This reverts commit 6d3e6cfc16.
Arne informed me via the phone that this patch has to be reverted, since
his changes for riscv64 already made it redundant. Keeping it would
cause rootfile quirks to the riscv64 builds.
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 20221108 to 20230214
- Update of rootfile
- Changelog - details can be found in the releasenote.md file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- rngd removed from initscripts lfs and rootfiles due to change of rng-tools to addon
Fixes: Bug#12900
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
For details see:
https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1650-2022-11-03
I started updating rust to 1.65 mainly because 'clamav 0.105.1-3' and the
shortly thereafter released version 'clamav 1.0.0' need at least 'rust 1.56':
"Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it
relies on features introduced in the Rust 2021 Edition."
At this point we were still on 'nightly 2022-01-27'. Ok then...
But it was a bit more tricky than I thought, because this update wouldn't build without
patching most of the existing rust-crate-lfs files in a way I didn't expect.
Please note the patch series following this update...
Nevertheless, the update to 1.65 and ALL testbuilds completed without any errors.
Unfortunately, I can only provide the rootfile for x86_64 - I don't have the appropriate hardware
for anything else.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from version 37 to 38
- Update of rootfile
- mandoc is now a build dependency for efivar
- Old compile fixes patches are no longer required with version 38
- Details for lfs build of version 38 obtained from Beyond Linux From Scratch
- Changelog
bug fixes
Rework some makefile bits to make overriding some options simpler. by @vathpela in #140
Handle /sys/devices/virtual/{nvme-fabrics,nvme-subsystem} devices by @vathpela in #139
guids.S: Include <cet.h> when CET is enabled by @hjl-tools in #149
Fix /sys/block sysfs parsing for eMMC-s by @jwrdegoede in #150
Properly check mmap return error by @hannob in #152
Fix s{yt,ty}le typo in efi_get_variable(3) by @nabijaczleweli in #162
Handle NULL set_variable() by @lcp in #159
Fix parsing for nvme-subsystem devices by @dannf in #158
Attempt to fix the identified thread safety bugs by @vathpela in #155
Make thread-test depend on libefivar.so by @hjl-tools in #176
Upstream a local patch from rawhide by @frozencemetery in #177
Fix conversion from UTF8 to UCS2 by @freedge in #171
efivar: make docs match current code for 'efivar -A' by @vathpela in #178
Migrate CI to Github actions by @frozencemetery in #179
Add code of conduct by @frozencemetery in #180
Misc minor fixes by @vathpela in #182
Add efi_time_t declarations and helper functions. by @vathpela in #183
More misc fixes by @vathpela in #185
Run CI on more targets by @vathpela in #187
Coverity fixes 20211208 by @vathpela in #189
CI: run abicheck by @frozencemetery in #190
Fix linux virtual root device parsing by @vathpela in #188
efivar.spec.in: fix license to be valid SPDX by @frozencemetery in #192
Add efisecdb tooling by @vathpela in #184
Fix linker string comparison for dash by @frozencemetery in #194
Full changelog diff between version 37 and 38 is available in github repo
https://github.com/rhboot/efivar/compare/37...38
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
To quote from the kernel documentation:
> If you say Y here, the layouts of structures that are entirely
> function pointers (and have not been manually annotated with
> __no_randomize_layout), or structures that have been explicitly
> marked with __randomize_layout, will be randomized at compile-time.
> This can introduce the requirement of an additional information
> exposure vulnerability for exploits targeting these structure
> types.
>
> Enabling this feature will introduce some performance impact,
> slightly increase memory usage, and prevent the use of forensic
> tools like Volatility against the system (unless the kernel
> source tree isn't cleaned after kernel installation).
>
> The seed used for compilation is located at
> scripts/gcc-plgins/randomize_layout_seed.h. It remains after
> a make clean to allow for external modules to be compiled with
> the existing seed and will be removed by a make mrproper or
> make distclean.
>
> Note that the implementation requires gcc 4.7 or newer.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
If available, the kernel will enable IOMMU (a/k/a DMA remapping) by
default on boot. To tools making use of that, particularly hypervisors,
this provides better security without any downsides.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57
for the changelog of this version. Since it introduces
architecture-dependent rootfile changes due to CPU side-channel
mitigations, changes to ARM rootfiles have been omitted due to the lack
of hardware.
Supposed hardening changes will be submitted separately.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This file points to /usr/bin/setarch, which we do not ship on any
architecture. As it serves no obvious purpose on IPFire installations,
we may as well not ship it entirely.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
This is no longer required because the kernel will now try to
generate some randomness in an easier way when needed.
This has been added in: b923dd3de0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This reverts commit 05a1fe1362.
For some reason, the rootfile changes introduced with this patch break
the build, as they do not seem to be present. Needs further
investigation.
- In Jan 2022 I updated python from 3.8 to 3.10 but I missed that boost had rootfile
entries with python38 in it.
- Running a build just now for another package it got flagged up that the rootfile for
boost had been changed and the logfile now had the entries with python310 instead of
python38
- Not clear why it only flagged this up now but this patch is to correct that error
- Running find-dependencies on both the pyton38 and python310 versions of the libraries
flagged nothing as being linked to either, so probably lucky with this being missed
first time around.
- Boost will need to be shipped with a Core Update
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
in kernel 5.15.32 the driver for ATH9K wlan cards is unstable.
This is one of the most used cards so we need this update before
releasing core167 final.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
