summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-kernel')
-rw-r--r--sys-kernel/grsec-sources/ChangeLog8
-rw-r--r--sys-kernel/grsec-sources/Manifest11
-rw-r--r--sys-kernel/grsec-sources/files/2.4.24-x86.config107
-rw-r--r--sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.131
-rw-r--r--sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild81
5 files changed, 203 insertions, 5 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index 2783a72ce15a..a856611b46fa 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for sys-kernel/grsec-sources
# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.13 2004/01/06 00:43:38 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.14 2004/01/11 05:45:02 solar Exp $
+
+*grsec-sources-2.4.24.1.9.13 (11 Jan 2004)
+
+ 11 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.24.1.9.13.ebuild,
+ files/2.4.24-x86.config:
+ version bump and a clean up of the src code for dealing with hppa
05 Jan 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.23.1.9.13-r1.ebuild,
grsec-sources-2.4.23.2.0_rc4-r1.ebuild, files/grsec-sources-2.4.23.*.patch:
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index 6a76b58f5470..040f70df84ee 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,9 +1,12 @@
-MD5 bdfa273e93aa0fa3443657b1569469b6 grsec-sources-2.4.23.2.0_rc4-r1.ebuild 1899
MD5 51a619394ecd1319bc460df7d96ddd96 grsec-sources-2.4.23.1.9.13-r1.ebuild 2756
-MD5 a79d9fa330fb3dbe818a328e0d0772df ChangeLog 2526
MD5 225cb9e370f4e7d3bc1a98549377249e metadata.xml 484
+MD5 a79d9fa330fb3dbe818a328e0d0772df ChangeLog 2526
+MD5 bdfa273e93aa0fa3443657b1569469b6 grsec-sources-2.4.23.2.0_rc4-r1.ebuild 1899
+MD5 aefa7bbf28d4e8181a19e949b8552d88 grsec-sources-2.4.24.1.9.13.ebuild 2838
+MD5 3a45a1584ad3ba2999f69113d83297f5 files/1.9.23.config 2433
+MD5 731f6330c2bea90d170172a1189bd327 files/digest-grsec-sources-2.4.23.1.9.13-r1 304
MD5 f9e7dad4cb849b2dfdc91ebe070df7d5 files/digest-grsec-sources-2.4.23.2.0_rc4-r1 221
MD5 e77a93fdf26f06cf3ea5080b27211725 files/grsec-sources-2.4.23.CAN-2003-0985.patch 414
-MD5 731f6330c2bea90d170172a1189bd327 files/digest-grsec-sources-2.4.23.1.9.13-r1 304
-MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242
MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/grsec-sources-2.4.23.rtc_fix.patch 7073
+MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242
+MD5 d8266c3fd31880277da566681a943098 files/digest-grsec-sources-2.4.24.1.9.13 67
diff --git a/sys-kernel/grsec-sources/files/2.4.24-x86.config b/sys-kernel/grsec-sources/files/2.4.24-x86.config
new file mode 100644
index 000000000000..f85800874a1b
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/2.4.24-x86.config
@@ -0,0 +1,107 @@
+#
+# Grsecurity
+#
+CONFIG_GRKERNSEC=y
+CONFIG_CRYPTO=y
+CONFIG_CRYPTO_SHA256=y
+# CONFIG_GRKERNSEC_LOW is not set
+# CONFIG_GRKERNSEC_MID is not set
+# CONFIG_GRKERNSEC_HI is not set
+CONFIG_GRKERNSEC_CUSTOM=y
+
+#
+# Address Space Protection
+#
+CONFIG_GRKERNSEC_PAX_NOEXEC=y
+CONFIG_GRKERNSEC_PAX_PAGEEXEC=y
+CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
+CONFIG_GRKERNSEC_PAX_EMUTRAMP=y
+# CONFIG_GRKERNSEC_PAX_EMUSIGRT is not set
+CONFIG_GRKERNSEC_PAX_MPROTECT=y
+# CONFIG_GRKERNSEC_PAX_NOELFRELOCS is not set
+CONFIG_GRKERNSEC_PAX_ASLR=y
+CONFIG_GRKERNSEC_PAX_RANDKSTACK=y
+CONFIG_GRKERNSEC_PAX_RANDUSTACK=y
+CONFIG_GRKERNSEC_PAX_RANDMMAP=y
+CONFIG_GRKERNSEC_PAX_RANDEXEC=y
+CONFIG_GRKERNSEC_KMEM=y
+# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_PROC_MEMMAP=y
+CONFIG_GRKERNSEC_HIDESYM=y
+
+#
+# ACL options
+#
+CONFIG_GRKERNSEC_ACL_HIDEKERN=y
+CONFIG_GRKERNSEC_ACL_MAXTRIES=3
+CONFIG_GRKERNSEC_ACL_TIMEOUT=30
+
+#
+# Filesystem Protections
+#
+CONFIG_GRKERNSEC_PROC=y
+# CONFIG_GRKERNSEC_PROC_USER is not set
+CONFIG_GRKERNSEC_PROC_USERGROUP=y
+CONFIG_GRKERNSEC_PROC_GID=10
+CONFIG_GRKERNSEC_PROC_ADD=y
+CONFIG_GRKERNSEC_LINK=y
+CONFIG_GRKERNSEC_FIFO=y
+CONFIG_GRKERNSEC_CHROOT=y
+CONFIG_GRKERNSEC_CHROOT_MOUNT=y
+CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
+CONFIG_GRKERNSEC_CHROOT_PIVOT=y
+CONFIG_GRKERNSEC_CHROOT_CHDIR=y
+CONFIG_GRKERNSEC_CHROOT_CHMOD=y
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+CONFIG_GRKERNSEC_CHROOT_MKNOD=y
