'[IPCop-Announce] Announce of IPCop 1.4.19 / 1.4.20 release'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-announce
Subject:    [IPCop-Announce] Announce of IPCop 1.4.19 / 1.4.20 release
From:       "Announcement mailinglist for the IPCop project." <ipcop-announce () lists ! sourcefo
Date:       2008-07-22 20:35:31
Message-ID: 064d01c8ec3a$7cd5bde0$f9b5a8c0 () pii350
[Download RAW message or body]

IPCop 1.4.19 / 1.4.20 is released

Update is splitted in two part because of a kernel update to accomodate free
space limitation.
1.4.19 contain some packages updates, most notabily a dnsmasq update to be
immune on recent dns advisory.
1.4.20 install the second part of the kernel update and configure the new
kernel.
1.4.19 could be installed separately from 1.4.20. A reboot is not needed
after 1.4.19 installation.

Concerning the dns issue, see more details in
http://www.heise-online.co.uk/news/DNS-security-problem-details-released--/111145
It is very likely anyone need to a patch without waiting and our is in
1.4.19 for
dnsmasq.
The dns server you use need to be patched too or you may switch to opendns.

You need to reboot to use the new kernel after 1.4.20 installation.

Updates
be875f7491117174fccded3fec4be9bf  ipcop-1.4.19-update.i386.tgz.gpg
fe1eb0fd1c22e30fe5595a168f096305  ipcop-1.4.20-update.i386.tgz.gpg
816e96dccd712d0482e1924560f3db10  ipcop-avmdrv-2.4.36-1.i386.tgz.gpg

Installation
2032842766045da0feb7fbb4fe9d5956  ipcop-1.4.20-install-cd.i386.iso
ea6266f4a312a5db31f17d7d75856378  ipcop-1.4.20-install-pxe.i386.tgz
bd9ac9e8e29133ad9945fabedb47e4a0  ipcop-1.4.20-install-usb-fdd.i386.img.gz
15686fcc165fefd127786deb85cb39a7  ipcop-1.4.20-install-usb-hdd.i386.img.gz
55e2baac23c5d176723d874b3c007ddc  ipcop-1.4.20-install-usb-zip.i386.img.gz
To copy an usb image to a key, on linux, use zcat <thefile.img.gz>
>/dev/sd<x>,
x being the letter given to the key, be carefull to not choose the harddisk.

Sources
47b820fc1c28f2b1865ede8a3f0015fe  ipcop-1.4.20-sources.tgz
External sources packages (./make.sh getothersrc could do that for you)
938e4ffda38dac874a12e6f0e9d7dd0d  ipcop-1.4.20-othersrc.tar.bz2
412de52fc0bde67613d8e460003a1c68  ipcop-1.4.20-othersrc.tar.bz2.md5

I will publish only binaries for x86 for 1.4.20 unless requested
If you use the alpha port, please report. I had not feedback until now.
I have work on a ppc port but it is not totally ready.

The new kernel contain :
- a new security protection against against null pointer dereference
( mmap_min_addr=4096)
- some new nic drivers skge sky2 sc92031 atl1 atl2
- improved support in some IDE or sata driver
Please report success/failure for nic and disk controllers detection.
Silan sc92031 driver should recognize RslTek 8139D card.
It's a patch I have made and I need to know if everything is right.
Original driver has some bugs I try to fix.

As usual, this version can be installed as an update from previous v1.4.x
versions or with a ready-to-go ISO or usb bootable images for a fresh
install.
ipcop-avmdrv-2.4.36-1.i386.tgz.gpg is needed to install for avm drivers
users.

The date on the machine where the update is installed has to be good.
If date is in the past, signature is considered in the futur and update will
refuse to install.
You would have only the 'This is not an authorized update' message warning
on web interface.

