Peter Korsgaard [Mon, 23 Oct 2017 21:41:14 +0000 (23:41 +0200)]
Update for 2017.08.1
[Peter: drop Makefile changes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 20b6624f4bb84353e690d897688fd7ac12d6a881) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
linux-tools/perf: fix build for MIPS by using the right emulation on LD
Passing just the endianness flag to LD is not enough. We need to pass
the right emulation flag which will set everything for us, not only the
endianness.
Jörg Krause [Thu, 31 Aug 2017 09:49:31 +0000 (11:49 +0200)]
bluez5_utils: define FIRMWARE_DIR for hciattach_bcm43xx
The tool hciattach_bcm43xx defines the default firmware path in `/etc/firmware`,
but the Broadcom firmware blobs are usually stored in `/lib/firmware`.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Baruch Siach [Sun, 22 Oct 2017 14:00:08 +0000 (16:00 +0200)]
sqlite: add security patches
CVE-2017-13685: The dump_callback function in SQLite 3.20.0 allows
remote attackers to cause a denial of service (EXC_BAD_ACCESS and
application crash) via a crafted file.
CVE-2017-15286: SQLite 3.20.1 has a NULL pointer dereference in
tableColumnList in shell.c
because it fails to consider certain cases where
`sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never
initialized.
Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
bootstrap by default runs ./tools/build/src/engine/build.sh --guess-toolset
to detect what toolchain (compiler variant). On x86 this returns gcc, but
on the ppc64le gcc112 autobuilder this returns xlcpp causing bootstrap.sh to
get confused and bail out:
Erico Nunes [Sun, 22 Oct 2017 13:54:25 +0000 (15:54 +0200)]
board/pc: add documentation for testing with qemu
Add some documentation about running the pc defconfigs in qemu.
In particular, document the use of the -bios parameter to use the OVMF
firmware to test the UEFI image.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com> Cc: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Erico Nunes [Sun, 22 Oct 2017 13:54:24 +0000 (15:54 +0200)]
configs/pc: refactor to use genimage and grub.cfg
This simplifies the pc configs and respective post image scripts to use
the shared genimage script and separate grub config files.
Separate grub files are cleaner to maintain and easier to copy and
modify, for example to support booting the pc defconfigs in qemu.
Signed-off-by: Erico Nunes <nunes.erico@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Yann E. MORIN [Sat, 21 Oct 2017 20:31:02 +0000 (22:31 +0200)]
toolchain/wrapper: fake __DATE_ and __TIME__ for older gcc
Starting with version 7, gcc automatically recognises and enforces the
environment variable SOURCE_DATE_EPOCH, and fakes __DATE__ and __TIME__
accordingly, to produce reproducible builds (at least in regards to date
and time).
However, older gcc versions do not offer this feature.
So, we use our toolchain wrapper to force-feed __DATE__ and __TIME__ as
macros, which will take precedence over those that gcc may compute
itself. We compute them according to the specs:
https://reproducible-builds.org/specs/source-date-epoch/
https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html
Since we define macros otherwise internal to gcc, we have to tell it not
to warn about that. The -Wno-builtin-macro-redefined flag was introduced
in gcc-4.4.0. Therefore, we make BR2_REPRODUCIBLE depend on GCC >= 4.4.
gcc-7 will ignore SOURCE_DATE_EPOCH when __DATE__ and __TIME__ are
user-defined. Anyway, this is of no consequence: whether __DATE__ and
__TIME__ or SOURCE_DATE_EPOCH takes precedence, it would yield the
exact same end result since we use the same logic to compute it. Note
that we didn't copy the code for it from gcc so using the same logic
doesn't imply that we're inheriting GPL-3.0.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Jérôme Pouiller <jezz@sysmic.org> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Peter Korsgaard <peter@korsgaard.com>
[Arnout: rewrite commit message] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building Python 3.x on MIPS with musl fails because the libffi code
uses a "#ifdef linux" test to decide if we're building on Linux or
not. When building with -std=c99, "linux" is not defined, so instead
of including <asm/sgidefs.h>, libffi's code tries to include
<sgidefs.h>, which doesn't exist on musl.
The right fix is to use __linux__, which is POSIX compliant, and
therefore defined even when -std=c99 is used.
Note that glibc and uClibc were not affected because they do provide a
<sgidefs.h> header in addition to the <asm/sgidefs.h> one.
