* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 505b886d0d8cbe5448a9998ff88c6636b8e50245
@ 2018-09-09 16:50 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2018-09-09 16:50 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 7322 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 505b886d0d8cbe5448a9998ff88c6636b8e50245 (commit)
via d5fe33228311d47490536bee370297a7c735f9d6 (commit)
via 65ae069c213a7fcd36d7857b15d863804984948d (commit)
via fd0a0384f07b399e9cb4cf46b4c5722b809ffe6a (commit)
from 3da2a66193ce8e3f92d3c29be95a4076a4fa0274 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 505b886d0d8cbe5448a9998ff88c6636b8e50245
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 9 17:48:14 2018 +0100
core124: Apply changed sysctl.conf
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d5fe33228311d47490536bee370297a7c735f9d6
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Thu Aug 16 17:29:58 2018 +0200
do not expose kernel address spaces even to privileged users
Change this setting from 1 to 2 so kernel addresses are not
displayed even if a user has CAPS_SYSLOG privileges.
See also:
- https://lwn.net/Articles/420403/
- https://tails.boum.org/contribute/design/kernel_hardening/
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 65ae069c213a7fcd36d7857b15d863804984948d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 9 17:43:53 2018 +0100
core124: Ship updated rng-tools
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fd0a0384f07b399e9cb4cf46b4c5722b809ffe6a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Sep 9 17:42:17 2018 +0100
rng-tools: Update to 6.4
Also add a patch that keeps RDRAND enabled on i586
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Fixes: #11853
-----------------------------------------------------------------------
Summary of changes:
config/etc/sysctl.conf | 2 +-
config/rootfiles/core/124/filelists/files | 1 +
.../{oldcore/121 => core/124}/filelists/rng-tools | 0
config/rootfiles/core/124/update.sh | 4 +++
lfs/rng-tools | 5 ++--
.../rng-tools-6-Enable-RDRAND-for-i586-too.patch | 35 ++++++++++++++++++++++
6 files changed, 44 insertions(+), 3 deletions(-)
copy config/rootfiles/{oldcore/121 => core/124}/filelists/rng-tools (100%)
create mode 100644 src/patches/rng-tools-6-Enable-RDRAND-for-i586-too.patch
Difference in files:
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 011c4287e..345f8f52a 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -44,7 +44,7 @@ net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Try to keep kernel address exposures out of various /proc files (kallsyms, modules, etc).
-kernel.kptr_restrict = 1
+kernel.kptr_restrict = 2
# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict = 1
diff --git a/config/rootfiles/core/124/filelists/files b/config/rootfiles/core/124/filelists/files
index 320d2808d..823355f2b 100644
--- a/config/rootfiles/core/124/filelists/files
+++ b/config/rootfiles/core/124/filelists/files
@@ -4,6 +4,7 @@ etc/rc.d/helper/aws-setup
etc/rc.d/init.d/aws
etc/rc.d/init.d/localnet
etc/rc.d/init.d/partresize
+etc/sysctl.conf
opt/pakfire/lib/functions.pl
opt/pakfire/pakfire
srv/web/ipfire/cgi-bin/firewall.cgi
diff --git a/config/rootfiles/core/124/filelists/rng-tools b/config/rootfiles/core/124/filelists/rng-tools
new file mode 120000
index 000000000..a7853e41b
--- /dev/null
+++ b/config/rootfiles/core/124/filelists/rng-tools
@@ -0,0 +1 @@
+../../../common/rng-tools
\ No newline at end of file
diff --git a/config/rootfiles/core/124/update.sh b/config/rootfiles/core/124/update.sh
index 471667a12..80eca4ceb 100644
--- a/config/rootfiles/core/124/update.sh
+++ b/config/rootfiles/core/124/update.sh
@@ -48,8 +48,12 @@ ldconfig
/usr/local/bin/update-lang-cache
# Start services
+/etc/init.d/rngd restart
/etc/init.d/ntp restart
+# Reload sysctl.conf
+sysctl -p
+
# Remove deprecated GRUB configuration option
if [ -e "/etc/default/grub" ]; then
sed -e "/^GRUB_FONT/d" -i /etc/default/grub
diff --git a/lfs/rng-tools b/lfs/rng-tools
index c7a358e56..dc87a3406 100644
--- a/lfs/rng-tools
+++ b/lfs/rng-tools
@@ -24,7 +24,7 @@
include Config
-VER = 6.3.1
+VER = 6.4
THISAPP = rng-tools-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fe2d38e39ff02d0c7b3585407d51dc64
+$(DL_FILE)_MD5 = 52a8243858503f94eecd4ae0983a9818
install : $(TARGET)
@@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/rng-tools-6-Enable-RDRAND-for-i586-too.patch
cd $(DIR_APP) && ./autogen.sh
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
diff --git a/src/patches/rng-tools-6-Enable-RDRAND-for-i586-too.patch b/src/patches/rng-tools-6-Enable-RDRAND-for-i586-too.patch
new file mode 100644
index 000000000..7d45bd0b8
--- /dev/null
+++ b/src/patches/rng-tools-6-Enable-RDRAND-for-i586-too.patch
@@ -0,0 +1,35 @@
+From 1f023b49959aa58246e6bb7091ba7710116f6915 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer(a)ipfire.org>
+Date: Sun, 9 Sep 2018 17:29:15 +0100
+Subject: [PATCH] Enable RDRAND for i586, too
+
+IPFire is being compiled for i586 omitting some instructions
+for i686. However, RDRAND is available on some systems and
+can of course be used.
+
+Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
+
+Pull request sent: https://github.com/nhorman/rng-tools/pull/31
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index faba7cc9857e..716175328ff6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -53,8 +53,8 @@ AC_CHECK_TOOLS([AR], [ar gar], :)
+
+ AX_PTHREAD
+
+-AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
+-AS_IF([test $target_cpu = x86_64 -o $target_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
++AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686 -o $target_cpu = i586])
++AS_IF([test $target_cpu = x86_64 -o $target_cpu = i686 -o $target_cpu = i586], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
+
+ AM_CONDITIONAL([DARN], [test $target_cpu = powerpc64le])
+ AS_IF([test $target_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
+--
+2.17.1
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-09-09 16:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-09 16:50 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 505b886d0d8cbe5448a9998ff88c6636b8e50245 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox