As reported by Toolchain-builder project [1], the system doesn't
boot when PIC/PIE is enabled for glibc based toolchain (the init
process hang).
Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].
Like for NiosII, disable BR2_PIC_PIE.
[1] https://gitlab.com/bootlin/toolchains-builder/-/pipelines/318038406
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d120f84460)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The nios2 architecture is already excluded from PIC/PIE due to issues,
and we're going to also exclude Microblaze, so let's introduce a
BR2_PIC_PIE_ARCH_SUPPORTS hidden boolean to facilitate adding this new
architecture exclusion.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 70dd4bd156)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Some external packages call pg_config to determine the installed
PostgreSQL cflags_sl option. Add this output to Buildroots own
pg_config, so these packages correctly compile.
Default value is defined at src/template/linux as:
Extra CFLAGS for code that will go into a shared library
CFLAGS_SL="-fPIC"
Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ed4cfbb773)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
python-paramiko has a dependency on C++ support, which was added in
commit 2d7b73cf75 in 2016.
When python-pysftp was added in commit
3b920487ba in 2020, this C++ dependency
was not propagated, even though python-pysftp selects python-paramiko.
This commit fixes this issue by propagating the dependency, which
fixes this warning:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_PYTHON_PARAMIKO
Depends on [n]: (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y] && BR2_INSTALL_LIBSTDCPP [=n]
Selected by [y]:
- BR2_PACKAGE_PYTHON_PYSFTP [=y] && (BR2_PACKAGE_PYTHON [=n] || BR2_PACKAGE_PYTHON3 [=y]) && BR2_PACKAGE_PYTHON3 [=y]
That occurs with configuration with C++ disabled, but python-pysftp
enabled.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8d1a72866a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch replace matchpathcon calls in the auditd init script by
calls to selabel_lookup. Indeed, matchpathcon is now deprecated, and
this causes warning during the boot process.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 90dd1d6178)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The Polkit source does not come with non-systemd init script. Add one that is
modeled after package/busybox/S01syslogd.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 82712c5862)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add upstream backported patches that allows using -mcmodel=large gcc option
that in order allows fixing build failure due to binutils bug 21464:
https://sourceware.org/bugzilla/show_bug.cgi?id=21464
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
(cherry picked from commit 394c62b21b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Actual patches are stubs suggested but now they are available as upstream.
So let's substitute them since they make part of a or1k patchset and next
patch will add the others.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: remove the PATCH M/N parts - cfr. check-package]
(cherry picked from commit e5978dae85)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
host-python3 is needed to avoid the following build failure since bump
to version 6.12.0.90 in commit 4be06fa8aa
and
0f47ea5d80:
checking for a Python interpreter with version >= 3.2... none
configure: error: no suitable Python interpreter found
Fixes:
- http://autobuild.buildroot.org/results/6a185e69fe8e123ba26c26b69091d001656693c7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 285eb82395)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Release notes of this bugfix release:
https://www.samba.org/samba/history/samba-4.14.5.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 145133a6f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for chrony is added by the services/chronyd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6d4c9437c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for clamav is added by the services/clamav module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c70f31b6ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for boinc is added by the services/boinc module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit aa460c23dd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
gobject-introspection is an optional dependency (which is enabled by
default) since at least version 219 and
43a593b5b4
Fixes:
- http://autobuild.buildroot.org/results/3bedc9fa3b14939825fb9cdebc6977057c3f6118
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 99278e5208)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog ([1]):
- Abyss: fix bug: wild memory reference when server times out waiting for
request header. Introduced with Release 1.44 (December 2015).
[1] http://xmlrpc-c.sourceforge.net/change_super_stable.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0e22d2101e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for bind is added by the services/bind module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c7fd40c7d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for apache is added by the services/apache module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bd91d7826e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for tor is added by the services/tor module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1f9090b6b4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for avahi is added by the services/avahi module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 952c42e3e7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for dnsmasq is added by the services/dnsmasq module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68d886c4ea)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Support for bird is added by the services/bird module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 459d725db0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The configure script uses pkg-config to detect the location of
tmpfiles.d but imposes an unspecified ordering dependency with systemd.
Instead of relying on systemd being built before cryptsetup, set the
directory path explcitly, and ensure it is not set when systemd-tmpfiles
is disabled.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a2e93a802c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Link with TARGET_NLS_LIBS if needed to avoid the following build
failure:
/home/buildroot/autobuild/run/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/xtensa-buildroot-linux-uclibc/9.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: lib/libgranite.so.5.4.0.p/meson-generated_Application.c.o: in function `_vala_array_free.constprop.0':
Application.c:(.text+0x340): undefined reference to `libintl_bindtextdomain'
Fixes:
- http://autobuild.buildroot.org/results/d754cb776a1e11031cef4e66d45619aad5c4575d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 82a5ffca28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Remove duplicated entries for brcmfmac4366b-pcie.bin and
brcmfmac4366c-pcie.bin (present since addition with
commit ca6e3f4b90)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ba6a30905)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e5db5a472e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Do not include the build date when creating reproducible builds.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 083b48194f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
opus dependency is handled twice since commit
f33f7a4f64
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 929c977afb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2021-20201: A flaw was found in spice in versions before
0.14.92. A DoS tool might make it easier for remote attackers to cause a
denial of service (CPU consumption) by performing many renegotiations
within a single connection.
https://gitlab.freedesktop.org/spice/spice/-/tags/v0.15.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b784f1bc0f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e93cf29a70)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Patch is not needed since bump to version 1.7 in commit
6274f41913 and
94e9a082d7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f6461f6fc8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
comment message for gqrx is always displayed. This is due to an invert
dependency: GQRX depends on !BR2_STATIC_LIBS so comment must depends
on BR2_STATIC_LIBS.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d9512b08a4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add patches to fix building on hosts that provide gcc version < 5
(i.e. 4.9), otherwise they fail due to missing default '-std=gnu11' option
on variable declaration inside for loops.
The patch is pending upstream:
https://sourceware.org/pipermail/binutils/2021-June/116884.html
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 747e2eed88)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
One of the files have CRLF line endings, which have been lost in the
process, causing build issues. Also, we update the upstream status of
the patch.
Fixes:
http://autobuild.buildroot.net/results/31744f8476819c725f8c0024529515bb8059582d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6a1810711)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build without SSP fails since bump to version 0.27.4 in commit
bcace42942
This is due to the fact that
bbe0b70840
removed the wrong GCC_ prefix from HAS_FSTACK_PROTECTOR_STRONG variable
Fixes:
- http://autobuild.buildroot.org/results/ae4635899124c602c70d2b342a76f95c34aa4a3d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b18d9d6191)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix BR2_PACKAGE_HOST_UBOOT_TOOLS_ENVIMAGE_SOURCE so that files are actually concatenated
as described in the help text.
Signed-off-by: Mirza Kapetanovic <mirza.kapetanovic@gmail.com>
Reviewed-by: Matthew Weber <matthew.weber@collins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d8f5a017b8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm,
which is part of the Red Hat packaging and not part of upstream dovecot
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 948e71689a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 46273a8eb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
