diff options
Diffstat (limited to 'sys-kernel')
-rw-r--r-- | sys-kernel/grsec-sources/ChangeLog | 8 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/Manifest | 11 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/2.4.24-x86.config | 107 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13 | 1 | ||||
-rw-r--r-- | sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild | 81 |
5 files changed, 203 insertions, 5 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog index 2783a72ce15a..a856611b46fa 100644 --- a/sys-kernel/grsec-sources/ChangeLog +++ b/sys-kernel/grsec-sources/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-kernel/grsec-sources # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.13 2004/01/06 00:43:38 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.14 2004/01/11 05:45:02 solar Exp $ + +*grsec-sources-2.4.24.1.9.13 (11 Jan 2004) + + 11 Jan 2004; <solar@gentoo.org> grsec-sources-2.4.24.1.9.13.ebuild, + files/2.4.24-x86.config: + version bump and a clean up of the src code for dealing with hppa 05 Jan 2004; <plasmaroo@gentoo.org> grsec-sources-2.4.23.1.9.13-r1.ebuild, grsec-sources-2.4.23.2.0_rc4-r1.ebuild, files/grsec-sources-2.4.23.*.patch: diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest index 6a76b58f5470..040f70df84ee 100644 --- a/sys-kernel/grsec-sources/Manifest +++ b/sys-kernel/grsec-sources/Manifest @@ -1,9 +1,12 @@ -MD5 bdfa273e93aa0fa3443657b1569469b6 grsec-sources-2.4.23.2.0_rc4-r1.ebuild 1899 MD5 51a619394ecd1319bc460df7d96ddd96 grsec-sources-2.4.23.1.9.13-r1.ebuild 2756 -MD5 a79d9fa330fb3dbe818a328e0d0772df ChangeLog 2526 MD5 225cb9e370f4e7d3bc1a98549377249e metadata.xml 484 +MD5 a79d9fa330fb3dbe818a328e0d0772df ChangeLog 2526 +MD5 bdfa273e93aa0fa3443657b1569469b6 grsec-sources-2.4.23.2.0_rc4-r1.ebuild 1899 +MD5 aefa7bbf28d4e8181a19e949b8552d88 grsec-sources-2.4.24.1.9.13.ebuild 2838 +MD5 3a45a1584ad3ba2999f69113d83297f5 files/1.9.23.config 2433 +MD5 731f6330c2bea90d170172a1189bd327 files/digest-grsec-sources-2.4.23.1.9.13-r1 304 MD5 f9e7dad4cb849b2dfdc91ebe070df7d5 files/digest-grsec-sources-2.4.23.2.0_rc4-r1 221 MD5 e77a93fdf26f06cf3ea5080b27211725 files/grsec-sources-2.4.23.CAN-2003-0985.patch 414 -MD5 731f6330c2bea90d170172a1189bd327 files/digest-grsec-sources-2.4.23.1.9.13-r1 304 -MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242 MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/grsec-sources-2.4.23.rtc_fix.patch 7073 +MD5 e637c6fa41097ea2c4693d0766f2e1c5 files/do_brk_fix.patch 242 +MD5 d8266c3fd31880277da566681a943098 files/digest-grsec-sources-2.4.24.1.9.13 67 diff --git a/sys-kernel/grsec-sources/files/2.4.24-x86.config b/sys-kernel/grsec-sources/files/2.4.24-x86.config new file mode 100644 index 000000000000..f85800874a1b --- /dev/null +++ b/sys-kernel/grsec-sources/files/2.4.24-x86.config @@ -0,0 +1,107 @@ +# +# Grsecurity +# +CONFIG_GRKERNSEC=y +CONFIG_CRYPTO=y +CONFIG_CRYPTO_SHA256=y +# CONFIG_GRKERNSEC_LOW is not set +# CONFIG_GRKERNSEC_MID is not set +# CONFIG_GRKERNSEC_HI is not set +CONFIG_GRKERNSEC_CUSTOM=y + +# +# Address Space Protection +# +CONFIG_GRKERNSEC_PAX_NOEXEC=y +CONFIG_GRKERNSEC_PAX_PAGEEXEC=y +CONFIG_GRKERNSEC_PAX_SEGMEXEC=y +CONFIG_GRKERNSEC_PAX_EMUTRAMP=y +# CONFIG_GRKERNSEC_PAX_EMUSIGRT is not set +CONFIG_GRKERNSEC_PAX_MPROTECT=y +# CONFIG_GRKERNSEC_PAX_NOELFRELOCS is not set +CONFIG_GRKERNSEC_PAX_ASLR=y +CONFIG_GRKERNSEC_PAX_RANDKSTACK=y +CONFIG_GRKERNSEC_PAX_RANDUSTACK=y +CONFIG_GRKERNSEC_PAX_RANDMMAP=y +CONFIG_GRKERNSEC_PAX_RANDEXEC=y +CONFIG_GRKERNSEC_KMEM=y +# CONFIG_GRKERNSEC_IO is not set +CONFIG_GRKERNSEC_PROC_MEMMAP=y +CONFIG_GRKERNSEC_HIDESYM=y + +# +# ACL options +# +CONFIG_GRKERNSEC_ACL_HIDEKERN=y +CONFIG_GRKERNSEC_ACL_MAXTRIES=3 +CONFIG_GRKERNSEC_ACL_TIMEOUT=30 + +# +# Filesystem Protections +# +CONFIG_GRKERNSEC_PROC=y +# CONFIG_GRKERNSEC_PROC_USER is not set +CONFIG_GRKERNSEC_PROC_USERGROUP=y +CONFIG_GRKERNSEC_PROC_GID=10 +CONFIG_GRKERNSEC_PROC_ADD=y +CONFIG_GRKERNSEC_LINK=y +CONFIG_GRKERNSEC_FIFO=y +CONFIG_GRKERNSEC_CHROOT=y +CONFIG_GRKERNSEC_CHROOT_MOUNT=y +CONFIG_GRKERNSEC_CHROOT_DOUBLE=y +CONFIG_GRKERNSEC_CHROOT_PIVOT=y +CONFIG_GRKERNSEC_CHROOT_CHDIR=y +CONFIG_GRKERNSEC_CHROOT_CHMOD=y +CONFIG_GRKERNSEC_CHROOT_FCHDIR=y +CONFIG_GRKERNSEC_CHROOT_MKNOD=y +CONFIG_GRKERNSEC_CHROOT_SHMAT=y +CONFIG_GRKERNSEC_CHROOT_UNIX=y +CONFIG_GRKERNSEC_CHROOT_FINDTASK=y +CONFIG_GRKERNSEC_CHROOT_NICE=y +CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_CAPS=y + +# +# Kernel Auditing +# +# CONFIG_GRKERNSEC_AUDIT_GROUP is not set +CONFIG_GRKERNSEC_EXECLOG=y +CONFIG_GRKERNSEC_RESLOG=y +CONFIG_GRKERNSEC_CHROOT_EXECLOG=y +CONFIG_GRKERNSEC_AUDIT_CHDIR=y +CONFIG_GRKERNSEC_AUDIT_MOUNT=y +CONFIG_GRKERNSEC_AUDIT_IPC=y +CONFIG_GRKERNSEC_SIGNAL=y +CONFIG_GRKERNSEC_FORKFAIL=y +CONFIG_GRKERNSEC_TIME=y + +# +# Executable Protections +# +CONFIG_GRKERNSEC_EXECVE=y +CONFIG_GRKERNSEC_DMESG=y +CONFIG_GRKERNSEC_RANDPID=y +CONFIG_GRKERNSEC_TPE=y +CONFIG_GRKERNSEC_TPE_ALL=y +CONFIG_GRKERNSEC_TPE_GID=100 + +# +# Network Protections +# +# CONFIG_GRKERNSEC_RANDNET is not set +CONFIG_GRKERNSEC_RANDISN=y +CONFIG_GRKERNSEC_RANDID=y +CONFIG_GRKERNSEC_RANDSRC=y +CONFIG_GRKERNSEC_RANDRPC=y +# CONFIG_GRKERNSEC_SOCKET is not set + +# +# Sysctl support +# +CONFIG_GRKERNSEC_SYSCTL=y + +# +# Logging options +# +CONFIG_GRKERNSEC_FLOODTIME=10 +CONFIG_GRKERNSEC_FLOODBURST=4 diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13 new file mode 100644 index 000000000000..c53c09ff6087 --- /dev/null +++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.24.1.9.13 @@ -0,0 +1 @@ +MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild new file mode 100644 index 000000000000..9784403d6cd7 --- /dev/null +++ b/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.24.1.9.13.ebuild,v 1.1 2004/01/11 05:45:02 solar Exp $ + +# We control what versions of what we download based on the KEYWORDS we +# are using for the various arches. Thus if we want grsec1 stable we run +# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the +# grsec-2.0-preX which has alot more features. + +# the only thing that should ever differ in one of these 1.9.x ebuilds +# and 2.x of the same kernel version is the KEYWORDS and header. +# shame cvs symlinks don't exist + +ETYPE="sources" +IUSE="" + +inherit eutils +inherit kernel + +[ "$OKV" == "" ] && OKV="2.4.24" + +PATCH_BASE="${PV/${OKV}./}" +PATCH_BASE="${PATCH_BASE/_/-}" +EXTRAVERSION="-grsec-${PATCH_BASE}" +KV="${OKV}${EXTRAVERSION}" + +PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch" + +# hppa takes a special patch and usually has play catch up between +# versions of this package we. + +HPPA_SRC_URI="" +if [ "${ARCH}" == "hppa" ]; then + PARISC_KERNEL_VERSION="pa1" + KV="${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}" + HPPA_PATCH_SRC_BASE="parisc-linux-${OKV}-${PARISC_KERNEL_VERSION}${EXTRAVERSION}.gz" + HPPA_SRC_URI="mirror://gentoo/${HPPA_PATCH_SRC_BASE} http://dev.gentoo.org/~pappy/gentoo-x86/sys-kernel/grsec-sources/${HPPA_PATCH_SRC__BASE}" + PATCH_SRC_BASE="${HPPA_PATCH_SRC_BASE}" +fi + +DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch" + +SRC_URI="hppa? ( $HPPA_SRC_URI ) \ + !hppa? ( http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \ + http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch.sign ) \ + http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2" + +HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net" + +[ ${PATCH_BASE/.*/} == 1 ] && KEYWORDS="x86 -hppa" || KEYWORDS="~x86 ~sparc ~ppc ~alpha -hppa" + +SLOT="${OKV}" +S="${WORKDIR}/linux-${KV}" + +src_unpack() { + unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel" + mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel" + cd linux-"${KV}" || die "unable to cd into the kernel source tree" + + [ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File does not exist?" + + # users are often confused by what settings should be set so + # here lets them an example of what a P4 desktop would look like. + cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config + + ebegin "Patching the kernel with ${PATCH_SRC_BASE}" + case "${ARCH}" in + hppa) zcat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; + *) cat ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet ;; + esac + [ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}" + eend 0 + + mkdir docs + touch docs/patches.txt + kernel_universal_unpack + + # fixed in .24 + #epatch ${FILESDIR}/${PN}-${OKV}.CAN-2003-0985.patch + #epatch ${FILESDIR}/${PN}-${OKV}.rtc_fix.patch +} |