suricata: Change midstream policy to "pass-flow"

[ipfire-2.x.git] / make.sh

diff --git a/make.sh b/make.sh
index 1c3fcf26b33b75911110f27628d73f3e7b9cc354..605582672054b9d3cf2206e7f9c618c288d6c19b 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -22,8 +22,8 @@
 NAME="IPFire"                                                  # Software name
 SNAME="ipfire"                                                 # Short name
 # If you update the version don't forget to update backupiso and add it to core update
-VERSION="2.27"                                                 # Version number
-CORE="178"                                                     # Core Level (Filename)
+VERSION="2.29"                                                 # Version number
+CORE="185"                                                     # Core Level (Filename)
 SLOGAN="www.ipfire.org"                                                # Software slogan
 CONFIG_ROOT=/var/ipfire                                                # Configuration rootdir
 MAX_RETRIES=1                                                  # prefetch/check loop
@@ -35,7 +35,7 @@ GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"                       # Git Branch
 GIT_TAG="$(git tag | tail -1)"                                 # Git Tag
 GIT_LASTCOMMIT="$(git rev-parse --verify HEAD)"                        # Last commit
 
-TOOLCHAINVER=20230620
+TOOLCHAINVER=20240210
 
 # use multicore and max compression
 ZSTD_OPT="-T0 --ultra -22"
@@ -145,14 +145,14 @@ configure_build() {
                        BUILDTARGET="${build_arch}-pc-linux-gnu"
                        CROSSTARGET="${build_arch}-cross-linux-gnu"
                        BUILD_PLATFORM="x86"
-                       CFLAGS_ARCH="-m64 -mtune=generic -fcf-protection"
+                       CFLAGS_ARCH="-m64 -mtune=generic -fcf-protection=full"
                        ;;
 
                aarch64)
                        BUILDTARGET="${build_arch}-pc-linux-gnu"
                        CROSSTARGET="${build_arch}-cross-linux-gnu"
                        BUILD_PLATFORM="arm"
-                       CFLAGS_ARCH=""
+                       CFLAGS_ARCH="-mbranch-protection=standard"
                        ;;
 
                riscv64)
@@ -182,9 +182,9 @@ configure_build() {
        TOOLS_DIR="/tools_${BUILD_ARCH}"
 
        # Enables hardening
-       HARDENING_CFLAGS="-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection"
+       HARDENING_CFLAGS="-Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection"
 
-       CFLAGS="-O2 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}"
+       CFLAGS="-O2 -g0 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}"
        CXXFLAGS="${CFLAGS}"
 
        RUSTFLAGS="-Copt-level=3 -Clink-arg=-Wl,-z,relro,-z,now -Ccodegen-units=1 --cap-lints=warn ${RUSTFLAGS_ARCH}"
@@ -767,8 +767,8 @@ qemu_environ() {
                        ;;
                riscv64)
                        QEMU_CPU="${QEMU_CPU:-sifive-u54}"
-
-                       env="${env} QEMU_CPU=${QEMU_CPU}"
+                       G_SLICE="always-malloc"
+                       env="${env} QEMU_CPU=${QEMU_CPU} G_SLICE=${G_SLICE}"
                        ;;
        esac
 
