Lunar Linux Hardened

From Lunar Linux
(Difference between revisions)
Jump to: navigation, search
(News)
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
== Hardened Lunar Linux ==
 
  
The maingoal of this project might be to have a Lunar Linux with security enhancements. The most modules will be patched with patches we've written or others written. Others could be Linux-from-Scratch users or other Distributions. As long as we keep credits - This should be okay.
 
 
== News ==
 
 
13th March 07 - So long, i'm ready, i recompiled the listed modules (lin -cr lin -cr lin -cr liiiuah..) and the modules with
 
the new patches (except for vim) everything is running fine and i will start testing the same on another Box. Since yet i tested
 
my module enhancements just on my local box (Athlon XP 2600+ with 512 MB Ram and Linux 2.6 Vanilla) i started testing it on an
 
Intel P4 1,8 GHz with 512 MB Ram) When testing is okay, i'll recompile both entire Systems again to get really 'clean' systems.
 
After that i'll fix some patches (Some patches i could use are not listed here, cause they aren't working - I'll fix that and
 
list them here) if i'm ready with that i'll rewrite this page and add patches for some other apps. AAAnd then? Well, then i
 
would hope that somebody helps testing ;))
 
 
== Language ==
 
 
The mainproblem is my language - so if you read things you don't understand please ask me - My english isn't as good as yours so probably i would be happy for corrections ;-)
 
 
== Warning ==
 
 
This project is in an experimental state - So use it only if you want to play with it or if you want help developing it. It's not for production use right now.
 
I'm working at the moment only at i386. So no x86_64 or sparc support is there.
 
 
== HowTo get this Thingy running ==
 
 
 
Good question, i waited that u ask me. First, you'll download the hd-modules.tar.bz2 (I will add the url here soon). Extract it to /var/lib/lunar/moonbase/zlocal/ (Be careful if you stored own modules there. We don't want to overwrite something). Then you have to re-lin stuff:
 
 
 
'''Stage One'''
 
 
Preinstallation of needed modules
 
 
* lin -cr binutils # This will install binutils 2.17 with our hardened patches and configure options
 
* lin -cr gcc # This will install gcc 4.1.2 with our hardened patches and configure options
 
* lin -cr kernel-headers-2.6 # This will install the Kernel Headers we need for glibc
 
* lin -cr glibc # This will install glibc 2.5 with our hardened patches and configure options
 
* lin -cr linux-2.6 # Now reinstall the linux kernel.
 
 
'''Stage Two'''
 
 
Now reinstallation of the previosly installed modules, so that they're compiled using the preinstalled modules
 
 
* lin -cr binutils
 
* lin -cr gcc
 
* lin -cr db (if u have it installed (lvu installed db) but i bet you have)
 
* lin -cr coreutils
 
* lin -cr kernel-headers-2.6
 
* lin -cr glibc
 
* lin -cr linux-2.6
 
 
'''Stage Three'''
 
 
Now we relin some other useful modules:
 
* lin -cr bison
 
* lin -cr procps
 
* lin -cr libtool
 
* lin -cr perl
 
* lin -cr readline
 
* lin -cr zlib
 
* lin -cr autoconf
 
* lin -cr automake
 
 
'''Now your filesystem tools:'''
 
 
* lin -cr e2fsprogs (for ext2 and ext3fs)
 
* lin -cr xfsprogs (for xfs only if u use it)
 
* lin -cr jfsutils (for jfs only if u use it)
 
* lin -cr reiserfsprogs (for reiserfs only if u use it)
 
* ... ;-)
 
 
'''Now some other modules'''
 
* lin -cr file
 
* lin -cr flex
 
* lin -cr groff
 
* lin -cr less
 
* lin -cr man
 
* lin -cr mktemp
 
* lin -cr module-init-tools
 
* lin -cr psmisc
 
* lin -cr shadow
 
* lin -cr sysvinit
 
* lin -cr udev (or whatever u use, for example devfs)
 
* lin -cr ncurses (if u have it installed (lvu installed ncurses))
 
* lin -cr bash
 
* lin -cr bzip2
 
* lin -cr coreutils
 
* lin -cr diffutils
 
* lin -cr findutils
 
* lin -cr gawk
 
* lin -cr gettext
 
* lin -cr grep
 
* lin -cr gzip
 
* lin -cr m4
 
* lin -cr make
 
* lin -cr patch
 
* lin -cr perl
 
* lin -cr sed
 
* lin -cr tar
 
* lin -cr texinfo (if u have it installed (lvu installed texinfo))
 
* lin -cr util-linux
 
* lin -cr vim
 
 
== The Patches (info) ==
 
 
You will see "Status:" in the following sections. Status 1 means i tested is it compiling and does it seem working, on my local system (Athlon XP 2600+, 512 MB Ram, Vanilla 2.6.20 Kernel). Status 2 means i tested it a bit more and recompiled it several times AND with optimizations. Status 3 means other people have tested it, too but it wasn't working sometimes. Status 4 means other people have tested it, too and it was working everywhere.
 