Signed-off-by: Mauro Condarelli <mc5686@mclink.it>
[Thomas: reformat patch with Git, add a better commit log and description.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add DEPENDENCIES_HOST_PREREQ to the list of packages
That way packages included in that list like ccache will also be
regarded as a normal packages for targets like external-deps,
show-targets or legal-info
dependencies: always use HOSTCC_NOCACHE for DEPENDENCIES_HOST_PREREQ
Currently, HOSTCC and HOSTCXX are set to their _NOCACHE variants in the
'dependencies' target. This is needed because at that time, ccache is
not built yet - host-ccache is one of the dependencies. However, because
this override is only specified for the 'dependencies' target (and
thereby gets inherited by its dependencies), the override is only
applied when the package is reached through the 'dependencies' target.
This is not the case when one of DEPENDENCIES_HOST_PREREQ is built
directly from the command line, e.g. when doing 'make host-ccache'. So
in that case, ccache will be built with ccache... which fails of
course.
To fix this, directly apply the override to the DEPENCIES_HOST_PREREQ
targets.
Note that this only fixes the issue for 'make host-ccache', NOT for
e.g. 'make host-ccache-configure'.
Baruch Siach [Tue, 17 Oct 2017 12:12:55 +0000 (15:12 +0300)]
libtomcrypt: fix build without wchar
GCC defines wchar_t even when wchar support is disabled in uClibc. The
LTC_NO_WCHAR macro triggers a local definition of wchar_t that conflicts
with the GCC defined one. Remove LTC_NO_WCHAR to avoid that.
See also https://github.com/libtom/libtomcrypt/issues/313 for more
discussion about this.
host-openssl may be used without openssl being enabled for the target, so
move BR2_PACKAGE_PROVIDES_HOST_OPENSSL outside the BR2_PACKAGE_OPENSSL
conditional.
While we're at it, add a comment explaining what this magic config symbol does.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Peter Korsgaard [Sun, 22 Oct 2017 11:15:08 +0000 (13:15 +0200)]
lame: security bump to version 3.100
Fixes the following security issues:
CVE-2017-9410: fill_buffer_resample function in libmp3lame/util.c heap-based
buffer over-read and ap
CVE-2017-9411: fill_buffer_resample function in libmp3lame/util.c invalid
memory read and application crash
CVE-2017-9412: unpack_read_samples function in frontend/get_audio.c invalid
memory read and application crash
Drop patches now upstream or no longer needed:
0001-configure.patch: Upstream as mentioned in patch description
0002-gtk1-ac-directives.patch: Upstream as mentioned in patch
description/release notes:
Resurrect Owen Taylor's code dated from 97-11-3 to properly deal with GTK1.
This was transplanted back from aclocal.m4 with a patch provided by Andres
Mejia. This change makes it easy to regenerate autotools' files with a simple
invocation of autoconf -vfi.
0003-msse.patch: Not needed as -march <x86-variant-with-msse-support>
nowadays implies -msse.
With these removed, autoreconf is no longer needed.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Francois Perrad [Mon, 12 Jun 2017 08:21:44 +0000 (10:21 +0200)]
lua-sdl2: refactor with cmake
that allows optional dependencies
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas:
- use "luainterpreter" instead of "lua" in the dependencies
- replace with a Git formatted patch that doesn't comment code but
removes it.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit dfa1817d31a (openldap: supports only the real OpenSSL, not LibreSSL)
tried to ensure openldap would only use openssl, but changed the wrong
variable. OPENLDAP_TLS is passed to configure, so it shouldn't be changed:
./configure --target=aarch64-buildroot-linux-gnu .. --with-tls=libopenssl ..
Configuring OpenLDAP 2.4.45-Release ...
checking build system type... x86_64-pc-linux-gnu
checking host system type... aarch64-buildroot-linux-gnu
checking target system type... aarch64-buildroot-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for aarch64-buildroot-linux-gnu-strip... /usr/lfs/v0/rc-buildroot-test/scripts/instance-0/output/host/bin/aarch64-linux-gnu-strip
checking configure arguments... configure: error: bad value libopenssl for --with-tls
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard [Sat, 21 Oct 2017 19:12:59 +0000 (21:12 +0200)]
musl: add upstream security fix for CVE-2017-15650
>From the upstream announcement:
http://www.openwall.com/lists/oss-security/2017/10/19/5
Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.
When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,
it's possible to fit more addresses than the precomputed bound, and a
buffer overflow occurs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Jagan Teki [Thu, 19 Oct 2017 09:45:23 +0000 (11:45 +0200)]
board: Add Bananapi M1 support
Add initial support for bananapi M1 board with below features:
- U-Boot 2017.09
- Linux 4.13.7
- Default packages from buildroot
Cc: Jason <manager@sinovoip.com.cn> Cc: hailymei@banana-pi.com <hailymei@banana-pi.com> Signed-off-by: Jagan Teki <jagan@amarulasolutions.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch fixes a bug with the BR2_TOOLCHAIN_HAS_THREADS variable
handling which causes CGO_ENABLED to be always 0.
Furthermore, it fixes the cross compilation options for the go
compiler: setting CGO_ENABLED should be done only for the target
compiler not the host one.
Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Acked-by: Christian Stewart <christian@paral.in>
Gaël PORTAY [Sat, 21 Oct 2017 13:52:14 +0000 (09:52 -0400)]
raspberrypi: post-image.sh fix gpu_mem option
The gpu_mem option is not using the proper option argument which causes sed to
fail.
+ case "${arg}" in
+ gpu_mem=ome/gportay/output-rpi3-qtwe/images
+ sed -e '/^ome/gportay/output-rpi3-qtwe/images=/s,=.*,=ome/gportay/output-rpi3-qtwe/images,' -i /home/gportay/output-rpi3-qtwe/images/rpi-firmware/config.txt
sed: -e expression #1, char 8: extra characters after command
+ case "${arg}" in
+ gpu_mem=ome/gportay/output-rpi3-qtwe/images
+ sed -e '/^ome/gportay/output-rpi3-qtwe/images=/s,=.*,=ome/gportay/output-rpi3-qtwe/images,' -i /home/gportay/output-rpi3-qtwe/images/rpi-firmware/config.txt
sed: -e expression #1, char 8: extra characters after command
The issue comes from the use of $1 instead of $arg to extract the gpu_mem
value. $1 is the $(BINARIES_DIR) which leads to a sed expression error.
Also, it adds the error flag to the shell script to prevent from such situation
and terminate the build in error.
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Wed, 18 Oct 2017 02:32:40 +0000 (22:32 -0400)]
openssl: add libressl as a provider
At this point, libressl can be added to the openssl virtual package.
- Remove the entry package/libressl/Config.in from package/Config.in
- Remove the file: package/libressl/Config.in
- Add libressl entry to package/openssl/Config.in
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Wed, 18 Oct 2017 02:38:27 +0000 (22:38 -0400)]
softether: require libopenssl
softether tries to use SSLv3 functionality as a fallback. LibreSSL
doesn't support SSLv3 anymore. Two main issues prevent a patch:
- Trying to wrap the sslv3 functionality from the source with a guard
clause results in linking errors after compiling is done.
- There are multiple security vulnerabilities with using sslv3.
- There are multiple security issues in github pertaining to using
sslv3.
- This project seems to not be updated very often, and the security
issues are being ignored it seems.
For people who still want to use softether, they will have to use
libopenssl.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Wed, 18 Oct 2017 02:32:35 +0000 (22:32 -0400)]
heirloom-mailx: add libressl support patch
heirloom-mailx has two small issues when compiling against LibreSSL:
- RAND_egd is used (LibreSSL does not support RAND_egd)
Solution: "Guard" the code calling RAND_egd
- SSLv3_client_method function is used (LibreSSL does not support SSLv3)
Solution: "Guard" the code with #ifndef OPENSSL_NO_SSL3
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Some packages that use openssl are not compatible with libressl, only
with the real openssl (known as libopenssl in Buildroot). So before we
add libressl as a provider for the openssl virtual package, we
introduce a BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL hidden option that
packages incompatible with LibreSSL will be able to select.
This will allow packages that need OpenSSL to continue using "select",
without having to change to using "depends on" dependencies.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Wed, 18 Oct 2017 02:32:28 +0000 (22:32 -0400)]
openssl: new virtual package
To ease the transition to having both OpenSSL and LibreSSL, there has to be
a new virtual package introduced to handle both.
Instead of making a libssl, and adding OpenSSL and libressl to that package,
it will be far easier to move openssl to libopenssl and to make OpenSSL
a virtual package. This offers a few advantages:
- BR2_PACKAGE_OPENSSL is still a visible symbol with no dependencies.
- It does not require a huge patch to convert every instance of
OpenSSL -> libssl)
- Users will be able to update without ever having to select anything new.
- LibreSSL can be added at a later date to the virtual package.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: define BR2_PACKAGE_PROVIDES_HOST_OPENSSL to the value
"host-libopenssl" as we always want to use the original OpenSSL for
the host variant.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
In file included from gstopenjpegdec.h:29:0,
from gstopenjpegdec.c:27:
gstopenjpeg.h:42:37: fatal error: openjpeg-2.2/openjpeg.h: No such file or directory
# include <openjpeg-2.2/openjpeg.h>
Thomas Petazzoni [Sat, 21 Oct 2017 19:14:01 +0000 (21:14 +0200)]
support/testing: update ISO9660 test case Linux kernel
The Linux 4.0 kernel doesn't build with gcc 6.x, which is used since
the toolchain update in commit 193dfffa834a4cd76bc7b41089bd93d4c37dfc65 ("support/testing: use more
recent toolchains"). So let's update to Linux 4.11 instead (like the
existing Qemu x86 defconfig does), and update the kernel configuration
file accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cam Hutchison [Thu, 19 Oct 2017 10:59:17 +0000 (21:59 +1100)]
linux: Deselect all unconfigured compression options
The LINUX_KCONFIG_FIXUP_CMDS are meant to deselect any compression
option that are not selected in the buildroot configuration. But it only
deselects the last one in the list instead of all of them because it
overwrites the LINUX_COMPRESSION_OPT_ variable instead of appending to
it. Only the last option set to that variable gets deselected.
This produces the warning:
.config:2216:warning: override: KERNEL_GZIP changes choice state
is emitted when buildroot runs olddefconfig when buildroot configures a
kernel with a custom config that has a different kernel compression
option set to what is configured in buildroot.
Accumulate all the deselected compression options instead of overwriting
them to ensure all non-selected options get deselected..
Signed-off-by: Cam Hutchison <camh@xdna.net> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Thomas Petazzoni [Sat, 21 Oct 2017 15:54:59 +0000 (17:54 +0200)]
boost: add workaround patch for musl issue
musl has a bug in that <sched.h> defines CPU_ZERO(), which uses
memset(), but it doesn't have the prototype for it. This has been
fixed by upstream musl but until we rebuild our toolchains, let's have
a patch for Boost that works around this problem. We will of course
remove this patch once musl is updated to 1.1.17 and our toolchains
have been rebuilt.
Thomas Petazzoni [Sat, 21 Oct 2017 15:20:09 +0000 (17:20 +0200)]
Revert "zstd: install to staging directory"
This reverts commit 95c15aaf15f4bd5b1ebcf87d204ddf5a345197d5. It was
mistakenly pushed, and causes problems because it installs the shared
library to staging, but not to target.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Maksim Salau [Tue, 17 Oct 2017 09:54:14 +0000 (12:54 +0300)]
pppd: Add an option to not to overwrite /etc/resolv.conf
By default pppd built by buildroot writes the list of nameservers to
/etc/resolv.conf instead of /etc/ppp/resolv.conf
This is not the default behavior of pppd and breaks name resolution
if several network interfaces are used. The change makes this optional
and enabled by default, to be backward compatible and to add a possibility
to turn this behavior off, if required.
Signed-off-by: Maksim Salau <msalau@iotecha.com>
[Arnout: extend the help text to explain that it won't work on readonly
rootfs] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Adam Duskett [Tue, 17 Oct 2017 20:44:07 +0000 (16:44 -0400)]
boost: bump to 1.65.1, coroutine2 is now a header only library
The coroutine2 functionality is now provided only through headers, the
compiled library has disappeared. Due to that passing "coroutine2" as
argument to --without-libraries. Hence, the
BR2_PACKAGE_BOOST_COROUTINE2 option is removed by this commit.
We don't need Config.in.legacy handling, because coroutine2 support is
now unconditionally available in boost.
While at it, add LICENSE_1_0.txt sha256sum to boost.hash.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: drop Config.in.legacy handling, reword commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
[Thomas: propagate to pulseview.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes (many of them related to rendering, plus one
important fix for touch input) and many security fixes.
Francois Perrad [Wed, 18 Oct 2017 16:46:48 +0000 (18:46 +0200)]
prosody: refactor with PROSODY_CONF_OPTS variable
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Thomas: keep TARGET_CONFIGURE_OPTS in the environment.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cam Hutchison [Thu, 19 Oct 2017 11:04:46 +0000 (22:04 +1100)]
DEVELOPERS: remove package/sepolgen/
The directory package/sepolgen/ was removed in commit 9d6da7a26
(policycoreutils: split packages and bump to 2.7), but two
entries were left in the DEVELOPERS file.
