summaryrefslogtreecommitdiff
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2019-08-03Merge branch 'binutils-cve' into 'master'A. Wilcox8-3/+423
system/binutils: patch multiple CVEs (#116) See merge request adelie/packages!304
2019-08-03Merge branch 'skaware.20190729' into 'master'A. Wilcox2-5/+5
system/s6-linux-init: upgrade to 1.0.2.1 system/utmps: upgrade to 0.0.2.2 See merge request adelie/packages!302
2019-08-01system/lvm2: Always use /run for ephemeral stateSamuel Holland1-0/+4
Previously, autodetection on the arm64 builder chose to put lockfiles in /var/lock. This broke running pvscan from a udev rule with read-only / and separate /var. Make this option and related ones always use /run, independent of the build environment.
2019-08-01system/iproute2: Remove obsolete post-install scriptSamuel Holland2-7/+0
Signed-off-by: Samuel Holland <samuel@sholland.org>
2019-08-01system/binutils: patch multiple CVEs (#116)Max Rees8-3/+423
2019-07-31system/utmps: upgrade to 0.0.2.2Laurent Bercot1-2/+2
2019-07-30system/zsh: install a skeleton .zshrc fileA. Wilcox2-1/+8
2019-07-29 system/s6-linux-init: upgrade to 1.0.2.1Laurent Bercot1-3/+3
2019-07-28system/shadow: zsh is now the default user shellA. Wilcox3-4/+16
2019-07-28system/adelie-base: set root's default sh to /bin/shA. Wilcox2-3/+3
2019-07-28system/adelie-base: fix thatA. Wilcox3-2/+4
2019-07-28system/adelie-base: force `sh` provider, not specifically bashA. Wilcox1-2/+2
2019-07-24Merge branch 'openrc-bashisms' into 'master'A. Wilcox7-17/+18
Cleanup OpenRC init.d scripts, and more See merge request adelie/packages!295
2019-07-24Merge branch 'cves.for.20190723' into 'master'A. Wilcox7-51/+135
CVE patches for 2019-07-23 See merge request adelie/packages!298
2019-07-24system/attr: Don't install files to /usr/etcLuis Ressel1-2/+3
2019-07-23system/bzip2: [CVE] bump to 1.0.8Max Rees4-48/+25
bzip2-1.0.4-POSIX-shell.patch integrated: https://sourceware.org/git/?p=bzip2.git;a=commit;h=33414da1d2bedf2cbe693f0e21fdaef11d221b1d CVE-2016-3189.patch integrated: https://sourceware.org/git/?p=bzip2.git;a=commit;h=c1cdd98db3238cb711c7d9cdc5671452ce2822cb
2019-07-23system/libxslt: patch for CVE-2019-13117, CVE-2019-13118Max Rees3-3/+110
2019-07-23system/coreutils: move install(1) to /usr/bin for user/newt etalA. Wilcox1-2/+5
2019-07-22system/paxmark: mark as /bin/bash compatible onlyMax Rees2-4/+4
2019-07-22system/musl: remove |& bashism from ldconfigMax Rees2-4/+4
2019-07-22system/*, user/*: remove bashisms from initd scriptsMax Rees3-9/+10
2019-07-22Merge branch 'bashisms' into 'master'A. Wilcox24-45/+43
Purge bashisms, adduser, and addgroup from packages.git See merge request adelie/packages!293
2019-07-22system/libffi: remove PaX crap, fix testsuite on ppc64A. Wilcox3-125/+15
2019-07-22Merge branch 'cve.20190722' into 'master'A. Wilcox4-4/+190
system/patch: patch(!) for CVE-2018-6952, 2019-13636, 2019-13638 See merge request adelie/packages!294
2019-07-22Merge branch 'lr.abuild-url' into 'master'A. Wilcox1-1/+1
system/abuild: Fix URL See merge request adelie/packages!292
2019-07-22Merge branch 'lr.skaware' into 'master'A. Wilcox3-7/+22
system/s6-linux-init-early-getty: new subpackage of s6-linux-init See merge request adelie/packages!291
2019-07-22Merge branch 'lr.utmps' into 'master'A. Wilcox1-1/+1
system/adelie-base-posix: Depend on utmps See merge request adelie/packages!290
2019-07-22system/patch: patch(!) for CVE-2018-6952, 2019-13636, 2019-13638Max Rees4-4/+190
2019-07-22system/abuild: Fix URLLuis Ressel1-1/+1
2019-07-22system/s6-linux-init-early-getty: new subpackage of s6-linux-initLaurent Bercot3-7/+22
2019-07-21system/*: use useradd, groupadd instead of adduser, addgroupMax Rees6-8/+8
2019-07-21system/adelie-base-posix: Depend on utmpsLuis Ressel1-1/+1
2019-07-21system/cryptsetup, user/dracut: Update deps after the lvm2 subpkg mergeLuis Ressel1-1/+1
2019-07-21system/lvm2: Merge dmeventd/device-mapper subpkgs into lvm2Luis Ressel1-38/+6
This makes the packages significantly saner, at the expense of pulling in a few more MB worth of files for users who only need dmsetup or libdevicemapper. Currently, it's not clear to users where the development headers or man pages for these can be found, and there are a few more minor annoyances such as the dmeventd openrc script not being contained in an -openrc subpackage. The /lib/libdevmapper.so symlink should be unneccessary, since there's already a symlink in /usr/lib/. Half the .so symlinks are in /lib/, while the other half is in /usr/lib/, but imho fixing that isn't worth the hassle.
