Arne Fitzenreiter [Mon, 31 Aug 2020 16:39:01 +0000 (18:39 +0200)] 
libvirt: add libtirpc to dependencies
libvirt is linked against libtirpc so this need to installed.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 30 Aug 2020 07:52:55 +0000 (07:52 +0000)]
Merge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Sat, 29 Aug 2020 18:12:19 +0000 (18:12 +0000)]
core149: add vim to update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 29 Aug 2020 15:13:58 +0000 (17:13 +0200)]
vim: update to 8.2 and fix crash with gcc-10
the configure.ac has a bug that detects gcc-10 as gcc-1 and so not use
some quirks. Also there is a bug with FORTIFY-SOURCE=2 that crash
if the matchparen plugin is used (enabled by default).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 26 Aug 2020 13:58:02 +0000 (13:58 +0000)]
core149: add files to exclude from older updates
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 26 Aug 2020 13:50:50 +0000 (13:50 +0000)]
Merge branch 'next'
Stefan Schantl [Tue, 25 Aug 2020 18:46:56 +0000 (20:46 +0200)] 
Core 148: Exclude location related settings files.
This prevents from overwriting existing files, with empty ones
and finally to lose the stored settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Tue, 25 Aug 2020 18:46:56 +0000 (20:46 +0200)]
Core 148: Exclude location related settings files.
This prevents from overwriting existing files, with empty ones
and finally to lose the stored settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 24 Aug 2020 09:48:36 +0000 (09:48 +0000)] 
core149: Restart squid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 23 Aug 2020 12:42:58 +0000 (14:42 +0200)] 
squid: Update to 4.13
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting
(CVE-2020-15811)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the browser
cache and any downstream caches with content from an arbitrary
source.
* SQUID-2020:9 Denial of Service processing Cache Digest Response
(CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial
of Service by consuming all available CPU cycles on the machine
running Squid when handling a crafted Cache Digest response
message.
* SQUID-2020:10 HTTP(S) Request Smuggling
(CVE-2020-15810)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the proxy
cache and any downstream caches with content from an arbitrary
source.
* Bug 5051: Some collapsed revalidation responses never expire
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
* Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 21 Aug 2020 09:51:10 +0000 (11:51 +0200)]
smt: Fix check to detect if a system is running virtually
/sys/hypervisor exists when a host has loaded the kvm modules.
Fixes: #12472
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 20 Aug 2020 17:56:03 +0000 (17:56 +0000)]
general-functions.pl: Do not check IPsec subnets for VTI/GRE connections
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 19 Aug 2020 14:08:10 +0000 (16:08 +0200)]
libvirt: Depend on ebtables
libvirtd requires this to create some custom firewall rules
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 19 Aug 2020 14:08:09 +0000 (16:08 +0200)]
libvirt: Ship all CPU maps
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 19 Aug 2020 12:12:08 +0000 (12:12 +0000)]
core149: Ship zstd which is now part of the base system
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 19 Aug 2020 12:11:43 +0000 (12:11 +0000)]
zstd: Do not ship libstd.so
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 18 Aug 2020 15:42:49 +0000 (17:42 +0200)]
rsync: Update to 3.2.3
For details see:
https://download.samba.org/pub/rsync/NEWS#3.2.3
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 19 Aug 2020 11:56:56 +0000 (11:56 +0000)]
core149: Fix typo in apache initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 18 Aug 2020 15:37:22 +0000 (17:37 +0200)]
zstd 1.4.5: Deleted obsolete files from '/src/paks/'
No longer needed => deleted because of:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=
c67ff7d72c2232b6994e1ff97277d4040711f97d
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Tue, 18 Aug 2020 14:34:37 +0000 (14:34 +0000)] 
tshark: Update to version 3.2.6
The version jump from 3.2.3 to 3.2.6 includes several changes.
3.2.4 includes only bugfixes.
