blob: 30ea648724ea0241eb38d4517bdf53f0849b59f9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
README
-------------------------------------------------------------------------------
This patchset is to be the 2.6 series of hardened-sources.
It includes both SELinux and GRSecurity, as well as enhancements to each.
Also included are additional hardening features useful in either system
(note that with this release that GRSecurity and SELinux can also be used
in tandem.
Patchset Numbering Scheme
-------------------------------------------------------------------------------
1XXX Base patches
2XX GRSecurity extras
3XX SELinux extras
2XXX Universal hardening features
3XXX Netdevrand
Invididual Patch Descriptions:
-------------------------------------------------------------------------------
Patch: 1000_grsecurity-2.0.1-2.6.7.patch
from: Brad Spengler, http://grsecurity.net
desc: GRSecurity for 2.6.7, prerelease pulled 01-Jul-2004 16:35
Patch: 1010_grsec_no_depend_pax.patch
from: Joshua Brindle <method@gentoo.org>
desc: remove idiotic dependancy on grsecurity for PaX
Patch: 1300_linux-2.6.4-selinux-hooks.patch
from: Joshua Brindle <method@gentoo.org>
desc: PaX hooks for SELinux
Patch: 1305_linux-2.6.4-selinux-ipaddr.patch
from: Joshua Brindle <method@gentoo.org>
desc: Support for SELinux to log an IP address of the origin of an abuse
Patch: 1310_linux-2.6.5-extra_sec_ops.patch
from: Joshua Brindle <method@gentoo.org>
desc: Adds additional secondary ops to selinux
Patch: 2010_tcp-stealth-2.6.7.patch
from: Updated for 2.6.7 by Michal Purzynski <albeiro@zeus.polsl.gliwice.pl>
desc: Stealth TCP features
Patch: 3000_netdev-random-core-2.6.7.patch
from: Michal Purzynski <albeiro@zeus.polsl.gliwice.pl>
desc: Core functionality for netdev random
Patch: 3005_netdev-random-drivers-2.6.7.patch
from: Michal Purzynski <albeiro@zeus.polsl.gliwice.pl>
desc: Patch to allow network drivers to contribute to system entropy
Included From genpatches-base:
--------------------------------------------------------------------
Patch: 1100_ip_tables.patch
from: http://thread.gmane.org/gmane.comp.security.bugtraq/12272
Desc: Fix iptables DoS
Patch: 1105_CAN-2004-0497.patch
From: Chris Wright
Desc: fix CAN-2004-0497
Patch: 1110_proc.patch
From: Chris Wright
Desc: another proc security fix.
Patch: 1310_k8_cardbus_io.patch
from:
desc: Patch to prevent emachines amd64 laptops from hanging when unplugging
power cord, or closing lid
Patch: 1315_alpha-sysctl-uac.patch
from:
desc: enable control of the unaligned access control policy from sysctl
Patch: 1320_x86_64-2.6.7-2.patch
from: ftp://ftp.x86-64.org/pub/linux/v2.6/x86_64-2.6.7-2.bz2
desc: x86-64 patch for 2.6.7, version 2
Patch: 1325_iptables-headers.patch
from: http://bugs.gentoo.org/show_bug.cgi?id=55501
desc: fixes bug 55501, and is already included in mainline tree. To be
removed from this package once 2.6.8 is out.
Patch: 2115_fa311-mac-address-fix.patch
from: -mm broken-out
desc: fix for netgear fa311 MAC address. without this fix the MAC is
byteswapped and has an incorrect vendor ID (and therefore broken card
ID too)
Patch: 2700_ppc-pegasos-2.6.6.patch
from: http://bugs.gentoo.org/show_bug.cgi?id=54684
desc: Allow pegasos PCI hardware to work properly.
|
GitWeb