* [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. b7d9509c3aebab95d559a3a7ad64f9d9655a3c07
@ 2014-01-04 16:40 git
0 siblings, 0 replies; only message in thread
From: git @ 2014-01-04 16:40 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 3185 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 (commit)
via 1dbe439b83315f413c94f7c1726cdd44d7f2f838 (commit)
from 33a1b286084cf0745aced5f17c86e39b41859c40 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b7d9509c3aebab95d559a3a7ad64f9d9655a3c07
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jan 4 17:20:15 2014 +0100
openvpn: Use AES-256-CBC as default cipher.
Applies to new installations, only.
commit 1dbe439b83315f413c94f7c1726cdd44d7f2f838
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jan 4 16:21:56 2014 +0100
toolchain: Fix compiling due to Stack Protector changes.
-----------------------------------------------------------------------
Summary of changes:
html/cgi-bin/ovpnmain.cgi | 2 +-
lfs/gcc | 3 +++
lfs/glibc | 13 +++++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
Difference in files:
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 81a7450..dac3e2e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4534,7 +4534,7 @@ END
#default setzen
if ($cgiparams{'DCIPHER'} eq '') {
- $cgiparams{'DCIPHER'} = 'BF-CBC';
+ $cgiparams{'DCIPHER'} = 'AES-256-CBC';
}
if ($cgiparams{'DDEST_PORT'} eq '') {
$cgiparams{'DDEST_PORT'} = '1194';
diff --git a/lfs/gcc b/lfs/gcc
index a9f124b..0264d37 100644
--- a/lfs/gcc
+++ b/lfs/gcc
@@ -97,6 +97,9 @@ else
EXTRA_MAKE =
EXTRA_INSTALL =
endif
+
+ # Disable stack protection in toolchain.
+ CFLAGS += -fno-stack-protector
endif
ifeq "$(MACHINE_TYPE)" "arm"
diff --git a/lfs/glibc b/lfs/glibc
index 9acbb11..b09fcd6 100644
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -281,8 +281,21 @@ endif
cd $(DIR_SRC)/glibc-build && \
CFLAGS="$(CFLAGS) -fno-asynchronous-unwind-tables" \
$(DIR_APP)/configure $(EXTRA_CONFIG)
+
+ sed -i $(DIR_SRC)/glibc-build/config.make \
+ -e "s/^build-pic-default=.*/build-pic-default=yes/"
+
+ # Build the glibc libraries without stack protection (as this is not supported)
+ echo "build-programs=no" >> $(DIR_SRC)/glibc-build/configparms
+ cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(MAKETUNING) \
+ CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \
+ CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE"
+
+ # Build the programs with hardening
+ : > $(DIR_SRC)/glibc-build/configparms
cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(MAKETUNING) \
CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"
+
cd $(DIR_SRC)/glibc-build && make $(EXTRA_INSTALL) install
ifeq "$(ROOT)" ""
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-01-04 16:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-04 16:40 [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox