[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: 0b4c8653c4e01ed36a292d7c8d0ee82a471e438d Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Mon Sep 4 18:55:41 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Mon Sep 4 18:55:41 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=0b4c8653 Remove the match against hardened profiles as it is interpreted as an AND and not an OR .../2017-08-19-hardened-sources-removal.en.txt | 5 ++--- .../2017-08-19-hardened-sources-removal.en.txt.asc | 26 +++--- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt index 184b168..a2da83e 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -1,10 +1,9 @@ Title: sys-kernel/hardened-sources removal Author: Francisco Blas Izquierdo Riera Posted: 2017-08-19 -Revision: 9 +Revision: 10 News-Item-Format: 2.0 Display-If-Installed: sys-kernel/hardened-sources -Display-If-Profile: hardened/linux/* As you may know the core of sys-kernel/hardened-sources have been the grsecurity patches. @@ -52,4 +51,4 @@ sys-kernel/hardened-sources, will remain available for the time being. [2] https://www.gentoo.org/support/news-items/2015-10-21-future- support-of-hardened-sources-kernel.html [3] https://github.com/minipli/linux-unofficial_grsec -[4] https://github.com/copperhead/linux-hardened \ No newline at end of file +[4] https://github.com/copperhead/linux-hardened diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc index 9b782e3..23d8905 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -1,16 +1,16 @@ -BEGIN PGP SIGNATURE- -iQIyBAABCgAcBQJZm2AZFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 -+cYeD/9/2hFR6IxPs0tZQJGiYxTIEM+4GiwDs0OtfpRZBIRPGu/CCQuZGQ1l98of -2c+jQ+02dV4DdhX7XyD1uOFFIgEThzYik/U30+avsrHnT+Xk1pMt9lydiwAkaZtL -Zz/kppP1URTR/oCzsJ6Lswdzwap5FByYiIl/6gwu0HO/21ybx/qSWZOKd5SGw+r/ -/zzQhdEE1NBiuSo+ziYgDOwkGR+DdGTaaHulI77ZRygURS3RKmcInHjSRXfS8vvt -cYJviD9RWwVlC86anfeUApUj3/3YTDjWwfXBsV5fMYjb+u4CoobHw9JOWmUT0OpM -NXSaGXfgO3DrIISmWdQkyrOOXBjdrPqRA+s/mIN+0aqNuAAS/OqnJvFdN+u2/bG0 -TalChypfr0bGZovr4Y/hFtoYj5rvJ9xQEdzniN5y9vUYGN9wwEyIZBMockpLhxGE -17SsakqDesl5WqsTECx/7hLtFwvXnyzLrYQtO3mz9ozAsbZ9zyTSS/AsQl6qPRPy -FQbywkyxJQfyCiHBuDUkSYGqGAxPn04GOauwsYmx+xpFc7S6gm2/a+YCmurAzM26 -vubtylc/5mKM7Ox802nyxrRmDMLQz+GW+pBv4aO6+MsOk751q6yRJ7XKXets4tMr -AE8yg4Vcf/JV8Ov6tpUz/2DnBKVJfu3q92heWAH/kXPEH9+R+g== -=7G/+ +iQIyBAABCgAcBQJZraFoFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++SIMD/4v2HbdDNfn968rn8l0HaNM9I4c+RtTZUndwo2B5ARxblVaHEQpVYTYeUyZ +0sptBitU3eHSqfsFkE6OQjzGW0lcrBEjM3mMnKhoKLCIfvcu/87qUND0i7RtlDcu +1lK118L5mApOeQOdC+xnHvPQ4k14OvJIJ84kqQwxILoClMES9hYGp2tHWy2TyFn+ +yexyuAtZ48XlhXuDJohcho+DSx7rJLvJJQzZWdEB/31eBa2PFLcXOhkeXmSFahBv +5+xuEqQpKtLI70gKEDqyUb+jUArpOYezg2/imiAHozlsSrDdDPvbHvGYnel/MZew +WyEydO1rEFrc7lh7Xie1rQGW0cN8MJ5c8q753n6nbpFJSTZhgJf3vcvNu7pxthZL +cSUPckfpUL0Np7vpbBxPWKJwAdWBC7HnaQ/ml6HWz1sUzDDqxEEkzCWh+YDdYXoT +qcnP5Ac9GZwZ9hnOROWOnnM6dvr1EgP35/3taj8IRSW8ez3XTGZES/m90vxakjZ2 +ja4exBwZ3LamSzIkJHkMh7QoAlZjR7luApEyFtj/2r3hf6Xo+oTi6ly9xUQSGJz1 +1nQwaxV4wgT2QDgxOrWjFIBFaAgGqWL+rdPnE9TSWCt7SAeE72+VobWftkf3y0AJ +4mtjV6sGTF4BhwAdhfsLarYUNgjAJUq453gNkC9zEWaGz1MeOg== +=p2Ig -END PGP SIGNATURE-
[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: feb223338977bfa3554c30781b333b6eab58ed0a Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Mon Aug 21 22:35:45 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Mon Aug 21 22:35:45 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=feb22333 Prior commit message was wrong. Add missing of, also update version number .../2017-08-19-hardened-sources-removal.en.txt | 2 +- .../2017-08-19-hardened-sources-removal.en.txt.asc | 26 +++--- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt index 1d51e2a..184b168 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -1,7 +1,7 @@ Title: sys-kernel/hardened-sources removal Author: Francisco Blas Izquierdo Riera Posted: 2017-08-19 -Revision: 8 +Revision: 9 News-Item-Format: 2.0 Display-If-Installed: sys-kernel/hardened-sources Display-If-Profile: hardened/linux/* diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc index 419c985..9b782e3 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -1,16 +1,16 @@ -BEGIN PGP SIGNATURE- -iQIyBAABCgAcBQJZm1/7FRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 -+X1oD/0Y5kEqG6VhGIO7NKXdgnSA5hWcKFc58h2hasHXapEFDHoK0FgEN4fOgFL7 -ZavJk8hmOaGdevo1fQE4xytP8KMTJ1djNGtUCWALNTxcNfw72vYXPMEXMPTrxKBg -etkikdVQPHxcX7RDWSKzUupM8ye0PnpH/nAQev+q/paR9TUZvosdFhBuP02rnvGk -EUgIkOGnmS+gxTXM5l/YZ6szM7bvjQcfsJ/pBsXPd1b1HqmsUtObWdC1BF29T7Wp -Z0nt9POxxIT1SnIDEWQAEiwoYX53uz4a50f5XXizYSiJTf12yNbiMC61hE8qaWVc -wYPZDAEf7vnEovsOzMjCGT0UfybqGsEmau9/a7MKVCXwRjEyVnXf7bS3cZmkdE52 -pba5Ep6mX+6nOgYHZopzXK59gjUAYL8aOhplu1Fae+7cc92II3rBKojfSSwhrg6t -DzTGgV56JQP9N1xJNwq1tOG9ATYIO5V68qwjwFiLJn2Ix2KPOQxR04vwRa4tIyEm -cQwIYCTpDtGfU2rPBcfStXEyEP5yZv1MThG20lRVfSXdzJnETJdzuh9b9T7dBAuh -u2egz2NiX4yWQal3xp+h/lIL2clqNFRkNLtyZVhp/JJrGDOZcqwb9FQNhegVetL5 -B8ElvXkrxaKwPoYLVH/MiBW02z2WIMMv6hZzH1Z8WZxPYWpKPw== -=l9Ov +iQIyBAABCgAcBQJZm2AZFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++cYeD/9/2hFR6IxPs0tZQJGiYxTIEM+4GiwDs0OtfpRZBIRPGu/CCQuZGQ1l98of +2c+jQ+02dV4DdhX7XyD1uOFFIgEThzYik/U30+avsrHnT+Xk1pMt9lydiwAkaZtL +Zz/kppP1URTR/oCzsJ6Lswdzwap5FByYiIl/6gwu0HO/21ybx/qSWZOKd5SGw+r/ +/zzQhdEE1NBiuSo+ziYgDOwkGR+DdGTaaHulI77ZRygURS3RKmcInHjSRXfS8vvt +cYJviD9RWwVlC86anfeUApUj3/3YTDjWwfXBsV5fMYjb+u4CoobHw9JOWmUT0OpM +NXSaGXfgO3DrIISmWdQkyrOOXBjdrPqRA+s/mIN+0aqNuAAS/OqnJvFdN+u2/bG0 +TalChypfr0bGZovr4Y/hFtoYj5rvJ9xQEdzniN5y9vUYGN9wwEyIZBMockpLhxGE +17SsakqDesl5WqsTECx/7hLtFwvXnyzLrYQtO3mz9ozAsbZ9zyTSS/AsQl6qPRPy +FQbywkyxJQfyCiHBuDUkSYGqGAxPn04GOauwsYmx+xpFc7S6gm2/a+YCmurAzM26 +vubtylc/5mKM7Ox802nyxrRmDMLQz+GW+pBv4aO6+MsOk751q6yRJ7XKXets4tMr +AE8yg4Vcf/JV8Ov6tpUz/2DnBKVJfu3q92heWAH/kXPEH9+R+g== +=7G/+ -END PGP SIGNATURE-