 
So:
 
 
* Status 0 is untested.
 
* Status 1 is really really alpha. (tested without optimizations)
 
* Status 2, too. (tested with optimizations: CPU: athlon-xp; FPU: both; MMX SSE SSE2, -O2)
 
* Status 3 is beta.
 
* Status 4 is ready to go ;-)
 
 
=== ToDo ===
 
 
* Do we need to port this patch http://www.linuxfromscratch.org/patches/downloads/db/db-4.4.20-trap-2.patch if we use 4.5.20?
 
* On some sites exists a branch_update-2.patch for binutils-2.17, i tried it and it was not working cause of another patch. http://www.ip-minds.de/patches/binutils-2.17-branch_update-2.patch (will be later available there)
 
* We have to look for other useful security related patches.
 
* We could need an 'automated' install script for the hardened modules (wget the modules to zlocal, uncompress them, lget every needed patch + module, lin -cr everything in the right order (like a rebuild) that would spare some time for interested users... and perhaps some nerves ;))
 
* Someone should rewrite this site.. ;-)
 
 
== The Patches (The Modules + Patches + Configure Changes) ==
 
 
=== gcc 4.1.2 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">posix-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Makes GCC Posix Compliant</td>
 
    </tr>
 
</table>
 
 
=== binutils 2.17 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">branch_update-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is the binutils-2_17-branch (bug fix branch) update, compared from binutils-2.17-release and binutils-2_17-branch with all the fluff removed (CVS entries, maintainer files, etc). This patch should be updated periodically.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">hardened_tmp-3.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch uses mkstemp(3) and mkdtemp(3) for temporary file creation, if they are available, rather than the default mktemp(3). This is safer and removes some compiler warnings.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">lazy-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This adds -z lazy option, inverse of -z now.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">pt_pax-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">posix-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Makes binutils Posix Compliant</td>
 
    </tr>
 
</table>
 
 
=== coreutils 6.7 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">i18n-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch fixes various problems with multibyte character support.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">uname-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fix the output of uname once and for all.</td>
 
    </tr>
 
</table>
 
 
=== glibc 2.5 ===
 
 
Status: 2
 
 
Configure: Added --with-selinux as a query option, added the following things statically: --with-tls --enable-bind-now --enable-stackguard-randomization
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">blowfish.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch adds blowfish crypto to libcrypt.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">branch_update-2.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">dl_execstack_PaX-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Pax. http://pax.grsecurity.net/</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">hardened_tmp-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">iconv_unnest-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Move nested function to a static one so we avoid generating a trampoline.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">localedef_segfault-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">pt_pax-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Pax. http://pax.grsecurity.net/</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">strlcpy_strlcat-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">http://www.courtesan.com/todd/papers/strlcpy.html</td>
 
    </tr>
 
</table>
 
 
=== Berkeley DB 4.5.20 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">fixes-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes a couple of issues when trying to access databases through the Java API.</td>
 
    </tr>
 
</table>
 
 
=== procps 3.2.7 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">hardened_cflags-2.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Check for gcc -fpie, -fpic, -fstack-protector, and ld -pie, -z relro, -z now. Use whatever works.</td>
 
    </tr>
 
</table>
 
 
=== perl 5.8.8 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">regex_ssp-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">The regex code in this version of Perl segfaults when compiled with stack smashing protector. This patch disables stack smashing protector just on the affected files.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">libc-2.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">this patch adapts some hard-wired paths to the C library. It uses the $prefix variable to locate the correct libc.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">fPIC-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes a test that checks to see which paramater needs to be used for -fPIC and forces the objects in DynaLoader to be built with -fPIC.</td>
 
    </tr>
 
</table>
 
 
=== readline 5.2 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">readline52-001</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Patch 001 from upstream: In some cases, code that is intended to be used in the presence of multibyte characters is called when no such characters are present, leading to incorrect display position calculations and incorrect redisplay.</td>
 
    </tr>
 
</table>
 
 
=== zlib 1.2.3 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">fPIC-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">1.) Build shared and static lib in one pass 2.) Always add -fPIC when building shared lib, don't expect the user to set it.</td>
 
    </tr>
 
</table>
 
 
=== file 4.20 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">reg_startend-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes a bug caused by an undefined constant</td>
 
