Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 48810c2296)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The patches have been used by Alpine for 5 months now and they were
posted on the Busybox mailing list mid-July with no review or comment.
According to Ariadne Conill[1] - though NVD CVSS 3.x Base Score seems to
disagree - this has a low security impact so we could probably just wait
for upstream to merge the patches or implement it the way they want.
Considering those patches have been public for 5 months and upstream
hasn't acted until now, let's take the patches from the mailing list
anyway as there's no indication the CVEs will be fixed upstream soon.
[1] https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 4a03d17172)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes CVE-2022-30065 by backporting a patch from the master branch.
Cc: Quentin Schulz <foss+buildroot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c367b2dc86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer
over-read.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d7561a8c5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As explained in bug #14796, there are situations where the seccomp based
sandboxing in openssh can get confused, leading to connection issues.
As explained by Thomas in the bug report:
glibc does not care about the kernel headers when deciding whether to
try the clock_gettime64() syscall or not: it always use it, and if that
fails at runtime, it falls back to clock_gettime(). This is how glibc
ends up using clock_gettime64() even if your kernel does not support it.
On the other hand, the OpenSSL seccomp code relies on kernel headers to
decide whether the clock_gettime64() syscall should be in the allowed
list of syscalls or not.
So when you are in a situation where glibc is recent, but your kernel is
older, you get into precisely the problem you have: glibc tries to use
clock_gettime64, but OpenSSH seccomp configuration prevents that, which
does not allow glibc to gracefully fallback to clock_gettime (as seccomp
is configured to kill the process on filter violations).
As a workaround, add a _OPENSSH_SANDBOX option (defaulting to y) to
decide if sandboxing should be used or not.
--with-sandbox expects the type of sandboxing to use, and if not
specified, will use the first one available in a list: pledge, systrace,
darwin, seccomp, capsicum, rlimit. On Linux, only seccomp and rlimit are
available, and rlimit probably does not bring much security-wise, so in
all practical matters, on Linux, sandboxing uses seccomp or there is no
sandboxing, so let's just disable sandboxing when we do not want to use
seccomp, and let configure detect seccomp when we request sandboxing.
Fixes (works around) #14796
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: add § about sandboxing types]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f204766b8f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit af494d92d3 (utils/genrandconfig: disable libopenssl without
atomics) intorduced a code-style issue that flake8 does not like:
$ make check-flake8
utils/genrandconfig:253:8: E713 test for membership should be 'not in'
1 E713 test for membership should be 'not in'
Fixes: af494d92d3https://gitlab.com/buildroot.org/buildroot/-/jobs/3045260108
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit fa538315dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b936a95d02 (package/openssh: bump to version 9.0p1) dropped the
patch touching m4/openssh.m4, but forgot to remove autoreconf. Fix that.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7719e4525d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libopenssl needs atomic or the build will fail (e.g. on sparcv8 without
libatomic):
${LDCMD:-/nvmedata/autobuild/instance-7/output-1/host/bin/sparc-buildroot-linux-uclibc-gcc} -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O0 -g2 -g2 -L. \
-o apps/openssl apps/asn1pars.o apps/ca.o apps/ciphers.o apps/cms.o apps/crl.o apps/crl2p7.o apps/dgst.o apps/dhparam.o apps/dsa.o apps/dsaparam.o apps/ec.o apps/ecparam.o apps/enc.o apps/engine.o apps/errstr.o apps/gendsa.o apps/genpkey.o apps/genrsa.o apps/nseq.o apps/ocsp.o apps/openssl.o apps/passwd.o apps/pkcs12.o apps/pkcs7.o apps/pkcs8.o apps/pkey.o apps/pkeyparam.o apps/pkeyutl.o apps/prime.o apps/rand.o apps/rehash.o apps/req.o apps/rsa.o apps/rsautl.o apps/s_client.o apps/s_server.o apps/s_time.o apps/sess_id.o apps/smime.o apps/speed.o apps/spkac.o apps/srp.o apps/storeutl.o apps/ts.o apps/verify.o apps/version.o apps/x509.o \
apps/libapps.a -lssl -lcrypto -ldl
/nvmedata/autobuild/instance-7/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.3.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: ./libssl.so: undefined reference to `__atomic_fetch_sub_4'
It should be noted that openssl3 has added OPENSSL_DEV_NO_ATOMICS but
"this is intended for internal development only, to check the
refcounting is properly coded. It should never become a configuration
option, hence the name of the macro.":
503d4745a1
Atomics are not available in Buildroot if:
- architecture is 32 bit and something other than ARM or xtensa, and
- GCC < 4.8 or no threads or FLAT.
The nothreads case can theoretically happen in many different
situations, but in practice nobody disables threads. So the only
interesting case is the FLAT case. Since ARM and RISC-V 64 both have
atomics intrinsics, that leaves just m68k NOMMU as FLAT. So this is
truly a corner case.
The proper solution would be to patch GCC to also provide libatomic in
those cases.
- For nothreads, atomics are in fact not needed, so libatomic can simply
be implemented as stubs.