3.2.5 includes bugfixes and updated protocols.
3.2.6 includes also bugfixes and updated protocols.
For a full overview, the release notes can be found in here -->
https://www.wireshark.org/docs/relnotes/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 Aug 2020 19:30:21 +0000 (19:30 +0000)] 
Postfix: update to 3.5.6
Please refer to http://www.postfix.org/announcements/postfix-3.5.6.html
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 18 Aug 2020 10:13:01 +0000 (10:13 +0000)]
zstd: Make this part of the core distributions
Many packages link against it and we should make use of it
when we have it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 18 Aug 2020 10:11:33 +0000 (10:11 +0000)]
qemu: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 18 Aug 2020 10:10:13 +0000 (10:10 +0000)]
rsync: Update rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 17:55:55 +0000 (17:55 +0000)]
core149: Ship popt
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 28 Jun 2020 07:36:33 +0000 (09:36 +0200)]
popt: Update to 1.18
Recommended for 'rsync 3.2.1'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 28 Jun 2020 07:36:32 +0000 (09:36 +0200)]
rsync: Update to 3.2.1
For details see:
https://download.samba.org/pub/rsync/NEWS#3.2.1
Although 3.2.2 is in "release testing", I decided to push this release now to get things running.
I activated zstd-support and added 'DEPS = zstd'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 28 Jun 2020 07:36:31 +0000 (09:36 +0200)]
zstd 1.4.5: New package
This packages adds a "lossless compression algorithm" - supported by 'rsync 3.2.1'.
For details see:
https://github.com/facebook/zstd/releases/tag/v1.4.5
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 4 Jul 2020 23:04:51 +0000 (01:04 +0200)]
qemu: Update to 5.0.0
For details see:
https://wiki.qemu.org/ChangeLog/5.0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 4 Jul 2020 23:04:50 +0000 (01:04 +0200)]
usbredir: Update to 0.8.0
For details see:
https://gitlab.freedesktop.org/spice/usbredir/-/blob/master/ChangeLog
"-Source code and bug tracker hosted in Freedesktop's instance of Gitlab
-https://gitlab.freedesktop.org/spice/usbredir
-usbredirfilter
-Fix busy wait due endless recursion when interface_count is zero
-usbredirhost:
-Fix leak on error
-usbredirserver:
-Use 'busnum-devnum' instead of 'usbbus-usbaddr'
-Add support for bind specific address -4 for ipv4, -6 for ipv6
-Reject empty vendorid from command line
-Enable TCP keepalive"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 4 Jul 2020 23:04:49 +0000 (01:04 +0200)]
libvirt: Update to 6.5.0
For details see:
https://libvirt.org/news.html
This update "just came my way" - I hope its somehow useful.
I also checked updates for dependencies - 'libusbredir 0.8.0' and 'qemu 5.0.0' follow.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Tue, 14 Jul 2020 19:05:10 +0000 (19:05 +0000)]
Postfix: update to 3.5.4
Please refer to http://www.postfix.org/announcements/postfix-3.5.4.html
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Tue, 14 Jul 2020 20:26:26 +0000 (20:26 +0000)]
Tor: update to 0.4.3.6
Please refer to https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 17 Jul 2020 16:11:51 +0000 (18:11 +0200)]
clamav: Update to 0.102.4
Fixes CVE-2020-3350, CVE-2020-3327, CVE-2020-3481
For details see:
https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 17:52:18 +0000 (17:52 +0000)]
core149: Ship bind
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 17 Jul 2020 16:16:51 +0000 (18:16 +0200)]
bind: Update to 9.11.21
For details see:
https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html
"Bug Fixes
named could crash when cleaning dead nodes in lib/dns/rbtdb.c that
were being reused. [GL #1968]
Properly handle missing kyua command so that make check does not
fail unexpectedly when CMocka is installed, but Kyua is not. [GL
#1950]
The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than
a supported algorithm. It could also stop if it detected a malformed
