This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 89c1bf358652b9518e8104285c58cc8305c62cae (commit) via 41c50d77850ca048346c29db0cdf9b6fb625db6e (commit) via 268c12c936f051589b8f77583f1470a3be0a62b2 (commit) via a8172e14a048e1439a28beb63645915b9b3fa1ba (commit) via 870c2f84fe7153055cbfd4b63f8bd8f77fe9bce0 (commit) via ffaa94deb97e2fe6576a4bf5f48b0f565d866beb (commit) via 12f231c48e81c85a83af69e7a6445ba7d6601c33 (commit) via 19a99d48925b477ab527c0a80735dc4c731743ea (commit) from cd1320f79f73492864c08631169f3ac358dfb0cc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 89c1bf358652b9518e8104285c58cc8305c62cae Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 11:06:17 2023 +0100
krb5: Proper harden some binaries
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 41c50d77850ca048346c29db0cdf9b6fb625db6e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 11:05:09 2023 +0100
krb5: Use macro logic to build the package
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 268c12c936f051589b8f77583f1470a3be0a62b2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 10:53:20 2023 +0100
vim: Do not strip binaries during install
We need the symbols for our hardening checks. They anyway will be stripped afterwards and packed into the debuginfo packages.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a8172e14a048e1439a28beb63645915b9b3fa1ba Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 10:46:45 2023 +0100
nfs-utils: Do not strip binary during installation
We need the symbols for our hardening checks. The files anyway will be stripped afterwards and those symbols will be packed into the debuginfo packages.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 870c2f84fe7153055cbfd4b63f8bd8f77fe9bce0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 10:28:09 2023 +0100
openldap: Do not strip binaries during install
We need those symbols for our hardening checks. The binaries anyway will be stripped afterwards and the debug symbols will be used for the debuginfo packages.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ffaa94deb97e2fe6576a4bf5f48b0f565d866beb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 10:07:41 2023 +0100
pth: Drop package
This package is very outdated and not longer used by any of our software.
So it is safe to drop it.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 12f231c48e81c85a83af69e7a6445ba7d6601c33 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 10:07:14 2023 +0100
libassuan: Does not longer depend on pth-devel
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 19a99d48925b477ab527c0a80735dc4c731743ea Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 12 10:06:30 2023 +0100
gpgme: Does not longer depend on pth-devel
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: gpgme/gpgme.nm | 3 +- krb5/krb5.nm | 24 +++++++-------- libassuan/libassuan.nm | 3 +- nfs-utils/nfs-utils.nm | 4 +-- openldap/openldap.nm | 6 +++- pth/patches/pth-2.0.5-parallelfix.patch0 | 15 --------- pth/pth.nm | 52 -------------------------------- vim/vim.nm | 5 ++- 8 files changed, 25 insertions(+), 87 deletions(-) delete mode 100644 pth/patches/pth-2.0.5-parallelfix.patch0 delete mode 100644 pth/pth.nm
Difference in files: diff --git a/gpgme/gpgme.nm b/gpgme/gpgme.nm index 4c4239b14..837dbeb8e 100644 --- a/gpgme/gpgme.nm +++ b/gpgme/gpgme.nm @@ -5,7 +5,7 @@
name = gpgme version = 1.18.0 -release = 1 +release = 2
groups = Applications/System url = https://www.gnupg.org/related_software/gpgme/ @@ -30,7 +30,6 @@ build libassuan-devel libgpg-error-devel pkg-config - pth-devel which end
diff --git a/krb5/krb5.nm b/krb5/krb5.nm index e2132afc0..9113a4a55 100644 --- a/krb5/krb5.nm +++ b/krb5/krb5.nm @@ -7,7 +7,7 @@ name = krb5 version = %{ver_maj}.%{ver_min} ver_maj = 1.20 ver_min = 1 -release = 2 +release = 3
groups = System/Libraries url = https://web.mit.edu/kerberos/www/ @@ -23,6 +23,8 @@ end source_dl = https://web.mit.edu/kerberos/dist/krb5/%%7Bver_maj%7D/
build + DIR_APP = %{DIR_SRC}/%{thisapp}/src + requires autoconf automake @@ -56,19 +58,17 @@ build --with-crypto-impl=openssl \ --with-pam
