Michael Tremer [Fri, 26 Feb 2021 11:26:57 +0000 (11:26 +0000)]
make.sh: Add -flto to CFLAGS
This will compile the whole distribition with LTO.
GCC will generate some intermediate representation of the code which
will be compiled into binary at linking stage, after an optimizer
has removed any unneeded symbols and the inliner has had a chance to
inline functions across source files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 19 Apr 2021 10:25:14 +0000 (10:25 +0000)]
make.sh: Build zlib + zstd before binutils
binutils is using to compress LTO? debugging data. Since binutils linked
against zstd from stage2 is expecting data being compressed, we need to
have zstd available at the toolchain stage.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Feb 2021 18:17:03 +0000 (18:17 +0000)]
make.sh: Set parallelism to number of CPU cores
Setting it to something higher than the number of physical CPU cores was
a good idea when we used to have slow magnetic storage. That way, at
least there was always one process waiting for IO.
With modern fast flash-based storage, this does not hold any more since
it is fast enough that we don't need to have a couple of processes ready
to wait.
It will probably have made work for the scheduler more challenging since
more processes were ready and processes were moved around processors.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:29:44 +0000 (14:29 +0200)]
elfutils: Update to 0.184
- Update from 0.183 to 0.184
- Update rootfiles
- Changelog
2021-05-10 Mark Wielaard <mark@klomp.org>
* configure.ac (AC_INIT): Set version to 0.184.
* NEWS: Add libdw, translation and debuginfod-client entries.
2021-03-30 Frank Ch. Eigler <fche@redhat.com>
* configure.ac: Look for pthread_setname_np.
2021-02-17 Timm Bäder <tbaeder@redhat.com>
* configure.ac: Add -Wno-packed-not-aligned check.
2021-02-17 Timm Bäder <tbaeder@redhat.com>
* configure.ac: Add -Wtrampolines check.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:30:32 +0000 (14:30 +0200)]
gdb: Update to 10.2
- Update from 10.1 to 10.2
- Update rootfiles
- Changelog
GDB 10.2 brings the following fixes and enhancements over GDB 10.1:
* PR remote/26614 (AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler)
* PR gdb/26828 (SIGSEGV in follow_die_offset dwarf2/read.c:22950)
* PR gdb/26861 (internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid' failed. OS: Mac OSX Catalina; Compiler: GCC; Language: C)
* PR gdb/26876 (gdb error: internal-error: Unknown CFA rule when debugging the linux kernel with qemu)
* PR breakpoints/26881 (infrun.c:6384: internal-error: void process_event_stop_test(execution_control_state*): Assertion `ecs->event_thread->control.exception_resume_breakpoint != NULL' failed)
* PR gdb/26901 (Array subscript fails with flexible array member without size)
* PR tui/26973 (gdb crashes when not including the status window in a new layout)
* PR python/26974 (Wrong Value.format_string docu for static members argument)
* PR breakpoints/27009 ([s390] GDB branches randomly for BC instruction while displaced stepping)
* PR tdep/27015 (ARC: "eret" value is collected from the wrong data in register cache)
* PR backtrace/27147 ([GNU/Linux, sparc64] GDB is unable to print full stack trace (got "previous frame inner to this frame" errors))
* PR rust/27194 (put rust demangler on 10.x branch)
* PR threads/27239 (gdb/cp-support.c:1619:(.text+0x5502): relocation truncated to fit: R_X86_64_PC32 against undefined symbol `TLS init function for thread_local_segv_handler')
* PR breakpoints/27330 (nextoverthrow.exp FAILs on arm-none-eabi)
* PR symtab/27333 ([dwarf-5] abort on unhandled DW_TAG_type_unit in process_psymtab_comp_unit)
* PR fortran/27341 ([dwarf-5] FAIL: gdb.fortran/function-calls.exp: p derived_types_and_module_calls::pass_cart_nd(c_nd))
* PR tdep/27369 (ARC: Stepping over atomic instruction sequences loops infinitely)
* PR build/27385 (Cannot compile arc.c with gcc-4.8 (error: no matching function for call to 'std::pair...'))
* PR gdb/27435 (Attach on solaris segfaults GDB)
* PR build/27535 (amd64-linux-siginfo.c fails to compile after updating to glibc-2.33 headers)
* PR build/27536 (aarch64-linux-hw-point.c fails to compile after updating to glibc-2.33)
* PR symtab/27541 (gdb crashes on "file -readnow")
* PR gdb/27750 (local variables have wrong address and values on sparc64)
* PR varobj/27757 (-var-list-children coredump)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 May 2021 19:02:36 +0000 (21:02 +0200)]
DMA: do not ship a binary for creating mail boxes
This is only needed in case of bounces generated by locally emitted
messages. We neither store these, nor do we create mail boxes on a
firewall. Safe to drop.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 May 2021 19:01:54 +0000 (21:01 +0200)]
/usr/bin/ping does not need a SUID bit if appropriate capabilities are set
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 16 May 2021 20:48:58 +0000 (22:48 +0200)]
OpenSSH: do not ship ssh-keysign anymore
To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:34 +0000 (23:50 +0200)]
python-distutils-extra: Removal of this python2 module
- python-distutils-extra is linked to python-distutils which is no longer
used as it has been replaced by setuptools.
