This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, fifteen has been updated via b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 (commit) via 1dbe439b83315f413c94f7c1726cdd44d7f2f838 (commit) from 33a1b286084cf0745aced5f17c86e39b41859c40 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 17:20:15 2014 +0100
openvpn: Use AES-256-CBC as default cipher.
Applies to new installations, only.
commit 1dbe439b83315f413c94f7c1726cdd44d7f2f838 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 4 16:21:56 2014 +0100
toolchain: Fix compiling due to Stack Protector changes.
-----------------------------------------------------------------------
Summary of changes: html/cgi-bin/ovpnmain.cgi | 2 +- lfs/gcc | 3 +++ lfs/glibc | 13 +++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-)
Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 81a7450..dac3e2e 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4534,7 +4534,7 @@ END
#default setzen if ($cgiparams{'DCIPHER'} eq '') { - $cgiparams{'DCIPHER'} = 'BF-CBC'; + $cgiparams{'DCIPHER'} = 'AES-256-CBC'; } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; diff --git a/lfs/gcc b/lfs/gcc index a9f124b..0264d37 100644 --- a/lfs/gcc +++ b/lfs/gcc @@ -97,6 +97,9 @@ else EXTRA_MAKE = EXTRA_INSTALL = endif + + # Disable stack protection in toolchain. + CFLAGS += -fno-stack-protector endif
ifeq "$(MACHINE_TYPE)" "arm" diff --git a/lfs/glibc b/lfs/glibc index 9acbb11..b09fcd6 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -281,8 +281,21 @@ endif cd $(DIR_SRC)/glibc-build && \ CFLAGS="$(CFLAGS) -fno-asynchronous-unwind-tables" \ $(DIR_APP)/configure $(EXTRA_CONFIG) + + sed -i $(DIR_SRC)/glibc-build/config.make \ + -e "s/^build-pic-default=.*/build-pic-default=yes/" + + # Build the glibc libraries without stack protection (as this is not supported) + echo "build-programs=no" >> $(DIR_SRC)/glibc-build/configparms + cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(MAKETUNING) \ + CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \ + CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" + + # Build the programs with hardening + : > $(DIR_SRC)/glibc-build/configparms cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(MAKETUNING) \ CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" + cd $(DIR_SRC)/glibc-build && make $(EXTRA_INSTALL) install
ifeq "$(ROOT)" ""
hooks/post-receive -- IPFire 2.x development tree