file: ragnarok01-live-amd64.hybrid.iso head: 1.23 total revisions: 23 description: changelog for Ragnarok -current -------------------------------------------- revision: 1.23 date: 2024/01/14 * More packages rebuilt: flex, libgcrypt20, gmp. * Some missing dev header packages were added. -------------------------------------------- revision: 1.22 date: 2024/01/10 * New packages rebuilt: attr, audit, bzip2, libcap, libcap-ng, libffi8, libcrypt. -------------------------------------------- revision: 1.21 date: 2024/01/05 * More packages rebuilt from source with clang + ThinLTO and CFI (for some): debianutils, libacl, libgpg-error, sysvinit (et all). -------------------------------------------- revision: 1.20 date: 2024/01/02 * Security updates for both the Ragnarok and Debian kernel flavours. -------------------------------------------- revision: 19 date: 2023/12/30 * Security updates for curl and ssh from Debian. * More packages rebuilt with Clang/ThinLTO: sed, db5.3 and all gnupg related packages. -------------------------------------------- revision: 1.18 date: 2023/12/23 * Security updates for openssh and webkit. * More packages built with clang/thinlto: apt, grep, gzip. -------------------------------------------- revision: 1.17 date: 2023/12/18 * Contains the latest security updates for Xorg and ghostscript from Debian. * New rebuilt packages: hostname and perl. -------------------------------------------- revision: 1.16 date: 2023/12/15 * Updated kernel from 6.1.66 to 6.1.67. -------------------------------------------- revision: 1.15 date: 2023/12/14 * Latest security updates (Xorg, webkit). * New packages rebuilt with clang/ThinLTO: findutils, ncurses, e2fsprogs. -------------------------------------------- revision: 1.14 date: 2023/12/11 * Contains the updates that came with the release of Debian 12.4. * Update to the Ragnarok kernel. * A whole lot of rebuilt packages now included: base-passwd, bash, bsdextrautils, bsdutils, coreutils, dash, diffutils, dpkg, dselect, eject, fdisk, libblkid1, libdpkg-perl, libfdisk1, libmount1, libproc2, libsmartcols1, libuuid, mount, procps, rfkill, util-linux, util-linux-locales, util-linux-extras, uuid-runtime. These are built with LLVM/Clang, with extra hardening options. Many packages are also compiled with ThinLTO, aside from those which did not compile with it (notable ones are dpkg, util-linux and procps). -------------------------------------------- revision: 1.13 date: 2023/12/04 * Security Update for nghttp2 * Fix a broken rt. Its terminfo files weren't being generated so tmux, vifm and all weren't working properly. -------------------------------------------- revision: 1.12 date: 2023/11/30 * To many security updates to count. * Updated packages from apt.llvm.org * Change in the build process: the x11 set is no longer built from source during the iso creation process. Instead, a pre-compiled tarball is extracted. This saves a few seconds (but will save more once the same process is used for base). -------------------------------------------- revision: 1.11 date: 2023/11/06 * Has the latest security fixes from Debian. * More packages built from source: bsd-mailx, dma, surf. * Bug Fix: in the previous version, updating libwebkit would render surf unusable. This was fixed in the bro.sh script by executing surf with the WEBKIT_DISABLE_COMPOSITING_MODE=1 variable. This was the default behavior with webkit prior to the latest security update, so it does not change anything from a usability standpoint. * Added the hardening-check.pl script, lifted from the devscripts package. This utility allows checking binaries to make sure the hardening flags took effect during compilation time. -------------------------------------------- revision: 1.10 date: 2023/10/07 * The Ragnarok kernel build was updated to get the latest security fixes. * Many packages updated by Debian after the 12.2 release today (yesterday?). -------------------------------------------- revision: 1.9 date: 2023/10/04 * Updated with the latest glibc security fix from Debian. * Ragnarok's fork of Suckless' st (rt) is now built using the same hardening flags as every other programs built from source. I honestly thought it was already the case but seems like it got lost in the moutain of other things to do. -------------------------------------------- revision: 1.8 date: 2023/10/02 * Ragnarok's own flavour of the Linux kernel is now included in the ISO for testing purposes. THe Debian kernel is still included and can be booted from if something is wrong with Ragnarok's. More details at: https://ragnarokos.github.io/news/new-live-iso-ragnarok-kernel.html https://ragnarokos.github.io/logs/bugs.html * The iso now includes OpenBSD's version of yacc(1), which replaces bison. * A custom build of OpenBSD's RCS (Revision Control System) is also included. * dwm/rt/dmenu/wmutils sources were moved to their own repo (x11) and they are now compiled from there when building the ISO. * base-files is now a dummy package, since Ragnarok won't be using it at all. * /etc/apt/sources.list.d/ragnarok.sources and Ragnarok's gpg signature were removed since the repo is no longer in use. * The public signify keys for Ragnarok 01 (and 02) were moved to /etc/signify. -------------------------------------------- revision: 1.7 date: 2023/09/09 * LLVM/Clang is now installed via the LLVM project's repository in order to get version 16 (the latest 'major release') which is not in the repo for Debian Bookworm. This will allow building the kernel with Clang's Control Flow Integrity, among the other benefits of having an up-to-date toolchain. * New stuff installed from the src repository: sysupdate and the /usr/share directory. * Steven Black's /etc/hosts file was updated to the September 08, 2023 version. -------------------------------------------- revision: 1.6 date: 2023/09/04 * Major fix: grub.cfg now points to vmlinuz/initrd.img *without* the version number appended. This prevented the ISO from booting in EFI mode. * Programs built from source are now using LLVM/Clang. This means the llvm, clang and lld packages were added and are used by default in Ragnarok when compiling software. * usr/bin from Ragnarok's src repository was added to the buildsrc hook, which means more programs built from source (no deb): doas(1), signify(1), mandoc(1). * Along with the above programs, OpenBSD's apply(1) and banner(1) were added. Although banner was added only for the fun of it (and it helped testing the build infrastructure more), apply can be very useful (see its manual page for details). * Added the 'hostsupdate' script, which allows updating Steven Black's hosts file quickly for ad blocking in surf(1). -------------------------------------------- revision: 1.5 date: 2023/08/30 * Latest security update for librsvg (from Debian). * Fixed: mandoc won't output "outdated mandoc.db lacks ..." anymore. This occured because the db was updated before programs like dwm were built. * ksh and (OpenBSD's) ed now built from source, rather than using debs. * Dummy man-db package added: packages that have it as a hard dependency won't refuse to install anymore. Functions that uses man-db options won't work unless the real package is installed, however. -------------------------------------------- revision: 1.4 date: 2023/08/25 * hardened_malloc is now built at boot time, using -march=native. This is recommended by upstream to limit performance impacts. Compiling during the init phase also does not significantly increase boot times, even on old hardware. * New sysupdate(8) version: sysupdates are no longer distributed through deb packages. * dwm is now installed to /usr/bin rather than /usr/local/bin. The fact that this wasn't the default from the start was an omission. * Suckless' surf is now the default provided browser and firefox-esr was removed (can still be installed via apt-get). The switch was done because a) surf is smaller, so it helps trimming down the iso's size a bit. b) a full fledged browser included by default in a simple live iso isn't really needed, and in fact, it's better to let the user choose which big browser they want to install if they really need one in a live session. Not having firefox installed will also save space if someone opts to install something else (and space *is* a concern on a live iso, especially when used on a system low on RAM). c) surf has a fully functional, and rather sane, apparmor profile (which is enabled by default). * To complement surf, a wrapper script called bro.sh was added. For usage details, simply type the 'bro.sh -h' command. * Steven Black's hosts file was added to provide some basic ad blocking for surf. -------------------------------------------- revision: 1.3 date: 2023/08/11 * Updated kernel with latest security fix. * New packages: libarchive-tools, libbsd-dev. -------------------------------------------- revision: 1.2 date: 2023/07/30 * Updated kernel with latest security fix from Debian. * Fixed: Proper exec bits are now set for rcctl. * Fixed isolinux boot menu still showing (dev) rather than (-current). * Changed deprecated '~' option to 'stop' in /etc/rsyslog.d/nftables-log.conf. * New package: RCS (Revision Control System). -------------------------------------------- revision: 1.1 date: 2023/07/24 * The sysupdate(8) utility has been added. * Ragnarok's own rc init scripts and inittab are in use. * New mandoc build, with proper binary names. This means /etc/skel/.aliases has been removed. It can still be used to create aliases for ksh. * /usr/lib/hardened_malloc.so now points to the light variant. This gives a slight performance boost on old (eg. pre-2012) hardware while still being more secure than no hardened memory allocator. * Fixed: manual page path in wmutils core was not properly set, causing them to be installed in /usr/man rather than /usr/share/man. * The bsdextrautils package was added to base. It was absent due to an omission.