From a6f72be20c000312de5e74fedc36ceb0c53f1567 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Mon, 2 Sep 2013 17:59:47 -0700 Subject: [PATCH] sys-kernel/hardened sources: Version bump + config update --- sys-kernel/hardened-sources/Manifest | 26 +++++++--------- sys-kernel/hardened-sources/ebuild.diff | 14 ++++----- ...build => hardened-sources-3.9.9-r1.ebuild} | 25 +++++++--------- ...-hardened => kernel-config-3.9.9-hardened} | 30 ++++++++----------- 4 files changed, 41 insertions(+), 54 deletions(-) rename sys-kernel/hardened-sources/{hardened-sources-3.5.4-r1.ebuild => hardened-sources-3.9.9-r1.ebuild} (63%) rename sys-kernel/hardened-sources/{kernel-config-3.9.5-hardened => kernel-config-3.9.9-hardened} (99%) diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest index ec38ee1..23d607e 100644 --- a/sys-kernel/hardened-sources/Manifest +++ b/sys-kernel/hardened-sources/Manifest @@ -1,16 +1,10 @@ -AUX rtl8111_8168b.patch 480 RMD160 6079bdf404c00179f05306872ac1cf33429fb208 SHA1 dc0bf738f4b35dbaf10604768a6a021de8b90471 SHA256 090e06bdef1e45febee18d9c05380262203214b9211deb9de938d247530458e4 -AUX wireless_injection.patch 2140 RMD160 233b4482fbe8b93dc8896246889735939ecb48b4 SHA1 024efaa500ed46dede438edbce1694acc94f4bb0 SHA256 0313d017d667e48b5ad59c74d893efca0afd39be2e8183e9756fdb0f8eaddb94 -DIST deblob-3.4 109026 RMD160 ef9be1bdfbca2bfe4d5e60dd33ed6ec30a1e5c52 SHA1 83b455ad2db0470704225d1e81864af8fd3516c3 SHA256 2fca296bccfa7dc25447f36975971597f67730168a9bc4db0853e55347950680 -DIST deblob-3.5 109252 RMD160 6756953ec31ae7a081639d1a51c413d01432e62f SHA1 c4955e88d45f14b5bba8a895cbac7c748e856a0c SHA256 c3273c85e04b7f69acc271da7d2ffba41cf74b364b60f174a4459eec4fae8da9 -DIST deblob-check-3.4 448778 RMD160 a00d430d137cd9d653a3c42cb36c6e31330ed007 SHA1 4d54aa271cebc0e770e152802f4cadf0dcc9471e SHA256 28ce952c082e765784f9e5b63f5a3a4fb93545e5e788dc94d094c0b3ae8ea3a0 -DIST deblob-check-3.5 464105 RMD160 473f6c601f54f93b0af6d194936a43799937466b SHA1 37d6f195c4cbbb0ba6c33d1ca08d35288a470c5c SHA256 e7f57e2e47651ea1eb757ca3c8c989edac0f38080d923adccdcdca215eb2bdd9 -DIST genpatches-3.4-6.base.tar.bz2 145231 RMD160 ace521e58b9f5b718904ba9c713d9a28a2541640 SHA1 84d26b315a3cc9bb112b8c1692cefe87e1ec1c95 SHA256 34b7e934f849ef10d706ea2d81878ac91d95b45e029f3d059b484e43686cdc01 -DIST genpatches-3.4-6.extras.tar.bz2 17508 RMD160 b8b83573526b50f38768bb9b51d9ed0941de2dfd SHA1 413a4d2cb7adaab147488a69941f9c4a4731a3c1 SHA256 be8e087b3a0508e88bd36d2d4bec07e0756a3e7f7b31de4dbfd51d79412c2a96 -DIST genpatches-3.5-5.base.tar.bz2 122034 RMD160 361e9305d521a957bfc181b0ab9822bc9ee98bfc SHA1 f27e502458e149d41cdf721a573a0cb50a433bac SHA256 50828709004b240ce3d3dcfedc4d88a4a53e20b9e3b172dc2973316a39c1c55f -DIST genpatches-3.5-5.extras.tar.bz2 