public key. [GL #1689]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 17:51:52 +0000 (17:51 +0000)]
core149: Ship intel microcode
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 15 Jul 2020 17:01:00 +0000 (17:01 +0000)]
intel-microcode: update to
20200616
Ice Lake Intel CPUs have been found of being vulnerable to MDS, thus
requiring new microcodes for them. <sarcasm>Yay!</sarcasm> Please refer to
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-
20200616
for further information.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 17:48:21 +0000 (17:48 +0000)]
core149: Ship updated unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Mon, 27 Jul 2020 18:07:00 +0000 (20:07 +0200)]
unbound: Update to 1.11.0
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-July/006921.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 17:23:37 +0000 (17:23 +0000)]
7zip: Move files to /usr
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 15:09:51 +0000 (15:09 +0000)]
u-boot: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 15:09:24 +0000 (15:09 +0000)]
grub: Run autoreconf after applying patches
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 10:19:47 +0000 (10:19 +0000)]
core149: Ship everything that was recently updated
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Marcel Follert [Thu, 30 Jul 2020 22:22:11 +0000 (00:22 +0200)] 
socat: New package
Signed-off-by: Marcel Follert (Smooky) <smooky@v16.de>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 15 Aug 2020 18:29:27 +0000 (20:29 +0200)]
iproute2: Update to 5.8.0
For details see:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.8.0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 15 Aug 2020 18:11:39 +0000 (20:11 +0200)]
apache: Update to 2.4.46
For details see:
https://mirrors.ae-online.de/apache//httpd/CHANGES_2.4.46
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 15 Aug 2020 15:43:13 +0000 (17:43 +0200)]
logrotate: Update to 3.17.0
For details see:
https://github.com/logrotate/logrotate/releases/tag/3.17.0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sat, 15 Aug 2020 15:08:45 +0000 (17:08 +0200)]
OpenVPN: Add tls-version-min for TLSv1.2
ovpnmain.cgi delivers now 'tls-version-min 1.2' for Roadwarrior and N2N.
Since the server needs it only on server side, this patch do not includes it for Roadwarrior clients.
N2N do not uses push options therefor this directive will be included on both sides.
To integrate the new directive into actual working OpenVPN server environment, the following commands
should be executed via update.sh.
Code block start:
if test -f "/var/ipfire/ovpn/server.conf"; then
# Add tls-version-minimum to OpenVPN server if not already there
if ! grep -q '^tls-version-min' /var/ipfire/ovpn/server.conf > /dev/null 2>&1; then
# Stop server before append the line
/usr/local/bin/openvpnctrl -k
# Append new directive
echo >> "tls-version-min 1.2" /var/ipfire/ovpn/server.conf
# Make sure server.conf have the correct permissions to prevent such
# --> https://community.ipfire.org/t/unable-to-start-the-openvpn-server/2465/54?u=ummeegge
# case
chown nobody:nobody /var/ipfire/ovpn/server.conf
# Start server again
/usr/local/bin/openvpnctrl -s
fi
fi
Code block end
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Tue, 11 Aug 2020 08:15:58 +0000 (08:15 +0000)]
curl: Update to version 7.71.1
Several bugfixes and vulnerabilities has been fixed since the current available version 7.64.0 .
For a full overview, the changelog is located in here --> https://curl.haxx.se/changes.html,
a security problem overview in here --> https://curl.haxx.se/docs/security.html .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sat, 8 Aug 2020 19:20:42 +0000 (21:20 +0200)]
hyperscan: Update to 5.3.0
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <Michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Mon, 10 Aug 2020 17:12:19 +0000 (19:12 +0200)]
OpenVPN: max-clients value has been enhanced
The --max-client value has been enhanced from 255 clients to 1024 clients.
Error message gives now explanation if the maximum has been reached.