[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: dadc64cdfe0587fa907480499bb8df8806cfd2da Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Mon Aug 21 22:34:42 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Mon Aug 21 22:34:42 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=dadc64cd Address spender's remarks regarding linux-hardened .../2017-08-19-hardened-sources-removal.en.txt | 4 ++-- .../2017-08-19-hardened-sources-removal.en.txt.asc | 26 +++--- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt index e6d5d09..1d51e2a 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -37,8 +37,8 @@ additional hardening features over those on the latest version of the Linux tree at [4]. The Gentoo Hardened team can't make any statement regarding the -security, reliability or update availability of either those patches -as we aren't providing them and can't therefore make any +security, reliability or update availability of either of those +patches as we aren't providing them and can't therefore make any recommendation regarding their use. We'd like to note that all the userspace hardening and MAC support for diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc index 461af43..419c985 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -1,16 +1,16 @@ -BEGIN PGP SIGNATURE- -iQIyBAABCgAcBQJZmurnFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 -+T8+D/9PkmL6v51iFT1kHB2qZmuNmLSE7//WEyGH2+gvfoQ3j05GMP5OUxc8lvyM -6FGTcxXvzkf9MOo1zyxi9XX4lwxp8E4zkoupshOLmU2rvcx1E7d/DP7NvZnqVO0B -RBEhYmlmuAKwWoDhPilI3ob+16PDfBdypIS53Lk4z/6Dypz0FEvQL/fU2dhgGOHb -g4FE91F83WRS4gJo1/OVGLB+rXdJscg+1EvvofX1H3BQ8AnP8CwNn6WHgOooG7nA -X11xCA1a2Wol69AAOqdQVL0uefIxlyEbvk81e0Ysmeiedn0FgGaBHSnGCmt//TKa -0MYsDeJWgglNdiV26Rtu1Z/wgb7t1GFsU93WD6+DIz3OGPMJsHx1A0XTvLuqugRg -jRi5tNq4WtY+Wn47inUu1nk/l5wqk+uelyypaggs/Ksh9BJ4nak/Jg5RVjQ6ajtP -j3FwCml1DyylBzZ9zOZdORUNdCt/FKD1Yp4WkRsNsQYB6r7RC7tWXt3ymV5E9Krv -f22QV9HoofJKl4HXd8Abihf+Xe5cycOL7UVXFKJWje5uJ/XJUMcSp0Vth0TGhPS6 -A1/tTS61m16nNpFZwfs6swg99ThoY6nF9meRzL9vBIm1h0b/A9lFWKL3g7qCTp4J -eAw+DDC9EPHCWlTunMjZ31pScM9HBr+FQgzlPIuI4iaxv/BGPg== -=LMWC +iQIyBAABCgAcBQJZm1/7FRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++X1oD/0Y5kEqG6VhGIO7NKXdgnSA5hWcKFc58h2hasHXapEFDHoK0FgEN4fOgFL7 +ZavJk8hmOaGdevo1fQE4xytP8KMTJ1djNGtUCWALNTxcNfw72vYXPMEXMPTrxKBg +etkikdVQPHxcX7RDWSKzUupM8ye0PnpH/nAQev+q/paR9TUZvosdFhBuP02rnvGk +EUgIkOGnmS+gxTXM5l/YZ6szM7bvjQcfsJ/pBsXPd1b1HqmsUtObWdC1BF29T7Wp +Z0nt9POxxIT1SnIDEWQAEiwoYX53uz4a50f5XXizYSiJTf12yNbiMC61hE8qaWVc +wYPZDAEf7vnEovsOzMjCGT0UfybqGsEmau9/a7MKVCXwRjEyVnXf7bS3cZmkdE52 +pba5Ep6mX+6nOgYHZopzXK59gjUAYL8aOhplu1Fae+7cc92II3rBKojfSSwhrg6t +DzTGgV56JQP9N1xJNwq1tOG9ATYIO5V68qwjwFiLJn2Ix2KPOQxR04vwRa4tIyEm +cQwIYCTpDtGfU2rPBcfStXEyEP5yZv1MThG20lRVfSXdzJnETJdzuh9b9T7dBAuh +u2egz2NiX4yWQal3xp+h/lIL2clqNFRkNLtyZVhp/JJrGDOZcqwb9FQNhegVetL5 +B8ElvXkrxaKwPoYLVH/MiBW02z2WIMMv6hZzH1Z8WZxPYWpKPw== +=l9Ov -END PGP SIGNATURE-
