-fcf-protection insert non i586 instructions that crash on amd k6 and geode
to build a working glibc also the toolchain compiler must build without this
so this need a new toolchain.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
gcc-7 not support -fcf-protection so filter it from CFLAGS.
also filter -mtune in first pass because it should optimized for the
actual host.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update postfix from version 3.5.6 to 3.5.7
see ftp://ftp.cs.uu.nl/mirror/postfix/postfix-release/official/postfix-3.5.7.RELEASE_NOTES
Supporting request from Peter Müller
Signed-off-by: Adolf Belka<ahb@ipfire@gmail.com
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- added pid_file=/var/run to the configure statement
to give the required pid directory in the default nrpe.cfg file
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
ACPI (with EFI) is used on ARM systems conforming to the
Server Base Boot Requirements (SBBR) and is an optional
on embedded systems (EBBR).
Up to now the ARM64 boards supported by IPFire use U-Boot and
device tree so ACPI was not turned on.
The immediate use case here is to run under virtualization,
using my muvirt project[1] I can run IPFire on our Traverse Ten64
system. For reasons I'll explain separately it is not
currently possible to run stock IPFire on this system.
This change also enables the EFI RTC driver which is presented
by the qemu arm64 virt machine.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
[1] - https://gitlab.com/traversetech/muvirt
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this is needed to allow clean unmount at reboot because
init has some files open and the binary was replaced
at glibc update.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
the configure.ac has a bug that detects gcc-10 as gcc-1 and so not use
some quirks. Also there is a bug with FORTIFY-SOURCE=2 that crash
if the matchparen plugin is used (enabled by default).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This prevents from overwriting existing files, with empty ones
and finally to lose the stored settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This prevents from overwriting existing files, with empty ones
and finally to lose the stored settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting
(CVE-2020-15811)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the browser
cache and any downstream caches with content from an arbitrary
source.
* SQUID-2020:9 Denial of Service processing Cache Digest Response
(CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial
of Service by consuming all available CPU cycles on the machine
running Squid when handling a crafted Cache Digest response
message.
* SQUID-2020:10 HTTP(S) Request Smuggling
(CVE-2020-15810)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the proxy
cache and any downstream caches with content from an arbitrary
source.
* Bug 5051: Some collapsed revalidation responses never expire
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
* Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