- python-distutils-extra is currently from 2011 and the latest version
is from 2016. No development occurring on this.
- No problem on a clean build with this module being removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:33 +0000 (23:50 +0200)]
python-distutils: Removal of this python2 module
- python-distutils has been replaced by setuptools.
- python-distutils was not being built anyway as it was not listed in
make.sh
- lfs has missing sections. There are no source and no build sections
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:32 +0000 (23:50 +0200)]
python-optional-src: Removal of this python2 module
- python-optional-src was not getting built anyway as it was not listed
in make.sh
- lfs file was missing most of the standard content. No source info
and no build instructions
- missing source file from IPFire source system
- grep on build/ found no dependencies on this module
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:31 +0000 (23:50 +0200)]
make.sh: Removal of three python2 modules
- Removal of python-distutils and python-distutils-extra as these have
been replaced by setuptools.
- Removal of python-optional-src
- Only python-distutils-extra line is removed from make.sh as
python-distutils and python-optional-src were not in make.sh
These two modules have not been getting built historically
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:03 +0000 (23:50 +0200)]
nmap: Migrate to python3
- Added PYTHON=python3 prior to configure. This then builds nmap with
python3.
- ndiff is written as python2 only and currently no patches to make it
work wih python3 have been accepted by the nmap team. It looks like ndiff
will stay as it is for some time so ndiff will be removed from the nmap
package install.
- Added --without-ndiff to configure so nmap is built without ndiff
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 14 May 2021 21:11:49 +0000 (23:11 +0200)]
Tor: update to 0.4.5.8
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.5.8:
Changes in version 0.4.5.8 - 2021-05-10
Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes
from the 0.4.6.x series.
o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc):
- Add a workaround to enable the Linux sandbox to work correctly
with Glibc 2.33. This version of Glibc has started using the
fstatat() system call, which previously our sandbox did not allow.
Closes ticket 40382; see the ticket for a discussion of trade-offs.
o Minor features (compilation, backport from 0.4.6.3-rc):
- Make the autoconf script build correctly with autoconf versions
2.70 and later. Closes part of ticket 40335.
o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
- Regenerate the list of fallback directories to contain a new set
of 200 relays. Closes ticket 40265.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/05/07.
o Minor features (onion services):
- Add warning message when connecting to now deprecated v2 onion
services. As announced, Tor 0.4.5.x is the last series that will
support v2 onions. Closes ticket 40373.
o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha):
- Fix a regression that made it impossible start Tor using a bridge
line with a transport name and no fingerprint. Fixes bug 40360;
bugfix on 0.4.5.4-rc.
o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc):
- Allow a custom "ar" for cross-compilation. Our previous build
script had used the $AR environment variable in most places, but
it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
- Fix a non-fatal BUG() message due to a too-early free of a string,
when listing a client connection from the DoS defenses subsystem.
Fixes bug 40345; bugfix on 0.4.3.4-rc.
o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- Fix an indentation problem that led to a warning from GCC 11.1.1.
Fixes bug 40380; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (controller, backport from 0.4.6.1-alpha):
- Fix a "BUG" warning that would appear when a controller chooses
the first hop for a circuit, and that circuit completes. Fixes bug
40285; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc):
- Fix a bug where an expired cached descriptor could get overwritten
with a new one without freeing it, leading to a memory leak. Fixes
bug 40356; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:49:32 +0000 (23:49 +0200)]
sudo: Update to 1.9.7
- Update from 1.9.6p1 to 1.9.7
- Update of rootfile not required
- Changelog
The fuzz Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. make FUZZ_RUNS=-1 fuzz.
Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined.
Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least). Bug #969.
Fixed a bug introduced in sudo 1.9.6 that caused sudo -V to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation. GitHub Issue #95.
Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid. Bug #970.
Fixed a compilation error when sudo is configured with the disable-log-clientoption.
Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented. Bug #971.
Sudo now requires autoconf 2.70 or higher to regenerate the configure script. Bug #972.
sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the store_first setting is enabled, the log will be stored locally until the command completes and then relayed. Bug #965.
Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the --disable-log-client and --disable-log-server configure options are specified.
Fixed configure's Python version detection when the version minor number is more than a single digit, for example Python 3.10.
The sudo Python module tests now pass for Python 3.10.
Sudo will now avoid changing the datasize resource limit as long as the existing value is at least 1GB. This works around a problem on 64-bit HP-UX where it is not possible to exactly restore the original datasize limit. Bug #973.
Fixed a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN. This fixes the bug described by GitHub PR #98.
Fixed an out-of-bounds read in sudoedit and visudo when the EDITOR, VISUAL or SUDO_EDITOR environment variables end in an unescaped backslash. Also fixed the handling of quote characters that are escaped by a backslash. GitHub Issue #99.
Fixed a bug that prevented the log_server_verify sudoers option from taking effect.
The sudo_sendlog utility has a new -s option to cause it to stop sending I/O records after a user-specified elapsed time. This can be used to test the I/O log restart functionality of sudo_logsrvd.
Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when attempting to restart an interrupted I/O log transfer.
The TLS connection timeout in the sudoers log client was previously hard-coded to 10 seconds. It now uses the value of log_server_timeout.
The configure script now outputs a summary of the user-configurable options at the end, separate from output of configure script tests. Bug #820.
Corrected the description of which groups may be specified via the -g option in the Runas_Spec section. Bug #975.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 14 May 2021 10:30:17 +0000 (12:30 +0200)]
python-ipaddress: Remove this python2 module
- python-ipaddress is the python2 backport of the python3 built in
ipaddress module. Therefore python-ipaddress is not needed with the
move to try and remove python2
- Remove the lfs and rootfiles and adjust make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 20:44:30 +0000 (22:44 +0200)]
python3-inotify: Update to 0.2.10 and convert to python3
- Update from 0.2.7 to 0.2.10
- Convert from python-inotify to python3-inotify
make.sh, lfs & rootfiles
- Update rootfiles
- Changelog
0.2.8: - We now just *skip* the event if not known
- Implement InotifyTree and InotifyTrees as sub-classes of new BaseTree
class
- Made InotifyTree and InotifyTrees sub-classes of new base class
BaseTree
- Recursively watch a list of paths/trees
0.2.9: - Added getter for Inotify object from tree objects
- Added note to docs about race-conditions. Added small change for
redundant adds.
- Slightly reorganized documentation. Updated example.
- Merge pull request #35 from dsoprea/dustin. Added extensive unit-test
coverage. Closes all bug requests.
- Added large amount of unit-test coverage.
- Now handle rename-specific events.
- Can now also ignore issues with new directories not existing if
you're created *and* deleted or renamed a folder since the last
time events were read.
- Adjusted requirements for simplicity.
- Added Python 3 compatibility.
- Fixed Unicode support.
- Can now provide `filter_predicate` to event_gen() to allow custom
loop termination based on events.
- We'll now terminate the loop when certain events are encountered.
These events are passed into event_gen() as `terminal_events`. By
default these are the IN_Q_OVERFLOW and IN_UNMOUNT types.
- Fixes #28
- Fixes #23
- Fixes #22
- Fixes #19
- Fixes #16
- Fixes #15
- Fixes #5
- Check presence of both glibc errno and musl libc err
- Support for musl libc (Alpine Linux)
- Merge pull request #27 from jessesuen/master. Support for musl libc
(Alpine Linux)
- Check presence of both glibc errno and musl libc err
- Merge pull request #26 from hathcock/hathcock/issue-25. resolves #25,
list of binary paths can't be logged with existing call
- Support for musl libc (Alpine Linux)
- Resolves #25, list of binary paths can't be logged with existing
call
0.2.10: - Merge pull request #34 from davidparsson/
feature/support-moved-directories
- Support MOVED_FROM and MOVED_TO in BaseTree
- events: Now log event types from epoll vs data stream.
- This release implicitly fixed the botched binary package released
in 0.2.9
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 16:47:08 +0000 (18:47 +0200)]
python3-dateutil: Removal of python3-six as a dependency
- python3-dateutil is installed as a python3 module.
- It had python3-six defined as a dependency. Python3-six is a module that
allows a project to be capable of neing run under python2 or under
python3
- With the planned removal of python2 there is no need to have
python3-dateutil capable of working with python2.
- python3-six addon is being removed as there is no need for any python3
module in IPFire to also be capable o0f running under python2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 16:47:07 +0000 (18:47 +0200)]
python-six: Removal of python2 & 3 addon versions of six
- six is a python compatibility module to enable modules to run on
both python2 and python3. The code from six has to be copied into
any other module/project that is intending to use it.
- With the planned removal of python2 then neither version of this
compatibility module is needed.
- Removal of the lfs and rootfiles. Although python-six is an addon
its rootfile was installed into the common folder rather than the
packages folder.
- Removal of the python-six and python3-six entries in make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 11:43:31 +0000 (13:43 +0200)]
make.sh: Removal of four python2 modules
- Removal of python-clientform, python-feedparser, python-mechanize
and python-rssdler addons - lfs and rootfiles
- python-clientform was made obsolete in 2008 and its functions taken
over by python-mechanize
- python-rssdler is an RSS feed downloader to facilitate downloading of
podcasts, videocasts and torrents. Current IPFire version is 0.4.0a
from 2008. The most recent version available is 0.4.2 from 2009. No
further development is being done with this module. An RSS feed
downloader is not appropriate for use in a firewall system, even
less so when it is 12 years old.
- python-feedparser and python-mechanize are both dependencies for
python-rssdler. They are not dependencies for any other addon.
- Full clean build with these four modules fully removed gave no problems.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ms / ipfire-2.x.git / log
