From 144f344845738ce69422ac9a1dcbe731cba3ee48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20M=C3=BCller?= Date: Sat, 2 May 2020 11:52:25 +0200 Subject: [PATCH 1/7] de.pl: fix misleading translation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'geoip' key is being used in the firewall.cgi for configuring GeoIP as a source or destination. "konfigurieren" is misleading in this context. Signed-off-by: Peter Müller Reviewed-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- langs/de/cgi-bin/de.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index b01e75eb5..f73b373b8 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1565,7 +1565,7 @@ 'local vpn hostname/ip' => 'Lokaler VPN Hostname/IP', 'localkey' => 'Localkey', 'localkeyfile' => 'Localkeyfile', -'location' => 'Länderfilter konfigurieren', +'location' => 'Länderfilter', 'locationblock' => 'Location-Filter', 'locationblock block countries' => 'Länderfilter', 'locationblock configuration' => 'Location-Konfiguration', From 16105723e82cb592cd833c7aca862b7ffc6c48ce Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Tue, 25 Aug 2020 20:46:56 +0200 Subject: [PATCH 2/7] Core 148: Exclude location related settings files. This prevents from overwriting existing files, with empty ones and finally to lose the stored settings. Signed-off-by: Stefan Schantl Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/148/exclude | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/rootfiles/core/148/exclude b/config/rootfiles/core/148/exclude index b22159878..99dd65af1 100644 --- a/config/rootfiles/core/148/exclude +++ b/config/rootfiles/core/148/exclude @@ -19,6 +19,8 @@ etc/udev/rules.d/30-persistent-network.rules srv/web/ipfire/html/proxy.pac var/ipfire/dma var/ipfire/time +var/ipfire/firewall/locationblock +var/ipfire/fwhosts/customlocationgrp var/ipfire/ovpn var/lib/alternatives var/log/cache From 3d5c33f05790b87b142eab274cf27de439646735 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 31 Aug 2020 18:39:01 +0200 Subject: [PATCH 3/7] libvirt: add libtirpc to dependencies libvirt is linked against libtirpc so this need to installed. Signed-off-by: Arne Fitzenreiter --- lfs/libvirt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/libvirt b/lfs/libvirt index 4d8fe806f..cd5e32f62 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 23 +PAK_VER = 24 -DEPS = ebtables libpciaccess libyajl ncat qemu +DEPS = ebtables libpciaccess libtirpc libyajl ncat qemu ############################################################################### # Top-level Rules From 5eab2b3893538800a2f0aa9433028508a3ca7c0f Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 5 Sep 2020 14:57:55 +0000 Subject: [PATCH 4/7] core149: restart init at update this is needed to allow clean unmount at reboot because init has some files open and the binary was replaced at glibc update. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/149/update.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/rootfiles/core/149/update.sh b/config/rootfiles/core/149/update.sh index 50add169b..38f80529f 100644 --- a/config/rootfiles/core/149/update.sh +++ b/config/rootfiles/core/149/update.sh @@ -43,6 +43,9 @@ extract_files # update linker config ldconfig +# Restart init to allow clean unmout at reboot +telinit u + # Update Language cache /usr/local/bin/update-lang-cache From d83422d1c06058b66762477d9dcd008ff70bf485 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 24 Sep 2020 07:36:01 +0200 Subject: [PATCH 5/7] toolchain: fix build with gcc<8 on builder. gcc-7 not support -fcf-protection so filter it from CFLAGS. also filter -mtune in first pass because it should optimized for the actual host. Signed-off-by: Arne Fitzenreiter --- lfs/binutils | 2 ++ lfs/ccache | 5 ++++- lfs/gcc | 4 +++- lfs/glibc | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lfs/binutils b/lfs/binutils index 334adad25..6db2e990f 100644 --- a/lfs/binutils +++ b/lfs/binutils @@ -51,6 +51,8 @@ ifeq "$(PASS)" "1" CFLAGS := $(patsubst -mfloat-abi=%,,$(CFLAGS)) CFLAGS := $(patsubst -mindirect-branch=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfunction-return=%,,$(CFLAGS)) + CFLAGS := $(patsubst -fstack-clash-protection,,$(CFLAGS)) + CFLAGS := $(patsubst -fcf-protection,,$(CFLAGS)) TARGET = $(DIR_INFO)/$(THISAPP)-tools1 EXTRA_CONFIG = \ diff --git a/lfs/ccache b/lfs/ccache index 94d7bd149..1361f3ed0 100644 --- a/lfs/ccache +++ b/lfs/ccache @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,10 +34,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)-pass$(PASS) ifeq "$(PASS)" "1" CFLAGS := $(patsubst -march=%,,$(CFLAGS)) + CFLAGS := $(patsubst -mtune=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfpu=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfloat-abi=%,,$(CFLAGS)) CFLAGS := $(patsubst -mindirect-branch=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfunction-return=%,,$(CFLAGS)) + CFLAGS := $(patsubst -fstack-clash-protection,,$(CFLAGS)) + CFLAGS := $(patsubst -fcf-protection,,$(CFLAGS)) endif ############################################################################### diff --git a/lfs/gcc b/lfs/gcc index 7cbc8e9e8..3aa147ce8 100644 --- a/lfs/gcc +++ b/lfs/gcc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -44,6 +44,8 @@ CFLAGS := $(filter-out -fexceptions,$(CFLAGS)) ifeq "$(PASS)" "1" CFLAGS := $(patsubst -mindirect-branch=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfunction-return=%,,$(CFLAGS)) +CFLAGS := $(patsubst -fstack-clash-protection,,$(CFLAGS)) +CFLAGS := $(patsubst -fcf-protection,,$(CFLAGS)) endif CXXFLAGS := $(CFLAGS) diff --git a/lfs/glibc b/lfs/glibc index 802c372a9..281c290dc 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # From cf58f6593148f55b2016e2a18af75925271ef1b7 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 24 Sep 2020 07:38:56 +0200 Subject: [PATCH 6/7] make.sh fix i586 code generation. -fcf-protection insert non i586 instructions that crash on amd k6 and geode to build a working glibc also the toolchain compiler must build without this so this need a new toolchain. Signed-off-by: Arne Fitzenreiter --- make.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/make.sh b/make.sh index 2a6198e05..ab90e5143 100755 --- a/make.sh +++ b/make.sh @@ -39,7 +39,7 @@ GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" # Git Branch GIT_TAG="$(git tag | tail -1)" # Git Tag GIT_LASTCOMMIT="$(git rev-parse --verify HEAD)" # Last commit -TOOLCHAINVER=20200814 +TOOLCHAINVER=20200924 ############################################################################### # @@ -153,7 +153,7 @@ configure_build() { BUILDTARGET="${build_arch}-pc-linux-gnu" CROSSTARGET="${build_arch}-cross-linux-gnu" BUILD_PLATFORM="x86" - CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer -fcf-protection" + CFLAGS_ARCH="-march=i586 -mtune=generic -fomit-frame-pointer" ;; aarch64) From 0f7a8e02c7ae3cfd6ab5612289a4c99bcadcdfe1 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 19 Sep 2020 16:13:51 +0000 Subject: [PATCH 7/7] index.cgi: Fix CPU architecture check Signed-off-by: Michael Tremer Signed-off-by: Arne Fitzenreiter --- html/cgi-bin/index.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index 8e7207d0c..5aec4c594 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -547,7 +547,7 @@ if ( ! -e "/var/ipfire/main/send_profile") { # Legacy architecture my ($sysname, $nodename, $release, $version, $machine) = &POSIX::uname(); -if ($machine =~ m/^i?86$/) { +if ($machine =~ m/^i.86$/) { $warnmessage .= "
  • $Lang::tr{'legacy architecture warning'}
    • "; }