From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 Date: Sat, 04 Jan 2014 17:40:41 +0100 Message-ID: <20140104164041.D548021E2F@argus.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0716396076160221937==" List-Id: --===============0716396076160221937== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, fifteen has been updated via b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 (commit) via 1dbe439b83315f413c94f7c1726cdd44d7f2f838 (commit) from 33a1b286084cf0745aced5f17c86e39b41859c40 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b7d9509c3aebab95d559a3a7ad64f9d9655a3c07 Author: Michael Tremer Date: Sat Jan 4 17:20:15 2014 +0100 openvpn: Use AES-256-CBC as default cipher. =20 Applies to new installations, only. commit 1dbe439b83315f413c94f7c1726cdd44d7f2f838 Author: Michael Tremer Date: Sat Jan 4 16:21:56 2014 +0100 toolchain: Fix compiling due to Stack Protector changes. ----------------------------------------------------------------------- Summary of changes: html/cgi-bin/ovpnmain.cgi | 2 +- lfs/gcc | 3 +++ lfs/glibc | 13 +++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 81a7450..dac3e2e 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4534,7 +4534,7 @@ END =20 #default setzen if ($cgiparams{'DCIPHER'} eq '') { - $cgiparams{'DCIPHER'} =3D 'BF-CBC'; =20 + $cgiparams{'DCIPHER'} =3D 'AES-256-CBC'; } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} =3D '1194'; =20 diff --git a/lfs/gcc b/lfs/gcc index a9f124b..0264d37 100644 --- a/lfs/gcc +++ b/lfs/gcc @@ -97,6 +97,9 @@ else EXTRA_MAKE =3D=20 EXTRA_INSTALL =3D=20 endif + + # Disable stack protection in toolchain. + CFLAGS +=3D -fno-stack-protector endif =20 ifeq "$(MACHINE_TYPE)" "arm" diff --git a/lfs/glibc b/lfs/glibc index 9acbb11..b09fcd6 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -281,8 +281,21 @@ endif cd $(DIR_SRC)/glibc-build && \ CFLAGS=3D"$(CFLAGS) -fno-asynchronous-unwind-tables" \ $(DIR_APP)/configure $(EXTRA_CONFIG) + + sed -i $(DIR_SRC)/glibc-build/config.make \ + -e "s/^build-pic-default=3D.*/build-pic-default=3Dyes/" + + # Build the glibc libraries without stack protection (as this is not suppor= ted) + echo "build-programs=3Dno" >> $(DIR_SRC)/glibc-build/configparms + cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=3D$(MAKETUNING) \ + CFLAGS=3D"$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \ + CXXFLAGS=3D"$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" + + # Build the programs with hardening + : > $(DIR_SRC)/glibc-build/configparms cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=3D$(MAKETUNING) \ CFLAGS=3D"$(CFLAGS)" CXXFLAGS=3D"$(CXXFLAGS)" + cd $(DIR_SRC)/glibc-build && make $(EXTRA_INSTALL) install =20 ifeq "$(ROOT)" "" hooks/post-receive -- IPFire 2.x development tree --===============0716396076160221937==--