]>
git.ipfire.org Git - people/mfischer/ipfire-2.x.git/log
Michael Tremer [Wed, 5 Aug 2020 12:23:06 +0000 (12:23 +0000)]
index.cgi: Drop Reiser4 warning
We have dropped Reiser4 in 2013. There won't be any systems out there
any more running it. We can safely drop this warning.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephan Feddersen [Tue, 4 Aug 2020 19:31:15 +0000 (21:31 +0200)]
WIO. new version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephan Feddersen [Tue, 4 Aug 2020 19:31:14 +0000 (21:31 +0200)]
WIO: new french translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephan Feddersen [Tue, 4 Aug 2020 19:31:13 +0000 (21:31 +0200)]
WIO: code cleanup
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 1 Aug 2020 12:13:47 +0000 (12:13 +0000)]
OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite
Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous
since they allow content decryption in retrospect, if an attacker is
able to gain access to the servers' private key used for the
corresponding TLS session.
Since IPFire machines establish very few TLS connections by themselves, and
destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.)
provide support for Forward Secrecy ciphers - some are even enforcing
them -, it is safe to drop support for anything else.
This patch reduces the OpenSSL default cipher list to:
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 10:05:40 +0000 (10:05 +0000)]
glibc: aarch64: Ignore uninitialised variables in the stage2 build, too
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Aug 2020 10:28:09 +0000 (10:28 +0000)]
make.sh: Increase maximum size of ramdisk to 8GB
The previous 4GB were not enough for a full GCC bootstrap
in the toolchain stage.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:29:05 +0000 (23:29 +0000)]
perl: Fix build in toolchain stage
perl searches for headers and libraries in the wrong paths
and detects GCC 10 as GCC 1.x.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:28:35 +0000 (23:28 +0000)]
make: Run autoreconf after applying patches
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:17:14 +0000 (23:17 +0000)]
glibc: Pass -Wno-error=maybe-uninitialized
This is required to build glibc in the toolchain stage on
aarch64 due to messy headers on the host system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:16:34 +0000 (23:16 +0000)]
glibc: Drop any custom CFLAGS
glibc is nothing special and can and should be built with
the same flags than the rest of the system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 16:28:09 +0000 (16:28 +0000)]
make.sh: Bump toolchain version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 16:25:26 +0000 (16:25 +0000)]
make.sh: Add -fcf-protection for x86_64/i586
Instrument binaries to guard against ROP/JOP attacks.
This flag in only available on x86_64 and i586.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 16:22:55 +0000 (16:22 +0000)]
make.sh: Enable -fstack-clash-protection for x86_64/aarch64
This patch turns on instrumentation to avoid skipping the guard page
in large stack frames.
Without this flag, vulnerabilities can result in where the stack
overlaps with the heap, or thread stacks spill into other regions
of memory.
This flag in only available on x86_64 and aarch64.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 15:13:02 +0000 (15:13 +0000)]
gcc: Bundle against OS versions of gmp/mpfr
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 15:12:45 +0000 (15:12 +0000)]
mpfr: Update to 4.1.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:13:58 +0000 (18:13 +0000)]
cmake: Do not limit compile processes to only two
We can launch more when we have the memory for it
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:51:39 +0000 (09:51 +0000)]
nfs: Update to 2.5.1 and remove bundled libnfsidmap
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:49:59 +0000 (09:49 +0000)]
libnfsidmap: Split into a separate package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:06:13 +0000 (14:06 +0000)]
xinetd: Fix build against glibc 2.32 (without RPC)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:18:12 +0000 (18:18 +0000)]
conntrack-tools: Fix build against libtirpc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 10:17:20 +0000 (10:17 +0000)]
squid: Remove basic_nis_auth
This depends on SunRPC in glibc which was removed in 2.32.