@@ -1103,24 +1103,19 @@ buildipfire() {
   lfsmake2 backup
   lfsmake2 rust
   lfsmake2 openssl
-  lfsmake2 kmod
-  lfsmake2 udev
   lfsmake2 popt
   lfsmake2 libedit
-  lfsmake2 libusb
+  lfsmake2 pam
+  lfsmake2 libcap
+  lfsmake2 libcap-ng
   lfsmake2 libpcap
   lfsmake2 ppp
   lfsmake2 pptp
   lfsmake2 unzip
   lfsmake2 which
   lfsmake2 bc
-  lfsmake2 u-boot MKIMAGE=1
   lfsmake2 cpio
-  lfsmake2 mdadm
-  lfsmake2 dracut
   lfsmake2 libaio
-  lfsmake2 lvm2
-  lfsmake2 multipath-tools
   lfsmake2 freetype
   lfsmake2 libmnl
   lfsmake2 libnfnetlink
@@ -1144,8 +1139,17 @@ buildipfire() {
   lfsmake2 sqlite
   lfsmake2 python3
   lfsmake2 python3-setuptools
+  lfsmake2 python3-MarkupSafe
+  lfsmake2 python3-Jinja2
   lfsmake2 ninja
   lfsmake2 meson
+  lfsmake2 kmod
+  lfsmake2 udev
+  lfsmake2 libusb
+  lfsmake2 mdadm
+  lfsmake2 dracut
+  lfsmake2 lvm2
+  lfsmake2 multipath-tools
   lfsmake2 glib
   lfsmake2 libgudev
   lfsmake2 libgpg-error
@@ -1165,7 +1169,6 @@ buildipfire() {
   lfsmake2 boost
   lfsmake2 linux-atm
   lfsmake2 libqmi
-  lfsmake2 pam
   lfsmake2 c-ares
   lfsmake2 rust-dissimilar
   lfsmake2 rust-cfg-if
@@ -1291,8 +1294,6 @@ buildipfire() {
   lfsmake2 slang
   lfsmake2 newt
   lfsmake2 libsmooth
-  lfsmake2 libcap
-  lfsmake2 libcap-ng
   lfsmake2 pciutils
   lfsmake2 usbutils
   lfsmake2 libxml2
@@ -1376,6 +1377,10 @@ buildipfire() {
   lfsmake2 perl-Crypt-PasswdMD5
   lfsmake2 perl-Net-Telnet
   lfsmake2 perl-JSON
+  lfsmake2 perl-Capture-Tiny
+  lfsmake2 perl-Config-AutoConf
+  lfsmake2 perl-Object-Tiny
+  lfsmake2 perl-Archive-Peek-Libarchive
   lfsmake2 python3-inotify
   lfsmake2 python3-docutils
   lfsmake2 python3-daemon
@@ -1454,7 +1459,6 @@ buildipfire() {
   lfsmake2 libvorbis
   lfsmake2 flac
   lfsmake2 lame
-  lfsmake2 sox
   lfsmake2 soxr
   lfsmake2 libshout
   lfsmake2 xvid
@@ -1495,6 +1499,7 @@ buildipfire() {
   lfsmake2 sdl2
   lfsmake2 libusbredir
   lfsmake2 libseccomp
+  lfsmake2 libslirp
   lfsmake2 qemu
   lfsmake2 netsnmpd
   lfsmake2 nagios_nrpe
@@ -1594,6 +1599,14 @@ buildipfire() {
   lfsmake2 python3-terminaltables
   lfsmake2 python3-pkgconfig
   lfsmake2 python3-msgpack
+  lfsmake2 python3-editables
+  lfsmake2 python3-pathspec
+  lfsmake2 python3-pluggy
+  lfsmake2 python3-calver
+  lfsmake2 python3-trove-classifiers
+  lfsmake2 python3-hatchling
+  lfsmake2 python3-hatch-vcs
+  lfsmake2 python3-hatch-fancy-pypi-readme
   lfsmake2 python3-attrs
   lfsmake2 python3-sniffio
   lfsmake2 python3-sortedcontainers
@@ -1647,6 +1660,9 @@ buildipfire() {
   lfsmake2 dnsdist
   lfsmake2 bird
   lfsmake2 libyang
+  lfsmake2 abseil-cpp
+  lfsmake2 protobuf
+  lfsmake2 protobuf-c
   lfsmake2 frr
   lfsmake2 dmidecode
   lfsmake2 mcelog
@@ -1698,15 +1714,13 @@ buildipfire() {
   lfsmake2 perl-MIME-Base32
   lfsmake2 perl-URI-Encode
   lfsmake2 rsnapshot
+  lfsmake2 mympd
+  lfsmake2 wsdd
 
   # Kernelbuild ... current we have no platform that need
   # multi kernel builds so KCFG is empty
   lfsmake2 linux               KCFG=""
-  lfsmake2 rtl8189es           KCFG=""
-  lfsmake2 rtl8189fs           KCFG=""
   lfsmake2 rtl8812au           KCFG=""
-  lfsmake2 rtl8822bu           KCFG=""
-  lfsmake2 rtl8821cu           KCFG=""
   lfsmake2 linux-initrd                KCFG=""
 }