- For FLAT, it's probably just a matter of having a match to uclinux in
libatomic/configure.tgt.
Again, though, this happens only in such niche cases that it's not worth
working on it.
Fixes:
- http://autobuild.buildroot.org/results/bce526d538f43a541fdfbc0c9b4a7cecebbbc539
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit af494d92d3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libexpat before 2.4.9 (which is still not released) has a use-after-free
in the doContent function in xmlparse.c.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit d8c044f584)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-29187: Git is a distributed revision control system. Git
prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3,
2.31.4, and 2.30.5, is vulnerable to privilege escalation in all
platforms. An unsuspecting user could still be affected by the issue
reported in CVE-2022-24765, for example when navigating as root into a
shared tmp directory that is owned by them, but where an attacker could
create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4,
2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The
simplest way to avoid being affected by the exploit described in the
example is to avoid running git as root (or an Administrator in
Windows), and if needed to reduce its use to a minimum. While a generic
workaround is not possible, a system could be hardened from the exploit
described in the example by removing any such repository if it exists
already and creating one as root to block any future attacks.
https://github.com/git/git/blob/v2.31.4/Documentation/RelNotes/2.31.4.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 15293e0360)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This needs to be set based on BR2_PACKAGE_LLVM_RTTI being set.
Fixes:
- http://autobuild.buildroot.net/results/e2ebc9a73ed421aa6be44fe41bb5224cc12f699d
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a7f854bce5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The logic implemented in e745c0b to stop makedevs from recursively running
chmod() on dangling symlinks excluded everything that isn't a symlink.
Other file types or directories are skipped/ignored.
Logic has been updated to exit the function if mode shouldn't be changed
or if path is a dangling symlink.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d6d8d60ee3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with sh4{a,eb,aeb} probably raised since
the addition of the package in commit
e43da7bb32:
ERROR: Unknown or unidentifiable processor "sh4a"
Fixes:
- http://autobuild.buildroot.org/results/fb6885a8a299f20ed77e4c10b330d2a2a7853931
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit dbff193c74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
<pkg>_REDISTRIBUTE defaults to YES, so no need to explicitly set it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fbb3dcfc9d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avoid the "Where did it put my builds?" step.
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ca9fbfd5ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/moby/moby/releases/tag/v20.10.18
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5b71d1015e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the TARGET env variable is set icu may try to use it.
To prevent this from causing issues clear it from the icu env.
Fixes:
>>> host-icu 70-1 Building
PATH="/home/buildroot/buildroot/output/per-package/host-icu/host/bin:/home/buildroot/buildroot/output/per-package/host-icu/host/sbin:/home/buildroot/bin:/home/buildroot/.local/bin:/home/buildroot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
PKG_CONFIG="/home/buildroot/buildroot/output/per-package/host-icu/host/bin/pkg-config"
PKG_CONFIG_SYSROOT_DIR="/" PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
PKG_CONFIG_LIBDIR="/home/buildroot/buildroot/output/per-package/host-icu/host/lib/pkgconfig:/home/buildroot/buildroot/output/per-package/host-icu/host/share/pkgconfig"
/usr/bin/make -j33 -C
/home/buildroot/buildroot/output/build/host-icu-70-1/source
cd ./config; \
/usr/bin/make -f pkgdataMakefile
rm -rf config/icu-config
rebuilding config/icucross.mk
rebuilding config/icucross.inc
/bin/bash ./mkinstalldirs lib
/bin/bash ./mkinstalldirs bin
/usr/bin/install -c ./config/icu-config-top config/icu-config
rm -rf pkgdata.inc
chmod u+w config/icu-config
mkdir lib
mkdir bin
LC_ALL=C /usr/bin/sed -f ./config/make2sh.sed < ./config/Makefile.inc
| grep -v '#M#' | uniq >> config/icu-config
config/icu-uc.pc updated.
config/icu-i18n.pc updated.
/usr/bin/make[2]: Making `all' in `stubdata'
LC_ALL=C /usr/bin/sed -f ./config/make2sh.sed < ./config/mh-linux |
grep -v '#M#' | uniq >> config/icu-config
cat ./config/icu-config-bottom >> config/icu-config
(deps) stubdata.cpp
chmod u-w config/icu-config
Note: rebuild with "/usr/bin/make VERBOSE=1 " to show all compiler parameters.
make[3]: *** No rule to make target 'bpf', needed by 'all-local'. Stop.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 17b6372790)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This driver requires:
CONFIG_NET
CONFIG_WIRELESS
CONFIG_CFG80211
CONFIG_MMC
to build so let's add them to RTL8189ES_LINUX_CONFIG_FIXUPS.
Fixes:
http://autobuild.buildroot.net/results/4b7/4b7b5bbf5b3839d99397eb2597dd7be79f403233/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 39ef6a1ebb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The curren URL is specific to an old version, and it is not reachable
anymore.
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0e4418b0cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The curren URL is specific to an old version, and it is not reachable
anymore.
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1d23e01c3b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This Wi-Fi module has an SDIO interface so we need to make sure Linux
has CONFIG_MMC (that include SDIO APIs) enabled.
Fixes:
http://autobuild.buildroot.net/results/1bb71019b7edd7f195223a85c81f70e5a60518f0/
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 80323a534b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to a bug in the CodeSourcery ARM toolchain packaging, this
toolchain currently appears as available even for noMMU
configurations, which is obviously wrong. Due to this, the
bootlin-armv7m-uclibc.config fragment ends up using the CodeSourcery
ARM toolchain, which is obviously wrong for an ARM noMMU
configuration, causing a build failure when matching the toolchain
capabilities with the configuration.
Even though we will separately fix the CodeSourcery ARM toolchain
packaging, it makes sense to ensure that the
bootlin-armv7m-uclibc.config fragment explicitly selects the Bootlin
toolchain.
Reported-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 43fc826d82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
http://autobuild.buildroot.net/results/4ba/4baf7b753a16e9cd798eaf51a4cb994a22f437e8/
Brings the following changes:
Denis Klester (1):
fix build for 5.19.2
Larry Finger (4):
rtl8723bu: Fix build under kernel 5.17 and clean up some warnings
rtl8723bu: Fix multiple definition errors
rtl8723bu: Fin compile warning
rtl8723bu: Fix builds for kernel 6.0
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 34f6a27f10)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is the fourth patch release in the 1.1.z series of runc, primarily fixing a
regression introduced in 1.1.3 related to device rules, as well as other bugs.
- Fix mounting via wrong proc fd. When the user and mount namespaces are used,
and the bind mount is followed by the cgroup mount in the spec, the cgroup was
mounted using the bind mount's mount fd.
- Switch kill() in libcontainer/nsenter to sane_kill().
- Fix "permission denied" error from runc run on noexec fs.
- Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3,
the DeviceAllow=char-pts rwm rule was no longer added and was causing an error
open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
https://github.com/opencontainers/runc/releases/tag/v1.1.4
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ec8e8aaa3a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 67ccc49fab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit c099842544 ("package/libmdbx:
bump version to 0.11.8") forgot to drop the hash for the previous
0.11.7 version, let's do so now.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b831f84e13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 2.0.15, and upstream commit 71a90177d7b2 (Systemd: Add
mosquitto group ownership), mosquitto uses its own group rather than
the generic nobody group.
This means that mosquitto can now no longer start on a systemd-based
system.
Change our mosquitto user definition to specify a mosquitto group.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Titouan Christophe <titouanchristophe@gmail.com>
Cc: Francois Perrad <fperrad@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 63727d9a54)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
COPYING was a link to Copyright, this link is now removed
with 2.10.0, fix CVE-2022-2309
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a7295520a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-3037, CVE-2022-3099, CVE-2022-3134
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 24261a1762)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The qt5xmlpatterns package exhibits gcc bug 90620 [0] when built for the
Microblaze architecture with optimization enabled, which causes a build
failure.
As done for other packages in Buildroot work around this gcc bug by
setting optimization to -O0 if BR2_TOOLCHAIN_HAS_GCC_BUG_90620=y.
Fixes:
http://autobuild.buildroot.net/results/346/346e6d502a8927c8e95eea156f5b2943a85d0a6b/
[0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90620
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit ddedf5e785)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release that includes improvements and bug fixes.
https://github.com/wolkykim/qlibc/releases/tag/v2.4.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 2de6538320)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit c28b27032b.
This still broke packages using certain older autoconf versions (E.G. 2.13
as used by thttpd/wipe).
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release fixes a compiler error when using glibc 2.36.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The POLKIT_IGNORE_CVES variable was missing a "S",
therefore the CVE still showed up in the wrong column.
Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Using a custom Xtensa configuration requires an overlay that provides
that configuration; not providing an overlay is like using the default
configuration, BR2_xtensa_fsf, so there would be no point in that case
in requesting a custom configuraiton.
Make providing an overlay mandatory for custom configurations.
Fixes:
http://autobuild.buildroot.org/results/f0b/f0ba47d2534aeb3cc2921124aa639ae3aa072b9b
xtensa-buildroot-linux-uclibc/bin/ld: ldso/ldso/ld-uClibc_so.a(ldso.oS): compiled for a big endian system and target is little endian
[1] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=include/xtensa-config.h;hb=2ee5e4300186a92ad73f1a1a64cb918dc76c8d67#l28
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Max Filippov <jcmvbkbc@gmail.com>
[yann.morin.1998@free.fr:
- always require an overlay for custom configurations, not just for
little endian ones
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
go1.18.6 includes security fixes to the net/http package, as well as bug fixes
to the compiler, the go command, the pprof command, the runtime, and the
crypto/tls, encoding/xml, and net packages.
https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sub-options of a kconfig symbol are only preperly indented below that
sybol, if there is no inter-mixed sylbols or comments.
In this vase, the comment about perf being unavailable is in-between the
perf symbol and the sub-options, which means the perf options are int
indented.
Move the comment before the definition of perf, so that the options
directly follow the per fsymbol, and so they are properly indented.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
