diff options
| author |   Repository QA checks <repo-qa-checks@gentoo.org> | 2017-08-19 10:43:56 +0000 |
|---|---|---|
| committer | Repository QA checks <repo-qa-checks@gentoo.org> | 2017-08-19 10:43:56 +0000 |
| commit | c28864bee2e64b672ce0b94bd7cff79b17045198 (patch) | |
| tree | 36a162b4e505c745378a5a434683256b04d8c6fe /metadata/news | |
| parent | Merge updates from master (diff) | |
| parent | Add news item regarding sys-kernel/hardened-sources removal (diff) | |
| download | gentoo-c28864bee2e64b672ce0b94bd7cff79b17045198.tar.gz gentoo-c28864bee2e64b672ce0b94bd7cff79b17045198.tar.bz2 gentoo-c28864bee2e64b672ce0b94bd7cff79b17045198.zip | |
Merge commit 'd60f588c48ad20781829f8b6772a581bacd7c854'
Diffstat (limited to 'metadata/news')
2 files changed, 68 insertions, 0 deletions
diff --git a/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt new file mode 100644 index 000000000000..86687a1c1bf6 --- /dev/null +++ b/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -0,0 +1,52 @@ +Title: sys-kernel/hardened-sources removal +Author: Francisco Blas Izquierdo Riera <klondike@gentoo.org> +Posted: 2017-08-19 +Revision: 4 +News-Item-Format: 2.0 +Display-If-Installed: sys-kernel/hardened-sources +Display-If-Profile: hardened/linux/* + +As you may know the core of sys-kernel/hardened-sources have been the +grsecurity patches. + +Sadly, their developers have stopped making these patches freely +available [1]. This is a full stop of any public updates and not only +stable ones as was announced two years ago[2]. + +As a result, the Gentoo Hardened team is unable to keep providing +further updates of the patches, and although the hardened-sources have +proved (when using a hardened toolchain) being resistant against +certain attacks like the stack guard page jump techniques proposed by +Stack Clash, we can't ensure a regular patching schedule and therefore, +the security of the users of these kernel sources. + +Because of that we will be masking the hardened-sources on the 27th of +August and will proceed to remove them from the tree by the end of +September. Obviously, we will reinstate the package again if the +developers decide to make their patches publicly available again. + +Our recommendation is that users should consider using instead +sys-kernel/gentoo-sources. + +As an alternative, for users happy keeping themselves on the stable +4.9 branch of the kernel; minipli, another grsecurity user, is forward +porting the patches on [3]. + +Strcat from Copperhead OS is making his own version of the patches +forward ported to the latest version of the Linux tree at [4]. + +The Gentoo Hardened team can't make any statement regarding the +security, reliability or update availability of either those patches +as we aren't providing them and can't therefore make any +recommendation regarding their use. + +We'd like to note that all the userspace hardening and MAC support +for SELinux provided by Gentoo Hardened will still remain there and +is unaffected by this removal. Also, all PaX related packages other +than the hardened-sources will remain for the time being. + +[1] https://grsecurity.net/passing_the_baton.php +[2] https://www.gentoo.org/support/news-items/2015-10-21-future-support-of- +hardened-sources-kernel.html +[3] https://github.com/minipli/linux-unofficial_grsec +[4] https://github.com/copperhead/linux-hardened
\ No newline at end of file diff --git a/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc new file mode 100644 index 000000000000..ad2011db8192 --- /dev/null +++ b/metadata/news/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIyBAABCgAcBQJZmBFHFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++ZfWD/0b9xjYz5qQJ2aOfvuE1744tYeEPq8HytR+h1phU2KNEvOIvnOKUTuhZ+2k +ZB6JGzOJN9ub3pOOikVDOMYLyQbCYpQGZYukWOZNVCQ8BbtGHHfkiOEFqaETJlKi +HzCrGDAgZsLhlHeceSkLogn6zYkaklAC7RJ3PqCTC7qARH4PVT9JLMjB5HHLOULm +dT7NEJfPmQgw6amx3SDPyqyBiKfU1+UCc5cGx7jevXAAPtvxSDWiuccO01fDxZ5M +NNGO6mkjPOlqXgOmPnw1dIJDz3auWPR3UmZw4uMaMz+KR4PfJqv18sSln89f1TuF +HUZ23v7wO+Ly8y3s0psjmQKvxD9XFRaHbTi4RBkhHCgFotJ8TtL9bpLSq7m+07s7 +pYBlNCdiuJH3+pc2/KJ1Pp8qyNXPcAy4miqT62lPtn6xkSqrNGRKgUahgtuMDL+N +LSY5kzDrRH9TfZhn9K3uapwvDThG/OhTrCJY7fTlHzhXRR2OwOZVpNvc+xyvprsD +mLRJ2LLfOb5NZdL2lk4MUZXOYimmX02s+rngBh/GGD0E1SjgJz2zPHgCsoTuGZk8 +87coPwcpdMwQZFjB33du14y+Qrl4ayMxH9ViyVGbUsglEImC+nfNxb1u493WSzee +2CG2ZrCfv5t9O/XlotYQoD0fAGAsZzmCPayJro6/8O95MHENww== +=tQru +-----END PGP SIGNATURE----- |