SELinux support for quota is provided by the admin/quota refpolicy
module.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for snort is added by the services/snort module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for cups is added by the services/cups module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gdb can automatically load certain files as described in [1]. Such files
could install pretty-printers for complex data structures.
libstdcxx (C++ standard library) provided by gcc, is one example of a
library for which such auto-load file is available. But there are other
examples too, like libglib2.
However, gdb will only auto-load files if the file is located in one of the
locations treated as 'safe'. The Buildroot sysroot is not by default in that
list.
Provide a better debugging experience by adding the sysroot to the 'safe'
list, via the gdbinit file prepared by Buildroot.
[1] https://sourceware.org/gdb/onlinedocs/gdb/objfile_002dgdbdotext-file.html
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
gcc installs a libstdcxx-...so-gdb.py file that gdb will load automatically
when it loads libstdcxx.so, via the mechanism described at [1].
However, the auto-load file installed by gcc contains hardcoded paths
referring to the location where the (external) toolchain was built, which
are normally not available.
Fix up the paths in the load file so that the pretty printers can be loaded
automatically.
Note that gdb will only auto-load the file if its location is marked as
'safe'. A subsequent commit will take care of that.
Technically, there could be more than one load file, e.g. in lib and
usr/lib, so fix them all. This was for example observed in
BR2_TOOLCHAIN_EXTERNAL_ARM_AARCH64.
In a very specific case with a local custom toolchain, there were actually
two 'python' directories, which would break the sed command, so arbitrarily
limit to the first one encountered.
[1] https://sourceware.org/gdb/onlinedocs/gdb/objfile_002dgdbdotext-file.html
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When enabling Python 3 support in gdb < 10, gdb segfaults at startup.
The issue is was resolved by the following upstream gdb commit,
present since gdb 10.1:
commit c47bae859a5af0d95224d90000df0e529f7c5aa0
Author: Kevin Buettner <kevinb@redhat.com>
Date: Wed May 27 20:05:40 2020 -0700
Fix Python3.9 related runtime problems
[...]
This commit backports this fix to all relevant gdb versions supported
in Buildroot.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- overwrite cross-compiled mariadb_config executable (used from the
mysql_config script) by a native/host compiled one
Fixes (qt5base configure):
Trying source 0 (type mysqlConfig) of library mysql ...
+ .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mysql_config --version
> .../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mysql_config: line 100: \
.../host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config: cannot execute binary file: Exec format error
with
$ file host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config
host/aarch64-buildroot-linux-gnu/sysroot/usr/bin/mariadb_config: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 5.10.0, with debug_info, not stripped
Reported-by: Scott Bartolett <SBartolett@thorlabs.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- rebase 001-add-extra-check-for-librt.patch
- for changelog see [1], [2]
Fixes:
CMake Error at libmariadb/cmake/ConnectorName.cmake:30 (ENDMACRO):
Flow control statements are not properly nested.
Call Stack (most recent call first):
libmariadb/CMakeLists.txt:423 (INCLUDE)
[1] https://mariadb.com/kb/en/mariadb-10329-changelog/
[2] https://mariadb.com/kb/en/mariadb-10330-changelog/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Update lib{mtd,ubi}.h path to fix the following build failure raised
since bump of swupdate to version 2021.04 in commit
2c6b0359c3:
In file included from corelib/mtd-interface.c:21:
include/flash.h:13:10: fatal error: libmtd.h: No such file or directory
13 | #include <libmtd.h>
| ^~~~~~~~~~
This build failure is raised because of
0c672866d4
Fixes:
- http://autobuild.buildroot.org/results/d475bdb341d2afecf12e404dfa093e58221b9882
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Create a symlink for libglx.so and drop libnvidia-wfb.so (aka libwfb.so)
since all selectable xserver versions in Buildroot provide their own.
VDPAU libraries should be installed into /usr/lib/vdpau/
https://download.nvidia.com/XFree86/Linux-x86_64/390.67/README/installedcomponents.html
Also, allow specifying target subdirectory per library and respect it in
the install loop.
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Parallelizes locale generation based on `BR2_JLEVEL` setting.
Locale generation always runs during the finalize stage and can consume
a significant amount of time. Parallelizing it greatly reduces that time
on multi-core machines.
To parallelize it, we first invoke `localedef` for every locale in
parallel with the `--no-archive` option. This creates the intermediate
locale data instead of writing to the finally archive directly.
Then, we invoke `localedef` again once to create the archive from the
intermediate compiled locale data files.
We have to do it this way because `localedef` does not do any locking
when writing to the archive file, so calling it without `--no-archive`
concurrently could result in a corrupt archive file or an archive file
that is missing some locales.
While we're at it, make two additional improvements:
- Remove locale-archive before adding to it. Otherwise, repeated
applications of target-finalize will keep on growing the file.
- Sort the locales when creating locale-archive so its contents are
reproducible.
We use `find` to collect the installed locales rather than LOCALES. This
makes it possible for something else (skeleton, overlay, custom package)
to create and install additional locales and still have them added to
locale-archive.