Upgrade openssh to 4.7p1
Include lzo binary so, it will match openssl version if openssl is updated
Update dnsmasq to 2.45
Update tzdata to 2008d
Update pcre from 7.4 to 7.7
Update apache to 1.3.41
Upgrade e1000 to 7.6.15.5 solve issue with 7.6.12
Update bzip2 from 1.0.3 to 1.0.5 CVE-2008-1372
Upgrade e2fsprogs from 1.35 to 1.40.11
Update squid to 2.6.STABLE21
Compile r1000 with jumbo frame support
Upgrade bin package to 9.4.2-P1

Changes summary
sysctl.conf
- insert mmap_min_addr=4096 to protect again null pointer on new kernel
  does not hurt on lower kernel than 2.4.36

rc.halt
- no need to source rc.flash.down
- save random seed on halt and use that value at start in rc.sysinit

rc.network
- no need to source rc.netaddress.up

rc.updatered
- use readhash to read dhcpcd info file

rc.sysinit
- include fcron -s 86400 for flash

snort
- modify snort.conf to protect against CVE-2008-1804

updfstab
- remove kudzu keyword from /etc/fstab so mount -t ext2 /dev/floppy
/mnt/floppy work

log.dat
Fix system log section on update

ddns.cgi
- fix for SF Bug 1728880 - comma in password
- changes for regfish, closes #1950435

time.cgi
- update default time servers to include IPCops vendor name.

update.cgi
- Use cleanhtml to fully display gpg signature.
- The new kernel (with same settings) is automaticly selected during update.
- add a protection in update script against installing binary update package
from another arch.
  That would broke any binaries

Various
- add an help message for dummies attempting to compile directly inside
IPCop
- add a script to set grub default booting kernel
- modify detection for Opera 9.50

Compilation
- Automaticly set vdso_enabled=0 when needed to be able to compile our
glibc-3.3 on kernel running after 2.6.17
- uClic : More recent mke2fs use strod and we need to activate
UCLIBC_HAS_FLOATS for that
- Allow toolchain compilation when AS_NEEDED is present inside
/usr/lib/libc.so (binutils patch).
- Enable previously available nic drivers happymeal sungem
- Add new nic drivers skge sky2 sc92031 atl1 atl2
- Patch for improved amd74xx support NForce IDE (MCP51, MCP61, MCP65, MCP67,
MCP73, MCP77) AMD CS5536
- Patch for improved ahci support sata Intel ICH7-M, ICH8, ICH8M,
ICH9/ICH9R, ICH9M, ICH10, Tolapay, VIA MP67, MP73, MP79, MP7B, SiS 966, 968,
Marvel 6145
- Fix file reload on md5 change
- Fix unzip CVE-2008-0888
- Add machine to the iso label and publisher
- Add german install pdf to iso
- Remove no more used CC=KGCC since we drop gcc-2.95.3
- Fix a bug in lfs/bash that replace building machine original /bin/sh when
building toolchain
  This has replaced Ubuntu original link to dash, Ubuntu users could
recreate the link to dash manually if needed.
- Force SHELL to bash during toolchain because some of our script need that
  (brace expansion) on glibc, bzip2 and Ubuntu default link to /bin/sh is
dash
- Force SHELL=/bin/sh in lfs/gcc or it fail to build
- Add a comment that syslinux-3.70 and later can't be compiled because of
our binutil,
  but we still could used precompiled version
- ppc port have been introduced. It does compile but a few work is still
needed.
  parted fail to partition the disk actually.
1.4.20 has been tested to compile (including toolchain compilation) with 32b
distrib on Debian etch, Ubuntu-8.04, Centos-5.1/5.2,Fedora-9 without any
changes.
On 64b distrib, you need to open a linux32 console and load precompiled
toolchain get with ./make.sh gettoolchain


Installer
- not needed to link installer against libpci
- need a link from /proc/mounts to /etc/mtab for more recent e2fsprogs
version
- separate package for disk partitioning utility to spare space on network
and scsi floppies for added drivers
- badblock is available on install (but not yet used)
- Avoid modules.conf is more recent..., if you install now from old version
and update to 1.4.20

Gilles


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
IPCop-Announce mailing list
IPCop-Announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic