This reverts commit 1ad3de2abd.
Indeed, the tarball changed, so its hash changed; this is going to
cause the traditional hash clash with the existing archive on s.b.o.
or on users machines...
Reported-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch replace matchpathcon calls in the auditd init script by
calls to selabel_lookup. Indeed, matchpathcon is now deprecated, and
this causes warning during the boot process.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that Spidermonkey is no longer required to build the polkit package, and
no other packages require Spidermonkey, and python2 is required to build the
package, it is safe to drop the package.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This test script tests polkit with and without systemd.
The Systemd test does the following:
- The brtest user attempts to restart the systemd-timesyncd service and is
denied.
- A systemd-timesyncd-restart.rules file provided by polkit-rules-test
is copied from /root/ to /etc/polkit-1/rules.d
- The brtest user attempts to restart the systemd-timesyncd service and should
now succeed.
The initd test does the following:
- The brtest user attempts to run the test application "hello-polkit" with the
command "pkexec hello-polkit" and is denied.
- A hello-polkit.rules file provided by polkit-rules-test is copied from /root/
to /etc/polkit-1/rules.d
- The brtest user attempts to re-run the test hello-polkit binary with
"pkexec hello-polkit" and succeeds.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The Polkit source does not come with non-systemd init script. Add one that is
modeled after package/busybox/S01syslogd.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Unfortunately, as of commit 3e1d61868fa8bfc586099302e931433270e5d17d, polkit
requires mozjs >= 78, which means spidermonkey is too old. As such, this patch
is larger than usual.
Spidermonkey has a few major issues:
- The source directory after compilation is enormous (2.7G!)
- The shared library is 24MB stripped!
- It requires python2 to build, which is EOLed, and Buildroot is working
towards removing. See: https://elinux.org/Buildroot:Python2Packages
Instead of going through the arduous task of updating Spidermonkey, there is a
better solution: use duktape.
There has been a pending patch for over a year that incorporates duktape as an
optional backend for polkit found here:
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/35
As Thomas Petazzoni put it:
"As I am subscribed to notifications on this merge request, I have been
following the intermittent discussions taking place on this topic.
And indeed, discussions have been sparse, and the polkit maintainer reaction
has not been very supportive. It even feels like they are trying to find
every possible argument or small issue not to merge the duktape integration."
Many people have come out to support using duktape, and many users, including
myself, have used polkit with duktape for as long as the above merge request has
been around without issues; merging in the above merge request is an acceptable
exception to the typical Buildroot package policies.
As Thomas also suggested, I have forked polkit on Github
(https://github.com/aduskett/polkit-duktape), with the above duktape
merge request applied, and a release made with the same tag as upstream (0.119).
I refrained from also adding 0001-make-netgroup-support-optional.patch as it is
outside of the scope of why the fork exists.
Changes:
- refactor 0001-make-netgroup-support-optional.patch to work with 0.119 and
duktape.
- Remove upstream incorporated 0002-jsauthority-memleak.patch
- Remove upstream 0003-polkit-0.116-pkttyagent-sigttou-bg-job.patch
- Remove any trace of spidermonkey from polkit, udisks, and systemd-polkit
- Add duktape as a dependency of polkit
- Change POLKIT_SITE to the above polkit-duktape GitHub repository.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Change sources location from bintray to github since bintray doesn't
work anymore
Signed-off-by: Daniil Stas <daniil.stas@posteo.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
QEMU 6.0.0 replaces in [1] --(enable|disable)-git-update with
--with-git-submodules=(update|validate|ignore). "Disable" is now "ignore".
[1] https://lore.kernel.org/qemu-devel/20201016203857.62572-1-ddstreet@canonical.com/
Signed-off-by: Joseph Burt <caseorum@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Python is removed as dependency.
gtest uses python for self-tests which are not run by buildroot,
and the remaining scripts are not used by the build, and aren't
maintained or supported.
Special handling for gtest-config and gmock-config is removed as well,
the CMake Buildsystem now does take care of those.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[Arnout: still install gmock_gen.py]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix the following build failure raised since bump to version 1.2.5.1 in
commit af19131543:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/9.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: ../src/.libs/libasound.a(control_symbols.o):(.data+0x4): undefined reference to `_snd_module_control_empty'
Fixes:
- http://autobuild.buildroot.org/results/a8fd791ba4c289cc4fc744a8ff9615bacd9558f3
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Update site URL
- Update indentation in hash file (two spaces)
- Update hash of LICENSE due to update in year with
02ca63576ahttps://passlib.readthedocs.io/en/stable/history/1.7.html#whats-new
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SELinux support for openvpn is added by the services/openvpn refpolicy
module.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SELinux support for stunnel is added by the services/stunnel refpolicy
module.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SELinux support for minidlna is provided by the services/minidlna
refpolicy module.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We need to backport an aarch64 patch to prevent a crash.
Fixes:
==654== Conditional jump or move depends on uninitialised value(s)
==654== at 0x68CF9D0: contains (Range.h:115)
==654== by 0x68CF9D0: mark (JITStubRoutineSet.h:57)
==654== by 0x68CF9D0: mark (ConservativeRoots.cpp:127)
==654== by 0x68CF9D0: genericAddPointer<JSC::CompositeMarkHook> (ConservativeRoots.cpp:69)
==654== by 0x68CF9D0: genericAddSpan<JSC::CompositeMarkHook> (ConservativeRoots.cpp:101)
==654== by 0x68CF9D0: JSC::ConservativeRoots::add(void*, void*, JSC::JITStubRoutineSet&, JSC::CodeBlockSet&) (ConservativeRoots.cpp:147)
==654== by 0x68EA5BB: JSC::MachineThreads::gatherConservativeRoots(JSC::ConservativeRoots&, JSC::JITStubRoutineSet&, JSC::CodeBlockSet&, JSC::CurrentThreadState*, WTF::Thread*) (MachineStackMarker.cpp:202)
==654== by 0x68D885B: _ZZN3JSC4Heap18addCoreConstraintsEvENUlRT_E0_clINS_11SlotVisitorEEEDaS2_ (Heap.cpp:2740)
==654== by 0x68EFF7B: JSC::MarkingConstraint::execute(JSC::SlotVisitor&) (MarkingConstraint.cpp:58)
==654== by 0x68F3D83: JSC::MarkingConstraintSolver::runExecutionThread(JSC::SlotVisitor&, JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int> ()>) (MarkingConstraintSolver.cpp:237)
==654== by 0x68D4413: JSC::Heap::runTaskInParallel(WTF::RefPtr<WTF::SharedTask<void (JSC::SlotVisitor&)>, WTF::RawPtrTraits<WTF::SharedTask<void (JSC::SlotVisitor&)> >, WTF::DefaultRefDerefTraits<WTF::SharedTask<void (JSC::SlotVisitor&)> > >) (Heap.cpp:3061)
==654== by 0x68F3E9F: runFunctionInParallel<JSC::MarkingConstraintSolver::execute(JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int>()>)::<lambda(JSC::SlotVisitor&)> > (Heap.h:397)
==654== by 0x68F3E9F: JSC::MarkingConstraintSolver::execute(JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<WTF::Optional<unsigned int> ()>) (MarkingConstraintSolver.cpp:66)
==654== by 0x68F4033: JSC::MarkingConstraintSolver::drain(WTF::BitVector&) (MarkingConstraintSolver.cpp:97)
==654== by 0x68F4B2F: JSC::MarkingConstraintSet::executeConvergenceImpl(JSC::SlotVisitor&) (MarkingConstraintSet.cpp:114)
==654== by 0x68F4C6B: JSC::MarkingConstraintSet::executeConvergence(JSC::SlotVisitor&) (MarkingConstraintSet.cpp:83)
==654== by 0x68D9BC7: JSC::Heap::runFixpointPhase(JSC::GCConductor) (Heap.cpp:1378)
==654== by 0x68D9E93: runCurrentPhase (Heap.cpp:1208)
==654== by 0x68D9E93: JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) (Heap.cpp:1176)
==654== Uninitialised value was created by a stack allocation
==654== at 0x5AC3E80: JSC::ARM64Assembler::linkJump(JSC::AssemblerLabel, JSC::AssemblerLabel, JSC::ARM64Assembler::JumpType, JSC::ARM64Assembler::Condition) [clone .isra.0] (ARM64Assembler.h:2556)
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A flaw was found in mupdf 1.18.0. Double free of object during
linearization may lead to memory corruption and other potential
consequences.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
host-python3 is needed to avoid the following build failure since bump
to version 6.12.0.90 in commit 4be06fa8aa
and
0f47ea5d80:
checking for a Python interpreter with version >= 3.2... none
configure: error: no suitable Python interpreter found
Fixes:
- http://autobuild.buildroot.org/results/6a185e69fe8e123ba26c26b69091d001656693c7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
--enable-more-warnings has been dropped since version 1.22.0 and
448e8fe7c5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
- http://autobuild.buildroot.net/results/24230242c15eb379d653c957a08621f8a1fac55e
ssl/qdtls_openssl.cpp: In member function ‘bool dtlsopenssl::DtlsState::initCtxAndConnection(QDtlsBasePrivate*)’:
ssl/qdtls_openssl.cpp:717:9: error: ‘q_SSL_set_psk_server_callback’ was not declared in this scope; did you mean ‘q_SSL_set_psk_use_session_callback’?
717 | q_SSL_set_psk_server_callback(newConnection.data(), dtlscallbacks::q_PSK_server_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_psk_use_session_callback
ssl/qdtls_openssl.cpp:719:9: error: ‘q_SSL_set_psk_client_callback’ was not declared in this scope; did you mean ‘q_SSL_set_psk_use_session_callback’?
719 | q_SSL_set_psk_client_callback(newConnection.data(), dtlscallbacks::q_PSK_client_callback);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| q_SSL_set_psk_use_session_callback
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
diff in README:
- Copyright (c) 1997, 2000, 2002, 2013 Jay Rogers. All rights
+ Copyright (c) 1997, 2000, 2002, 2013, 2021 Jay Rogers. All rights
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
now, LICENSE lives in its own file.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
LICENSE was reformated, the copyright holder is unchanged:
This software is copyright (c) 2012 by John Scoles.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This release includes the following changes:
- Security bugfixes
OpenSSL DLLs updated to version 1.1.1k.
- New features
Client-side "protocol = ldap" support (thx to Bart Dopheide and Seth Grover).
- Bugfixes
The test suite fixed not to require external connectivity.
Fixed paths in generated manuals (thx to Tatsuki Makino).
Fixed configuration reload when compression is used.
Fixed compilation with early releases of OpenSSL 1.1.1.
Signed-off-by: Pierre-Jean Texier <texier.pj2@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Python 2 is not supported since version 3.0 so update all reverse
dependencies and remove python-coherence
- License file name and its hash is updated due to:
e7338bce90537aa99d44https://github.com/kjd/idna/blob/v3.2/HISTORY.rst
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to add lxc and qemu options for libvirt under the daemon
config option
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Update to add the libvirtd daemon for libvirt
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
[Arnout: put all CONF_OPTS that depend on LIBVIRT_DAEMON together]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Libvirt is collection of software that provides a convenient way to
manage virtual machines and other virtualization functionality, such as
storage and network interface management. These software pieces include
an API library, a daemon (libvirtd), and a command line utility (virsh).
http://libvirt.org/
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
[Arnout:
- Re-introduce BR2_PACKAGE_LIBVIRT_ARCH_SUPPORTS
- Put all Config.in comments on one line
- Put the comment before the option itself (makes sure sub-option
indention is good)
- Remove spurious BR2_PACKAGE_NETCAT dependency
- Alphabetically order dependencies in Config.in
- Add select of libglib2
- Alphabetically order CONF_OPTS
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Support for chrony is added by the services/chronyd module in the
SELinux refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for clamav is added by the services/clamav module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Support for boinc is added by the services/boinc module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
rpcgen patches raise a build failure with host-libtirpc since commit
0a5a9741e0 because rpcgen is not provided
by modern glibc:
rpcgen -h -o tirpc/rpcsvc/crypt.h tirpc/rpcsvc/crypt.x
make[1]: rpcgen: No such file or directory
Those patches were added to build rpcbind back in 2012 with commit
18828103cd however they don't seem to be
needed anymore as rpcbind builds fine without them
So drop those patches and autoreconf as well as the host-nfs-utils
dependency from the target variant.
Fixes:
- http://autobuild.buildroot.org/results/6607cb9bec426b8c78e649484d5a149a1bf12a7f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>