17507 RMD160 080f754e7249078551dfb550a9e0fc5c1d088d5b SHA1 32b7d7308e6c22b620435a0de956e1512a053192 SHA256 1b2294687e842e6450184ce2800ba3df8006ca47d75f95437a1e1d2976162727 -DIST hardened-patches-3.4.5-1.extras.tar.bz2 548697 RMD160 600afa8ae088e46caf6961bf00eb88f3effe3cb0 SHA1 8c4f746d3f5f7ed0c006bb72eb0095df3fa31db4 SHA256 f77fdd4450cfaa051058383d4c7bce9ae7cf40cc39948a265870c8806fcdc2ef -DIST hardened-patches-3.5.4-2.extras.tar.bz2 578566 RMD160 c54b461f80f55109d99b34dc907a7819c015af56 SHA1 7fccb800bd30491a2d4bd159419294cf16b59442 SHA256 505c3848b3ff0f2622f28e26158fcfefa793570efd7ffb07a6070fb627e84682 -DIST linux-3.4.tar.bz2 80173484 RMD160 e0bcaa53b6eb3de9498f51b2c8b90d6c52d54889 SHA1 dfc54e7fbee81f77aba85d3d8ff2d992e1e49573 SHA256 a797a15d0b6228381507c14ecf4eec4a6cc5c77cfd521ba3b3e1325e85b5b16d -DIST linux-3.5.tar.bz2 80978443 RMD160 f82ed1e2528dbc8d2732f9ab995f639165f2a605 SHA1 d80e85147417605e125fc3fb263af85d7ffd1ad5 SHA256 6ab82beb8cbb895b7523daed7ec3ec5850cf460b96788056f1ef5135c852fd23 -EBUILD hardened-sources-3.5.4-r1.ebuild 1925 RMD160 a498b615a9d8309820a04d1006490530fe02b1ca SHA1 d0065e7cb970f32ef76b5ab6bc08643a1269b4cd SHA256 d315da6cca23b17965d3ceba65be59349b837d15c09e419fbb460a90099269e1 -MISC ebuild.diff 637 RMD160 4d5ad5146419a4acf0d92acb24710d0d0c9ed51e SHA1 b46348068a8a4db8bf8c2e1a10b35c2414548fc5 SHA256 06b9b56d77e3b4a9154797d86207b7c4068bf1b3bbf18993c0225ef2d49f722d +AUX rtl8111_8168b.patch 480 SHA256 090e06bdef1e45febee18d9c05380262203214b9211deb9de938d247530458e4 SHA512 d4b1b4d9ee473937374fa6ba5b7582855569fd329366bd021f594c340d0fc783304399bc173de1144ef61f2e02157efb53515d8ea77c371ba31037b13e3e1475 WHIRLPOOL 393a81c7403448811d86fb9fb9ef0f385dd542f0bdc2ecbed2e85e9cec8bb36f8ad3f7ebaa4fbbb4c67a16a2b6ada0e1130885958112e1bb4103a5adf79e00c9 +AUX wireless_injection.patch 2140 SHA256 0313d017d667e48b5ad59c74d893efca0afd39be2e8183e9756fdb0f8eaddb94 SHA512 093e4572db8a6877b114cd3925a5d23ff5358b579014d5e2781eea1f8bae631934bd6d7257c4316d913f9d847b9ad24bfd053bdc9c212c9c639cef82ae72a379 WHIRLPOOL 514ce59c72cf526fec1963d975c2b499e764a527264ece920deeef2f42a07fae34648b99dc72ccd556e4a00a3b08922ac93f718ef3f8d0605626219baffafaad +DIST deblob-3.9 116031 SHA256 0fb17070d5aaf226fca39f70df68b7d482e4f803e0ef974626440a28c26b5dc3 SHA512 e014add3728dc3fa0b938f3849ccba60e82354a811eefe6761036aa5e5b7bda39960758bb918506ed3cd0758360729144304227ab2cc3f5489813204f0053d3d WHIRLPOOL 4e65c3a6ba5dd5d850567fcd347167245b527b098ffa390bf0e9fb9778ddb06cd48553f697e2fe7cb793714b520dbb5b90b9948a339663a315e299272aca09ef +DIST deblob-check-3.9 557345 SHA256 60d05db20e7b50919ca44487d05e8faa9cca830318bd8d96625f0f75b252eeed SHA512 6b857380d495261c4d356639157f99f3ca3412388fd3b1c72b566c3bb6453c5a22ab7716e3b24e64a9b63dab912b07baccccfd0fca806ac0e0620efeef777b6a