[git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. b7d9509c3aebab95d559a3a7ad64f9d9655a3c07

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 3185 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, fifteen has been updated
       via  b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 (commit)
       via  1dbe439b83315f413c94f7c1726cdd44d7f2f838 (commit)
      from  33a1b286084cf0745aced5f17c86e39b41859c40 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b7d9509c3aebab95d559a3a7ad64f9d9655a3c07
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jan 4 17:20:15 2014 +0100

    openvpn: Use AES-256-CBC as default cipher.
    
    Applies to new installations, only.

commit 1dbe439b83315f413c94f7c1726cdd44d7f2f838
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jan 4 16:21:56 2014 +0100

    toolchain: Fix compiling due to Stack Protector changes.

-----------------------------------------------------------------------

Summary of changes:
 html/cgi-bin/ovpnmain.cgi |  2 +-
 lfs/gcc                   |  3 +++
 lfs/glibc                 | 13 +++++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

Difference in files:
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 81a7450..dac3e2e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4534,7 +4534,7 @@ END
     
 #default setzen
     if ($cgiparams{'DCIPHER'} eq '') {
-	$cgiparams{'DCIPHER'} =  'BF-CBC';     
+	$cgiparams{'DCIPHER'} =  'AES-256-CBC';
     }
     if ($cgiparams{'DDEST_PORT'} eq '') {
 	$cgiparams{'DDEST_PORT'} =  '1194';     
diff --git a/lfs/gcc b/lfs/gcc
index a9f124b..0264d37 100644
--- a/lfs/gcc
+++ b/lfs/gcc
@@ -97,6 +97,9 @@ else
   EXTRA_MAKE = 
   EXTRA_INSTALL = 
 endif
+
+  # Disable stack protection in toolchain.
+  CFLAGS += -fno-stack-protector
 endif
 
 ifeq "$(MACHINE_TYPE)" "arm"
diff --git a/lfs/glibc b/lfs/glibc
index 9acbb11..b09fcd6 100644
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -281,8 +281,21 @@ endif
 	cd $(DIR_SRC)/glibc-build && \
 		CFLAGS="$(CFLAGS) -fno-asynchronous-unwind-tables" \
 		$(DIR_APP)/configure $(EXTRA_CONFIG)
+
+	sed -i $(DIR_SRC)/glibc-build/config.make \
+		-e "s/^build-pic-default=.*/build-pic-default=yes/"
+
+	# Build the glibc libraries without stack protection (as this is not supported)
+	echo "build-programs=no" >> $(DIR_SRC)/glibc-build/configparms
+	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(MAKETUNING) \
+		CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \
+		CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE"
+
+	# Build the programs with hardening
+	: > $(DIR_SRC)/glibc-build/configparms
 	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(MAKETUNING) \
 		CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"
+
 	cd $(DIR_SRC)/glibc-build && make $(EXTRA_INSTALL) install
 
 ifeq "$(ROOT)" ""


hooks/post-receive
--
IPFire 2.x development tree