2019-07-21system/musl: no, Patrick, echo -e is not portable eitherMax Rees1-1/+1
2019-07-21system/sysvinit: remove &> from upgrade scriptMax Rees2-2/+2
2019-07-21system/ca-certificates: remove &> bashism from triggerMax Rees2-2/+2
2019-07-21system/*: initial bashism removalMax Rees14-33/+31
2019-07-20system/fakeroot: unmaintained bump to 1.23A. Wilcox3-47/+9
2019-07-20system/e2fsprogs: take, bump to 1.45.3A. Wilcox1-3/+3
2019-07-20system/curl: bump to 7.65.3 (Adopt me today)A. Wilcox1-2/+2
2019-07-19system/musl: bump to 1.1.23A. Wilcox4-143/+33
2019-07-19Merge bugfix and secfix bumps for 11 July 2019A. Wilcox1-2/+2
See merge request adelie/packages!281
2019-07-18system/ncurses: bump to 6.1.20190713 (requested)A. Wilcox1-8/+5
2019-07-16system/openssh: ensure the -server subpkg is always functionalA. Wilcox1-5/+3
At least scp(1) requires the client stuff to be present on the server.
2019-07-15system/easy-kernel: Small aarch64 fixesLuis Ressel2-51/+51
These were meant to be in my MR.
2019-07-14system/easy-kernel*: slight config tweakingA. Wilcox12-64/+114
* Use Westwood+ as default TCP cc algo, instead of CUBIC. * Ensure JFS and XFS are =y. * Allow all users to read dmesg. * Enable ALi PATA controller on pmmx.
2019-07-14system/easy-kernel*: (Partly) sync kernel configsLuis Ressel7-2063/+3078
This is an attempt at syncing the kernel configs of our different arches. So far, only the 'Networking support/Networking options', 'Filesystems', 'Security Options' and 'Cryptographic API' sections have been handled, since those require much less knowledge about some of the more exotic hardware we support than some of the other sections. Some notable changes: Network * Enable IPsec, miscellaneous tunnels, and the diag interfaces for all socket families. * Enable policy routing (for wireguard). * Make the CUBIC TCP congestion control algorithm the default everywhere, provide a few other common choices. * Support FQ_CODEL. We may want to support further QoS features. * Disable support for PF_KEY sockets, which shouldn't be required by our IPsec userland tools. * Enable most netfilter features, except for arptables/ebtables/nfacct/ nfqueue/ipset, whose userland tools we don't provide yet, and a few other very specialized options. Filesystems * Build everything except for ext4, iso9660, vfat and squashfs as modules. * Use the ext4 driver for ext2 filesystems. * Disable the kernel automounter, which is currently only enabled on ppc32 and aarch64. Security * Only grant root access to dmesg by default; this can be overriden via a sysctl. * Support Yama; it doesn't do anything unless explicitly enabled by a sysctl, and may be useful to some users. * Disable AppAarmor, which is currently only enabled on pmmx and x86_64. Crypto * Disable a lot of uncommon ciphers which are unlikely to be used by anything. * Build all crypto code as modules (where possible); this means users with a dm-crypt-encrypted root filesystem now need to provide the appropriate kernel modules in their initramfs images on all arches. * Disable support for dedicated cryptographic coprocessors; we are not in a position to evaluate their security and performance benefits or disadvantages. Other * Allow serial consoles to be used as the kernel console on all arches; this is important for VMs.
2019-07-12system/icu: fix test failure on 32-bit; resolves #88A. Wilcox2-1/+72
2019-07-12system/argon2: sec bump to 20190702A. Wilcox1-7/+11