Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-25 19:46:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

bump

Browse Source
This commit is contained in:
Patrick Schleizer 2019-06-30 07:21:31 -04:00
parent f3a4800987
commit b8ace6e3f6
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 47 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
changelog.upstream
View File

@ -1,3 +1,4 @@
commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183 commit 85f61758c5b6d8b6a57d140a9f3795769a3ed183
Author: Patrick Schleizer <adrelanos@riseup.net> Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 04:11:38 2019 -0400 Date: Sun Jun 30 04:11:38 2019 -0400
@ -17,7 +18,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 08:10:28 2019 +0000 Date: Sun Jun 30 08:10:28 2019 +0000
Merge pull request #17 from madaidan/patch-13 Merge pull request #17 from madaidan/patch-13
Disable coredumps Disable coredumps
commit 67de5247c8e7cd68c851a3d62168e9de69000afe commit 67de5247c8e7cd68c851a3d62168e9de69000afe
@ -33,7 +34,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 30 08:09:23 2019 +0000 Date: Sun Jun 30 08:09:23 2019 +0000
Merge pull request #16 from madaidan/patch-12 Merge pull request #16 from madaidan/patch-12
Mount /proc with hidepid=2 Mount /proc with hidepid=2
commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860 commit dbfb9e1cdf1e042c8985e2e69b7f5f5f1eaed860
@ -115,7 +116,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat Jun 29 10:05:34 2019 +0000 Date: Sat Jun 29 10:05:34 2019 +0000
Merge pull request #15 from madaidan/patch-11 Merge pull request #15 from madaidan/patch-11
Update control Update control
commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d commit 9e9c854d274d7322759a9e5d2c49bcbd60e63e0d
@ -173,7 +174,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 06:59:16 2019 +0000 Date: Fri Jun 28 06:59:16 2019 +0000
Merge pull request #14 from madaidan/patch-10 Merge pull request #14 from madaidan/patch-10
Add some hardening for other distributions Add some hardening for other distributions
commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc commit 5e02100e34776bf410ba05d7a3f7ee7f696ca0fc
@ -182,7 +183,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 06:58:32 2019 +0000 Date: Fri Jun 28 06:58:32 2019 +0000
Merge pull request #13 from madaidan/patch-9 Merge pull request #13 from madaidan/patch-9
Remove System.map and restrict the SysRq key. Remove System.map and restrict the SysRq key.
commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2 commit 7e12e16dc0513f0a6936e576e3c8fa8ee44509d2
@ -191,7 +192,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Jun 28 06:57:42 2019 +0000 Date: Fri Jun 28 06:57:42 2019 +0000
Merge pull request #11 from madaidan/patch-7 Merge pull request #11 from madaidan/patch-7
Protect against DMA attacks Protect against DMA attacks
commit 3801a53a9e01aafa3783276059a7907f5b20b96e commit 3801a53a9e01aafa3783276059a7907f5b20b96e
@ -273,7 +274,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 19:45:31 2019 +0000 Date: Sun Jun 23 19:45:31 2019 +0000
Merge pull request #12 from madaidan/patch-8 Merge pull request #12 from madaidan/patch-8
Update control Update control
commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b commit 1a07d90ed2da597db6d58c5f2da6dc3b32a8104b
@ -287,9 +288,9 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 18:46:52 2019 +0000 Date: Sun Jun 23 18:46:52 2019 +0000
syntax fix syntax fix
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
https://forums.whonix.org/t/kernel-hardening/7296/70 https://forums.whonix.org/t/kernel-hardening/7296/70
commit f1147318c04642f355eae96786c26ec1cb53977c commit f1147318c04642f355eae96786c26ec1cb53977c
@ -305,7 +306,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 18:45:24 2019 +0000 Date: Sun Jun 23 18:45:24 2019 +0000
Merge pull request #10 from madaidan/patch-6 Merge pull request #10 from madaidan/patch-6
Enable more kernel hardening parameters Enable more kernel hardening parameters
commit 641407c8e9c728429ec86e7c89e431896d88e116 commit 641407c8e9c728429ec86e7c89e431896d88e116
@ -357,7 +358,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 23 07:59:35 2019 +0000 Date: Sun Jun 23 07:59:35 2019 +0000
Merge pull request #9 from madaidan/patch-5 Merge pull request #9 from madaidan/patch-5
Disables SACK. Disables SACK.
