels... - -*grsec-sources-2.4.23.2.0_rc4 (02 Jan 2004) - - 02 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.23.2.0_rc4.ebuild: - grsecurity II kernel sources version bump - - 02 Dec 2003; Alexander Gabert <pappy@gentoo.org> - grsec-sources-2.4.23.1.9.13.ebuild: - Created linux2423grsec1913 patch and added '~hppa' keywords. - -*grsec-sources-2.4.22.1.9.12-r1 (02 Dec 2003) - - 02 Dec 2003; Brian Jackson <iggy@gentoo.org> - grsec-sources-2.4.22.1.9.12-r1.ebuild, - grsec-sources-2.4.22.2.0_rc3-r1.ebuild: - Version bump for the 'do_brk' vulnerability. - -*grsec-sources-2.4.23.1.9.13 (01 Dec 2003) - - 01 Dec 2003; Brian Jackson <iggy@gentoo.org> - grsec-sources-2.4.21.1.9.11.ebuild, grsec-sources-2.4.21.2.0_rc2.ebuild, - grsec-sources-2.4.22.1.9.12.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild, - files/do_brk_fix.patch: Fix the 'do_brk' vulnerability. - - 01 Dec 2003; <solar@gentoo.org> grsec-sources-2.4.23.1.9.13.ebuild: - Performance enhancements, PaX updates including PT_GNU_STACK and PT_GNU_HEAP - support, documentation updates, a fix for an initrd problem. - - 05 Nov 2003; <solar@gentoo.org> grsec-sources-2.4.21.1.9.11.ebuild, - grsec-sources-2.4.21.2.0_rc2.ebuild, grsec-sources-2.4.22.2.0_rc3.ebuild, - metadata.xml: Fixed typo pointed out by frogger - - 17 Sep 2003; Alexander Gabert <pappy@gentoo.org> - grsec-sources-2.4.22.1.9.12.ebuild: Added hppa support and custom - grsec patch. - -*grsec-sources-2.4.22.2.0_rc3 (04 Sep 2003) - - 04 Sep 2003; <solar@gentoo.org> grsec-sources-2.4.22.1.9.12.ebuild, - grsec-sources-2.4.22.2.0_rc3.ebuild: - Version bumps. - -*grsec-sources-2.4.21.2.0_rc2 (14 Aug 2003) - - 14 Aug 2003; <solar@gentoo.org> grsec-sources-2.4.21.1.9.11.ebuild, - grsec-sources-2.4.21.2.0_rc2.ebuild, metadata.xml: - Initial import of grsec-sources. - diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest deleted file mode 100644 index c043ba36b647..000000000000 --- a/sys-kernel/grsec-sources/Manifest +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 a7207fc0f80889ad23137af4c81bee97 grsec-sources-2.4.30.2.1.5.ebuild 1589 -MD5 79a9a050f20a8d4de550993d73cc43c8 ChangeLog 12363 -MD5 0b2ea9b53b5d526e39afbdc5040ff07a metadata.xml 487 -MD5 0adbefda5e0d752b23dd2f930e6f6bbf files/linux-2.4.28-random-poolsize.patch 452 -MD5 2c122c506c654e3af5e7053232319eaa files/digest-grsec-sources-2.4.30.2.1.5 234 -MD5 757ee1239c3f14645ccea3640d551e11 files/CAN-2004-1056.patch 11249 -MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.0 (GNU/Linux) - -iQCVAwUBQnIqFZ4WFLgrx1GWAQLUnwP+Lld0nDFVeeDapAu0uO43OECmXz6i8nv4 -6zM9vSGyZGI3ack5mxjXhMn//M1tNbqoaaGDWIv8gYG/x3jQq/1ZDg7DvZPdD5eq -MDx99KgJH7vR/QWZPSq2HSnfdjOIQ83deW1fUISKpVDp3VFYqOhofo/TDEF7dABb -Q3SO6FkXkyE= -=ksre ------END PGP SIGNATURE----- diff --git a/sys-kernel/grsec-sources/files/2.4.24-x86.config b/sys-kernel/grsec-sources/files/2.4.24-x86.config deleted file mode 100644 index f85800874a1b..000000000000 --- a/sys-kernel/grsec-sources/files/2.4.24-x86.config +++ /dev/null @@ -1,107 +0,0 @@ -# -# Grsecurity -# -CONFIG_GRKERNSEC=y -CONFIG_CRYPTO=y -CONFIG_CRYPTO_SHA256=y -# CONFIG_GRKERNSEC_LOW is not set -# CONFIG_GRKERNSEC_MID