[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: f14bd44056fcc9761d06c47cc81a1798b4978041 Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Mon Aug 21 14:15:40 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Mon Aug 21 14:15:40 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=f14bd440 Address spender's remarks regarding linux-hardened .../2017-08-19-hardened-sources-removal.en.txt | 7 +++--- .../2017-08-19-hardened-sources-removal.en.txt.asc | 26 +++--- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt index b6b4e45..e6d5d09 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -1,7 +1,7 @@ Title: sys-kernel/hardened-sources removal Author: Francisco Blas Izquierdo Riera Posted: 2017-08-19 -Revision: 6 +Revision: 8 News-Item-Format: 2.0 Display-If-Installed: sys-kernel/hardened-sources Display-If-Profile: hardened/linux/* @@ -32,8 +32,9 @@ As an alternative, for users happy keeping themselves on the stable 4.9 branch of the kernel; minipli, another grsecurity user, is forward porting the patches on [3]. -Strcat from Copperhead OS is making his own version of the patches -forward ported to the latest version of the Linux tree at [4]. +Strcat from Copperhead OS is making his own version with some +additional hardening features over those on the latest version of the +Linux tree at [4]. The Gentoo Hardened team can't make any statement regarding the security, reliability or update availability of either those patches diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc index 5608ec7..461af43 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -1,16 +1,16 @@ -BEGIN PGP SIGNATURE- -iQIyBAABCgAcBQJZmdkeFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 -+TdaD/0RHXMXUuWxgUdU35qf8d8K5EPhfawaSQTg8JgMXwtnf9URph+vtjr3ujtF -w+k2c9fXycNRyWWI++6TJdib7TktqtrePClUzVu8Mi/iSHfBV+S+/38W/kDpt/YF -yqzrtgpMsq9w703nen8A2IoqxDDfzI5BRMvzeNX+cDZfLQi5YJDT+Jrq4SQVFgWa -ca29g5WLfEv9Ya4B7rfCyVXKQDLqFLyZ1LLA2CwlezGJxY397ds1eaAfINXqtMZx -F3xwFWg98cySEa9KTdWzjquNWSl+x4fMs+ALaNdpZ9546kYmxMmRAv30zIbv0ctQ -uz6Tjy+qy6uTZHUM+eZwN7KdLbamwPSiDEgZ7GUwdB9Kz0QKcbdixRm2aR6wp9J1 -c7aqt8fu4+UAft6RwrH5+uYOaeuDR/WR1ejxc2ZkPCcl5uOZ2t03B22Dl5jBpH/1 -d3mHBnOq2wWM0smnUiO4dbOf03xacri+LSUahpum7K7fYc8ydN4UW0vu7Kq7y+3l -loRWjamLejEOvv1m1ELHWOGfEt+kEh1TEt674yPVYnHLTmSr3FGDFChJJ4wpVky8 -EbpzSUFQ+ZvEpzQhZTWsBmxG7BO6pWrk1n9k5wJiDmhLjyo9Q3MPjpmneKLgUOph -DWINb3ZEJeDonicz4yOHByvpLXpTDilizbwb0O7HlPjjTeL8WQ== -=DOB7 +iQIyBAABCgAcBQJZmurnFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++T8+D/9PkmL6v51iFT1kHB2qZmuNmLSE7//WEyGH2+gvfoQ3j05GMP5OUxc8lvyM +6FGTcxXvzkf9MOo1zyxi9XX4lwxp8E4zkoupshOLmU2rvcx1E7d/DP7NvZnqVO0B +RBEhYmlmuAKwWoDhPilI3ob+16PDfBdypIS53Lk4z/6Dypz0FEvQL/fU2dhgGOHb +g4FE91F83WRS4gJo1/OVGLB+rXdJscg+1EvvofX1H3BQ8AnP8CwNn6WHgOooG7nA +X11xCA1a2Wol69AAOqdQVL0uefIxlyEbvk81e0Ysmeiedn0FgGaBHSnGCmt//TKa +0MYsDeJWgglNdiV26Rtu1Z/wgb7t1GFsU93WD6+DIz3OGPMJsHx1A0XTvLuqugRg +jRi5tNq4WtY+Wn47inUu1nk/l5wqk+uelyypaggs/Ksh9BJ4nak/Jg5RVjQ6ajtP +j3FwCml1DyylBzZ9zOZdORUNdCt/FKD1Yp4WkRsNsQYB6r7RC7tWXt3ymV5E9Krv +f22QV9HoofJKl4HXd8Abihf+Xe5cycOL7UVXFKJWje5uJ/XJUMcSp0Vth0TGhPS6 +A1/tTS61m16nNpFZwfs6swg99ThoY6nF9meRzL9vBIm1h0b/A9lFWKL3g7qCTp4J +eAw+DDC9EPHCWlTunMjZ31pScM9HBr+FQgzlPIuI4iaxv/BGPg== +=LMWC -END PGP SIGNATURE-
[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: 5f97712b8d5e3d118771023e42f2b87520f25ece Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Sun Aug 20 18:47:25 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Sun Aug 20 18:47:25 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=5f97712b Replace portage with Gentoo repository .../2017-08-19-hardened-sources-removal.en.txt | 6 ++--- .../2017-08-19-hardened-sources-removal.en.txt.asc | 26 +++--- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt index 05fb30b..b6b4e45 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -1,7 +1,7 @@ Title: sys-kernel/hardened-sources removal Author: Francisco Blas Izquierdo Riera Posted: 2017-08-19 -Revision: 5 +Revision: 6 News-Item-Format: 2.0 Display-If-Installed: sys-kernel/hardened-sources Display-If-Profile: hardened/linux/* @@ -42,8 +42,8 @@ recommendation regarding their use. We'd like to note that all the userspace hardening and MAC support for SELinux provided by Gentoo Hardened will still remain in the packages -found in portage. Keep in mind, though, that the security provided by -these features will be weakened a bit when using +found in the Gentoo repository. Keep in mind, though, that the +security provided by these features will be weakened a bit when using sys-kernel/gentoo-sources. Also, all PaX related packages, except sys-kernel/hardened-sources, will remain available for the time being. diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc index abb6b5c..5608ec7 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -1,16 +1,16 @@ -BEGIN PGP SIGNATURE- -iQIyBAABCgAcBQJZmCIIFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 -+YtTD/9Sz11xTEwglpQBpb6+y6raUEpEHO02fT/OmMJgf6S3PgTVkJY4Mgj9m40f -A2Xd37vST2cz+7D/wlqlmer18NoUn2wGiy5m5cxn5zHczheRgDRRpDpXjP3+j52p -9WTTUk5AI9pibhSyH+E2NimnRJjpranUQ6GEwSkHBGFe+JQ9iNPorp/XUqPZyrKi -2WyLz4QjVLw4IK+XZGv9o8Q9TwMQ7+er+yLa60oTZEJrsrvupTRjg+j9yIbrtofg -Tbsg9Op/o3ejCLryExUKsCo2QCi14FOMOTVuXQNUIE9WCj8W8EjjzLlzKacXjEgp -eBeWq2KuFkv9hbs34mblB9GasL4yTSFrFNEeLX/8F3P1AtsjJrEWMFBnSdKke04B -t/s7yytnLQh9l1H63lbVS2CbnI30S1zs/Bx0wFuM0IR1b/F1Y/sRdmOJrGlbq6z8 -3yVMKMRbRG6AMftzE+S6EFByxmhjXYVEzOGZwxhr4NtjV9q8fozr5URIO931UrmN -7HfZghR2C4PsJf9cggwFoUObXYY9gwIhbLNsMeJTEor/vG/mI2Eocx7xSIRBvlSO -gMdeibS+1+owaPHs5zV1VzWwJXTqy0w2317rKe22YSWsHaqnIyoyxClnStKQ46dX -9P2cmjxtbCj1CUMmgkZIGX3TP+vu0KQEYuAiS5tRI9PvpnYz6g== -=i5ro +iQIyBAABCgAcBQJZmdkeFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++TdaD/0RHXMXUuWxgUdU35qf8d8K5EPhfawaSQTg8JgMXwtnf9URph+vtjr3ujtF +w+k2c9fXycNRyWWI++6TJdib7TktqtrePClUzVu8Mi/iSHfBV+S+/38W/kDpt/YF +yqzrtgpMsq9w703nen8A2IoqxDDfzI5BRMvzeNX+cDZfLQi5YJDT+Jrq4SQVFgWa +ca29g5WLfEv9Ya4B7rfCyVXKQDLqFLyZ1LLA2CwlezGJxY397ds1eaAfINXqtMZx +F3xwFWg98cySEa9KTdWzjquNWSl+x4fMs+ALaNdpZ9546kYmxMmRAv30zIbv0ctQ +uz6Tjy+qy6uTZHUM+eZwN7KdLbamwPSiDEgZ7GUwdB9Kz0QKcbdixRm2aR6wp9J1 +c7aqt8fu4+UAft6RwrH5+uYOaeuDR/WR1ejxc2ZkPCcl5uOZ2t03B22Dl5jBpH/1 +d3mHBnOq2wWM0smnUiO4dbOf03xacri+LSUahpum7K7fYc8ydN4UW0vu7Kq7y+3l +loRWjamLejEOvv1m1ELHWOGfEt+kEh1TEt674yPVYnHLTmSr3FGDFChJJ4wpVky8 +EbpzSUFQ+ZvEpzQhZTWsBmxG7BO6pWrk1n9k5wJiDmhLjyo9Q3MPjpmneKLgUOph +DWINb3ZEJeDonicz4yOHByvpLXpTDilizbwb0O7HlPjjTeL8WQ== +=DOB7 -END PGP SIGNATURE-
[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: b2bc031dcdf2f620a75ca10b3998d8db16d14ee0 Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Sat Aug 19 11:33:47 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Sat Aug 19 11:33:47 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=b2bc031d Address titanofold's comments regarding the last paragraph and where the other Gentoo Hardened features will be available .../2017-08-19-hardened-sources-removal.en.txt | 16 +++-- .../2017-08-19-hardened-sources-removal.en.txt.asc | 26 +++--- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt index 86687a1..05fb30b 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -1,7 +1,7 @@ Title: sys-kernel/hardened-sources removal Author: Francisco Blas Izquierdo Riera Posted: 2017-08-19 -Revision: 4 +Revision: 5 News-Item-Format: 2.0 Display-If-Installed: sys-kernel/hardened-sources Display-If-Profile: hardened/linux/* @@ -40,13 +40,15 @@ security, reliability or update availability of either those patches as we aren't providing them and can't therefore make any recommendation regarding their use. -We'd like to note that all the userspace hardening and MAC support -for SELinux provided by Gentoo Hardened will still remain there and -is unaffected by this removal. Also, all PaX related packages other -than the hardened-sources will remain for the time being. +We'd like to note that all the userspace hardening and MAC support for +SELinux provided by Gentoo Hardened will still remain in the packages +found in portage. Keep in mind, though, that the security provided by +these features will be weakened a bit when using +sys-kernel/gentoo-sources. Also, all PaX related packages, except +sys-kernel/hardened-sources, will remain available for the time being. [1] https://grsecurity.net/passing_the_baton.php -[2] https://www.gentoo.org/support/news-items/2015-10-21-future-support-of- -hardened-sources-kernel.html +[2] https://www.gentoo.org/support/news-items/2015-10-21-future- +support-of-hardened-sources-kernel.html [3] https://github.com/minipli/linux-unofficial_grsec [4] https://github.com/copperhead/linux-hardened \ No newline at end of file diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc index ad2011d..abb6b5c 100644 --- a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -1,16 +1,16 @@ -BEGIN PGP SIGNATURE- -iQIyBAABCgAcBQJZmBFHFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 -+ZfWD/0b9xjYz5qQJ2aOfvuE1744tYeEPq8HytR+h1phU2KNEvOIvnOKUTuhZ+2k -ZB6JGzOJN9ub3pOOikVDOMYLyQbCYpQGZYukWOZNVCQ8BbtGHHfkiOEFqaETJlKi -HzCrGDAgZsLhlHeceSkLogn6zYkaklAC7RJ3PqCTC7qARH4PVT9JLMjB5HHLOULm -dT7NEJfPmQgw6amx3SDPyqyBiKfU1+UCc5cGx7jevXAAPtvxSDWiuccO01fDxZ5M -NNGO6mkjPOlqXgOmPnw1dIJDz3auWPR3UmZw4uMaMz+KR4PfJqv18sSln89f1TuF -HUZ23v7wO+Ly8y3s0psjmQKvxD9XFRaHbTi4RBkhHCgFotJ8TtL9bpLSq7m+07s7 -pYBlNCdiuJH3+pc2/KJ1Pp8qyNXPcAy4miqT62lPtn6xkSqrNGRKgUahgtuMDL+N -LSY5kzDrRH9TfZhn9K3uapwvDThG/OhTrCJY7fTlHzhXRR2OwOZVpNvc+xyvprsD -mLRJ2LLfOb5NZdL2lk4MUZXOYimmX02s+rngBh/GGD0E1SjgJz2zPHgCsoTuGZk8 -87coPwcpdMwQZFjB33du14y+Qrl4ayMxH9ViyVGbUsglEImC+nfNxb1u493WSzee -2CG2ZrCfv5t9O/XlotYQoD0fAGAsZzmCPayJro6/8O95MHENww== -=tQru +iQIyBAABCgAcBQJZmCIIFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++YtTD/9Sz11xTEwglpQBpb6+y6raUEpEHO02fT/OmMJgf6S3PgTVkJY4Mgj9m40f +A2Xd37vST2cz+7D/wlqlmer18NoUn2wGiy5m5cxn5zHczheRgDRRpDpXjP3+j52p +9WTTUk5AI9pibhSyH+E2NimnRJjpranUQ6GEwSkHBGFe+JQ9iNPorp/XUqPZyrKi +2WyLz4QjVLw4IK+XZGv9o8Q9TwMQ7+er+yLa60oTZEJrsrvupTRjg+j9yIbrtofg +Tbsg9Op/o3ejCLryExUKsCo2QCi14FOMOTVuXQNUIE9WCj8W8EjjzLlzKacXjEgp +eBeWq2KuFkv9hbs34mblB9GasL4yTSFrFNEeLX/8F3P1AtsjJrEWMFBnSdKke04B +t/s7yytnLQh9l1H63lbVS2CbnI30S1zs/Bx0wFuM0IR1b/F1Y/sRdmOJrGlbq6z8 +3yVMKMRbRG6AMftzE+S6EFByxmhjXYVEzOGZwxhr4NtjV9q8fozr5URIO931UrmN +7HfZghR2C4PsJf9cggwFoUObXYY9gwIhbLNsMeJTEor/vG/mI2Eocx7xSIRBvlSO +gMdeibS+1+owaPHs5zV1VzWwJXTqy0w2317rKe22YSWsHaqnIyoyxClnStKQ46dX +9P2cmjxtbCj1CUMmgkZIGX3TP+vu0KQEYuAiS5tRI9PvpnYz6g== +=i5ro -END PGP SIGNATURE-
[gentoo-commits] data/gentoo-news:master commit in: 2017-08-19-hardened-sources-removal/
commit: d60f588c48ad20781829f8b6772a581bacd7c854 Author: Francisco Blas Izquierdo Riera (klondike) klondike es> AuthorDate: Sat Aug 19 10:23:31 2017 + Commit: Francisco Blas Izquierdo Riera gentoo org> CommitDate: Sat Aug 19 10:23:31 2017 + URL:https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=d60f588c Add news item regarding sys-kernel/hardened-sources removal .../2017-08-19-hardened-sources-removal.en.txt | 52 ++ .../2017-08-19-hardened-sources-removal.en.txt.asc | 16 +++ 2 files changed, 68 insertions(+) diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt new file mode 100644 index 000..86687a1 --- /dev/null +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt @@ -0,0 +1,52 @@ +Title: sys-kernel/hardened-sources removal +Author: Francisco Blas Izquierdo Riera +Posted: 2017-08-19 +Revision: 4 +News-Item-Format: 2.0 +Display-If-Installed: sys-kernel/hardened-sources +Display-If-Profile: hardened/linux/* + +As you may know the core of sys-kernel/hardened-sources have been the +grsecurity patches. + +Sadly, their developers have stopped making these patches freely +available [1]. This is a full stop of any public updates and not only +stable ones as was announced two years ago[2]. + +As