Signed-off-by: Gleb Mazovetskiy <glex.spb@gmail.com>
[Arnout:
- Remove -j$(PARALLEL_JOBS), it's already part of $(MAKE)
- Remove HOST_DIR, TARGET_DIR, STAGING_DIR, they're already exported
- Extend commit message
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
The nios2 architecture is already excluded from PIC/PIE due to issues,
and we're going to also exclude Microblaze, so let's introduce a
BR2_PIC_PIE_ARCH_SUPPORTS hidden boolean to facilitate adding this new
architecture exclusion.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit e6b3913cfc converted busybox to the generic kconfig help text
infrastructure, but set the wrong variable to flag that it doesn't
support defconfig files. Fix that.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Some external packages call pg_config to determine the installed
PostgreSQL cflags_sl option. Add this output to Buildroots own
pg_config, so these packages correctly compile.
Default value is defined at src/template/linux as:
Extra CFLAGS for code that will go into a shared library
CFLAGS_SL="-fPIC"
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python-paramiko has a dependency on C++ support, which was added in
commit 2d7b73cf75 in 2016.
When python-pysftp was added in commit
3b920487ba in 2020, this C++ dependency
was not propagated, even though python-pysftp selects python-paramiko.
This commit fixes this issue by propagating the dependency, which
fixes this warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PYTHON_PARAMIKO
Depends on [n]: (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y] && BR2_INSTALL_LIBSTDCPP [=n]
Selected by [y]:
- BR2_PACKAGE_PYTHON_PYSFTP [=y] && (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y]
That occurs with configuration with C++ disabled, but python-pysftp
enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As Thomas put it:
The <pkg>_HELP_CMDS variable allows packages using the
kconfig-package infrastructure to display their specific
targets related to the handling of their configuration.
However, it was not consistently used and handled by the
different packages.
So, this commit switches all the kconfig-based package to use the
generic help helper.
As a consequence:
- all kconfig packages now advetise their kconfig-related actions,
where some were previously missing: at91bootstrap3, linux-backports,
swupdate, xvisor;
- busybox advertises it does not support defconfig files;
- the 'foo-savedfconfig' action is no longer advertised: it is to be
considered an internal implementation detail.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, as Thomas pointed out [0], the help for kconfig packages is
not consistently used and handled by the different packages.
This commit introduces a generic help text for kconfig packages, that is
based on what the package declares:
- the list of kconfig editors it supports;
- whether it is possible to save back the configuration (impossible if
the package uses an in-tree defconfig file);
- whether the package actually supports (loading and saving) defconfig
files, by introducing a new variable a package can set if it does
not (only busybox is known to be in that case).
That new help helper is only used if the package does not already define
its own help, to be consistent with what we do for other _CMDS.
[0] http://lists.busybox.net/pipermail/buildroot/2021-July/313570.html
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Currently, we define the default values for kconfig-specific variables
after we call into the generic package infrastructure.
So far, this was totally unconsequential, because there was no kconfig
variable that could influence the generic parts. But conversely, there
are generic variables that do influence the kconfig part (e.g. $(2)_DIR
that is used in some dependency definitions), but none that do influence
the kconfig variables.
However, we are going to add a new kconfig-related variable that will
have an impact on the generic parts, so we will want that kconfig
variable to be defined before calling into the generic infrastructure.
For consistency, move all the defaults before calling the generic infra.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Let's bump at to version 3.2.2 by:
- moving SITE to http://software.calhariz.com/at that is the official at
realease site while the actual(https://salsa.debian.org/debian/at)
doesn't provide consitent tarballs.
- rebasing 2 local patches(some some of them has not been accepted upstream
because of removing -g root -o root while installing, while other simply
has not been taken into account for 1 year.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Convert local patches to git format. Note that some of them change name
because of use of 'git format-patch'.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to version 4.32
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which provides fixes for CVE-2021-21775,
CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689,
CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749,
CVE-2021-30795, CVE-2021-30797, and CVE-2021-30799.
Full release notes can be found at:
https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html
An accompanying security advisory has been published at:
https://webkitgtk.org/security/WSA-2021-0004.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a minor release which provides fixes for CVE-2021-21775,
CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689,
CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749,
CVE-2021-30795, CVE-2021-30797, and CVE-2021-30799.
Full release notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.32.3.html
An accompanying security advisory has been published at:
https://wpewebkit.org/security/WSA-2021-0004.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SELinux support for minissdpd is added by the services/minissdpd
refpolicy module.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for asterisk is added by the services/asterisk module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for apcupsd is added by the services/apcupsd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for acpid is added by the services/acpi module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Use official tarball
- Drop fourth to seventh patches (already in version)
- Update hash of LICENSE file (update in year:
2bdc8e52efb844a9c7f1)
- Update indentation in hash file (two spaces)
https://github.com/libffi/libffi/blob/v3.4.2/README.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This makes it easier for packages that depend on lapack to get
their dependencies correct.
The !uClibc dependency is also not sufficient: indeed, musl too does not
provide _fpu_control; only glibc does. This is the same situation as for
clapack. Add a comment about this, to mirror clapack.
Since the !glibc dependency only exists for PowerPC, treat it as
an architecture dependency.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[yann.morin.1998@free.fr:
- fpu_control depends on glibc, not on !uclibc
- add or update comments accordingly
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This makes it easier for packages that depend on clapack to get
their dependencies correct.
Since the glibc dependency only exists for PowerPC, treat it as
an architecture dependency.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This reverts commit 1ad3de2abd.
Indeed, the tarball changed, so its hash changed; this is going to
cause the traditional hash clash with the existing archive on s.b.o.
or on users machines...
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch replace matchpathcon calls in the auditd init script by
calls to selabel_lookup. Indeed, matchpathcon is now deprecated, and
this causes warning during the boot process.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
