A memory corruption issue was found in Artifex Ghostscript 9.50 and
9.52. Use of a non-standard PostScript operator can allow overriding of
file access controls. The 'rsearch' calculation for the 'post' size
resulted in a size that was too large, and could underflow to max
uint32_t. This was fixed in commit
5d499272b95a6b890a1397e11d20937de000d31b.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13ddfcdce7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The live555 source code includes both a COPYING file (with the GPL-3.0
license text) and a COPYING.LESSER file (with the LGPL-3.0 license
text). However, all source files indicate a LGPL-3.0 license, and none
of them indicate a GPL-3.0 license. In addition,
http://live555.com/liveMedia/faq.html#copyright-and-license says the
source code is under the LGPL.
So, we:
- Bump LGPL License to 3.0+
- Add a comment about the GPL-3.0 license
Fixes:
- https://bugs.busybox.net/show_bug.cgi?id=13156
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 650c5408bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- fixes compile against linux-5.4.x
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 854b98408c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9ffcd9279e wrongly added a
linux-headers dependency when switching to meson.
Remove it as headers are always provided by the toolchain.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d1d89d37c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2017-6312: Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent attackers to cause a denial of service (segmentation
fault and application crash) via a crafted image entry offset in an
ICO file, which triggers an out-of-bounds read, related to compiler
optimizations.
- Fix CVE-2017-6313: Integer underflow in the load_resources function in
io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a
denial of service (out-of-bounds read and program crash) via a crafted
image entry size in an ICO file.
- Fix CVE-2017-6314: The make_available_at_least function in io-tiff.c
in gdk-pixbuf allows context-dependent attackers to cause a denial of
service (infinite loop) via a large TIFF file.
Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d455914332)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Even though librtlsdr was initially introduced by Jason Pruitt in
2014, and Jason is still listed in the DEVELOPERS file for this
package, in recent times it's mainly Gwenhael who has been taking of
this package. Let's reflect that in the DEVELOPERS file so that
Gwenhael gets notified when there are librtlsdr issues.
Cc: Jason Pruitt <jrspruitt@gmail.com>
Cc: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 72df067afe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit slightly improves the output of pkg-stats by showing the
progress of the upstream URL checks and latest version retrieval, on a
package basis:
Checking URL status
[0001/0062] curlpp
[0002/0062] cmocka
[0003/0062] snappy
[0004/0062] nload
[...]
[0060/0062] librtas
[0061/0062] libsilk
[0062/0062] jhead
Getting latest versions ...
[0001/0064] libglob
[0002/0064] perl-http-daemon
[0003/0064] shadowsocks-libev
[...]
[0061/0064] lua-flu
[0062/0064] python-aiohttp-security
[0063/0064] ljlinenoise
[0064/0064] matchbox-lib
Note that the above sample was run on 64 packages. Only 62 packages
appear for the URL status check, because packages that do not have any
URL in their Config.in file, or don't have any Config.in file at all,
are not checked and therefore not accounted.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5fea2e3997)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit reworks the code that checks if the upstream URL of each
package (specified by its Config.in file) using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5c3221ac20)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit reworks the code that retrieves the latest upstream
version of each package from release-monitoring.org using the aiohttp
module. This makes the implementation much more elegant, and avoids
the problematic multiprocessing Pool which is causing issues in some
situations.
Since we're now using some async functionality, the script is Python
3.x only, so the shebang is changed to make this clear.
Suggested-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 68093f4778)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog of this bugfix release:
https://www.php.net/ChangeLog-7.php#7.4.9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 46ed4ac847)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
fsck.f2fs does not implement the returncodes from the fsck interface.
This is particularly bad if systemd is used with a root f2fs partition,
as it will interpret the rc as order to reboot.
for thread & pending upstream fix see:
https://sourceforge.net/p/linux-f2fs/mailman/message/37079401/
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 5d8811eb87)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When building with Boost Build the CXXFLAGS are extended depending
on the optimization level set. When not defined explicitly the
optimization level depends on the <variant>. For release it's 'speed'
and for debug it's set to 'off'
These flags overwrite the -O flag passed in with TARGET_CXXFLAGS as
it is appended when calling g++.
This commit sets the Optimization flags generated by Boost Build
to the value of TARGET_OPTIMIZATION no matter what level is used.
As Boost Build offers no nice way to alter those values the gcc
toolchain file is altered directly.
Signed-off-by: Michael Nosthoff <buildroot@heine.tech>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit af148ef4f0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
U-Boot must use $(BR2_MAKE) as it uses a Make feature from v4.0. We
already use $(BR2_MAKE) in the BUILD_CMDS, but the kconfig commands
still uses $(MAKE). Without this fix, building U-Boot with kconfig will
fail with the following cryptic error.
> Makefile:37: *** missing separator. Stop.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 43dc2007a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The U-Boot package requires GNU Make v4.0 or later, and so all U-Boot
"make" commands must use "$(BR2_MAKE)" so they use the host-make
package. Currently pkg-kconfig is hardcoded to uses $(MAKE), so add a
way to support $(BR2_MAKE). The package infra for pkg-automake and
pkg-cmake have a similar problem, and they solved it by defining a
$(PKG)_MAKE variable, and allowing each package to override it.
Signed-off-by: Brandon Maier <brandon.maier@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e729d0d4b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the less package is not enable and systemd is enabled,
then configure the less applet to fully work with systemd.
systemd sets the flags for less in an environment variable
and requires a few options for correct display.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c2caf816e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable this bootloader for cortex a7 based SoCs: support for the
sama7g5 SoC is now in upstream at91bootstrap3, and it is a Cortex-A7
based SoC.
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 33003a47c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional
fix)
https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 79c9a82a10)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Cups service for systemv was erroneously installed in /etc/rcX.d and
therefore not working. Also, its init script installed in /etc/init.d
was definitely not a Buildroot-style init script.
This patch adds a Buildroot style init script instead of using the
example provided by the package.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 04226ac6b7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2018-14553 : gdImageClone in gd.c in libgd 2.1.0-rc2 through
2.2.5 has a NULL pointer dereference allowing attackers to crash an
application via a specific function call sequence.
- Fix CVE-2019-6977: gdImageColorMatch in gd_color_match.c in the GD
Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch
function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14,
and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be
exploited by an attacker who is able to trigger imagecolormatch calls
with crafted image data.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6fa1a32dac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Details: https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html
Fixes the following security issues:
* CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may
use the GRUB 2 flaw to hijack and tamper the GRUB verification
process. This flaw also allows the bypass of Secure Boot
protections. In order to load an untrusted or modified kernel, an
attacker would first need to establish access to the system such as
gaining physical access, obtain the ability to alter a pxe-boot
network, or have remote access to a networked system with root
access. With this access, an attacker could then craft a string to
cause a buffer overflow by injecting a malicious payload that leads
to arbitrary code execution within GRUB. The highest threat from
this vulnerability is to data confidentiality and integrity as well
as system availability.
* CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't
check for possible arithmetic overflows on the requested allocation
size. This leads the function to return invalid memory allocations
which can be further used to cause possible integrity,
confidentiality and availability impacts during the boot process.
* CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when
handling squashfs filesystems containing a symbolic link with name
length of UINT32 bytes in size. The name size leads to an
arithmetic overflow leading to a zero-size allocation further
causing a heap-based buffer overflow with attacker controlled data.
* CVE-2020-14310
An integer overflow in read_section_from_string may lead to a heap
based buffer overflow.
* CVE-2020-14311
An integer overflow in grub_ext2_read_link may lead to a heap-based
buffer overflow.
* CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create()
leading to a use-after-free vulnerability which can be triggered by
redefining a function whilst the same function is already
executing, leading to arbitrary code execution and secure boot
restriction bypass
* CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd
and grub_initrd_init in the efilinux component of GRUB2, as shipped
in Debian, Red Hat, and Ubuntu (the functionality is not included
in GRUB2 upstream), leading to a heap-based buffer overflow. These
could be triggered by an extremely large number of arguments to the
initrd command on 32-bit architectures, or a crafted filesystem
with very large files on any architecture. An attacker could use
this to execute arbitrary code and bypass UEFI Secure Boot
restrictions. This issue affects GRUB2 version 2.04 and prior
versions.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f7a8021b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2020-14344:
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
Removed md5 & sha1 hashes, upstream does not provide them anymore.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2f81258db1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since commit 4f8229653 (package/docker-engine: needs more runtime
dependencies), docker-engine now automatically pulls in cgroupfs-mount, so
drop the explicit handling of it in TestDockerCompose.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4726cf9517)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which provides fixes for CVE-2020-9862,
CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, and
CVE-2020-9925.
Full release notes can be found at:
https://webkitgtk.org/2020/07/28/webkitgtk2.28.4-released.html
A detailed security advisory can be found at:
https://webkitgtk.org/security/WSA-2020-0007.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0b4d5678f1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a minor release which provides fixes for CVE-2020-9862,
CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, and
CVE-2020-9925.
Full release notes can be found at:
https://wpewebkit.org/release/wpewebkit-2.28.4.html
A detailed security advisory can be found at:
https://wpewebkit.org/security/WSA-2020-0007.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4416e0e7ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This fixes an issue if host-dbus happens to be rebuilt after systemd, in
which case it autodetects systemd support but then ignored the prefix
when installing unit files. That means that is tries to write to the
host system's /usr/lib/ which fails.
There is no reason to build and install systemd support in the host
build, so disable it explicitly.
Signed-off-by: John Keeping <john@metanate.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1bfdb3d08d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 38f4587997)
[Peter: drop 5.7.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current version of prosody is compatible with Lua 5.3.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit afbb8b6a04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Luajit is a provider for luainterpreter. We can't select providers of
virtual packages; we can only depend on them.
Note also that it is not very clear whether the host and target variants
of EFL need to be built with the same lua interpreter. Today, this is
guaranteed as we inly use luajit in both cases. But there were issues
with lua 5.1 in the past, so stick to only using luajit.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- depend on luajit, not "any" luainterpreter
- which keeps the host and target variants built with the same
interpreter
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit f3134e7159)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
- CVE-2020-13776: systemd through v245 mishandles numerical usernames such
as ones composed of decimal digits or 0x followed by hex digits, as
demonstrated by use of root privileges when privileges of the 0x0 user
account were intended.
Also drop upstream patch
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b2f79735f6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: two sapces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3d54d99c6e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BR2_VERSION_FULL is currently defined as follows:
BR2_VERSION_FULL := $(BR2_VERSION)$(shell $(TOPDIR)/support/scripts/setlocalversion)
This BR2_VERSION_FULL value then gets used as the "VERSION" variable
in the /etc/os-release file.
The logic of "setlocalversion" is that if it is exactly on a tag, it
returns nothing.
If it is on a tag + a number of commits, then it returns only
-XYZ-gABC where XYZ is the number of commits since the last tag, and
ABC the git commit hash (these are extracted from git describe).
This output then gets concatenated to BR2_VERSION which gives
something like 2020.05 or 2020.05-00123-g5bc6a.
The issue is that when you're on a tag specific to your project, which
is not a Buildroot YYYY.MM tag, then the output of setlocalversion is
empty, and all you get as VERSION in os-release is $(BR2_VERSION)
which is not really nice. Worse, if you have another non-official
Buildroot tag between the last official Buildroot tag/version and
where you are, you will get $(BR2_VERSION)-XYZ-gABC, but XYZ will not
correspond to the number of commits since BR2_VERSION, but since the
last tag that "git describe" as found, which is clearly incorrect.
Here is an example: you're on master, "make print-version" (which
displays BR2_VERSION_FULL) will show:
$ make print-version
2020.08-git-00758-gc351877a6e
So far so good. Now, you create a tag say 5 commits "before" master,
and show BR2_VERSION_FULL again:
$ git tag -a -m "dummy tag" dummy-tag HEAD~5
$ make print-version
2020.08-git-00005-gc351877a6e
This makes you believe you are 5 commits above 2020.08, which is
absolutely wrong.
So this commit simplifies the logic of setlocalversion to simply
return what "git describe" provides, and not prepend $(BR2_VERSION) in
the main Makefile. Since official Buildroot tags match official
Buildroot version names, you get the same output when you're on an
official Buildroot tag, or some commits above a Buildroot tag. An in
other cases, you get a sensible output. The logic is also adjusted for
the Mercurial case.
In the above situation, with this commit applied, we get:
$ make print-version
dummy-tag-6-g6258cdddeb
(6 commits instead of 5 as we have this very commit applied, but at
least it's 6 commits on top of the dummy-tag)
Finally, if you're not using a version control system, setlocalversion
was already returning nothing, so in this case, the Makefile simply
sets BR2_VERSION_FULL to BR2_VERSION to preserve this behavior.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 98c99556e3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
according to https://wiki.gentoo.org/wiki/Systemd#Kernel
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: drop optional CGROUP_BPF / BPF_SYSCALL, unused POSIX_MQUEUE and
DEVTMPFS which is already taken care of by linux.mk]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8084b809ec)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
according to https://wiki.gentoo.org/wiki/Docker#Kernel /
docker-engine/contrib/check-config.sh.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: synchronize with contrib/check-config.sh, only enforce DM options if
device mapper driver is enabled]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0390777bfa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
No functional changes, only whitespace changes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4aa8f5efd9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
According to the cegui requirements select explicitly the default
OpenGL renderer based on available dependencies.
Signed-off-by: Bartosz Bilas <b.bilas@grinn-global.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 44b1494793)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The nodejs configure.py file orders zlib headers before the bundled ICU
headers. The zlib headers happen to be located in the system include
directory, next to some system ICU headers (not bundled). If these are
built before nodejs is, nodejs will get confused and try to use the
system ICU headers instead of the bundled ones.
Fix this by always using host-icu.
Set CXXFLAGS to -DU_DISABLE_RENAMING=1 when building with
system-icu since host-icu is built with --disable-renaming.
Fixes:
- http://autobuild.buildroot.net/results/1ef947553ec762dba6a6202b1cfc84ceed75dbb2/
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[yann.morin.1998@free.fr:
- keep alphabetical order in _DEPENDENCIES
- don't introduce HOST_NODEJS_CONF_OPTS
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 319f7b0dab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release with a single fix:
- Fix missing handle maps for ESY3 handle breaks. See #1994
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9652e2cbe5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes various initialization / systemd issues. From the changelog:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership of
the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
Also adjust .hash file white space to match new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 56ff08cea0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Six years ago, commit b6b5bb518d added the MMU
dependency for the libwebsockets package. However, according to the git
history of the CMakeLists.txt file, libwebsockets has supported the vfork
function for at least the last five years.
After testing with the qemu_arm_versatile_nommu_defconfig and the
br-arm-cortex-m4-full.config file, no errors occurred when building
libwebsockets without MMU support.
Remove the dependency; it is no longer necessary. Update the reverse
dependencies as needed.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ad953b0149)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