commit 807ac7d65916071e4294f42d62b8b2353255c4bc commit 807ac7d65916071e4294f42d62b8b2353255c4bc
@ -385,7 +386,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Jun 20 23:54:58 2019 -0400 Date: Thu Jun 20 23:54:58 2019 -0400
Merge pull request #8 from marmarek/packaging Merge pull request #8 from marmarek/packaging
qubes-builder integration qubes-builder integration
commit 2e81885f691201e2229dadfd5ec7b554980ac689 commit 2e81885f691201e2229dadfd5ec7b554980ac689
@ -393,7 +394,7 @@ Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Fri Jun 21 04:52:01 2019 +0200 Date: Fri Jun 21 04:52:01 2019 +0200
Add rpm packaging Add rpm packaging
QubesOS/qubes-issues#1885 QubesOS/qubes-issues#1885
commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31 commit 27e68a39fe005a58cac02336fc6c468a4b2f5d31
@ -401,7 +402,7 @@ Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date: Fri Jun 21 04:51:33 2019 +0200 Date: Fri Jun 21 04:51:33 2019 +0200
Add Makefile.builder for qubes-builder (Debian) Add Makefile.builder for qubes-builder (Debian)
QubesOS/qubes-issues#1885 QubesOS/qubes-issues#1885
commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6 commit ca1aa1e577179d92f4ec002221b8c4207e6ce1d6
@ -427,7 +428,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Jun 9 10:06:58 2019 +0000 Date: Sun Jun 9 10:06:58 2019 +0000
solve package file conflict solve package file conflict
https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375 https://github.com/QubesOS/qubes-issues/issues/1885#issuecomment-500200375
commit d5127e716632af2f494e9b41571c44a56a887667 commit d5127e716632af2f494e9b41571c44a56a887667
@ -473,7 +474,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 23 22:25:13 2019 +0000 Date: Thu May 23 22:25:13 2019 +0000
Merge pull request #7 from madaidan/patch-3 Merge pull request #7 from madaidan/patch-3
Disable uncommon network protocols Disable uncommon network protocols
commit 7177c6041a9b086a4cb90504a492136b4da732a2 commit 7177c6041a9b086a4cb90504a492136b4da732a2
@ -501,7 +502,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu May 16 19:52:52 2019 +0000 Date: Thu May 16 19:52:52 2019 +0000
Merge pull request #6 from madaidan/patch-2 Merge pull request #6 from madaidan/patch-2
Even more kernel hardening Even more kernel hardening
commit b814f338b803ae33380551919b00144bb63a53b8 commit b814f338b803ae33380551919b00144bb63a53b8
@ -545,7 +546,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed May 8 21:38:25 2019 -0400 Date: Wed May 8 21:38:25 2019 -0400
port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml port to /etc/xdg/xfce4/xfconf/xfce-perchannel-xml
https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick https://forums.whonix.org/t/whonix-xfce-development/6213/84?u=patrick
commit 3bd4da6794067708f517b099548c0aa2a2b65146 commit 3bd4da6794067708f517b099548c0aa2a2b65146
@ -610,7 +611,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon May 6 05:46:03 2019 -0400 Date: Mon May 6 05:46:03 2019 -0400
Merge pull request #5 from madaidan/patch-1 Merge pull request #5 from madaidan/patch-1
More kernel hardening More kernel hardening
commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76 commit 02e8888b0bc4f0dfadccbebc9e6e75849d32ba76
@ -708,18 +709,18 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Mar 1 14:32:41 2019 +0000 Date: Fri Mar 1 14:32:41 2019 +0000
add improved legal protections clauses add improved legal protections clauses
The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7. The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7.
The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it: The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it:
* Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL. * Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL.
* Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms. * Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms.
