The third version of this patch conducts the necessary changes in
configroot. Previously, they took place in ipblocklist itself, which
would have caused user settings to be overwritten, should ipblocklist be
shipped in future Core Updates.
Fixes: #12917
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
- libfmt required in run time by mpd
- mpd changelog specifically said fmt was a build only dependency
- Bug#12909 flagged up that fmt was also a run time dependency for mpd
Fixes: Bug#12909
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Sodium is a new, easy-to-use software library for encryption,
decryption, signatures, password hashing and more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- v3 version adds specific armv6l based rootfile as xxxMACHINExxx does not get correct
substitution
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
From the kernel documentation:
> For reduced kernel memory fragmentation, slab caches can be
> merged when they share the same size and other characteristics.
> This carries a risk of kernel heap overflows being able to
> overwrite objects from merged caches (and more easily control
> cache layout), which makes such heap attacks easier to exploit
> by attackers. By keeping caches unmerged, these kinds of exploits
> can usually only damage objects in the same cache. [...]
Thus, it is more sane to leave slab merging disabled. KSPP and ClipOS
recommend this as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
- starting tftpd currently throws "missing directory" error
- this change corrects the issue
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
- rootfile has all entries commented out as not needed for execution only build
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
To quote from the kernel documentation:
> If you say Y here, the layouts of structures that are entirely
> function pointers (and have not been manually annotated with
> __no_randomize_layout), or structures that have been explicitly
> marked with __randomize_layout, will be randomized at compile-time.
> This can introduce the requirement of an additional information
> exposure vulnerability for exploits targeting these structure
> types.
>
> Enabling this feature will introduce some performance impact,
> slightly increase memory usage, and prevent the use of forensic
> tools like Volatility against the system (unless the kernel
> source tree isn't cleaned after kernel installation).
>
> The seed used for compilation is located at
> scripts/gcc-plgins/randomize_layout_seed.h. It remains after
> a make clean to allow for external modules to be compiled with
> the existing seed and will be removed by a make mrproper or
> make distclean.
>
> Note that the implementation requires gcc 4.7 or newer.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