a result, the Gentoo Hardened team is unable to keep providing +further updates of the patches, and although the hardened-sources have +proved (when using a hardened toolchain) being resistant against +certain attacks like the stack guard page jump techniques proposed by +Stack Clash, we can't ensure a regular patching schedule and therefore, +the security of the users of these kernel sources. + +Because of that we will be masking the hardened-sources on the 27th of +August and will proceed to remove them from the tree by the end of +September. Obviously, we will reinstate the package again if the +developers decide to make their patches publicly available again. + +Our recommendation is that users should consider using instead +sys-kernel/gentoo-sources. + +As an alternative, for users happy keeping themselves on the stable +4.9 branch of the kernel; minipli, another grsecurity user, is forward +porting the patches on [3]. + +Strcat from Copperhead OS is making his own version of the patches +forward ported to the latest version of the Linux tree at [4]. + +The Gentoo Hardened team can't make any statement regarding the +security, reliability or update availability of either those patches +as we aren't providing them and can't therefore make any +recommendation regarding their use. + +We'd like to note that all the userspace hardening and MAC support +for SELinux provided by Gentoo Hardened will still remain there and +is unaffected by this removal. Also, all PaX related packages other +than the hardened-sources will remain for the time being. + +[1] https://grsecurity.net/passing_the_baton.php +[2] https://www.gentoo.org/support/news-items/2015-10-21-future-support-of- +hardened-sources-kernel.html +[3] https://github.com/minipli/linux-unofficial_grsec +[4] https://github.com/copperhead/linux-hardened \ No newline at end of file diff --git a/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc new file mode 100644 index 000..ad2011d --- /dev/null +++ b/2017-08-19-hardened-sources-removal/2017-08-19-hardened-sources-removal.en.txt.asc @@ -0,0 +1,16 @@ +-BEGIN PGP SIGNATURE- + +iQIyBAABCgAcBQJZmBFHFRxrbG9uZGlrZUBrbG9uZGlrZS5lcwAKCRD0vdLv6P94 ++ZfWD/0b9xjYz5qQJ2aOfvuE1744tYeEPq8HytR+h1phU2KNEvOIvnOKUTuhZ+2k +ZB6JGzOJN9ub3pOOikVDOMYLyQbCYpQGZYukWOZNVCQ8BbtGHHfkiOEFqaETJlKi +HzCrGDAgZsLhlHeceSkLogn6zYkaklAC7RJ3PqCTC7qARH4PVT9JLMjB5HHLOULm +dT7NEJfPmQgw6amx3SDPyqyBiKfU1+UCc5cGx7jevXAAPtvxSDWiuccO01fDxZ5M +NNGO6mkjPOlqXgOmPnw1dIJDz3auWPR3UmZw4uMaMz+KR4PfJqv18sSln89f1TuF +HUZ23v7wO+Ly8y3s0psjmQKvxD9XFRaHbTi4RBkhHCgFotJ8TtL9bpLSq7m+07s7 +pYBlNCdiuJH3+pc2/KJ1Pp8qyNXPcAy4miqT62lPtn6xkSqrNGRKgUahgtuMDL+N +LSY5kzDrRH9TfZhn9K3uapwvDThG/OhTrCJY7fTlHzhXRR2OwOZVpNvc+xyvprsD +mLRJ2LLfOb5NZdL2lk4MUZXOYimmX02s+rngBh/GGD0E1SjgJz2zPHgCsoTuGZk8 +87coPwcpdMwQZFjB33du14y+Qrl4ayMxH9ViyVGbUsglEImC+nfNxb1u493WSzee +2CG2ZrCfv5t9O/XlotYQoD0fAGAsZzmCPayJro6/8O95MHENww== +=tQru +-END PGP SIGNATURE-