Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Changelog:
"Release 1.5
2010-09-09 Fixed inconsistent blocking (bug 59). Replaced defined routine
in sgDB.c
2010-09-08 Added Russian translation from Vladimir Ipatov to squidGuard.cgi.in.
2009-10-19 Fixed two bypass problems with URLs which length is close to the limit
defined by MAX_BUF. The resulting proxy line exceeds this limit and causes
either squid or squidGuard to properly block a site.
2009-10-15 Fixed a problem with very long URLs. SquidGuard will go into
emergency mode when a overlong URLs are encountered. The emergency mode causes an
entire stop of blocking. This is not appropriate in this situation.
2009-09-30 Added patch by beber and gentoo (thank you!) to fix a problem when cross
compiling (bug 56).
2009-09-27 Added patch by gentoo to fix alocal warnings (bug 57).
2009-09-15 Added a feature to send log messages to syslog based on the patch from
Jun Jiang (thank you). (bug 42) In order to use syslog you have to run
configure with the new option "--with-syslog". In the configuration file you need to add a
line "syslog enable". If any other value but "enable" is used syslog is disabled and logging
to squidGuard.log takes place as usual. The following log level are used: DEBUG, NOTICE,
WARN, ERROR and EMERG. The local4 syslog facility is used by default. If you want to change
this, use the configure option "--with-syslog-facility=<facility>".
2009-09-12 Anonymized passwords (for connecting to the ldap or mysql server) written
to logfiles when squidGuard is starting. Added two configure options for choosing
different location for the LDAP include and library files.
2009-08-25 Added patch to check IP addresses against LDAP. Patch by Denis Bonnenfant
(bug 41) - thank you.
2009-08-23 Added patch to allow quoted strings in the configuration file (bug 53).
For more information see README.QuotedStrings. Thanks to Iain Fothergill for providing
the patch. Removed the fix for usernames starting with a number because it breaks the
time declarations.
2009-05-08 Added patch by INL to enable blocking against DNS based blacklists (bug 55).
Fixed re-opened bug 12: a problem with regular expressions. An entry like "www\.google\.de"
did not block www.google.de which it was supposed to do.
Solving this issue solved bug 46 as well.
2009-03-08 Fixed bug 52: Sometimes squidGuard crashes with an overflow
error message for vsprintf. Thanks to Dirk Schoebel for suggesting the proper fix.
Fixed bug 49: Using numeric username made squidGuard goes into emergency mode. This
has been fixed. Usernames can now start with a number, be numeric and can additionally
contain the following characters: @,à,é,è,ñ,á,ì,í,ò,ó,ù,ú."
Signed-off-by: Matthias Fischer <matthias.fischer at ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Updated squid to current stable
Added some targets to qemu
Updated ntfs3g to current stable
Fixed urlfilter autoupdate script
Started building nagios addon
git-svn-id: http://svn.ipfire.org/svn/ipfire/branches/2.1/trunk@1284 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
corrected pakfire ignoring update and upgrade disable when previously
set
fixed snort rules problem when updating
updated serverall packaages
started building core 2
fixed qos multiport error
git-svn-id: http://svn.ipfire.org/svn/ipfire/branches/2.1/trunk@1125 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
* p2protocols-Datei, die vergessen wurde.
Geaendert:
* Connections.cgi gefixt.
* URLFilter - Man kann keinen eigenen Background hochladen,
bei der neuen redirect-Seite nichtmehr noetig.
* Bootsplash gefixt - Neues Script im Installer.
* Installer wieder hergestellt.
* Im SSH den Zertifikatslogin per default ausgemacht.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@205 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
* URL-Filter gefixt.
* Überblendungen sind an- und ausschaltbar.
* GLIB in ISO für MC.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@188 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
* SquidGuard - mit Patch damit es mit der DB 4.4.20 funktioniert.
* wput - wget nur andersrum.
* hddtemp/hddgraph
* etherwake
* Saemtliche Bootscripts vom BLFS
* vpn-restart-script... muss noch bearbeitet werden.
Geaendert:
* Karsten Rechenbachs Emailadresse in die Credits gebaut.
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@168 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