Patch has been triggered by https://community.ipfire.org/t/openvpn-max-vpn-clients-quantity-and-connections/2925 .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 5 Aug 2020 12:35:20 +0000 (12:35 +0000)]
haproxy: Update to 2.2.2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 5 Aug 2020 12:23:07 +0000 (12:23 +0000)]
index.cgi: Show a note to people who are running IPFire on i?86
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 5 Aug 2020 12:23:06 +0000 (12:23 +0000)]
index.cgi: Drop Reiser4 warning
We have dropped Reiser4 in 2013. There won't be any systems out there
any more running it. We can safely drop this warning.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephan Feddersen [Tue, 4 Aug 2020 19:31:15 +0000 (21:31 +0200)] 
WIO. new version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephan Feddersen [Tue, 4 Aug 2020 19:31:14 +0000 (21:31 +0200)]
WIO: new french translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stephan Feddersen [Tue, 4 Aug 2020 19:31:13 +0000 (21:31 +0200)]
WIO: code cleanup
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 1 Aug 2020 12:13:47 +0000 (12:13 +0000)]
OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite
Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous
since they allow content decryption in retrospect, if an attacker is
able to gain access to the servers' private key used for the
corresponding TLS session.
Since IPFire machines establish very few TLS connections by themselves, and
destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.)
provide support for Forward Secrecy ciphers - some are even enforcing
them -, it is safe to drop support for anything else.
This patch reduces the OpenSSL default cipher list to:
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Aug 2020 10:05:40 +0000 (10:05 +0000)]
glibc: aarch64: Ignore uninitialised variables in the stage2 build, too
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Aug 2020 10:28:09 +0000 (10:28 +0000)]
make.sh: Increase maximum size of ramdisk to 8GB
The previous 4GB were not enough for a full GCC bootstrap
in the toolchain stage.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:29:05 +0000 (23:29 +0000)]
perl: Fix build in toolchain stage
perl searches for headers and libraries in the wrong paths
and detects GCC 10 as GCC 1.x.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:28:35 +0000 (23:28 +0000)]
make: Run autoreconf after applying patches
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:17:14 +0000 (23:17 +0000)]
glibc: Pass -Wno-error=maybe-uninitialized
This is required to build glibc in the toolchain stage on
aarch64 due to messy headers on the host system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 23:16:34 +0000 (23:16 +0000)]
glibc: Drop any custom CFLAGS
glibc is nothing special and can and should be built with
the same flags than the rest of the system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 16:28:09 +0000 (16:28 +0000)]
make.sh: Bump toolchain version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 16:25:26 +0000 (16:25 +0000)]
make.sh: Add -fcf-protection for x86_64/i586
Instrument binaries to guard against ROP/JOP attacks.
This flag in only available on x86_64 and i586.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 16:22:55 +0000 (16:22 +0000)]
make.sh: Enable -fstack-clash-protection for x86_64/aarch64
This patch turns on instrumentation to avoid skipping the guard page
in large stack frames.
Without this flag, vulnerabilities can result in where the stack
overlaps with the heap, or thread stacks spill into other regions
of memory.
This flag in only available on x86_64 and aarch64.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 15:13:02 +0000 (15:13 +0000)]
gcc: Bundle against OS versions of gmp/mpfr
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Aug 2020 15:12:45 +0000 (15:12 +0000)]
mpfr: Update to 4.1.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:13:58 +0000 (18:13 +0000)]
cmake: Do not limit compile processes to only two
We can launch more when we have the memory for it
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:51:39 +0000 (09:51 +0000)]
nfs: Update to 2.5.1 and remove bundled libnfsidmap
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:49:59 +0000 (09:49 +0000)]
libnfsidmap: Split into a separate package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:06:13 +0000 (14:06 +0000)]
xinetd: Fix build against glibc 2.32 (without RPC)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:18:12 +0000 (18:18 +0000)]
conntrack-tools: Fix build against libtirpc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 10:17:20 +0000 (10:17 +0000)]
squid: Remove basic_nis_auth
This depends on SunRPC in glibc which was removed in 2.32.
