Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 1.5.1 to 1.5.2
- Update rootfile
- Changelog
Release 1.5.2
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead of the bundled
sha1 implementation if selected, added option to select
the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd unit
directory.
* Added --with-misc-conv-bufsize configure option to specify the buffer size
in libpam_misc's misc_conv() function, raised the default value for this
parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation improvements,
and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Samba - Erste Test-Version
* STUNNEL - bisher nicht verwendet, aber SWAT sendet das root-Passwort im Klartext über die Leitung
Geändert:
* Linux-PAM - Libs waren falsch verlinkt
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@100 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
* Postfix 2.2.9
* PostGreSQL
Gefixt und neu implementiert:
* PAM
* Berkeley-DB
* XAMPP + PostGreSQL
* SASLAUTHD
/opt/lampp/lib und /opt/lampp/lib/mysql befinden sich im Lib-Cache
leichtes aufräumen in der make.sh
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@79 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