is not set -# CONFIG_GRKERNSEC_HI is not set -CONFIG_GRKERNSEC_CUSTOM=y - -# -# Address Space Protection -# -CONFIG_GRKERNSEC_PAX_NOEXEC=y -CONFIG_GRKERNSEC_PAX_PAGEEXEC=y -CONFIG_GRKERNSEC_PAX_SEGMEXEC=y -CONFIG_GRKERNSEC_PAX_EMUTRAMP=y -# CONFIG_GRKERNSEC_PAX_EMUSIGRT is not set -CONFIG_GRKERNSEC_PAX_MPROTECT=y -# CONFIG_GRKERNSEC_PAX_NOELFRELOCS is not set -CONFIG_GRKERNSEC_PAX_ASLR=y -CONFIG_GRKERNSEC_PAX_RANDKSTACK=y -CONFIG_GRKERNSEC_PAX_RANDUSTACK=y -CONFIG_GRKERNSEC_PAX_RANDMMAP=y -CONFIG_GRKERNSEC_PAX_RANDEXEC=y -CONFIG_GRKERNSEC_KMEM=y -# CONFIG_GRKERNSEC_IO is not set -CONFIG_GRKERNSEC_PROC_MEMMAP=y -CONFIG_GRKERNSEC_HIDESYM=y - -# -# ACL options -# -CONFIG_GRKERNSEC_ACL_HIDEKERN=y -CONFIG_GRKERNSEC_ACL_MAXTRIES=3 -CONFIG_GRKERNSEC_ACL_TIMEOUT=30 - -# -# Filesystem Protections -# -CONFIG_GRKERNSEC_PROC=y -# CONFIG_GRKERNSEC_PROC_USER is not set -CONFIG_GRKERNSEC_PROC_USERGROUP=y -CONFIG_GRKERNSEC_PROC_GID=10 -CONFIG_GRKERNSEC_PROC_ADD=y -CONFIG_GRKERNSEC_LINK=y -CONFIG_GRKERNSEC_FIFO=y -CONFIG_GRKERNSEC_CHROOT=y -CONFIG_GRKERNSEC_CHROOT_MOUNT=y -CONFIG_GRKERNSEC_CHROOT_DOUBLE=y -CONFIG_GRKERNSEC_CHROOT_PIVOT=y -CONFIG_GRKERNSEC_CHROOT_CHDIR=y -CONFIG_GRKERNSEC_CHROOT_CHMOD=y -CONFIG_GRKERNSEC_CHROOT_FCHDIR=y -CONFIG_GRKERNSEC_CHROOT_MKNOD=y -CONFIG_GRKERNSEC_CHROOT_SHMAT=y -CONFIG_GRKERNSEC_CHROOT_UNIX=y -CONFIG_GRKERNSEC_CHROOT_FINDTASK=y -CONFIG_GRKERNSEC_CHROOT_NICE=y -CONFIG_GRKERNSEC_CHROOT_SYSCTL=y -CONFIG_GRKERNSEC_CHROOT_CAPS=y - -# -# Kernel Auditing -# -# CONFIG_GRKERNSEC_AUDIT_GROUP is not set -CONFIG_GRKERNSEC_EXECLOG=y -CONFIG_GRKERNSEC_RESLOG=y -CONFIG_GRKERNSEC_CHROOT_EXECLOG=y -CONFIG_GRKERNSEC_AUDIT_CHDIR=y -CONFIG_GRKERNSEC_AUDIT_MOUNT=y -CONFIG_GRKERNSEC_AUDIT_IPC=y -CONFIG_GRKERNSEC_SIGNAL=y -CONFIG_GRKERNSEC_FORKFAIL=y -CONFIG_GRKERNSEC_TIME=y - -# -# Executable Protections -# -CONFIG_GRKERNSEC_EXECVE=y -CONFIG_GRKERNSEC_DMESG=y -CONFIG_GRKERNSEC_RANDPID=y -CONFIG_GRKERNSEC_TPE=y -CONFIG_GRKERNSEC_TPE_ALL=y -CONFIG_GRKERNSEC_TPE_GID=100 - -# -# Network Protections -# -# CONFIG_GRKERNSEC_RANDNET is not set -CONFIG_GRKERNSEC_RANDISN=y -CONFIG_GRKERNSEC_RANDID=y -CONFIG_GRKERNSEC_RANDSRC=y -CONFIG_GRKERNSEC_RANDRPC=y -# CONFIG_GRKERNSEC_SOCKET is not set - -# -# Sysctl support -# -CONFIG_GRKERNSEC_SYSCTL=y - -# -# Logging options -# -CONFIG_GRKERNSEC_FLOODTIME=10 -CONFIG_GRKERNSEC_FLOODBURST=4 diff --git a/sys-kernel/grsec-sources/files/CAN-2004-1056.patch b/sys-kernel/grsec-sources/files/CAN-2004-1056.patch deleted file mode 100644 index 53b777acaac5..000000000000 --- a/sys-kernel/grsec-sources/files/CAN-2004-1056.patch +++ /dev/null @@ -1,321 +0,0 @@ -diff -ur linux-2.4.28/drivers/char/drm/i810.h linux-2.4.28.plasmaroo/drivers/char/drm/i810.h ---- linux-2.4.28/drivers/char/drm/i810.h 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810.h 2004-12-23 16:26:31.000000000 +0000 -@@ -114,4 +114,14 @@ - #define DRIVER_AGP_BUFFERS_MAP( dev ) \ - ((drm_i810_private_t *)((dev)->dev_private))->buffer_map - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - #endif -diff -ur linux-2.4.28/drivers/char/drm/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c ---- linux-2.4.28/drivers/char/drm/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-23 16:27:16.000000000 +0000 -@@ -948,10 +948,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_flush_queue(dev); - return 0; -@@ -973,10 +970,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL; - -@@ -1004,10 +998,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1026,10 +1017,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1064,10 +1052,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -@@ -1174,11 +1159,7 @@ - if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc))) - return -EFAULT; - -- -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_mc called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used, - mc.last_render ); -@@ -1223,10 +1204,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_fstatus called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - return I810_READ(0x30008); - } - -@@ -1237,10 +1215,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_ov0_flip called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - //Tell the overlay to update - I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); -diff -ur linux-2.4.28/drivers/char/drm/i830.h linux-2.4.28.plasmaroo/drivers/char/drm/i830.h ---- linux-2.4.28/drivers/char/drm/i830.h 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830.h 2004-12-23 16:31:33.000000000 +0000 -@@ -154,4 +154,14 @@ - #define DRIVER_AGP_BUFFERS_MAP( dev ) \ - ((drm_i830_private_t *)((dev)->dev_private))->buffer_map - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - #endif -diff -ur linux-2.4.28/drivers/char/drm/i830_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c ---- linux-2.4.28/drivers/char/drm/i830_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-23 16:32:08.000000000 +0000 -@@ -1330,10 +1330,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i830_flush_queue(dev); - return 0; -@@ -1354,10 +1351,7 @@ - if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1384,10 +1378,7 @@ - if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1409,10 +1400,7 @@ - - DRM_DEBUG("i830_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i830_dma_dispatch_swap( dev ); - return 0; -@@ -1453,10 +1441,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if (!dev_priv->page_flipping) - i830_do_init_pageflip( dev ); -@@ -1495,10 +1480,7 @@ - if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -diff -ur linux-2.4.28/drivers/char/drm/i830_irq.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c ---- linux-2.4.28/drivers/char/drm/i830_irq.c 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-23 16:39:47.000000000 +0000 -@@ -130,10 +130,7 @@ - drm_i830_irq_emit_t emit; - int result; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_irq_emit called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if ( !dev_priv ) { - DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); -diff -ur linux-2.4.28/drivers/char/drm-4.0/drmP.h linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h ---- linux-2.4.28/drivers/char/drm-4.0/drmP.h 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h 2004-12-23 16:21:30.000000000 +0000 -@@ -294,6 +294,16 @@ - #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x)) - #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist) - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - typedef int drm_ioctl_t(struct inode *inode, struct file *filp, - unsigned int cmd, unsigned long arg); - -diff -ur linux-2.4.28/drivers/char/drm-4.0/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c ---- linux-2.4.28/drivers/char/drm-4.0/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c 2004-12-23 16:21:30.000000000 +0000 -@@ -1249,10 +1249,7 @@ - drm_device_t *dev = priv->dev; - - DRM_DEBUG("i810_flush_ioctl\n"); -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_flush_queue(dev); - return 0; -@@ -1274,10 +1271,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1308,10 +1302,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_clear( dev, clear.flags, - clear.clear_color, -@@ -1327,10 +1318,7 @@ - - DRM_DEBUG("i810_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1366,10 +1354,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -@@ -1399,10 +1384,7 @@ - drm_i810_buf_priv_t *buf_priv; - drm_device_dma_t *dma = dev->dma; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) - return -EFAULT; diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.30.2.1.5 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.30.2.1.5 deleted file mode 100644 index 942a79eb2662..000000000000 --- a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.30.2.1.5 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 fe2d358354da987e5b49fed88736ae59 grsecurity-2.1.5-2.4.30-200504082027.patch.gz 147732 -MD5 75d8ce40a3668603017cd186909efe8d linux-2.4.30.tar.bz2 31136728 -MD5 3fa09a0d8ea8def546b840bde027d61b linux-2.4.28-CAN-2004-0814.patch 145009 diff --git a/sys-kernel/grsec-sources/files/linux-2.4.28-random-poolsize.patch b/sys-kernel/grsec-sources/files/linux-2.4.28-random-poolsize.patch deleted file mode 100644 index 6d153e2cd061..000000000000 --- a/sys-kernel/grsec-sources/files/linux-2.4.28-random-poolsize.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur linux-2.4.28/drivers/char/random.c.orig linux-2.4.28.orig/drivers/char/random.c ---- linux-2.4.28.orig/drivers/char/random.c.orig 2004-11-17 11:54:21.000000000 +0000 -+++ linux-2.4.28/drivers/char/random.c 2005-01-08 02:54:49.198635736 +0000 -@@ -1787,7 +1787,7 @@ - void *oldval, size_t *oldlenp, - void *newval, size_t newlen, void **context) - { -- int len; -+ size_t len; - - sysctl_poolsize = random_state->poolinfo.POOLBYTES; - diff --git a/sys-kernel/grsec-sources/metadata.xml b/sys-kernel/grsec-sources/metadata.xml deleted file mode 100644 index eeb0b7d80cf7..000000000000 --- a/sys-kernel/grsec-sources/metadata.xml +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <herd>no-herd</herd> - <maintainer> - <email>solar@gentoo.org</email> - <description>Primary Maintainer</description> - </maintainer> - <maintainer> - <email>tocharian@tocharian.org</email> - <description>Backup Maintainer</description> - </maintainer> - <longdescription>Vanilla sources of the linux kernel with the grsecurity patch</longdescription> -</pkgmetadata> |