We do not use this file.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 10:21:30 +0000 (10:21 +0000)]
python(2/3): Remove nis module
This requires SunRPC and we do not use it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 18:15:18 +0000 (18:15 +0000)]
Build libtirpc earlier because RPC does not come with glibc any more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:47:32 +0000 (11:47 +0000)]
rpcsvc-proto: New package
This is required since it is no longer included in glibc
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 13:38:17 +0000 (13:38 +0000)]
Update glibc to 2.32
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Aug 2020 11:50:00 +0000 (11:50 +0000)]
make.sh: Remove -mindirect-branch=thunk and -mfunction-return=thunk as default
I cannot find any evidence that this is helpful and no other
distribution has this as default. Packages that are vulnerable to these
attacks (i.e. the kernel) add these flags as appropriate automatically.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 6 Aug 2020 13:38:02 +0000 (13:38 +0000)]
Update GCC to 10.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Aug 2020 09:18:44 +0000 (09:18 +0000)]
bacula: Fix build with GCC 10
GCC 10 aborts compilation when nunbers are (potentially) out of range
when casted from one type to another:
fstype.c: In function 'bool fstype(FF_PKT*, char*, int)':
fstype.c:207:12: error: narrowing conversion of '
4283649346' from
'unsigned int' to 'int' [-Wnarrowing]
207 | case 0xFF534D42: fstype = "cifs"; break; /*
CIFS_MAGIC_NUMBER */
| ^~~~~~~~~~
fstype.c:216:12: error: narrowing conversion of '
4187351113' from
'unsigned int' to 'int' [-Wnarrowing]
216 | case 0xf995e849: fstype = "hpfs"; break; /*
HPFS_SUPER_MAGIC */
| ^~~~~~~~~~
fstype.c:217:12: error: narrowing conversion of '
2508478710' from
'unsigned int' to 'int' [-Wnarrowing]
217 | case 0x958458f6: fstype = "hugetlbfs"; break; /*
HUGETLBFS_MAGIC */
| ^~~~~~~~~~
fstype.c:234:12: error: narrowing conversion of '
2768370933' from
'unsigned int' to 'int' [-Wnarrowing]
234 | case 0xa501FCF5: fstype = "vxfs"; break;
| ^~~~~~~~~~
fstype.c:237:12: error: narrowing conversion of '
2435016766' from
'unsigned int' to 'int' [-Wnarrowing]
237 | case 0x9123683e: fstype = "btrfs"; break;
| ^~~~~~~~~~
Does nobody build this for 32 bit any more?
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:44:56 +0000 (09:44 +0000)]
kbd: Update to 2.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Aug 2020 09:44:04 +0000 (09:44 +0000)]
u-boot: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:47:06 +0000 (09:47 +0000)]
syslinux: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:46:40 +0000 (09:46 +0000)]
ipfire-netboot: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:46:03 +0000 (09:46 +0000)]
lcdproc: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:45:44 +0000 (09:45 +0000)]
iftop: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:45:31 +0000 (09:45 +0000)]
frr: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Aug 2020 09:45:19 +0000 (09:45 +0000)]
bird: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:05:56 +0000 (14:05 +0000)]
sarg: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 14:05:42 +0000 (14:05 +0000)]
minidlna: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:30:13 +0000 (09:30 +0000)]
w_scan: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:29:57 +0000 (09:29 +0000)]
tftpd: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:29:43 +0000 (09:29 +0000)]
motion: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:28:27 +0000 (09:28 +0000)]
openvmtools: Update to 11.1.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:27:18 +0000 (09:27 +0000)]
icinga: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:27:08 +0000 (09:27 +0000)]
collectd: Fix build with GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Aug 2020 09:26:45 +0000 (09:26 +0000)]
7zip: Fix build against GCC 10
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
