summaryrefslogtreecommitdiff
blob: 89862a982d2b2d7dbd1d4d434b48daad624d9737 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
Patch:	1023_linux-4.9.24.patch
From:	http://www.kernel.org
Desc:	Linux 4.9.24

Patch:	4420_grsecurity-3.1-4.9.24-201704220732.patch
From:	http://www.grsecurity.net
Desc:	hardened-sources base patch from upstream grsecurity

Patch:	4425_grsec_remove_EI_PAX.patch
From:	Anthony G. Basile <blueness@gentoo.org>
Desc:	Remove EI_PAX option and force off

Patch:	4426_default_XATTR_PAX_FLAGS.patch
From:	Anthony G. Basile <blueness@gentoo.org>
Desc:	Defalut PT_PAX_FLAGS off and XATTR_PAX_FLAGS on

Patch:	4427_force_XATTR_PAX_tmpfs.patch
From:	Anthony G. Basile <blueness@gentoo.org>
Desc:	Force XATTR_PAX on tmpfs

Patch:	4430_grsec-remove-localversion-grsec.patch
From:	Kerin Millar <kerframil@gmail.com>
Desc:	Removes grsecurity's localversion-grsec file

Patch:	4435_grsec-mute-warnings.patch
From:	Alexander Gabert <gaberta@fh-trier.de>
	Gordon Malm <gengor@gentoo.org>
Desc:	Removes verbose compile warning settings from grsecurity, restores
	mainline Linux kernel behavior

Patch:	4440_grsec-remove-protected-paths.patch
From:	Anthony G. Basile <blueness@gentoo.org>
Desc:	Removes chmod statements from grsecurity/Makefile

Patch:	4450_grsec-kconfig-default-gids.patch
From:	Kerin Millar <kerframil@gmail.com>
Desc:	Sets sane(r) default GIDs on various grsecurity group-dependent
	features

Patch:	4465_selinux-avc_audit-log-curr_ip.patch
From:	Gordon Malm <gengor@gentoo.org>
	Anthony G. Basile <blueness@gentoo.org>
Desc:	Configurable option to add src IP address to SELinux log messages

Patch:	4470_disable-compat_vdso.patch
From:	Gordon Malm <gengor@gentoo.org>
	Kerin Millar <kerframil@gmail.com>
Desc:	Disables VDSO_COMPAT operation completely

Patch:	4475_emutramp_default_on.patch
From:	Anthony G. Basile <blueness@gentoo.org>
Desc:	Set PAX_EMUTRAMP default on for libffi, bugs #329499 and #457194