    </tr>
 
</table>
 
 
=== groff 1.19.2 ===
 
 
Status: 2
 
 
HINT: Should be PSAFE now. So i removed PSAFE=no from the DETAILS file. See patch for more Informations.
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">parallel_make-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch fixes the dependencies in the groff Makefile so parallel builds are possible.</td>
 
    </tr>
 
</table>
 
 
=== less 394 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">signal_fix-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch fixes a bug with the configure script so that 'sigset_t',
 
and 'sigprocmask', are detected and used.</td>
 
    </tr>
 
</table>
 
 
=== module-init-tools 3.2.2 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">modprobe-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Updates modprobe functionality to fix problem where aliases don't quite work properly</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">nostatic-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch removes the use of zlib.a, and removes insmod.static.</td>
 
    </tr>
 
</table>
 
 
=== shadow 4.0.18.1 ===
 
 
Status: 2
 
 
NOTICE: i had to change the build file, cause of the patch we have to run: aclocal && autoconf && autoheader.
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">owl_blowfish-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Use this patch with the Glibc blowfish patch (also from openwall).</td>
 
    </tr>
 
</table>
 
 
=== sysvinit 2.86 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">owl_blowfish.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Use this patch with the Glibc blowfish patch (also from openwall).</td>
 
    </tr>
 
</table>
 
 
=== bash 3.2 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">fixes-2.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">A combined patch containing patches 001-009 from upstream.</td>
 
    </tr>
 
</table>
 
 
=== diffutils 2.8.7 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">hardened_tmp-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch removes the more portable and less safe use of tmpname(3), in preference of mkstemp(3).</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">i18n-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes treatment of whitespace in multibyte locales.</td>
 
    </tr>
 
</table>
 
 
=== grep 2.5.1a ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">config_update-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Updates config.sub and config.guess</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">redhat_fixes-2.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Various fixes from RedHat. Individual patches: grep-2.5.1-fgrep.patch, grep-2.5.1-bracket.patch, grep-2.5-i18n.patch, grep-2.5.1-oi.patch, grep-2.5.1-manpage.patch, grep-2.5.1-color.patch, grep-2.5.1-icolor.patch, grep-2.5.1-egf-speedup.patch, grep-2.5.1-dfa-optional.patch, grep-2.5.1-tests.patch, grep-2.5.1-w.patch</td>
 
    </tr>
 
</table>
 
 
=== sed 4.1.5 ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">fixes-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch includes:
 
 
Redhat/Fedora - sed-4.1.5-bz185374.patch
 
Redhat/Fedora - sed-4.1.5-relsymlink.patch
 
OpenWall/Owl - sed-4.1.5-owl-warnings.diff
 
Gentoo - sed-4.1.5-alloca.patch
 
 
And a handfull of additional compiler warning fixes, including the addition of --enable-gcc-warnings (-Werror -Wall -Wformat -Wformat-security). Wrap fchown in assert() to deal with gcc -D_FORTIFY_SOURCE warnings (only if _FORTIFY_SOURCE is defined).
 
Added strlcpy(), and assert(), code if the system does not have them. This had to be put into one big patch mainly because of strlcpy().</td>
 
    </tr>
 
</table>
 
 
=== texinfo 4.8a ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">multibyte-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Info assumes that a string width in character cells is the same as its length in bytes. This patch avoids cases when this assumption is not true.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">tempfile_fix-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">(CAN-2005-3011) texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.</td>
 
    </tr>
 
</table>
 
 
=== util-linux 2.12r ===
 
 
Status: 2
 
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">PIC-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Grsec. http://www..grsecurity.net/ Util linux doesn't build with position independence without this patch.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">gcc4_fixes-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes GCC4 Compile Issues</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">hardened_cflags-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Check for gcc -fpie, -fpic, -fstack-protector, and ld -pie, -z relro, -z now. Use whatever works.</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">loop_AES-3.1b.patch.gz</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">util-linux patch that adds support for AES and other ciphers (from eswap.txt).</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">mips64_fix-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes compile issue under MIPS 64 bit</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">missing_header-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes the missing delcaration of R_OK in swapon.c build</td>
 
    </tr>
 
    <tr>
 
        <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">nologin-1.patch</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
        <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch adds /sbin/nologin and 'man 8 nologin', for polite
 
login refusal. nologin will try to read /etc/nologin.txt to use it for a
 
message, if /etc/nologin.txt does not exist it will use a hardcoded message.
 
If you do not want nologin to try to read /etc/nologin.txt at all then use:
 
 
make NOLOGIN_TXT=no
 
 
        </td>
 
    </tr>
 
</table>
 

Latest revision as of 06:04, 15 March 2007

Personal tools
Namespaces
Variants
Actions
Wiki Navigation
Project Sites
Toolbox