- build - cd %{DIR_APP}/src - - ./configure \ - %{configure_options} - - make %{PARALLELISMFLAGS} + configure_cmds + # Add additional compiler flags to proper harden the binaries. + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + clients/kpasswd/Makefile + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + appl/simple/server/Makefile + sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \ + appl/sample/sserver/Makefile end
- install - # Install krb5 - make -C src install DESTDIR=%{BUILDROOT} - + install_cmds # Sample KDC config files (bundled kdc.conf and kadm5.acl). mkdir -pv %{BUILDROOT}%{localstatedir}/kerberos/krb5kdc install -pm 600 %{DIR_SOURCE}/kdc.conf %{BUILDROOT}%{localstatedir}/kerberos/krb5kdc/ diff --git a/libassuan/libassuan.nm b/libassuan/libassuan.nm index d390b7c4d..f15e54b7d 100644 --- a/libassuan/libassuan.nm +++ b/libassuan/libassuan.nm @@ -5,7 +5,7 @@
name = libassuan version = 2.5.5 -release = 1 +release = 2
groups = System/Libraries url = https://www.gnupg.org/ @@ -27,7 +27,6 @@ sources = %{thisapp}.tar.bz2 build requires libgpg-error-devel >= 1.28 - pth-devel end end
diff --git a/nfs-utils/nfs-utils.nm b/nfs-utils/nfs-utils.nm index f68819792..771c47636 100644 --- a/nfs-utils/nfs-utils.nm +++ b/nfs-utils/nfs-utils.nm @@ -5,7 +5,7 @@
name = nfs-utils version = 2.6.2 -release = 3 +release = 4
groups = Networking/Tools url = http://nfs.sourceforge.net/ @@ -70,7 +70,7 @@ build mkdir -pv %{BUILDROOT}/var/lib/nfs/v4recovery mkdir -pv %{BUILDROOT}/etc/exports.d
- install -s -m 755 tools/rpcdebug/rpcdebug %{BUILDROOT}%{sbindir} + install -m 755 tools/rpcdebug/rpcdebug %{BUILDROOT}%{sbindir} install -m 644 utils/mount/nfsmount.conf %{BUILDROOT}%{sysconfdir}
mkdir -pv %{BUILDROOT}/var/lib/nfs/rpc_pipefs diff --git a/openldap/openldap.nm b/openldap/openldap.nm index 847d13fc4..afda58701 100644 --- a/openldap/openldap.nm +++ b/openldap/openldap.nm @@ -5,7 +5,7 @@
name = openldap version = 2.6.4 -release = 1.1 +release = 2
groups = System/Daemons url = https://www.openldap.org/ @@ -54,6 +54,10 @@ build %{create_user} end
+ # Do not strip the binaries during install. + make_install_targets += \ + STRIP_OPTS= + install_cmds mv -v %{BUILDROOT}%{libdir}/slapd %{BUILDROOT}/usr/sbin/slapd ln -svf slapd %{BUILDROOT}/usr/sbin/slapacl diff --git a/pth/patches/pth-2.0.5-parallelfix.patch0 b/pth/patches/pth-2.0.5-parallelfix.patch0 deleted file mode 100644 index a305f5933..000000000 --- a/pth/patches/pth-2.0.5-parallelfix.patch0 +++ /dev/null @@ -1,15 +0,0 @@ ---- Makefile.in.orig 2005-11-08 05:58:55.000000000 +1100 -+++ Makefile.in 2005-11-08 06:29:02.000000000 +1100 -@@ -148,10 +148,9 @@ - - # be aware of libtool when building the objects - .SUFFIXES: --.SUFFIXES: .c .o .lo --.c.o: -+%.o: %.c $(TARGET_PREQ) - $(CC) -c $(CPPFLAGS) $(CFLAGS) $< --.c.lo: -+%.lo: %.c $(TARGET_PREQ) - $(LIBTOOL) --mode=compile --quiet $(CC) -c $(CPPFLAGS) $(CFLAGS) $< - - # the default target diff --git a/pth/pth.nm b/pth/pth.nm deleted file mode 100644 index 013137870..000000000 --- a/pth/pth.nm +++ /dev/null @@ -1,52 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = pth -version = 2.0.7 -release = 3.1 - -groups = System/Libraries -url = http://www.gnu.org/software/pth -license = GPLv3+ -summary = GNU Pth - The GNU Portable Threads. - -description - The Pth package contains a very portable POSIX/ANSI-C based library for \ - Unix platforms which provides non-preemptive priority-based scheduling for \ - multiple threads of execution (multithreading) inside event-driven \ - applications. -end - -source_dl = ftp://ftp.gnu.org/gnu/pth/ - -build - requires - libtool - end - - configure_options += \ - --disable-static \ - --mandir=/usr/share/man - - prepare_cmds - %{MACRO_FIX_AUTOTOOLS} - end - - test - make check - end -end - -packages - package %{name} - - package %{name}-devel - template DEVEL - end - - package %{name}-debuginfo - template DEBUGINFO - end -end diff --git a/vim/vim.nm b/vim/vim.nm index d1a86190f..7efb260e0 100644 --- a/vim/vim.nm +++ b/vim/vim.nm @@ -8,7 +8,7 @@ major_ver = 8 minor_ver = 0 patchlevel = 1184 version = %{major_ver}.%{minor_ver}.%{patchlevel} -release = 1 +release = 2
groups = Applications/Editors url = http://www.vim.org @@ -44,6 +44,9 @@ build echo '#define SYS_VIMRC_FILE "%{sysconfdir}/vimrc"' >> src/feature.h end
+ make_install_targets += \ + STRIP=/usr/bin/true + install_cmds ln -sfv vim %{BUILDROOT}%{bindir}/vi
hooks/post-receive -- IPFire 3.x development tree