This causes the following warnings when running util/get-developers:
WARNING: 'package/sepolgen/' doesn't match any file
WARNING: 'package/sepolgen/' doesn't match any file
Remove the erroneous entries.
Signed-off-by: Cam Hutchison <camh@xdna.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Olivier Schonken [Thu, 19 Oct 2017 08:56:35 +0000 (10:56 +0200)]
qpdf: add missing dependency on jpeg
Fixes:
configure: WARNING: unable to find required header jpeglib.h
configure: WARNING: unable to find required library jpeg
configure: error: some required prerequisites were not found
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Lothar Felten [Fri, 20 Oct 2017 11:19:17 +0000 (13:19 +0200)]
Config.in: fix help comment for gcc optimization
The default for is set to BR2_OPTIMIZE_S, the help comment designated
BR2_OPTIMIZE_0 as default.
Changed the help comment to show that BR2_OPTIMIZE_S is the default.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Thu, 19 Oct 2017 21:46:03 +0000 (17:46 -0400)]
setools: change sepol library directory
setools currently points the libsepol library directory to
$(STAGING_DIR)/lib/ when it should be $(STAGING_DIR)/usr/lib
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Tested-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Tue, 17 Oct 2017 22:32:18 +0000 (18:32 -0400)]
policycoreutils: split packages and bump to 2.7
Policycoreutils was broken up into several packages, as such several
changes needed to happen for this patch to work:
- Remove patches 3, 4, and 5 as they no longer apply.
- Refresh patches 1 and 2 to work with version 2.7
- Remove semodule_${deps,expand,link,package} and sestatus from the makedirs
in the mk file.
- Remove restorecond from the make and config file. (Seperate package)
- Remove Audit2allow from the make and config file. (In a different package)
- Remove the package sepolgen
- Add the package selinux-python
- Add the package restorecond
- Add the package semodule-utils
- Add the relevant Config.in.legacy options into the menu.
Because these are utilities that work on top of python, the older versions of
these utilites still work, and as such this should be a single patch.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adam Duskett [Tue, 17 Oct 2017 22:32:16 +0000 (18:32 -0400)]
libsepol: bump to 2.7, setools: bump to 4.1.1
The reason for combining these patches is because the
old version of setools is not compatible iwth libsepol 2.7. If a user where
to do a git pull on a patch that only updates libsepol or setools, the build
would fail to compile.
setools has been completely rewritten in python instead of C.
The current version of setools includes a few programs that require
python-qt5 or python-networkx to run, however the package does not
check to see if these exist when compiling, and will install the scripts
to the target directory even if they don't exist.
In the case of python-networkx, this package is not available on Buildroot.
The scripts that require them are: sedta and seinfoflow.
In the case of python-qt5, qpol is the script that requires it.
Some setools.mk notes to get the package to compile:
- Convert the package .mk to use python-package instead of autotools-package.
- setup.py hard codes base_lib_dirs to point to several host directories.
To fix this, sed is used before compiling to point the base_lib_dirs to
the staging directory.
- setup.py also includes the "Werror" flag, however compilers before gcc6
cause a few autogenerated variables to not be initialized before use,
causing the build to fail.
To fix this, a patch is provided that removes the Werror flag.
- Remove sedta and seinfoflow from the target system after install. These
packages rely on the package python-networkx which is not available in
buildroot.
- Remove the installed apol package and the setoolsgui directory from the
target directory if python-qt5 is not selected.
Other changes:
- Removed all patches, as they are not compatible with the new version of
setools.
- Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
Signed-off-by: Adam Duskett <Adamduskett@outlook.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Thomas Petazzoni [Wed, 18 Oct 2017 20:23:56 +0000 (22:23 +0200)]
shared-mime-info: need autoreconf
0001-Remove-incorrect-dependency-from-install-data-hook.patch is
patching Makefile.am, so we need to autoreconf. If we don't do this,
we get build failures such as:
configure.ac:3: error: version mismatch. This is Automake 1.15.1,
configure.ac:3: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:3: comes from Automake 1.15. You should recreate
configure.ac:3: aclocal.m4 with aclocal and run automake again.
WARNING: 'automake-1.15' is probably too old.
You should only need it if you modified 'Makefile.am' or
'configure.ac' or m4 files included by 'configure.ac'.