+CONFIG_GRKERNSEC_CHROOT_SHMAT=y
+CONFIG_GRKERNSEC_CHROOT_UNIX=y
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+CONFIG_GRKERNSEC_CHROOT_NICE=y
+CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_CAPS=y
+
+#
+# Kernel Auditing
+#
+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+CONFIG_GRKERNSEC_EXECLOG=y
+CONFIG_GRKERNSEC_RESLOG=y
+CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
+CONFIG_GRKERNSEC_AUDIT_CHDIR=y
+CONFIG_GRKERNSEC_AUDIT_MOUNT=y
+CONFIG_GRKERNSEC_AUDIT_IPC=y
+CONFIG_GRKERNSEC_SIGNAL=y
+CONFIG_GRKERNSEC_FORKFAIL=y
+CONFIG_GRKERNSEC_TIME=y
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_EXECVE=y
+CONFIG_GRKERNSEC_DMESG=y
+CONFIG_GRKERNSEC_RANDPID=y
+CONFIG_GRKERNSEC_TPE=y
+CONFIG_GRKERNSEC_TPE_ALL=y
+CONFIG_GRKERNSEC_TPE_GID=100
+
+#
+# Network Protections
+#
+# CONFIG_GRKERNSEC_RANDNET is not set
+CONFIG_GRKERNSEC_RANDISN=y
+CONFIG_GRKERNSEC_RANDID=y
+CONFIG_GRKERNSEC_RANDSRC=y
+CONFIG_GRKERNSEC_RANDRPC=y
+# CONFIG_GRKERNSEC_SOCKET is not set
+
+#
+# Sysctl support
+#
+CONFIG_GRKERNSEC_SYSCTL=y
+
+#
+# Logging options
+#
+CONFIG_GRKERNSEC_FLOODTIME=10
+CONFIG_GRKERNSEC_FLOODBURST=4
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13
new file mode 100644
index 000000000000..c53c09ff6087
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13
@@ -0,0 +1 @@
+MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild
new file mode 100644
index 000000000000..9784403d6cd7
--- /dev/null
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild,v 1.1 2004/01/11 05:45:02 solar Exp $
+
+# We control what versions of what we download based on the KEYWORDS we
+# are using for the various arches. Thus if we want grsec1 stable we run
+# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the
+# grsec-2.0-preX which has alot more features.
+
+# the only thing that should ever differ in one of these 1.9.x ebuilds
+# and 2.x of the same kernel version is the KEYWORDS and header.
+# shame cvs symlinks don't exist
+
+ETYPE="sources"
+IUSE=""
+
+inherit eutils
+inherit kernel
+
+[ "$OKV" == "" ] && OKV="2.4.24"
+
+PATCH_BASE="${PV/${OKV}./}"
+PATCH_BASE="${PATCH_BASE/_/-}"
+EXTRAVERSION="-grsec-${PATCH_BASE}"
+KV="${OKV}${EXTRAVERSION}"
+
+PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch"
+
+# hppa takes a special patch and usually has play catch up between
+# versions of this package we.
+
+HPPA_SRC_URI=""
+if [ "${ARCH}" == "hppa" ]; then
+ PARISC_KERNEL_VERSION="pa1"
+ KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}"
+ HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz"
+ HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC__BASE}"
+ PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}"
+fi
+
+DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
+
+SRC_URI="hppa? ( $HPPA_SRC_URI ) \
+ !hppa? ( http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
+ http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign ) \
+ http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2"
+
+HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
+
+[ ${PATCH_BASE/.*/} == 1 ] && KEYWORDS="x86 -hppa" || KEYWORDS="~x86 ~sparc ~ppc ~alpha -hppa"
+
+SLOT="${OKV}"
+S="${WORKDIR}/linux-${KV}"
+
+src_unpack() {
+ unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel"
+ mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel"
+ cd linux-"${KV}" || die "unable to cd into the kernel source tree"
+
+ [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File does not exist?"
+
+ # users are often confused by what settings should be set so
+ # here lets them an example of what a P4 desktop would look like.
+ cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config
+
+ ebegin "Patching the kernel with ${PATCH_SRC_BASE}"
+ case "${ARCH}" in
+ hppa) zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;;
+ *) cat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;;
+ esac
+ [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}"
+ eend 0
+
+ mkdir docs
+ touch docs/patches.txt
+ kernel_universal_unpack
+
+ # fixed in .24
+ #epatch ${FILESDIR}/${PN}-${OKV}.CAN-2003-0985.patch
+ #epatch ${FILESDIR}/${PN}-${OKV}.rtc_fix.patch
+}