We do not use this file.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 10:21:30 +0000 (10:21 +0000)]
python(2/3): Remove nis module
This requires SunRPC and we do not use it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:15:18 +0000 (18:15 +0000)]
Build libtirpc earlier because RPC does not come with glibc any more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:47:32 +0000 (11:47 +0000)]
rpcsvc-proto: New package
This is required since it is no longer included in glibc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 13:38:17 +0000 (13:38 +0000)]
Update glibc to 2.32
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:50:00 +0000 (11:50 +0000)]
make.sh: Remove -mindirect-branch=thunk and -mfunction-return=thunk as default
I cannot find any evidence that this is helpful and no other
distribution has this as default. Packages that are vulnerable to these
attacks (i.e. the kernel) add these flags as appropriate automatically.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 13:38:02 +0000 (13:38 +0000)]
Update GCC to 10.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Aug 2020 09:18:44 +0000 (09:18 +0000)]
bacula: Fix build with GCC 10
GCC 10 aborts compilation when nunbers are (potentially) out of range
when casted from one type to another:
fstype.c: In function 'bool fstype(FF_PKT*, char*, int)':
fstype.c:207:12: error: narrowing conversion of '
4283649346 ' from
'unsigned int' to 'int' [-Wnarrowing]
207 | case 0xFF534D42: fstype = "cifs"; break; /*
CIFS_MAGIC_NUMBER */
| ^~~~~~~~~~
fstype.c:216:12: error: narrowing conversion of '
4187351113 ' from
'unsigned int' to 'int' [-Wnarrowing]
216 | case 0xf995e849: fstype = "hpfs"; break; /*
HPFS_SUPER_MAGIC */
| ^~~~~~~~~~
fstype.c:217:12: error: narrowing conversion of '
2508478710 ' from
'unsigned int' to 'int' [-Wnarrowing]
217 | case 0x958458f6: fstype = "hugetlbfs"; break; /*
HUGETLBFS_MAGIC */
| ^~~~~~~~~~
fstype.c:234:12: error: narrowing conversion of '
2768370933 ' from
'unsigned int' to 'int' [-Wnarrowing]
234 | case 0xa501FCF5: fstype = "vxfs"; break;
| ^~~~~~~~~~
fstype.c:237:12: error: narrowing conversion of '
2435016766 ' from
'unsigned int' to 'int' [-Wnarrowing]
237 | case 0x9123683e: fstype = "btrfs"; break;
| ^~~~~~~~~~
Does nobody build this for 32 bit any more?
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:44:56 +0000 (09:44 +0000)]
kbd: Update to 2.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Aug 2020 09:44:04 +0000 (09:44 +0000)]
u-boot: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:47:06 +0000 (09:47 +0000)]
syslinux: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:46:40 +0000 (09:46 +0000)]
ipfire-netboot: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:46:03 +0000 (09:46 +0000)]
lcdproc: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:45:44 +0000 (09:45 +0000)]
iftop: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:45:31 +0000 (09:45 +0000)]
frr: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:45:19 +0000 (09:45 +0000)]
bird: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:05:56 +0000 (14:05 +0000)]
sarg: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:05:42 +0000 (14:05 +0000)]
minidlna: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:30:13 +0000 (09:30 +0000)]
w_scan: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:29:57 +0000 (09:29 +0000)]
tftpd: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:29:43 +0000 (09:29 +0000)]
motion: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:28:27 +0000 (09:28 +0000)]
openvmtools: Update to 11.1.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:27:18 +0000 (09:27 +0000)]
icinga: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:27:08 +0000 (09:27 +0000)]
collectd: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:26:45 +0000 (09:26 +0000)]
7zip: Fix build against GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:48:56 +0000 (11:48 +0000)]
netatalk: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:45:45 +0000 (11:45 +0000)]
squidguard: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:45:21 +0000 (11:45 +0000)]
htop: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:45:10 +0000 (11:45 +0000)]
foomatic: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:44:57 +0000 (11:44 +0000)]
cups-filters: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:19:41 +0000 (18:19 +0000)]
sysfsutils: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:17:32 +0000 (18:17 +0000)]
libtirpc: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:14:41 +0000 (18:14 +0000)]
logrotate: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:13:23 +0000 (18:13 +0000)]
cdrkit: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:12:57 +0000 (18:12 +0000)]
gnupg: Fix building with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 16:48:39 +0000 (16:48 +0000)]
linux-atm: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 16:48:17 +0000 (16:48 +0000)]
efivar: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 16:48:01 +0000 (16:48 +0000)]
dhcp: Fix compiling with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 14:03:45 +0000 (14:03 +0000)]
cpio: Package won't build with GCC 10 without -fcommon
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:32:39 +0000 (09:32 +0000)]
watchdog: Update to 5.16
Fixed build with GCC 10/glibc 2.32
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 15:56:43 +0000 (15:56 +0000)]
spandsp: Update to 0.0.6
This package - for some reason - does not build on i586 with
the latest version of glibc. The reason is that MMX instructions
are being used which are not allowed on i586.
However, since the assembler has not been changed, this should
have been caught before. Weird.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 4 Aug 2020 09:54:11 +0000 (09:54 +0000)]
dnsdist: Update to 1.5.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 12:13:39 +0000 (12:13 +0000)]
lsof: Update to 4.91
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 17:43:48 +0000 (17:43 +0000)]
xfsprogs: Update to 5.7.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:05:24 +0000 (14:05 +0000)]
fping: Update to 5.0
Fixes build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:40:53 +0000 (09:40 +0000)]
minicom: Update to 2.7.1
Fixes build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:48:53 +0000 (09:48 +0000)]
bison: Update to 3.7.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 14 Aug 2020 15:16:57 +0000 (15:16 +0000)]
core149: add grub and install it at update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 14 Aug 2020 11:30:47 +0000 (13:30 +0200)]
grub: update to 2.04
fixes: #12463
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 2 May 2020 09:52:25 +0000 (11:52 +0200)]
de.pl: fix misleading translation
The 'geoip' key is being used in the firewall.cgi for configuring GeoIP
as a source or destination. "konfigurieren" is misleading in this
context.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 5 Aug 2020 19:01:38 +0000 (19:01 +0000)]
start core149 and add oci changes.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 21 Jul 2020 10:36:41 +0000 (10:36 +0000)]
smt: Do not disable SMT in virtual machines
Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.