[1] https://www.debian.org/social_contract#guidelines [1] https://www.debian.org/social_contract#guidelines
[2] https://www.fsf.org/news/canonical-updated-licensing-terms [2] https://www.fsf.org/news/canonical-updated-licensing-terms
[3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding [3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding
For more considerations, see also: For more considerations, see also:
https://www.whonix.org/wiki/Dev/Licensing https://www.whonix.org/wiki/Dev/Licensing
@ -734,7 +735,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Nov 19 06:27:52 2018 -0500 Date: Mon Nov 19 06:27:52 2018 -0500
fix hiding network bookmark in thunar by default fix hiding network bookmark in thunar by default
Thanks to @Algernon for suggesting the fix! Thanks to @Algernon for suggesting the fix!
commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2 commit daf7fc002b2d946c2946b9effe3fecc5cebe4cf2
@ -762,7 +763,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Nov 8 04:53:25 2018 -0500 Date: Thu Nov 8 04:53:25 2018 -0500
Merge pull request #4 from Algernon-01/master Merge pull request #4 from Algernon-01/master
Enable hidden files and volume management again. Enable hidden files and volume management again.
commit f84f988118e30a2a3d4d74ed008c1a626c35c365 commit f84f988118e30a2a3d4d74ed008c1a626c35c365
@ -886,7 +887,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Mar 14 13:42:37 2017 +0000 Date: Tue Mar 14 13:42:37 2017 +0000
Merge pull request #2 from HulaHoopWhonix/patch-2 Merge pull request #2 from HulaHoopWhonix/patch-2
Update README.md Update README.md
commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462 commit 6e5e5d6ea65a0fee4c76e5ad74c444344ff1f462
@ -924,7 +925,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 23:57:04 2017 +0000 Date: Mon Feb 27 23:57:04 2017 +0000
No longer ignore duplicate apt sources in apt-get-wrapper. No longer ignore duplicate apt sources in apt-get-wrapper.
No longer acceptable because these generate lots of noise in the terminal. No longer acceptable because these generate lots of noise in the terminal.
commit 191918027c1971bfb871abb438c4917e5b98bb74 commit 191918027c1971bfb871abb438c4917e5b98bb74
@ -938,7 +939,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Feb 27 23:16:32 2017 +0000 Date: Mon Feb 27 23:16:32 2017 +0000
use python rather than unbuffer use python rather than unbuffer
because unbuffer eats exit code when process is killed because unbuffer eats exit code when process is killed
commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239 commit cc351165dc78a8b7158a2b9bfdd9e4f0b3866239
@ -966,7 +967,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 26 23:57:17 2017 +0000 Date: Sun Feb 26 23:57:17 2017 +0000
fix, show progress during apt-get-wrapper fix, show progress during apt-get-wrapper
fix, propagate signals to apt-get child process fix, propagate signals to apt-get child process
commit 49cde21078ccc9f623add6f587ee719843647ee7 commit 49cde21078ccc9f623add6f587ee719843647ee7
@ -974,7 +975,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Feb 21 19:54:41 2017 +0000 Date: Tue Feb 21 19:54:41 2017 +0000
Whonix 14 KDE plasma 5 fixes Whonix 14 KDE plasma 5 fixes
https://phabricator.whonix.org/T633 https://phabricator.whonix.org/T633
commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9 commit 0228e87d477f634d1e1db7c1cf6f213275d40dd9
@ -988,7 +989,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 19 22:32:04 2017 +0000 Date: Sun Feb 19 22:32:04 2017 +0000
override glib-compile-schemas with || true in postinst override glib-compile-schemas with || true in postinst
https://phabricator.whonix.org/T500 https://phabricator.whonix.org/T500
commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93 commit 5ba2a5b6ff53df37ad38f082ad86ff2227158d93
@ -996,13 +997,13 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun Feb 19 22:25:28 2017 +0000 Date: Sun Feb 19 22:25:28 2017 +0000
disable previews in nautilus by default for better security disable previews in nautilus by default for better security
copied solution by @unman copied solution by @unman
https://github.com/QubesOS/qubes-issues/issues/1108 https://github.com/QubesOS/qubes-issues/issues/1108