WHIRLPOOL 877c2c9b813466f9aa5cfecdc9ab93247bd2cdead457c9e0bd97da49d042d0a52262f9b4f8e9c83e397b57c5bb5a8fe2b61bb5f44d5a178a579cc9fff990941a +DIST genpatches-3.9-14.base.tar.xz 278412 SHA256 c5cc0e1e455e4ce751f11c33b59ce7a63540613ebe35371cda07bd8c4d7b2a4e SHA512 d09ecb9ec1418aa1c94ab70da477de19aa5f67c8d991856c8d29dd842182a86b93a274bca71bdeb95b9197674b22e6a6840b43ec103309124f855307dee255d5 WHIRLPOOL 25b86aaa6b58279d7e1e1b08d607fe3b4d993c1c7498815dda2fa2021f5e65a0264b4b612004a6c2d1bd534db6c843b7ca08871ee24fbe278e41d6c70fdb9273 +DIST hardened-patches-3.9.9-1.extras.tar.bz2 715576 SHA256 4bcecff04fbf8be900cb87b9493683c15a5f8b35ebb95b5483ae942e56a7d3db SHA512 7437b377ce27464c68819157284aa53d34e929de18d693913d59bf0a9081795b1a351be402946063a6ac384fa588c8e8eeab7e7956b98598e486ae7bda64ecb9 WHIRLPOOL b36c8723e08b7b68ce88e700c848a75d7fa3eb4707392a70939f6a19399c6f6757391c872739d923adf2e01a2278c7daa2508439540ccb4007639aefcbb04494 +DIST linux-3.9.tar.xz 72104164 SHA256 60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 SHA512 77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 WHIRLPOOL 668a8de30c7c3ccf6558cf0f29570f15e37ca7d599d1453afc3cab113d1b05fbd5b32646dd9ed798ceb61405a8754345da0740a53f467b825445028cda4bc698 +EBUILD hardened-sources-3.9.9-r1.ebuild 1628 SHA256 b844272b7037531683aa23d8442dd533a7bfc0d7f3fe88f821cc04bef033b23b SHA512 5a91abf06194865a9c4c289083fd4e62bb242ade9c4d81cb7578914b67f992c020a3626378111602181046ec0a6936be881df18598e230e442384f23cb7c37dc WHIRLPOOL d45c79b0b41e7f47ca3d9ef067a7a7d110b3a466dfb85cce486f4820540dd50e45d95d1e4b562db70af22d3b33df2eb0210615fe0d040abeb489f9db4e3e3c3e +MISC ebuild.diff 634 SHA256 9f820f10cdcfc1d047813a4b542f43a7dec47e5c3c66a786c33193835b11e816 SHA512 8eb7029cb490ccfa3da1a5b0b4f73e94bd170459f6b4f8b6e29dafdaae0e7275865173fd1a62776bacd6c3086727ce2a986772db4c047be4968e94c37877517c WHIRLPOOL 2672eff242f95d2be2f36090d43c4d5b5f72a8eff00d89e9991796418cf4911a2c41e1643a2e6126877ea9b47aca1bfd182e12667156e3e7cd0ef60a8024a532 +MISC kernel-config-3.9.9-hardened 120842 SHA256 bc13f6644f45e7fa2f5019b758b9504d75a4cf4f3715c4696716131a7e49f1ae SHA512 e2d2c53b2d6a9a959c2b3e91cb1ca2fe9da91c432078bb98072006671fdaadd03c078cdde48e14ad83e3783b2f0467af124daf7bebd35ce7fc744995841cf61f WHIRLPOOL b3b432225b8dfb1b7ace65f6c5c8df5530d77ace9c54aa7bc5104aad00c33953cdc108875c0ab29e8f998e2b1326ffc852e02735ef13e0db1f7339aea1a1b963 diff --git a/sys-kernel/hardened-sources/ebuild.diff b/sys-kernel/hardened-sources/ebuild.diff index 0c084e0..4346e98 100644 --- a/sys-kernel/hardened-sources/ebuild.diff +++ b/sys-kernel/hardened-sources/ebuild.diff @@ -1,6 +1,6 @@ ---- /mnt/portage/portage/sys-kernel/hardened-sources/hardened-sources-3.4.5.ebuild 2012-08-09 02:31:30.000000000 -0700 -+++ hardened-sources-3.4.5.ebuild 2012-08-11 12:27:13.379563909 -0700 -@@ -21,12 +21,18 @@ +--- hardened-sources-3.9.9-r1.ebuild.orig 2013-09-02 17:57:15.540480169 -0700 ++++ hardened-sources-3.9.9-r1.ebuild 2013-09-02 17:58:12.594485310 -0700 +@@ -25,12 +25,18 @@ DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})" HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" @@ -12,11 +12,11 @@ RDEPEND=">=sys-devel/gcc-4.5" +pkg_setup() { -+ if use injection; then -+ UNIPATCH_LIST+=" ${FILESDIR}/wireless_injection.patch" -+ fi ++ if use injection; then ++ UNIPATCH_LIST+=" ${FILESDIR}/wireless_injection.patch" ++ fi +} + pkg_postinst() { - kernel-2_pkg_postinst + kernel-2_pkg_postinst diff --git a/sys-kernel/hardened-sources/hardened-sources-3.5.4-r1.ebuild b/sys-kernel/hardened-sources/hardened-sources-3.9.9-r1.ebuild similarity index 63% rename from sys-kernel/hardened-sources/hardened-sources-3.5.4-r1.ebuild rename to sys-kernel/hardened-sources/hardened-sources-3.9.9-r1.ebuild index 8434b4d..155cfc1 100644 --- a/sys-kernel/hardened-sources/hardened-sources-3.5.4-r1.ebuild +++ b/sys-kernel/hardened-sources/hardened-sources-3.9.9-r1.ebuild @@ -1,23 +1,27 @@ -# Copyright 1999-2012 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-3.5.4-r1.ebuild,v 1.2 2012/09/30 13:57:37 blueness Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-3.9.9.ebuild,v 1.2 2013/07/28 19:34:15 blueness Exp $ -EAPI="4" +EAPI="5" ETYPE="sources" -K_WANT_GENPATCHES="base extras" -K_GENPATCHES_VER="5" +K_WANT_GENPATCHES="base" +K_GENPATCHES_VER="14" K_DEBLOB_AVAILABLE="1" inherit kernel-2 detect_version -HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-2" +HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-1" HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-patches-${HGPV}.extras.tar.bz2" SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" -UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch" +UNIPATCH_EXCLUDE=" + 1500_XATTR_USER_PREFIX.patch + 1510_af_key-fix-info-leaks-in-notify-messages.patch + 1511_ipv6-ip6_sk_dst_check-must-not-assume-ipv6-dst.patch + 2900_dev-root-proc-mount-fix.patch" DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})" HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" @@ -38,13 +42,6 @@ pkg_postinst() { local GRADM_COMPAT="sys-apps/gradm-2.9.1*" - ewarn - ewarn "Hardened Gentoo provides three different predefined grsecurity level:" - ewarn "[server], [workstation], and [virtualization]. Those who intend to" - ewarn "use one of these predefined grsecurity levels should read the help" - ewarn "associated with the level. Because some options require >=gcc-4.5," - ewarn "users with more, than one version of gcc installed should use gcc-config" - ewarn "to