This patch always leaves SMT enabled in all virtual environments.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 21 Jul 2020 10:36:40 +0000 (10:36 +0000)]
oci: Add automatic configuration script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 21 Jul 2020 10:36:39 +0000 (10:36 +0000)]
oci: Add detection for Oracle Cloud
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 5 Aug 2020 17:00:54 +0000 (17:00 +0000)]
make.sh: Add cross-building for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 5 Aug 2020 18:33:29 +0000 (20:33 +0200)]
make.sh: add aarch qemu user binfmt magic
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 3 Aug 2020 17:52:38 +0000 (19:52 +0200)]
libloc: fix i586 perl module
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 29 Jul 2020 16:57:43 +0000 (18:57 +0200)]
libloc: Only update database once a week
Ensure to download and update the database only once a week, even the
script will be called by cron each hour.
Fixes #12462.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 29 Jul 2020 13:42:28 +0000 (13:42 +0000)]
stage2: fix rootfile 2nd try
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 29 Jul 2020 10:33:36 +0000 (10:33 +0000)]
stage2: fix aarch64 rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 29 Jul 2020 10:28:21 +0000 (10:28 +0000)]
stage2: update x86_64 rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 28 Jul 2020 18:38:40 +0000 (18:38 +0000)]
core148: add network-functions.pl
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 25 Jul 2020 19:08:37 +0000 (19:08 +0000)]
network-functions.pl: add missing unit tests for changed, network membership procedure
Cc: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Cc: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 25 Jul 2020 19:08:07 +0000 (19:08 +0000)]
network-functions.pl: fix network membership test
This is based on an orphaned patch provided by Tim FitzGeorge and
_finally_ fixes incorrect network membership calculations. Those were
are usability pain in the ass deluxe, as they rendered some combinations
of configuring OpenVPN and IPsec services unusable.
Fixes: #11235
Fixes: #12263
Cc: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 28 Jul 2020 18:17:43 +0000 (18:17 +0000)]
bacula: Correction to 9.6.5
- Corrected Download URL to remove filename from the end of it. This is defined separately.
- Corrected to include install command for backup file which was missed in previous patch.
- Added backup file to rootfiles list.
Signed-off-by: Adolf Belka<ahb.ipfire@gmail.com>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 28 Jul 2020 18:34:31 +0000 (18:34 +0000)]
core148: add networking/any initskript
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 28 Jul 2020 18:04:46 +0000 (18:04 +0000)]
network: Fix typo for MTU value
Reported here:
https://community.ipfire.org/t/strange-etc-init-d-networking-any-for-blue/2831
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 28 Jul 2020 17:18:18 +0000 (17:18 +0000)]
location: Restart IPsec after firewall was restarted
strongswan creates rules in iptables which are being dropped when
the firewall is being restarted.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 28 Jul 2020 17:18:19 +0000 (17:18 +0000)]
core148: Do not update the location database straight away
This process takes a long time and stalls the update process.
Since the cronjob is being called once an hour, all systems will
very quickly pull a recent database which will then be extracted
in the background not disrupting the Core Update process.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Mon, 27 Jul 2020 15:50:50 +0000 (17:50 +0200)]
Fix typo in german translation
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 25 Jul 2020 18:19:20 +0000 (20:19 +0200)]
mc: Update to 4.8.25
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.25
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 21 Jul 2020 12:48:55 +0000 (12:48 +0000)]
libloc: Apply -fstack-protector only on i586
All other architectures build fine and we do not need to
weaken the Perl module unnecessarily.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stéphane Pautrel [Mon, 27 Jul 2020 18:09:27 +0000 (18:09 +0000)]
fr: Update French translation
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 27 Jul 2020 18:05:06 +0000 (18:05 +0000)]
core148: Update crontab with recent changes
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 22 Jul 2020 18:46:13 +0000 (20:46 +0200)]
libloc: use regular stack-protector on i586
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 21 Jul 2020 17:41:39 +0000 (19:41 +0200)]
stage2: update aarch64 rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sun, 19 Jul 2020 18:21:41 +0000 (20:21 +0200)]
libloc: Add upstream patch to fix a buffer issue.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sun, 19 Jul 2020 09:22:52 +0000 (11:22 +0200)]
libloc: Apply patch to compile the perl module without stack protector.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sat, 11 Jul 2020 10:11:02 +0000 (12:11 +0200)]
convert-to-location: Regenerate firewall chains.
The firewall chain for location based rules has been renamed to
LOCATIONBLOCK and therefore the fiewall needs to be restarted and
the chains regenerated.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>