https://github.com/QubesOS/qubes-core-agent-linux/pull/39 https://github.com/QubesOS/qubes-core-agent-linux/pull/39
https://phabricator.whonix.org/T500 https://phabricator.whonix.org/T500
commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1 commit 91adab0d1bab6c6b31903f1e165944b3f8c8adb1
@ -1016,7 +1017,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Feb 15 20:46:22 2017 +0000 Date: Wed Feb 15 20:46:22 2017 +0000
Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS Debian stretch / kde plasma5 fix: KDEDIRS -> XDG_CONFIG_DIRS
https://phabricator.whonix.org/T633 https://phabricator.whonix.org/T633
commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9 commit bddbba84a6fad680359bc8eee0c395fcc4d79ca9
@ -1030,7 +1031,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue Feb 14 02:37:08 2017 +0000 Date: Tue Feb 14 02:37:08 2017 +0000
add usr/lib/security-misc/apt-get-update-sanity-test add usr/lib/security-misc/apt-get-update-sanity-test
a CVE-2016-1252 sanity test script a CVE-2016-1252 sanity test script
commit 5e076415536e1513463c59dba6e8afc4e90b7f1a commit 5e076415536e1513463c59dba6e8afc4e90b7f1a
@ -1044,7 +1045,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri Feb 10 15:47:52 2017 +0000 Date: Fri Feb 10 15:47:52 2017 +0000
remove faketime from Build-Depends: remove faketime from Build-Depends:
since no longer used for reproducible builds since no longer used for reproducible builds
commit be8084ad1c136ee4a18cb24abcc0c14c522b8089 commit be8084ad1c136ee4a18cb24abcc0c14c522b8089
@ -1058,7 +1059,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed Feb 8 14:26:26 2017 +0000 Date: Wed Feb 8 14:26:26 2017 +0000
double apt-get-update wrapper timeout from 120 to 240 seconds double apt-get-update wrapper timeout from 120 to 240 seconds
since it takes a bit longer than 120 seconds for me on a fast connection since it takes a bit longer than 120 seconds for me on a fast connection
commit 1e66e03da14ae2e3f7b315e443836c35f954b84f commit 1e66e03da14ae2e3f7b315e443836c35f954b84f
@ -1126,7 +1127,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Oct 10 16:10:30 2016 +0000 Date: Mon Oct 10 16:10:30 2016 +0000
disable conntrack helper for better security disable conntrack helper for better security
https://phabricator.whonix.org/T486 https://phabricator.whonix.org/T486
commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6 commit 0d66fc60b9ea65e826560986698c11cea7ca4ea6
@ -1140,7 +1141,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon Apr 25 23:19:54 2016 +0000 Date: Mon Apr 25 23:19:54 2016 +0000
/etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work /etc/sysctl.d/nf_conntrack_helper.conf disabled for now as it needs more work
https://phabricator.whonix.org/T486 https://phabricator.whonix.org/T486
commit 492ce128909cfda8645738b092fd9e8722c64aa0 commit 492ce128909cfda8645738b092fd9e8722c64aa0
@ -1160,7 +1161,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:36:59 2016 +0000 Date: Thu Mar 31 15:36:59 2016 +0000
added 'Replaces: tcp-timestamps-disable' added 'Replaces: tcp-timestamps-disable'
https://phabricator.whonix.org/T486 https://phabricator.whonix.org/T486
commit 7b54755841907c2b86b12eed5035860e17445193 commit 7b54755841907c2b86b12eed5035860e17445193
@ -1169,9 +1170,9 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:35:07 2016 +0000 Date: Thu Mar 31 15:35:07 2016 +0000
merged tcp-timestamps-disable package into security-misc package merged tcp-timestamps-disable package into security-misc package
disable conntrack helper for better security disable conntrack helper for better security
https://phabricator.whonix.org/T486 https://phabricator.whonix.org/T486
commit be086aea597ff5e4db29f56fa57399c67568d4b6 commit be086aea597ff5e4db29f56fa57399c67568d4b6
@ -1180,7 +1181,7 @@ Author: Patrick Schleizer <adrelanos@riseup.net>
Date: Thu Mar 31 15:34:17 2016 +0000 Date: Thu Mar 31 15:34:17 2016 +0000
Merge pull request #1 from HulaHoopWhonix/patch-1 Merge pull request #1 from HulaHoopWhonix/patch-1
Create tcp_timestamps.conf Create tcp_timestamps.conf
commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9 commit d0eceae0c84a42bce4ade28c593fd6ba002a67b9