select a compatible version." ewarn ewarn "Users of grsecurity's RBAC system must ensure they are using" ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." diff --git a/sys-kernel/hardened-sources/kernel-config-3.9.5-hardened b/sys-kernel/hardened-sources/kernel-config-3.9.9-hardened similarity index 99% rename from sys-kernel/hardened-sources/kernel-config-3.9.5-hardened rename to sys-kernel/hardened-sources/kernel-config-3.9.9-hardened index b5688b6..6ae8551 100644 --- a/sys-kernel/hardened-sources/kernel-config-3.9.5-hardened +++ b/sys-kernel/hardened-sources/kernel-config-3.9.9-hardened @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.5-hardened Kernel Configuration +# Linux/x86 3.9.9-hardened Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -306,10 +306,13 @@ CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_CFQ_GROUP_IOSCHED=y +CONFIG_IOSCHED_BFQ=y +CONFIG_CGROUP_BFQIO=y # CONFIG_DEFAULT_DEADLINE is not set -CONFIG_DEFAULT_CFQ=y +# CONFIG_DEFAULT_CFQ is not set +CONFIG_DEFAULT_BFQ=y # CONFIG_DEFAULT_NOOP is not set -CONFIG_DEFAULT_IOSCHED="cfq" +CONFIG_DEFAULT_IOSCHED="bfq" CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y CONFIG_ASN1=y @@ -1880,7 +1883,7 @@ CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y # CONFIG_ATH9K_DEBUGFS is not set # CONFIG_ATH9K_DFS_CERTIFIED is not set -CONFIG_ATH9K_RATE_CONTROL=y +# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m @@ -3314,23 +3317,15 @@ CONFIG_BACKLIGHT_AS3711=m # Console display driver support # CONFIG_VGA_CONSOLE=y -# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_VGACON_SOFT_SCROLLBACK=y +CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64 CONFIG_DUMMY_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set -CONFIG_FONTS=y -# CONFIG_FONT_8x8 is not set +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y CONFIG_FONT_8x16=y -# CONFIG_FONT_6x11 is not set -# CONFIG_FONT_7x14 is not set -# CONFIG_FONT_PEARL_8x8 is not set -# CONFIG_FONT_ACORN_8x8 is not set -# CONFIG_FONT_MINI_4x6 is not set -# CONFIG_FONT_SUN8x16 is not set -# CONFIG_FONT_SUN12x22 is not set -# CONFIG_FONT_10x18 is not set -CONFIG_FONT_AUTOSELECT=y # CONFIG_LOGO is not set CONFIG_SOUND=m CONFIG_SOUND_OSS_CORE=y @@ -4925,7 +4920,7 @@ CONFIG_PAX_RANDMMAP=y # # CONFIG_PAX_MEMORY_STACKLEAK is not set # CONFIG_PAX_MEMORY_STRUCTLEAK is not set -CONFIG_PAX_MEMORY_UDEREF=y +# CONFIG_PAX_MEMORY_UDEREF is not set CONFIG_PAX_REFCOUNT=y CONFIG_PAX_CONSTIFY_PLUGIN=y CONFIG_PAX_USERCOPY=y @@ -4940,6 +4935,7 @@ CONFIG_PAX_USERCOPY=y # CONFIG_GRKERNSEC_IO is not set CONFIG_GRKERNSEC_JIT_HARDEN=y CONFIG_GRKERNSEC_PERF_HARDEN=y +CONFIG_GRKERNSEC_RAND_THREADSTACK=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_BRUTE=y CONFIG_GRKERNSEC_MODHARDEN=y